cpe:/o:linux:linux_kernel:2.6.23.12 cpe:/o:linux:linux_kernel:2.6.16.40 cpe:/o:linux:linux_kernel:2.6.20.17 cpe:/o:linux:linux_kernel:2.6.9:rc1 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.16.14 cpe:/o:linux:linux_kernel:2.6.17.5 cpe:/o:linux:linux_kernel:2.6.16.15 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.16.31:-rc5 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.22.11 cpe:/o:linux:linux_kernel:2.6.16.52 cpe:/o:linux:linux_kernel:2.6.18:rc7 cpe:/o:linux:linux_kernel:2.6.19 cpe:/o:linux:linux_kernel:2.6.16 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.16.11 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.17.4 cpe:/o:linux:linux_kernel:2.6.17.1 cpe:/o:linux:linux_kernel:2.6.20.19 cpe:/o:linux:linux_kernel:2.6.20.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.16.47 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.17:rc5 cpe:/o:linux:linux_kernel:2.6.22.4 cpe:/o:linux:linux_kernel:2.6.20.10 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6.20.18 cpe:/o:linux:linux_kernel:2.6.18.4 cpe:/o:linux:linux_kernel:2.6.18:rc4 cpe:/o:linux:linux_kernel:2.6.16.7 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.16.31:-rc4 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.16.31 cpe:/o:linux:linux_kernel:2.6.16.53 cpe:/o:linux:linux_kernel:2.6.22.15 cpe:/o:linux:linux_kernel:2.6.16.22 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.16.26 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.17:rc6 cpe:/o:linux:linux_kernel:2.6.18.6 cpe:/o:linux:linux_kernel:2.6.9 cpe:/o:linux:linux_kernel:2.6.16.17 cpe:/o:linux:linux_kernel:2.6.16.1 cpe:/o:linux:linux_kernel:2.6.16.61 cpe:/o:linux:linux_kernel:2.6.22.12 cpe:/o:linux:linux_kernel:2.6.18:rc1 cpe:/o:linux:linux_kernel:2.6.16.30 cpe:/o:linux:linux_kernel:2.6.16.4 cpe:/o:linux:linux_kernel:2.6.16.35 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.17.9 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.16.19 cpe:/o:linux:linux_kernel:2.6.16.62 cpe:/o:linux:linux_kernel:2.6.13.5 cpe:/o:linux:linux_kernel:2.6.17.12 cpe:/o:linux:linux_kernel:2.6.9:rc2 cpe:/o:linux:linux_kernel:2.6.16.46 cpe:/o:linux:linux_kernel:2.6.22.13 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.15.6 cpe:/o:linux:linux_kernel:2.6.17.14 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.23.8 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.16.50 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.16.33 cpe:/o:linux:linux_kernel:2.6.16.20 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.16.54 cpe:/o:linux:linux_kernel:2.6.17.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.19.2 cpe:/o:linux:linux_kernel:2.6.16.16 cpe:/o:linux:linux_kernel:2.6.9:rc3 cpe:/o:linux:linux_kernel:2.6.20.9 cpe:/o:linux:linux_kernel:2.6.20.14 cpe:/o:linux:linux_kernel:2.6.20.21 cpe:/o:linux:linux_kernel:2.6.16.9 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.17:rc3 cpe:/o:linux:linux_kernel:2.6.19.4 cpe:/o:linux:linux_kernel:2.6.21.3 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.18:rc2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.17:rc4 cpe:/o:linux:linux_kernel:2.6.20.16 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.17.2 cpe:/o:linux:linux_kernel:2.6.19.5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.20.15 cpe:/o:linux:linux_kernel:2.6.20.6 cpe:/o:linux:linux_kernel:2.6.21.5 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.16.6 cpe:/o:linux:linux_kernel:2.6.18.5 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.21.1 cpe:/o:linux:linux_kernel:2.6.16.21 cpe:/o:linux:linux_kernel:2.6.16.31:-rc1 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.22.10 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.16.42 cpe:/o:linux:linux_kernel:2.6.16.27 cpe:/o:linux:linux_kernel:2.6.23.10 cpe:/o:linux:linux_kernel:2.6.16.56 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.17.13 cpe:/o:linux:linux_kernel:2.6.16.38 cpe:/o:linux:linux_kernel:2.6.21.7 cpe:/o:linux:linux_kernel:2.6.16.13 cpe:/o:linux:linux_kernel:2.6.19.3 cpe:/o:linux:linux_kernel:2.6.16.24 cpe:/o:linux:linux_kernel:2.6.16.55 cpe:/o:linux:linux_kernel:2.6.16.32 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.16.8 cpe:/o:linux:linux_kernel:2.6.16.34 cpe:/o:linux:linux_kernel:2.6.19.1 cpe:/o:linux:linux_kernel:2.6.16.3 cpe:/o:linux:linux_kernel:2.6.17:rc1 cpe:/o:linux:linux_kernel:2.6.18.1 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.20 cpe:/o:linux:linux_kernel:2.6.22.9 cpe:/o:linux:linux_kernel:2.6.22.2 cpe:/o:linux:linux_kernel:2.6.15.7 cpe:/o:linux:linux_kernel:2.6.9:rc4 cpe:/o:linux:linux_kernel:2.6.16.44 cpe:/o:linux:linux_kernel:2.6.20.8 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.23.13 cpe:/o:linux:linux_kernel:2.6.16.59 cpe:/o:linux:linux_kernel:2.6.17:rc2 cpe:/o:linux:linux_kernel:2.6.14.6 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.17.7 cpe:/o:linux:linux_kernel:2.6.18:rc6 cpe:/o:linux:linux_kernel:2.6.16.37 cpe:/o:linux:linux_kernel:2.6.20.3 