Vulnerabilities > CVE-2005-3251 - Unspecified vulnerability in Gallery Project Gallery

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gallery-project
nessus
NVD
Published: 2005-10-17
Updated: 2024-11-21

Summary

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.

Vulnerable Configurations

Part Description Count
Application
Gallery_Project
8

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_47BDABCF3CF911DABAA20004614CC33D.NASL
    descriptionMichael Dipper wrote : A vulnerability has been discovered in gallery, which allows remote users unauthorized access to files on the webserver. A remote user accessing gallery over the web may use specially crafted HTTP parameters to access arbitrary files located on the webserver. All files readable by the webserver process are subject to disclosure. The vulnerability is *not* restricted to the webserver
    last seen2020-06-01
    modified2020-06-02
    plugin id21424
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21424
    titleFreeBSD : gallery2 -- file disclosure vulnerability (47bdabcf-3cf9-11da-baa2-0004614cc33d)
  • NASL familyCGI abuses
    NASL idGALLERY_G2_ITEMID_DIR_TRAVERSAL.NASL
    descriptionThe version of Gallery hosted on the remote web server fails to sanitize user-supplied input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id20015
    published2005-10-18
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20015
    titleGallery main.php g2_itemId Parameter Traversal Arbitrary File Access

References