Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using linked items in WebDAV and (b) Reupload modules.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gallery | Bharat_mediratta | * | 2.2.2 (including) |
| Gallery2 | Ubuntu | dapper | * |
| Gallery2 | Ubuntu | edgy | * |
| Gallery2 | Ubuntu | feisty | * |
| Gallery2 | Ubuntu | gutsy | * |
| Gallery2 | Ubuntu | upstream | * |
References
- http://bugs.gentoo.org/show_bug.cgi?id=191587
- http://gallery.menalto.com/gallery_2.2.3_released
- http://osvdb.org/41657
- http://osvdb.org/41658
- http://secunia.com/advisories/26716
- http://secunia.com/advisories/26719
- http://secunia.com/advisories/27502
- http://secunia.com/advisories/27594
- http://security.gentoo.org/glsa/glsa-200711-03.xml
- http://www.debian.org/security/2007/dsa-1404
- http://www.securityfocus.com/bid/25580
- http://www.vupen.com/english/advisories/2007/3072
- https://bugzilla.redhat.com/show_bug.cgi?id=267421
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00097.html
- http://bugs.gentoo.org/show_bug.cgi?id=191587
- http://gallery.menalto.com/gallery_2.2.3_released
- http://osvdb.org/41657
- http://osvdb.org/41658
- http://secunia.com/advisories/26716
- http://secunia.com/advisories/26719
- http://secunia.com/advisories/27502
- http://secunia.com/advisories/27594
- http://security.gentoo.org/glsa/glsa-200711-03.xml
- http://www.debian.org/security/2007/dsa-1404
- http://www.securityfocus.com/bid/25580
- http://www.vupen.com/english/advisories/2007/3072
- https://bugzilla.redhat.com/show_bug.cgi?id=267421
- https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00097.html