cpe:/o:linux:linux_kernel:2.6.16.12 cpe:/o:linux:linux_kernel:2.6.20.20 cpe:/o:linux:linux_kernel:2.6.16.51 cpe:/o:linux:linux_kernel:2.6.16.41 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.17.11 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.18.8 cpe:/o:linux:linux_kernel:2.6.17.6 cpe:/o:linux:linux_kernel:2.6.16.57 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.23.11 cpe:/o:linux:linux_kernel:2.6.16.28 cpe:/o:linux:linux_kernel:2.6.17.10 cpe:/o:linux:linux_kernel:2.6.16.18 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.16.31:-rc2 cpe:/o:linux:linux_kernel:2.6.16.58 cpe:/o:linux:linux_kernel:2.6.14.7 cpe:/o:linux:linux_kernel:2.6.21.4 cpe:/o:linux:linux_kernel:2.6.20.1 cpe:/o:linux:linux_kernel:2.6.16.25 cpe:/o:linux:linux_kernel:2.6.21.2 cpe:/o:linux:linux_kernel:2.6.18:rc5 cpe:/o:linux:linux_kernel:2.6.21.6 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.16.2 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.16.45 cpe:/o:linux:linux_kernel:2.6.20.2 cpe:/o:linux:linux_kernel:2.6.16.31:-rc3 cpe:/o:linux:linux_kernel:2.6.20.5 cpe:/o:linux:linux_kernel:2.6.16.49 cpe:/o:linux:linux_kernel:2.6.18.7 cpe:/o:linux:linux_kernel:2.6.22.8 cpe:/o:linux:linux_kernel:2.6.17.8 cpe:/o:linux:linux_kernel:2.6.21 cpe:/o:linux:linux_kernel:2.6.18.2 cpe:/o:linux:linux_kernel:2.6.19.6 cpe:/o:linux:linux_kernel:2.6.18.3 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.16.36 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.16.5 cpe:/o:linux:linux_kernel:2.6.16.39 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.18:rc3 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.16.23 cpe:/o:linux:linux_kernel:2.6.22.14 cpe:/o:linux:linux_kernel:2.6.20.7 cpe:/o:linux:linux_kernel:2.6.16.43 cpe:/o:linux:linux_kernel:2.6.16.10 cpe:/o:linux:linux_kernel:2.6.16.29 cpe:/o:linux:linux_kernel:2.6.17 cpe:/o:linux:linux_kernel:2.6.20.11 cpe:/o:linux:linux_kernel:2.6.20.13 cpe:/o:linux:linux_kernel:2.6.19.7 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.16.48 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.16.60 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.20.12 cpe:/o:linux:linux_kernel:2.6.11.10 CVE-2008-0001 2008-01-15T15:00:00.000-05:00 2012-03-19T00:00:00.000-04:00 3.6 LOCAL LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-01-15T15:22:00.000-05:00 BID 27280 FEDORA FEDORA-2008-0748 CONFIRM https://issues.rpath.com/browse/RPL-2146 XF linux-directory-security-bypass(39672) VUPEN ADV-2008-0151 UBUNTU USN-578-1 UBUNTU USN-574-1 BUGTRAQ 20080117 rPSA-2008-0021-1 kernel REDHAT RHSA-2008:0089 MANDRIVA MDVSA-2008:112 MANDRIVA MDVSA-2008:044 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14 DEBIAN DSA-1479 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0021 SECTRACK 1019289 SECUNIA 29245 SECUNIA 28971 SECUNIA 28806 SECUNIA 28748 SECUNIA 28706 SECUNIA 28664 SECUNIA 28643 SECUNIA 28628 SECUNIA 28626 SECUNIA 28558 SECUNIA 28485 REDHAT RHSA-2008:0055 SUSE SUSE-SA:2008:013 SUSE SUSE-SA:2008:006 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.16 CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=974a9f0b47da74e28f68b9c8645c3786aa5ace1a VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before 2.6.23.14, performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass intended permissions and remove directories. cpe:/a:apache:tomcat:6.0.11 cpe:/a:apache:tomcat:6.0.7 cpe:/a:apache:tomcat:6.0.9 cpe:/a:apache:tomcat:6.0.6 cpe:/a:apache:tomcat:6.0.14 cpe:/a:apache:tomcat:6.0.8 cpe:/a:apache:tomcat:6.0.10 cpe:/a:apache:tomcat:6.0.15 cpe:/a:apache:tomcat:6.0.12 cpe:/a:apache:tomcat:6.0.5 cpe:/a:apache:tomcat:6.0.13 CVE-2008-0002 2008-02-11T20:00:00.000-05:00 2011-03-07T22:03:45.220-05:00 5.8 NETWORK MEDIUM NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-02-12T10:12:00.000-05:00 FEDORA FEDORA-2008-1603 FEDORA FEDORA-2008-1467 VUPEN ADV-2009-3316 VUPEN ADV-2008-2780 VUPEN ADV-2008-0488 CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html BID 31681 BID 27703 BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components BUGTRAQ 20080208 CVE-2008-0002: Tomcat information disclosure vulnerability CONFIRM http://tomcat.apache.org/security-6.html CONFIRM http://support.apple.com/kb/HT3216 SREASON 3638 GENTOO GLSA-200804-10 SECUNIA 37460 SECUNIA 32222 SECUNIA 29711 SECUNIA 28915 SECUNIA 28834 SUSE SUSE-SR:2009:004 APPLE APPLE-SA-2008-10-09 Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception. cpe:/a:openpegasus:management_server:2.6.1 CVE-2008-0003 2008-01-08T15:46:00.000-05:00 2011-03-07T00:00:00.000-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-09T13:14:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 27188 REDHAT RHSA-2008:0002 FEDORA FEDORA-2008-0572 FEDORA FEDORA-2008-0506 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=426578 XF openpegasus-pambasic-bo(39527) CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4129 VUPEN ADV-2008-1391 VUPEN ADV-2008-1234 