Welcome Guest ( Log In | Register)



 
 Reply to this topicStart new topic
> Coppermine Photo Gallery - Security Alert, For members using this script
jlhaslip
post May 22 2006, 07:50 PM
Post #1


A computer once beat me at chess, but it was no match for me at kick boxing.
Group Icon

Group: [MODERATOR]
Posts: 4,083
Joined: 24-July 05
From: Linix, DOS and Windows…the good, the bad and the ugly
Member No.: 9,787
Spam Patrol
As reported:
QUOTE

TITLE:
Coppermine Photo Gallery Multiple File Extensions Vulnerability

SECUNIA ADVISORY ID:
SA20211

VERIFY ADVISORY:
http://secunia.com/advisories/20211/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Coppermine Photo Gallery 1.x
http://secunia.com/product/1427/

DESCRIPTION:
A vulnerability has been reported in Coppermine Photo Gallery, which
can be exploited by malicious users to compromise a vulnerable
system.

The vulnerability is caused due to an error in the handling of file
uploads where a filename has multiple file extensions. This can be
exploited to upload malicious script files inside the web root (e.g.
a PHP script).

Successful exploitation may allow execution of script code depending
on the HTTP server configuration (it requires e.g. an Apache server
with the "mod_mime" module installed).

The vulnerability has been reported in version 1.4.5. Prior versions
may also be affected.

SOLUTION:
Update to version 1.4.6.
http://sourceforge.net/project/showfiles.php?group_id=89658

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.


(list)

Go to the top of the page
 
+Quote Post
Lyon2
post May 27 2006, 04:28 AM
Post #2


The Ethical Hacker
***********

Group: [HOSTED]
Posts: 1,171
Joined: 27-May 05
From: Portugal (Europe)
Member No.: 7,566
Thanks for the info, i don't use it, but i have 2 friends that do.

(list)

Go to the top of the page
 
+Quote Post
« Next Oldest · Hosted Members Area · Next Newest »
 

Reply to this topicStart new topic

Collapse

> Similar Topics

Topics Topics
  1. Virus Alert - Messenger Viruses(7)
  2. Many Php Script Sites(16)
  3. [help] Java Script: Window.open(10)
  4. Web Surfing- Script Needed(2)
  5. Guestbook (cgi-script) Problems(5)
  6. Delay X Seconds In Flash(1)
  7. Verifying Email Addresses(9)
  8. Forgot Password To Trend Micro Internet Security(6)
  9. Trap17 Link Exchange Script Introduced(28)
  10. Wmp (windows Media Photo) - The New Image File Format From Microsoft(33)
  11. Dont Get Norton Internet Security(15)
  12. Jsp Or Java Chat Script Like Mig33(5)
  13. Very Simple Online Now Script(4)
  14. We Need More Members At Ipbgaming.com(29)
  15. Php Downloads Script(4)
  1. Guessing Php Script(2)
  2. Making Realistic Clouds(0)
  3. Browser Compatibility Problem With Firefox - Javascript + Css(3)
  4. Seeking Help With Javascript(1)
  5. Idea For Using A Cron Job To Grab Daily Travian Map.sql Updates(3)
  6. Any Good Online Sources For Premium Photo Paper?(1)
  7. Why Do Hosted Members Need Posts Aproved In The Internet Forum?(4)
  8. Englnds Live Army Need Recruits For All Future Wargames! 360(0)
  9. [request] Avatar For Trap17 Users(0)
  10. Java Script To Hide The Url In Address Bar(6)
  11. [ Aef ] Security Update For Aef Forum Software(1)
  12. Testing Of The Auto Image Resizer(0)
  13. Need Help With Javascript Drag And Drop Script(2)


 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

- Lo-Fi Version Time is now: 13th October 2008 - 12:31 AM
Powered By IP.Board © 2008  IPS, Inc.
Licensed to: Xisto Corporation