ID de Prueba:	1.3.6.1.4.1.25623.1.0.900974
Categoría:	Web application abuses
Título:	TFT Gallery XSS And Directory Traversal Vulnerabilities
Resumen:	TFT Gallery is prone to Cross- Site Scripting and Directory Traversal vulnerabilities.
Descripción:	Summary: TFT Gallery is prone to Cross- Site Scripting and Directory Traversal vulnerabilities. Vulnerability Insight: - Error exists when input passed via the 'sample' parameter to settings.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code or conduct XSS attacks. - Input passed via the 'album' parameter to index.php is not properly verified before being used to include files via a '../'. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Vulnerability Impact: Successful exploitation will allow remote attackers to disclose sensitive information and conduct cross-site scripting attacks. Affected Software/OS: TFT Gallery version 0.13 and prior on all platforms. Solution: Upgrade to version 0.13.1 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3911 BugTraq ID: 36898 http://www.securityfocus.com/bid/36898 http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt http://secunia.com/advisories/37156 XForce ISS Database: tftgallery-sample-xss(54087) https://exchange.xforce.ibmcloud.com/vulnerabilities/54087 Common Vulnerability Exposure (CVE) ID: CVE-2009-3912 BugTraq ID: 36899 http://www.securityfocus.com/bid/36899
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.