VUPEN ADV-2008-0638 VUPEN ADV-2008-0063 BID 27172 BUGTRAQ 20080416 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus VIM 20080115 vuldb confusion between OpenPegasus issues SECTRACK 1019159 SECUNIA 29986 SECUNIA 29785 SECUNIA 29056 SECUNIA 28462 SECUNIA 28338 OSVDB 40082 MLIST [Security-announce] 20080415 VMSA-2008-0007 Moderate Updated Service Console packages pcre, net-snmp, and OpenPegasus HP SSRT080000 HP HPSBMA02331 Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360. CVE-2008-0004 2009-03-26T06:12:08.780-04:00 2009-03-26T06:12:09.313-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:2.0 CVE-2008-0005 2008-01-11T19:46:00.000-05:00 2011-09-06T22:41:45.753-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-14T09:37:00.000-05:00 FEDORA FEDORA-2008-1695 FEDORA FEDORA-2008-1711 XF apache-modproxyftp-utf7-xss(39615) VUPEN ADV-2008-1875 VUPEN ADV-2008-0924 UBUNTU USN-575-1 SECTRACK 1019185 BID 27234 BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server BUGTRAQ 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability REDHAT RHSA-2008:0009 REDHAT RHSA-2008:0008 REDHAT RHSA-2008:0007 REDHAT RHSA-2008:0006 REDHAT RHSA-2008:0005 REDHAT RHSA-2008:0004 MANDRIVA MDVSA-2008:016 MANDRIVA MDVSA-2008:015 MANDRIVA MDVSA-2008:014 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm SREASON 3526 SREASONRES 20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability GENTOO GLSA-200803-19 SECUNIA 35650 SECUNIA 30732 SECUNIA 29640 SECUNIA 29420 SECUNIA 29348 SECUNIA 28977 SECUNIA 28749 SECUNIA 28607 SECUNIA 28526 SECUNIA 28471 SECUNIA 28467 HP SSRT090208 HP HPSBOV02683 HP HPSBUX02465 HP HPSBUX02465 HP HPSBUX02431 HP HPSBUX02431 MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server SUSE SUSE-SA:2008:021 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. cpe:/a:sun:solaris_libxfont cpe:/a:x.org:xserver:1.4 cpe:/a:sun:solaris_libfont CVE-2008-0006 2008-01-18T18:00:00.000-05:00 2011-03-07T22:03:45.643-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-21T09:13:00.000-05:00 ALLOWS_USER_ACCESS BID 27336 SUNALERT 103192 MLIST [xorg] 20080117 X.Org security advisory: multiple vulnerabilities in the X server FEDORA FEDORA-2008-0891 FEDORA FEDORA-2008-0831 FEDORA FEDORA-2008-0794 FEDORA FEDORA-2008-0760 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=428044 XF xorg-pcffont-bo(39767) VUPEN ADV-2008-3000 VUPEN ADV-2008-0924 VUPEN ADV-2008-0703 VUPEN ADV-2008-0497 VUPEN ADV-2008-0184 VUPEN ADV-2008-0179 UBUNTU USN-571-1 BID 27352 REDHAT RHSA-2008:0064 REDHAT RHSA-2008:0030 REDHAT RHSA-2008:0029 MANDRIVA MDVSA-2008:024 MANDRIVA MDVSA-2008:022 MANDRIVA MDVSA-2008:021 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-038.htm SECTRACK 1019232 GENTOO GLSA-200801-09 SECUNIA 32545 SECUNIA 28621 SECUNIA 28592 SECUNIA 28571 SECUNIA 28550 SECUNIA 28544 SECUNIA 28542 SECUNIA 28540 SECUNIA 28536 SECUNIA 28535 SECUNIA 28532 SECUNIA 28500 SECUNIA 28273 SUSE SUSE-SA:2008:003 JVNDB JVNDB-2008-001043 JVN JVN#88935101 HP HPSBUX02381 HP HPSBUX02381 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=204362 CONFIRM https://issues.rpath.com/browse/RPL-2010 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile112539&label=AIX%20X%20server%20multiple%20vulnerabilities BUGTRAQ 20080130 rPSA-2008-0032-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs OPENBSD [4.2] 20080208 006: SECURITY FIX: February 8, 2008 OPENBSD [4.1] 20080208 012: SECURITY FIX: February 8, 2008 GENTOO GLSA-200805-07 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-077.htm SUNALERT 201230 GENTOO GLSA-200804-05 SECUNIA 30161 SECUNIA 29707 SECUNIA 29622 SECUNIA 29420 SECUNIA 29139 SECUNIA 28941 SECUNIA 28885 SECUNIA 28843 SECUNIA 28718 SUSE SUSE-SR:2008:008 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. cpe:/o:linux:linux_kernel:2.6.22.16 CVE-2008-0007 2008-02-07T21:00:00.000-05:00 2011-03-07T22:03:45.783-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-08T13:02:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2008-2222 VUPEN ADV-2008-0445 UBUNTU USN-618-1 REDHAT RHSA-2008:0787 MANDRIVA MDVSA-2008:174 MANDRIVA MDVSA-2008:112 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17 DEBIAN DSA-1565 SECUNIA 33280 SECUNIA 31246 SECUNIA 30769 SECUNIA 30116 SECUNIA 30112 SECUNIA 30110 SECUNIA 30018 MLIST [linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) MLIST [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix SUSE SUSE-SA:2008:006 BID 27705 BID 27686 BUGTRAQ 20080208 rPSA-2008-0048-1 kernel REDHAT RHSA-2008:0237 REDHAT RHSA-2008:0233 REDHAT RHSA-2008:0211 MANDRIVA MDVSA-2008:072 MANDRIVA MDVSA-2008:044 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 DEBIAN DSA-1504 DEBIAN DSA-1503 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048 SECTRACK 1019357 SECUNIA 29570 SECUNIA 29058 SECUNIA 28826 SECUNIA 28806 SUSE SUSE-SA:2008:017 Linux kernel before 2.6.22.17, when using certain drivers that register a fault handler that does not perform