FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6738977b-e9a5-11da-b9f4-00123ffe8333coppermine -- "file" Local File Inclusion Vulnerability

Secunia reports:

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources.

Example: http://[host]/index.php?file=.//././/././/././/./[file]%00

Successful exploitation requires that "magic_quotes_gpc" is disabled.


Discovery 2006-04-19
Entry 2006-05-22
coppermine
< 1.4.5

CVE-2006-1909
http://coppermine-gallery.net/forum/index.php?topic=30655.0
http://myimei.com/security/2006-04-14/copperminephotogallery144-plugininclusionsystemindexphp-remotefileinclusion-attack.html
http://secunia.com/advisories/19665/
0b628470-e9a6-11da-b9f4-00123ffe8333coppermine -- Multiple File Extensions Vulnerability

Secunia reports:

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload malicious script files inside the web root (e.g. a PHP script).

Successful exploitation may allow execution of script code depending on the HTTP server configuration (it requires e.g. an Apache server with the "mod_mime" module installed).


Discovery 2006-05-22
Entry 2006-05-22
coppermine
< 1.4.6

http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=418266
http://secunia.com/advisories/20211/
9f581778-e3d4-11dc-bb89-000bcdc1757acoppermine -- multiple vulnerabilities

Coppermine Security advisory

The development team is releasing a security update for Coppermine in order to counter a recently discovered cross-site-scripting vulnerability.


Discovery 2007-11-06
Entry 2008-02-25
coppermine
< 1.4.15

CVE-2008-0504
CVE-2008-0505
CVE-2008-0506
http://coppermine-gallery.net/forum/index.php?topic=48106.0
http://coppermine-gallery.net/forum/index.php?topic=50103.0
http://secunia.com/advisories/28682/
6dd5e45c-f084-11e1-8d0f-406186f3d89dcoppermine -- Multiple vulnerabilities

The Coppermine Team reports:

The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information. Furthermore, the release covers a recently discovered XSS vulnerability that allows (if unpatched) a malevolent visitor to include own script routines under certain conditions.


Discovery 2012-03-29
Entry 2012-08-30
coppermine
< 1.5.20

CVE-2012-1613
CVE-2012-1614
http://seclists.org/oss-sec/2012/q2/11
http://forum.coppermine-gallery.net/index.php/topic,74682.0.html
12488805-6773-11dc-8be8-02e0185f8d72coppermine -- multiple vulnerabilities

The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in "viewlog.php" and improper checking of the referer variable in "mode.php". This could allow local file inclusion, potentially disclosing valuable information and could lead to an attacker conducting a cross site scripting attack against the targeted site.


Discovery 2007-09-14
Entry 2007-09-20
Modified 2010-05-12
coppermine
< 1.4.13

CVE-2007-4976
CVE-2007-4977
http://coppermine-gallery.net/forum/index.php?topic=46847.0
77cceaef-e9a4-11da-b9f4-00123ffe8333coppermine -- File Inclusion Vulnerabilities

Secunia reports:

Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system.

1) Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. The vulnerability can be further exploited by users who are allowed to upload image files to execute arbitrary PHP code.

2) Input passed to the "f" parameter in docs/showdoc.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources on the Windows platform, and remote files from Windows shared folders.


Discovery 2006-02-20
Entry 2006-05-22
coppermine
< 1.4.4

CVE-2006-0872
CVE-2006-0873
http://retrogod.altervista.org/cpg_143_adv.html
http://secunia.com/advisories/18941/