Network Security News – Sunday, June 19, 2005 Events
mcGallery show.php host Variable Path Disclosure
McGallery contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the show.php script processes invalid input to the 'host' variable, which will disclose web server and application path information resulting in a loss of confidentiality.. Read more at osvdb.org/17344
mcGallery admin.php lang Variable Traversal Arbitrary File Access
McGallery contains a flaw that allows an authenticated remote attacker to access files outside of the web path. The issue is due to the admin.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the lang variable.. Read more at osvdb.org/17343
Leave a Reply