range checks, allows local users to access kernel memory via an out-of-range offset. cpe:/a:pulseaudio:pulseaudio:0.9.8 cpe:/a:pulseaudio:pulseaudio:0.9.6 CVE-2008-0008 2008-01-28T19:00:00.000-05:00 2011-08-10T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-29T12:18:00.000-05:00 ALLOWS_ADMIN_ACCESS FEDORA FEDORA-2008-0994 FEDORA FEDORA-2008-0963 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=425481 CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=347822 XF pulseaudio-padroproot-privilege-escalation(39992) VUPEN ADV-2008-0283 UBUNTU USN-573-1 BID 27449 MANDRIVA MDVSA-2008:027 DEBIAN DSA-1476 GENTOO GLSA-200802-07 SECUNIA 28952 SECUNIA 28738 SECUNIA 28623 SECUNIA 28608 CONFIRM http://pulseaudio.org/changeset/2100 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=207214 The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22:rc6 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.22.4 CVE-2008-0009 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:46.203-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-02-12T17:31:00.000-05:00 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=431206 VUPEN ADV-2008-0487 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 MISC http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt FEDORA FEDORA-2008-1423 FEDORA FEDORA-2008-1422 BID 27799 BID 27704 BUGTRAQ 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference SECUNIA 28896 SECUNIA 28835 The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations. cpe:/o:linux:linux_kernel:2.6.24:rc3 cpe:/o:linux:linux_kernel:2.6.23.1 cpe:/o:linux:linux_kernel:2.6.22.5 cpe:/o:linux:linux_kernel:2.6.22:rc6 cpe:/o:linux:linux_kernel:2.6.23:rc2 cpe:/o:linux:linux_kernel:2.6.22.7 cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.6.23 cpe:/o:linux:linux_kernel:2.6.22.6 cpe:/o:linux:linux_kernel:2.6.23.2 cpe:/o:linux:linux_kernel:2.6.22.3 cpe:/o:linux:linux_kernel:2.6.23:rc1 cpe:/o:linux:linux_kernel:2.6.23.4 cpe:/o:linux:linux_kernel:2.6.23.6 cpe:/o:linux:linux_kernel:2.6.22.16 cpe:/o:linux:linux_kernel:2.6.23.9 cpe:/o:linux:linux_kernel:2.6.24:rc2 cpe:/o:linux:linux_kernel:2.6.23.5 cpe:/o:linux:linux_kernel:2.6.23.14 cpe:/o:linux:linux_kernel:2.6.22.1 cpe:/o:linux:linux_kernel:2.6.23.7 cpe:/o:linux:linux_kernel:2.6.23.3 cpe:/o:linux:linux_kernel:2.6.22.4 CVE-2008-0010 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:46.283-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-02-12T17:35:00.000-05:00 VUPEN ADV-2008-0487 MILW0RM 5093 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 MISC http://isec.pl/vulnerabilities/isec-0026-vmsplice_to_kernel.txt FEDORA FEDORA-2008-1423 FEDORA FEDORA-2008-1422 BID 27796 BID 27704 BUGTRAQ 20080212 CSA-L03: Linux kernel vmsplice unchecked user-pointer dereference DEBIAN DSA-1494 SECUNIA 28896 SECUNIA 28875 SECUNIA 28835 The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations. cpe:/a:microsoft:directx:10.0 cpe:/a:microsoft:directx:9.0 cpe:/a:microsoft:directx:7.0 cpe:/a:microsoft:directx:8.1 CVE-2008-0011 2008-06-11T22:32:00.000-04:00 2011-03-07T22:03:46.377-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-06-12T09:30:00.000-04:00 CERT TA08-162B BID 29581 MS MS08-033 SECTRACK 1020222 SECUNIA 30579 VUPEN ADV-2008-1780 HP SSRT080087 HP SSRT080087 Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7 CVE-2008-0012 2008-11-17T18:30:00.377-05:00 2012-10-30T22:50:03.937-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-11-18T11:27:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#768681 XF application-rpc-config1-bo(39918) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014. cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7 CVE-2008-0013 2008-11-17T18:30:00.407-05:00 2012-10-30T22:50:04.107-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-11-18T11:29:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#768681 XF application-rpc-config2-bo(39919) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014. cpe:/a:trend_micro:serverprotect:5.58 cpe:/a:trend_micro:serverprotect:5.7 CVE-2008-0014 2008-11-17T18:30:00.420-05:00 2012-10-30T22:50:04.310-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-11-18T11:30:00.000-05:00 CERT-VN VU#768681 XF application-rpc-config3-bo(39920) VUPEN ADV-2008-3127 BID 32261 ISS 20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3) SECUNIA 32618 MISC http://blogs.iss.net/archive/trend.html Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013. cpe:/o:microsoft:windows_2003_server:-:sp2:x64 cpe:/o:microsoft:windows_xp:-:sp3 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_2003_server:-:sp2 cpe:/o:microsoft:windows_xp:-:sp2 cpe:/o:microsoft:windows_2003_server:-:sp2:itanium CVE-2008-0015 2009-07-07T19:30:00.187-04:00 2010-08-21T01:15:06.493-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-07-08T09:34:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA09-223A CERT TA09-195A CERT TA09-187A CERT-VN VU#180513 VUPEN ADV-2009-2232 