FreeBSD Ports: gallery

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: gallery CVE-2004-1106 Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via 'specially formed URLs,' possibly via the include parameter in index.php. CVE-2005-0219 Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. CVE-2005-0220 Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. CVE-2005-0221 Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. CVE-2005-0222 main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.

Update your system with the appropriate patches or software upgrades. http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147 http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364 http://www.vuxml.org/freebsd/5752a0df-60c5-4876-a872-f12f9a02fa05.html