Security Advisory: MIME-tools 5.411 (Entity 5.404) - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [Full-disclosure] Letterman subscriber module XSS vulnerability
  RFI In Script SH-News 3.1
  ByPass In PortalApp
  Elxis CMS <= 2006.4 - banner module - sql injection

From: hack2prison_(at)_yahoo.com <hack2prison_(at)_yahoo.com>
Date: 15.06.2007
Subject: MIME-tools 5.411 (Entity 5.404)

Reported by Freeprotect.NET member
------------------------------------------------
Singapore Gallery is open source code, it is nice and easy to use. It is provided by http://www.sgal.org
However it contain an error:
http://site.ext/index.php?gallery=./index.php

Warning: opendir(/home/user/public_html/galleries/index.php/) [function.opendir]: failed to open dir: Not a directory in /home/user/public_html//includes/singapore.class.php on line 870

Warning: Invalid argument supplied for foreach() in /home/user/public_html/includes/io.class.php on line 129
----------------------------------------------

test server