SECTRACK 1022514 BID 35585 BID 35558 MS MS09-037 MS MS09-032 CONFIRM http://www.microsoft.com/technet/security/advisory/972890.mspx ISS 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities MISC http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799 SECUNIA 36187 OSVDB 55651 MISC http://isc.sans.org/diary.html?storyid=6733 MISC http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability." cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:1.5:beta1 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:seamonkey:1.0::dev cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:firefox:1.0.7 cpe:/a:mozilla:seamonkey:1.0.99 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:0.9_rc cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:1.5:beta2 cpe:/a:mozilla:firefox:1.5.0.12 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:seamonkey:1.0::alpha cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.8 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:firefox:0.9:rc cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:firefox:1.5.7 CVE-2008-0016 2008-09-24T16:37:04.453-04:00 2012-10-29T23:04:55.453-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-09-25T13:15:00.000-04:00 ALLOWS_ADMIN_ACCESS CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=443288 FEDORA FEDORA-2008-8429 FEDORA FEDORA-2008-8401 CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=451617 VUPEN ADV-2009-0977 VUPEN ADV-2008-2661 UBUNTU USN-645-2 UBUNTU USN-645-1 SECTRACK 1020913 BID 31397 REDHAT RHSA-2008:0908 REDHAT RHSA-2008:0882 CONFIRM http://www.mozilla.org/security/announce/2008/mfsa2008-37.html MANDRIVA MDVSA-2008:206 MANDRIVA MDVSA-2008:205 DEBIAN DSA-1697 DEBIAN DSA-1696 DEBIAN DSA-1669 DEBIAN DSA-1649 SUNALERT 256408 SLACKWARE SSA:2008-270-01 SLACKWARE SSA:2008-269-01 SLACKWARE SSA:2008-269-02 SECUNIA 34501 SECUNIA 33434 SECUNIA 33433 SECUNIA 32845 SECUNIA 32196 SECUNIA 32185 SECUNIA 32144 SECUNIA 32092 SECUNIA 32082 SECUNIA 32044 SECUNIA 32042 SECUNIA 32012 SECUNIA 32010 SECUNIA 31985 SECUNIA 31984 SUSE SUSE-SA:2008:050 CONFIRM http://download.novell.com/Download?buildid=WZXONb-tqBw~ Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. cpe:/a:mozilla:seamonkey:1.1.2 cpe:/a:mozilla:firefox:2.0.0.5 cpe:/a:mozilla:seamonkey:1.1.6 cpe:/a:mozilla:firefox:2.0.0.14 cpe:/a:mozilla:seamonkey:1.1.7 cpe:/a:mozilla:seamonkey:1.0.2 cpe:/a:mozilla:firefox:2.0.0.8 cpe:/a:mozilla:seamonkey:1.1.10 cpe:/a:mozilla:firefox:2.0.0.13 cpe:/a:mozilla:seamonkey:1.1.3 cpe:/a:mozilla:seamonkey:1.0.4 cpe:/a:mozilla:firefox:2.0.0.6 cpe:/a:mozilla:firefox:2.0.0.9 cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:seamonkey:1.0:alpha cpe:/a:mozilla:seamonkey:1.0.7 cpe:/a:mozilla:seamonkey:1.1:beta cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:3.0.1 cpe:/a:mozilla:firefox:2.0.0.12 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:seamonkey:1.0.9 cpe:/a:mozilla:seamonkey:1.1.12 cpe:/a:mozilla:seamonkey:1.0.8 cpe:/a:mozilla:seamonkey:1.1.11 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:3.0 cpe:/a:mozilla:seamonkey:1.1.8 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:seamonkey:1.1.5 cpe:/a:mozilla:seamonkey:1.1.9 cpe:/a:mozilla:seamonkey:1.1:alpha cpe:/a:mozilla:firefox:2.0.0.7 cpe:/a:mozilla:firefox:2.0.0.15 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:2.0.0.16 cpe:/a:mozilla:seamonkey:1.0.5 cpe:/a:mozilla:seamonkey:1.0:beta cpe:/a:mozilla:seamonkey:1.0.3 cpe:/a:mozilla:seamonkey:1.0 cpe:/a:mozilla:firefox:2.0.0.10 cpe:/a:mozilla:seamonkey:1.1 cpe:/a:mozilla:seamonkey:1.1.1 cpe:/a:mozilla:firefox:2.0.0.17 cpe:/a:mozilla:seamonkey:1.0.6 cpe:/a:mozilla:firefox:2.0.0.11 cpe:/a:mozilla:seamonkey:1.0.1 cpe:/a:mozilla:seamonkey:1.1.4 CVE-2008-0017 2008-11-13T06:30:01.173-05:00 2012-10-30T22:50:05.373-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-11-13T13:21:00.000-05:00 CERT TA08-319A FEDORA FEDORA-2008-9669 FEDORA FEDORA-2008-9667 MISC https://bugzilla.mozilla.org/show_bug.cgi?id=443299 VUPEN ADV-2009-0977 VUPEN ADV-2008-3146 SECTRACK 1021185 BID 32281 REDHAT RHSA-2008:0978 REDHAT RHSA-2008:0977 CONFIRM http://www.mozilla.org/security/announce/2008/mfsa2008-54.html MANDRIVA MDVSA-2008:230 MANDRIVA MDVSA-2008:228 ISS 20081113 Mozilla Unchecked Allocation Remote Code Execution DEBIAN DSA-1697 DEBIAN DSA-1671 DEBIAN DSA-1669 UBUNTU USN-667-1 SUNALERT 256408 SECUNIA 34501 SECUNIA 33433 SECUNIA 32853 SECUNIA 32845 SECUNIA 32778 SECUNIA 32721 SECUNIA 32714 SECUNIA 32713 SECUNIA 32695 SECUNIA 32694 SECUNIA 32693 SECUNIA 32684 SUSE SUSE-SA:2008:055 The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. cpe:/o:microsoft:windows_2003_server:-:sp2:x64 cpe:/o:microsoft:windows_xp:-:sp3 cpe:/o:microsoft:windows_xp::sp2:professional_x64 cpe:/o:microsoft:windows_2003_server:-:sp2 cpe:/o:microsoft:windows_xp:-:sp2 cpe:/o:microsoft:windows_2003_server:-:sp2:itanium CVE-2008-0020 2009-07-07T19:30:00.217-04:00 