jlhaslip
May 22 2006, 07:50 PM
As reported: QUOTE TITLE: Coppermine Photo Gallery Multiple File Extensions Vulnerability SECUNIA ADVISORY ID: SA20211 VERIFY ADVISORY: http://secunia.com/advisories/20211/CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: Coppermine Photo Gallery 1.x http://secunia.com/product/1427/DESCRIPTION: A vulnerability has been reported in Coppermine Photo Gallery, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload malicious script files inside the web root (e.g. a PHP script). Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires e.g. an Apache server with the "mod_mime" module installed). The vulnerability has been reported in version 1.4.5. Prior versions may also be affected. SOLUTION: Update to version 1.4.6. http://sourceforge.net/project/showfiles.php?group_id=89658PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
Reply
Lyon2
May 27 2006, 04:28 AM
Thanks for the info, i don't use it, but i have 2 friends that do.
Reply
Similar Topics
Keywords : coppermine, photo, gallery, security, alert, members, script
- Wordpress Error - Bytes Exausted
NextGEN Gallery (5)
Gallery Not Working
(2) Alright, the Gallery module from Fantastico always used to work for my site. Now it's suddenly
stopped functioning and I can't even access the control panel for it. My Iframe page linking to
it gives one long error message: QUOTE Error Error (ERROR_STORAGE_FAILURE) : * in
modules/core/classes/GalleryStorage.class at line 226 (GalleryCoreApi::error) * in
modules/core/classes/GalleryStorage.class at line 453 (GalleryStorage::_getConnection) * in
modules/core/classes/Gallery.class at line 202 (GalleryStorage::search) * in
modules/core/classes....
Phpizabi Social Network Script
(1) Hello everyone not been on for AGES! we had net problems and i had to move to qupis and now
I've got problems. I'm making a social networking site using this script and I cant get it
to install Everytime I go to the install page i get this QUOTE Warning: session_start() :
open_basedir restriction in effect. File(/home/kasiks1/tmp) is not within the allowed path(s):
(/home/karlos:/usr/lib/php:/usr/local/lib/php:/tmp) in
/home/karlos/public_html/phpazi/install/index.php on line 1 Fatal error: session_start() : Failed
to initialize storage module: file....
Coppermine Gallery Error
(2) Okay.. so i have my gallery set up at photos.chantellepaige.org and everytime i try to access it i
get this error "Coppermine critical error: Unable to connect to database ! MySQL said: Access
denied for user 'giselle_copp1'@'localhost' (using password: YES)" how do i change
the password etc?? or fix the problem??....
Coppermine Photo Gallery [resolved]
(1) haha i finally got the time to make one.. ok so i have it installed.. & everything.. but im trying
to change the theme.. right now im looking at : CONFI: themes settings: have everything i wanted..
but i want to have an image at the top of the gallery. like have it be the first thing people see..
i know its posible ive seen people have it Path to custom header include: does anyone know what
i would have to put there? do i put the image url there? the code or what? this is the image i want
to put it: http://www.have-heart.net/chantelle/cpa.png or does it work l....
Have There Been Any Changes?
PHP script not working anymore. (1) Hi, I was wondering if any changes have been made to the PHP and/or MySQL section at trap 17. All of
a sudden a PHP script is beginneng to give errors where it never did before. I have a greeting card
system on my website, and all of a sudden, when I try to add a card I get a load of errors, while I
have not changed any code. These ar erthe errors i am getting: CODE Warning:
imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions
in /home/mrdee/public_html/kaart/admin/classes/class_images.inc.php on line 200 Warning&....
Alert! Notice To Hosting Members! Urgent!
(26) For some time I have been noticing too many patterns in problems with hosting accounts and their
passwords. We have a topic that started here:
http://www.trap17.com/forums/index.php?showtopic=51508 As I manage to regain the control to these
accounts I began to notice some odd incidences. Namely, I have been noticing that the last IP to
enter these hosting accounts had similar origin location. The origination is from Vietnam. And
account effected are passwords with simple and dictionary related passwords. I will be dealing with
the culprit. In the mean time, dear host....
Request For Coders (lots To Do)
Assisting on the Development of a Forum Script (1) I recently got involved in a Forum software script which is being developed and thought I should let
everyone know that they need some assistance in the PHP, MySql, Html, and CSS areas. Also, some
Visual Designers would be quite useful. AEF Forum Software is the name of the project. It is
presently in version 1.0.3, and have some pretty cool features already, but in order to advance in
its standings against such Boards as IPB, phpbb, Yabb, etc, more features and Themes are required.
Good bunch of people working hard, but just not enough of us to do everything. Come h....
Gallery Support...
