CVE-2001-0900
published 2001-11-18CVE-2001-0900: Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
7.90%
94.0th percentile
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | gallery | <= 1.2.3 | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7q6-r66q-5684: Directory traversal vulnerability in modules
ghsa_unreviewed·2022-04-30
CVE-2001-0900 [MEDIUM] GHSA-q7q6-r66q-5684: Directory traversal vulnerability in modules
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
Red Hat
kernel: smackfs: restrict bytes count in smk_set_cipso()
vendor_redhat·2024-05-21·CVSS 7.8
CVE-2021-47336 [HIGH] CWE-20 kernel: smackfs: restrict bytes count in smk_set_cipso()
kernel: smackfs: restrict bytes count in smk_set_cipso()
In the Linux kernel, the following vulnerability has been resolved:
smackfs: restrict bytes count in smk_set_cipso()
Oops, I failed to update subject line.
From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001
Date: Mon, 12 Apr 2021 22:25:06 +0900
Subject: [PATCH] smackfs: restrict bytes count in smk_set_cipso()
Commit 7ef4c19d245f3dc2 ("smackfs: restrict bytes count in smackfs write
functions") missed that count > SMK_CIPSOMAX check applies to only
format == SMK_FIXED24_FMT case.
Package: kernel (Red Hat Enterprise Linux 6) - Out of support scope
Package: kernel (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel (Red Hat Ent
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=100619599000590&w=2http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=http://www.osvdb.org/677http://www.securityfocus.com/bid/3554https://exchange.xforce.ibmcloud.com/vulnerabilities/7580http://marc.info/?l=bugtraq&m=100619599000590&w=2http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=http://www.osvdb.org/677http://www.securityfocus.com/bid/3554https://exchange.xforce.ibmcloud.com/vulnerabilities/7580
2001-11-18
Published