2010-08-21T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-07-08T09:23:00.000-04:00 CERT TA09-223A VUPEN ADV-2009-2232 MS MS09-037 SECTRACK 1022712 ISS 20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities SECUNIA 36187 MISC http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015. cpe:/a:cisco:unified_callmanager:5.0%283a%29 cpe:/a:cisco:unified_communications_manager:5.0_4a_su1 cpe:/a:cisco:unified_callmanager:5.0 cpe:/a:cisco:unified_communications_manager:6.0_1 cpe:/a:cisco:unified_communications_manager:5.0_4 cpe:/a:cisco:unified_callmanager:5.0%282%29 cpe:/a:cisco:unified_communications_manager:5.0_3 cpe:/a:cisco:unified_callmanager:6.0 cpe:/a:cisco:unified_callmanager:5.0_4a cpe:/a:cisco:unified_callmanager:5.0%284%29 cpe:/a:cisco:unified_callmanager:5.1 cpe:/a:cisco:unified_communications_manager:5.0_2 cpe:/a:cisco:unified_communications_manager:6.0 cpe:/a:cisco:unified_communications_manager:5.0 cpe:/a:cisco:unified_callmanager:5.0%283%29 cpe:/a:cisco:unified_communications_manager:5.0_4a cpe:/a:cisco:unified_communications_manager:5.0_3a cpe:/a:cisco:unified_callmanager:5.0%281%29 cpe:/a:cisco:unified_communications_manager:6.1 cpe:/a:cisco:unified_communications_manager:5.0_1 CVE-2008-0026 2008-02-14T07:00:00.000-05:00 2011-08-08T00:00:00.000-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-14T14:03:00.000-05:00 ALLOWS_OTHER_ACCESS XF cucm-interface-sql-injection(40484) VUPEN ADV-2008-0542 SECTRACK 1019404 BID 27775 CISCO 20080213 SQL injection in Cisco Unified Communications Manager SECUNIA 28932 SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. cpe:/a:cisco:unified_callmanager:4.1%283%29sr5 cpe:/a:cisco:unified_communications_manager:4.2.3sr2b cpe:/a:cisco:unified_callmanager:4.0 cpe:/a:cisco:unified_communications_manager:4.2.3sr2 cpe:/a:cisco:unified_communications_manager:4.2 cpe:/a:cisco:unified_callmanager:4.1%283%29sr4 cpe:/a:cisco:unified_callmanager:4.1 cpe:/a:cisco:unified_callmanager:4.1%283%29sr5b cpe:/a:cisco:unified_communications_manager:4.3 CVE-2008-0027 2008-01-16T22:00:00.000-05:00 2011-03-07T22:03:48.080-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-17T11:01:00.000-05:00 ALLOWS_ADMIN_ACCESS CISCO 20080116 Cisco Unified Communications Manager CTL Provider Heap Overflow XF cisco-cucm-ctl-bo(39704) VUPEN ADV-2008-0171 BID 27313 BUGTRAQ 20080116 TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability MISC http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 SECTRACK 1019223 SREASON 3551 SECUNIA 28530 Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request. cpe:/o:cisco:pix_firewall:8.0%282%29 cpe:/h:cisco:5500_adaptive_security_appliance:7.2:2 cpe:/o:cisco:pix_firewall:7.2%282%29 cpe:/h:cisco:5500_series_adaptive_security_appliance:8.0:2 CVE-2008-0028 2008-01-23T16:00:00.000-05:00 2011-03-07T00:00:00.000-05:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-01-23T16:47:00.000-05:00 XF pix-asa-ttl-dos(39862) VUPEN ADV-2008-0259 SECTRACK 1019263 SECTRACK 1019262 BID 27418 CISCO 20080123 Cisco PIX and ASA Time-to-Live Vulnerability SECUNIA 28625 Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. cpe:/a:cisco:application_velocity_system:5.0.1 CVE-2008-0029 2008-01-23T16:00:00.000-05:00 2011-03-07T22:03:48.283-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-23T17:02:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2008-0260 CISCO 20080123 Default Passwords in the Application Velocity System XF ciscoavs-default-password-admin-account(39860) SECTRACK 1019259 BID 27421 Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. cpe:/a:apple:quicktime:7.3 CVE-2008-0031 2008-01-15T21:00:00.000-05:00 2011-09-20T22:48:54.787-04:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-01-16T11:46:00.000-05:00 CERT TA08-016A VUPEN ADV-2008-0148 APPLE APPLE-SA-2008-01-15 CONFIRM http://docs.info.apple.com/article.html?artnum=307301 XF quicktime-sorenson-code-execution(39695) SECTRACK 1019221 BID 27298 SECUNIA 28502 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. cpe:/a:apple:quicktime:7.3 CVE-2008-0032 2008-01-15T22:00:00.000-05:00 2011-03-07T22:03:48.750-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-01-16T13:43:00.000-05:00 CERT TA08-016A IDEFENSE 20080115 Apple QuickTime Macintosh Resource Processing Heap Corruption Vulnerability VUPEN ADV-2008-0148 APPLE APPLE-SA-2008-01-15 CONFIRM http://docs.info.apple.com/article.html?artnum=307301 XF quicktime-macintosh-code-execution(39696) SECTRACK 1019221 BID 27301 SECUNIA 28502 Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. cpe:/a:apple:quicktime:7.3.1.70 CVE-2008-0033 2008-01-15T22:00:00.000-05:00 2011-03-07T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-16T13:45:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-016A XF quicktime-idsc-code-execution(39697) VUPEN ADV-2008-0148 SECTRACK 1019221 BID 27299 BUGTRAQ 20080115 TPTI-08-01: Apple Quicktime Image File IDSC Atom Memory Corruption Vulnerability SECUNIA 28502 APPLE APPLE-SA-2008-01-15 