(1) Ok, all morning (about 2 hours actually lol) ive been trying to set up a Coppermine Image Gallery on
my site. I tried to install but found out i needed some other thing installed first...not that it
made any difference when i installed it. I was hoping there was some kind of image gallery that
someone could point me to that i can install. As long as it isnt Gallery2 (search google if you dont
know what it is) and can use different themes. Thanks ....
Different Log In Script...
(6) Ok well i picked out a new log in script..
http://evolt.org/PHP-Login-System-with-Adm...tures#authorbio And now I get errors, like i had
before I guess, but I still get errors. I installed everything properly, and idk why I get these
errors.. on login screen: QUOTE Warning: session_start() : Cannot send session cache limiter
- headers already sent (output started at /home/enrit/public_html/include/constants.php:94) in
/home/enrit/public_html/include/session.php on line 46 and on registering screen: QUOTE
Warning: session_start() : Cannot send session....
On The Us Memorial Day, I Give My Sympathy To The Members Have Lost Beloved Ones
In US Memorial (4) My Sympathy to members and all US Citizen On the Momerial Day. Whateve we agree or not on the war
espcially what is now in Iraq, I am sad when I hear about causilities or see clips about the
disables personell in resultst of operations. They are all victims of the mistakes of the leader. So
we have to pray for them and asking God forgivness for them. In Australian Anzac day we remember
who were fallen in all the past wars. The fallen Australian soldiers in Alamen in Egypt and in
Turkey was because we do what our master in that time orderd. I mean the British Empire....
Happy Easter To The Christian Members
(9) Happy Easter to the Christian members. ....
Security Issue
(2) Hey all, i think this is a major problem. it costs 10 credits to change youre cpanel password.
What is up with that? if someones password is compromised, and they dont have the credits, it could
take a while for them to get the credits high enough to change it, and in that time its very
possible that someone could take advantage of the site/cpanel etc. I really think this should be
changed, if anything make it cost 1 credit, because im sure everyone has that. Personally, i have a
hard time posting on forums (i cant usually think of anything to say) so my credits are ....
Security Check Php Register_globals
When installing Joomla on trap17 (7) Joomla shows this warning QUOTE Following PHP Server Settings are not optimal for Security
and it is recommended to change them: * PHP register_globals setting is `ON` instead of
`OFF` Well it shows two warnings but the other one i can change. Is this something
i, or you should be woried about or is it normal.......
Upload Script To Transfer Files From Laptop To Desktop
(3) Would it be allowed to have an upload script to transfer text files (homework) from laptop to
desktop? Because my printer is set up from my desktop, and most of my homework is done on my laptop.
So would this be allowed? Thanks.....
Forum Improvement Ideas
to help bring up posting and members as well (5) Well Since I spent most of my weekend hear monitoring the forums I seen a huge decrease in members
logging in and the lack of posting as well in general. Although people are logging in and posting,
spam posting is showing up more i caught a few myself and looked over ones that been already taken
care of as well. Also old topics are surfacing again as well. So i think it's time we brain
storm idea's on how to improve overall posting and people joining and staying as well. Let stay
away from free hosting credits and free hosting plans. some suggestions i have ....
Help With Running A Cgi Script
(2) i am having a problem running a cgi script written in perl in my site , the path to perl and file
permissions and anyother thing that may cause a problem i have checked and found none , the response
i get is 500 , internal server error ,i am pretty new to perl but i am sure it's nothin wrong
with the code , so if anybody can throw me a light on what may be wrong i will be most grateful
,thanks in anticipation....
Fantastic Script
How ? (2) Hi all iam sorry posting here but i think here admins read my post i write some script like famp3 ,
fanewsletter , famail and .... and i submit my script at hotscripts i want to know how can send my
script in Fantastic at cpanel for example phpbb it show in Fantastic or wordpress it show at
Fantastic and users can install script by 1 click i want my script locate at Fantastic with cpanel ?
cpanel admin or developers must add my script or server admin can add my script in Fantastic !
thanks....
Script Error With Domain Name Changing
(8) I am trying to change my domain name... and it is not working for me... CODE Warning:
mysql_real_escape_string(): Access denied for user: 'nobody@localhost'
(Using password: NO) in /home/trap17/public_html/process/changedomain.php on line 71
Warning: mysql_real_escape_string(): A link to the server could not be established
in /home/trap17/public_html/process/changedomain.php on line 71 Warning:
mysql_real_escape_string(): Access denied for user: 'nobody@localhost'
(Using passwo....
Ads, Members, And Traffic
still searching for members (4) My forums still lack the number of active members that would be desirable. I've advertised my
site in all my forum sigs, but I need more. I need suggestions for where to advertise, or how to
advertise, and get more traffic and more members. Anyone have any ideas? Besides tell your friends
to tell their friends to tell their friends..? becuase that hasn't been working lately.
thanks!....
