lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000b01c3cf0e$d9bd9d00$6601a8c0@verity>
Date: Tue, 30 Dec 2003 11:55:16 -0800
From: "Bharat Mediratta" <bharat@...alto.com>
To: "The-Insider" <nuritrv18@...eqint.net>,
	<bugtraq@...urityfocus.com>
Subject: Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity


From: "The-Insider" <nuritrv18@...eqint.net>
...
> #######################################################################
>
> Application:    Gallery
> Vendors:
> http://gallery.sourceforge.net
> http://gallery.menalto.com
> Versions:        <= 1.3.3
> Platforms:       Windows/Unix
> Bug:                 Cross Site Scripting Vulnerabillity
> Risk:                Low
> Exploitation:   Remote with browser
> Date:               30 Dec 2003
> Author:            Rafel Ivgi, The-Insider
> e-mail:             the_insider@...l.com
> web:                http://theinsider.deep-ice.com

5 points for finding a security flaw.  -500 for not contacting us first,
because then we could
have told you that this flaw was fixed in Gallery v1.3.4-pl1, released July
27 2002 and
you could have included that information in your security advisory.

For complete details on the bug and the bug fix, including a patch, please
read
this story on our web site:

http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82

By the way, this bug affects all versions of Gallery from v1.1 to v1.3.4 so
if you're running
one of those versions of Gallery we strongly advise you to either apply the
patch in the
above news story, or upgrade to the latest version of Gallery from here:

    http://gallery.sf.net/download.php

-Bharat
Gallery Project Lead




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