MISC http://dvlabs.tippingpoint.com/advisory/TPTI-08-01 CONFIRM http://docs.info.apple.com/article.html?artnum=307301 Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption. cpe:/h:apple:iphone:1.0.2 cpe:/h:apple:iphone:1.1.1 cpe:/h:apple:iphone:1.0 cpe:/h:apple:iphone:1.1.2 cpe:/h:apple:iphone:1.0.1 cpe:/h:apple:iphone:1.02 CVE-2008-0034 2008-01-15T21:00:00.000-05:00 2011-03-07T22:03:48.923-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-16T11:56:00.000-05:00 ALLOWS_USER_ACCESS VUPEN ADV-2008-0147 APPLE APPLE-SA-2008-01-15 CONFIRM http://docs.info.apple.com/article.html?artnum=307302 XF iphone-passcode-lock-security-bypass(39701) SECTRACK 1019219 BID 27297 SECUNIA 28497 Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. cpe:/a:apple:safari CVE-2008-0035 2008-01-15T21:00:00.000-05:00 2011-05-13T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-16T11:58:00.000-05:00 CERT TA08-043B XF iphone-ipod-foundation-code-execution(39700) VUPEN ADV-2008-0495 VUPEN ADV-2008-0147 SECTRACK 1019220 BID 27296 SECUNIA 28891 SECUNIA 28497 APPLE APPLE-SA-2008-01-15 APPLE APPLE-SA-2008-02-11 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 CONFIRM http://docs.info.apple.com/article.html?artnum=307302 Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. cpe:/a:apple:quicktime:7.3 CVE-2008-0036 2008-01-15T22:00:00.000-05:00 2011-03-07T22:03:49.110-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-16T13:45:00.000-05:00 CERT TA08-016A VUPEN ADV-2008-2064 VUPEN ADV-2008-0148 SECUNIA 31034 APPLE APPLE-SA-2008-01-15 APPLE APPLE-SA-2008-07-10 CONFIRM http://docs.info.apple.com/article.html?artnum=307301 XF quicktime-pict-bo(39698) SECTRACK 1019221 BID 27300 SECUNIA 28502 Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5 CVE-2008-0037 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.187-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-02-12T15:24:00.000-05:00 CERT TA08-043B APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019365 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5 CVE-2008-0038 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.297-05:00 1.9 LOCAL MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-02-12T15:28:00.000-05:00 CERT TA08-043B APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019360 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. cpe:/a:apple:mail CVE-2008-0039 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.377-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-12T15:31:00.000-05:00 ALLOWS_OTHER_ACCESS CERT TA08-043B APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019361 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5 CVE-2008-0040 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.487-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-12T15:34:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043B APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019362 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5 CVE-2008-0041 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.563-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-02-12T15:37:00.000-05:00 CERT TA08-043B APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019363 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. cpe:/o:apple:mac_os_x:10.5.1 cpe:/o:apple:mac_os_x:10.5 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0042 2008-02-12T15:00:00.000-05:00 2011-03-07T22:03:49.687-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-12T15:41:00.000-05:00 ALLOWS_OTHER_ACCESS CERT TA08-043B CERT-VN VU#774345 APPLE APPLE-SA-2008-02-11 VUPEN ADV-2008-0495 SECTRACK 1019364 BID 27736 SECUNIA 28891 CONFIRM http://docs.info.apple.com/article.html?artnum=307430 Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. cpe:/a:apple:iphoto:7.1 CVE-2008-0043 2008-02-07T21:00:00.000-05:00 2011-03-07T22:03:49.767-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-08T13:05:00.000-05:00 ALLOWS_ADMIN_ACCESS APPLE APPLE-SA-2008-02-05 VUPEN ADV-2008-0428 SECTRACK 1019307 SECUNIA 28805 CONFIRM http://docs.info.apple.com/article.html?artnum=307398 BID 27636 Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0044 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:49.860-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T10:21:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-afpclient-bo(41319) VUPEN ADV-2008-0924 SECTRACK 1019640 BID 28320 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0045 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:49.953-05:00 7.1 NETWORK MEDIUM NONE COMPLETE NONE NONE http://nvd.nist.gov 2008-03-19T10:29:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-afpserver-security-bypass(41318) VUPEN ADV-2008-0924 SECTRACK 1019642 BID 28323 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.2 CVE-2008-0046 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:50.047-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-03-19T10:35:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-applicationfirewall-weak-security(41317) VUPEN