How To Get Members
this always seems to be a problem for my forums (8) I can never get enough (any, hehe) members for my forums, I'm wondering why. My forums are
usually well-rounded covering several topics, those topics may be unrelated, though, is that why
people don't join? I figured if I have a little bit of everything than everyone will be
interested in joining, but I have seen that specialised forums get way more members than I. Any
suggestions on what topics I should use? Whether I should focus on one topic, or how I should change
my forums? I really need help here. the link to my forum is in my signature. moved from Suppo....
Help In A Php Script
(1) i am having phpnuke in my site and one very important thing i need to have in my site is a
user's page where his profile and all his friends profiles will be appearing and he can add ,
delete or accept friends , i know php basics only so if i try to write the script myself ( i mean i
think i can do if i try ,like i have enabled images to be uploaded in sig for my phbb forum which by
default as you will be knowing only has text to be dispalyed as sig , and took me whole three days
to complete it , i also searched the net and downloaded some mods but none of them seeme....
Adress Book Importer Script
Required free (4) can some one tell me where i can find a script in php , which imports the email adresses from adress
books and send them mail ?? for example in many community websites , there is an option that , if
some one gives his/her email and password..then they import the email adresses from that persons
adress book or tell that it was wrong password etc......
Cgi Files?
where does this script belong? (6) hello guys, it's been a couple of days that i dont know where this script must be placed and in
which format...i know it is from perl but what format should i use .pl or .cgi, yep i am a newbie
/rolleyes.gif" style="vertical-align:middle" emoid=":rolleyes:" border="0" alt="rolleyes.gif" />
i also saw that there is a folder in my directory called cgi-bin, do i have tu put it there?
QUOTE #!/usr/bin/perl $recipient = "me@somemail.com"; # watch out for backslash
$mail = "/usr/sbin/sendmail"; if($ENV{REQUEST_METHOD} eq 'POST') { re....
How To Add From A Script Users To Webprotect?
adding users outside cpanel (6) hello guys i was wondering how to add new users allowed to poen cartain folder but added from a php
script or something. In fact i want just my friends see that folder but as soon as they register,
they are granted inmediatly with the selected user and password they chose, is it possible? how? and
where to add them?....
Concerned Security With Hosting Application Info
Spam bots can harvest emails in requests (5) I was looking around at the posts in the free hosting request section (just for fun), and noticed a
major problem with the applications. For every application that is made, the email address of that
applicant is shown to the world, including SPAMBOTS!!! This is a major flaw in the
aplication process, and will lead to increase levels of spam in every member's inbox. This is
the only thing that is wrong with any part of the Trap17 site. Editing topic title ....
Forum Script Addon
Help Needed (1) Hi, I am running a phpBB Forum - the one that I got from my cPanel. There is something that I want
to be able to do and I am unsure how to do it. It is similar to what Trap 17 has when a Moderator
Edits a post and places a message in the post in the Box. I want to be able to have my Moderators
have a box to place a message in and it say up top that they are the ones that Posted it. Thank you
for any help you can offer with this. Jesse.....
Mail Settings To Configure Outlook Express
Common mistakes by members (10) Hi, There are many members who face trouble getting their mails to their inbox. There can be many
reasons for which your system might not be able to fetch mails from our servers. We have kept all
the attributes related to the mail at DEFAULT so that our clients don't have problems
configuring the mail themselves. Here the the general mistakes which members make :- 1. Username
*MUST* be in format USERNAME@DOMAIN.COM (i.e. your complete Emaill address itself acts as your
username) 2. Forget the password or confuse it with Cpanel password. Every Email address has to....
Guestbook (cgi-script) Problems
Do u know much bout chmod and cgi-cripts? (1) Hi! I'd like to make a guestbook with a cgi-script I found at Lissa Explains it All .
There were instruction bout how to install this gbook: click here QUOTE Active Guestbook
Unzip the file, you'll find 4 separate files: guestbook.cgi mail.gif url.gif readme.txt 1.
Open guestbook.cgi in a plain text editor like notepad. Find out your path to perl from your Web
host, and change the first line to reflect that. The default setting, #!/usr/bin/perl, usually
works for most servers. If not, you can try #!/usr/local/bin/perl. Save your changes. ....
Could Someone Make A Php Script For Me?
Script to manage clans and players (3) Does someone know a script where you can 1. Add clans to a roster 2. Edit clans on a roster 3. Add
players too a clan 4. Edit players 5. Schedule matches 6. Add clan Leaders to manage their own clan
+ members 7. Add members to edit their own information And maybe some sort of scoreboard integrated
where you can put Wins, Draws and loses and that automaticly puts best clans on the top? If there
isnt such a script could someone create 1 for me? (its for a league ^^)....
Looking for coppermine, photo, gallery, security, alert, members, script
|
|
Searching Video's for coppermine, photo, gallery, security, alert, members, script
|
advertisement
|
|
