Launchpad.net

CVE 2008-2723

embed.php in Menalto Gallery before 2.2.5 allows remote attackers to obtain the full path via unknown vectors related to "spoofing the remote address."

Related bugs and status

CVE-2008-2723 (Candidate) is related to these bugs:

Bug #202422: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates

		In	Importance	Status
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Debian)	Unknown	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Dapper)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Edgy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Feisty)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Gutsy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	smarty (Ubuntu Hardy)	Medium	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu)	Undecided	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Dapper)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Edgy)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Feisty)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Gutsy)	Undecided	Won't Fix
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Ubuntu Hardy)	Undecided	Fix Released
202422	CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates	gallery2 (Debian)	Unknown	Fix Released

Bug #242671: CVE-2008-272[0-4]: Lots of varied vulnerabilities

		In	Importance	Status
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu)	Undecided	Fix Released
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu Hardy)	High	Fix Released
242671	CVE-2008-272[0-4]: Lots of varied vulnerabilities	gallery2 (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2723

Related bugs and status

Related bugs

References