Vulnerabilities > CVE-2004-1106
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-642.NASL description Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs. - CVE-NOMATCH The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords. last seen 2020-06-01 modified 2020-06-02 plugin id 16182 published 2005-01-17 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16182 title Debian DSA-642-1 : gallery - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-642. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(16182); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-1106"); script_bugtraq_id(11602); script_xref(name:"DSA", value:"642"); script_name(english:"Debian DSA-642-1 : gallery - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in gallery, a web-based photo album written in PHP4. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2004-1106 Jim Paris discovered a cross site scripting vulnerability which allows code to be inserted by using specially formed URLs. - CVE-NOMATCH The upstream developers of gallery have fixed several cases of possible variable injection that could trick gallery to unintended actions, e.g. leaking database passwords." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-642" ); script_set_attribute( attribute:"solution", value: "Upgrade the gallery package. For the stable distribution (woody) these problems have been fixed in version 1.2.5-8woody3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gallery"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/17"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"gallery", reference:"1.2.5-8woody3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5752A0DF60C54876A872F12F9A02FA05.NASL description Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected. last seen 2020-06-01 modified 2020-06-02 plugin id 18940 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18940 title FreeBSD : gallery -- XSS (5752a0df-60c5-4876-a872-f12f9a02fa05) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-10.NASL description The remote host is affected by the vulnerability described in GLSA-200411-10 (Gallery: XSS vulnerability) Jim Paris has discovered a cross-site scripting vulnerability in Gallery. Impact : By sending a carefully crafted URL, an attacker can inject and execute script code in the victim last seen 2020-06-01 modified 2020-06-02 plugin id 15644 published 2004-11-07 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15644 title GLSA-200411-10 : Gallery: XSS vulnerability NASL family CGI abuses NASL id GALLERY_HTML_INJECTION.NASL description The remote web server has a version of Gallery that could allow an attacker to inject arbitrary HTML tags via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 15624 published 2004-11-04 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15624 title Gallery Unspecified HTML Injection
References
- http://www.securityfocus.com/bid/11602
- http://www.gentoo.org/security/en/glsa/glsa-200411-10.xml
- http://www.debian.org/security/2005/dsa-642
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=142&mode=thread&order=0&thold=0
- http://g3cko.info/gallery2-4.patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17948