ADV-2008-0924 SECTRACK 1019658 BID 28368 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. cpe:/a:cups:cups:1.3.5 CVE-2008-0047 2008-03-18T19:44:00.000-04:00 2011-03-07T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-19T12:21:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 FEDORA FEDORA-2008-2897 FEDORA FEDORA-2008-2131 VUPEN ADV-2008-0924 VUPEN ADV-2008-0921 UBUNTU USN-598-1 SECTRACK 1019646 BID 28307 REDHAT RHSA-2008:0192 MANDRIVA MDVSA-2008:081 DEBIAN DSA-1530 GENTOO GLSA-200804-01 SECUNIA 29750 SECUNIA 29655 SECUNIA 29634 SECUNIA 29603 SECUNIA 29573 SECUNIA 29485 SECUNIA 29448 SECUNIA 29431 SECUNIA 29420 SUSE SUSE-SA:2008:015 IDEFENSE 20080318 Multiple Vendor CUPS CGI Heap Overflow Vulnerability CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0048 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:50.250-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T10:42:00.000-04:00 ALLOWS_USER_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-appkit-nsdocument-bo(41315) VUPEN ADV-2008-0924 SECTRACK 1019647 BID 28388 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0049 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:50.330-05:00 1.9 LOCAL MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-03-19T10:48:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-appkit-code-execution(41314) VUPEN ADV-2008-0924 SECTRACK 1019647 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 BID 28340 BID 28304 SECUNIA 29420 AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0050 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:50.423-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-03-19T10:55:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-cfnetwork-502badgateway-spoofing(41313) VUPEN ADV-2008-2094 VUPEN ADV-2008-0924 VUPEN ADV-2008-0920 SECTRACK 1019655 SECUNIA 31074 APPLE APPLE-SA-2008-07-11 CONFIRM http://docs.info.apple.com/article.html?artnum=307563 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 BID 28356 BID 28290 SECUNIA 29420 CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0051 2008-03-18T18:44:00.000-04:00 2011-03-07T22:03:50.547-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-19T11:01:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-corefoundation-timezone-code-execution(41310) VUPEN ADV-2008-0924 SECTRACK 1019670 BID 28375 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0052 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:50.627-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:27:00.000-04:00 ALLOWS_OTHER_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-coreservices-weak-security(41312) VUPEN ADV-2008-0924 SECTRACK 1019671 BID 28384 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. cpe:/a:apple:cups:1.3.9 cpe:/a:apple:cups:1.1.8 cpe:/a:apple:cups:1.1.5-1 cpe:/a:apple:cups:1.1.20:rc3 cpe:/a:apple:cups:1.4.1 cpe:/a:apple:cups:1.1.19:rc1 cpe:/a:apple:cups:1.3.3 cpe:/a:apple:cups:1.2.1 cpe:/a:apple:cups:1.1.16 cpe:/a:apple:cups:1.1.9-1 cpe:/a:apple:cups:1.2.6 cpe:/a:apple:cups:1.1.14 cpe:/a:apple:cups:1.1.19:rc3 cpe:/a:apple:cups:1.1.23:rc1 cpe:/a:apple:cups:1.1.6-1 cpe:/a:apple:cups:1.1.4 cpe:/a:apple:cups:1.1.22 cpe:/a:apple:cups:1.1.13 cpe:/a:apple:cups:1.2:b1 cpe:/a:apple:cups:1.1.12 cpe:/a:apple:cups:1.2.9 cpe:/a:apple:cups:1.1.21:rc2 cpe:/a:apple:cups:1.1.11 cpe:/a:apple:cups:1.3.2 cpe:/a:apple:cups:1.1.6-2 cpe:/a:apple:cups:1.2:b2 cpe:/a:apple:cups:1.1.20 cpe:/a:apple:cups:1.1.20:rc5 cpe:/a:apple:cups:1.1.7 cpe:/a:apple:cups:1.1.1 cpe:/a:apple:cups:1.3:rc1 cpe:/a:apple:cups:1.2.2 cpe:/a:apple:cups:1.2.4 cpe:/a:apple:cups:1.1.5 cpe:/a:apple:cups:1.2.8 cpe:/a:apple:cups:1.1.9 cpe:/a:apple:cups:1.3:b1 cpe:/a:apple:cups:1.1.19:rc2 cpe:/a:apple:cups:1.1.22:rc1 cpe:/a:apple:cups:1.1.22:rc2 cpe:/a:apple:cups:1.1.20:rc4 cpe:/a:apple:cups:1.1.21:rc1 cpe:/a:apple:cups:1.2:rc3 cpe:/a:apple:cups:1.1.19:rc5 cpe:/a:apple:cups:1.1.10-1 cpe:/a:apple:cups:1.1.5-2 cpe:/a:apple:cups:1.1.20:rc2 cpe:/a:apple:cups:1.3.5 cpe:/a:apple:cups:1.1.10 cpe:/a:apple:cups:1.1.19:rc4 cpe:/a:apple:cups:1.2.12 cpe:/a:apple:cups:1.2.7 cpe:/a:apple:cups:1.1.6-3 cpe:/a:apple:cups:1.1.21 cpe:/a:apple:cups:1.2:rc2 cpe:/a:apple:cups:1.2.5 cpe:/a:apple:cups:1.3.1 cpe:/a:apple:cups:1.1.20:rc1 cpe:/a:apple:cups:1.2.3 cpe:/a:apple:cups:1.1.18 cpe:/a:apple:cups:1.1.19 cpe:/a:apple:cups:1.1.20:rc6 cpe:/a:apple:cups:1.3:rc2 cpe:/a:apple:cups:1.1.23 cpe:/a:apple:cups:1.3.4 cpe:/a:apple:cups:1.3.0 cpe:/a:apple:cups:1.1.6 cpe:/a:apple:cups:1.2.10 cpe:/a:apple:cups:1.1.15 cpe:/a:apple:cups:1.1.2 cpe:/a:apple:cups:1.1.3 cpe:/a:apple:cups:1.1.17 cpe:/a:apple:cups:1.2:rc1 cpe:/a:apple:cups:1.2.11 cpe:/a:apple:cups:1.2.0 cpe:/a:apple:cups:1.1 CVE-2008-0053 2008-03-18T19:44:00.000-04:00 2011-05-13T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-19T12:32:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 FEDORA FEDORA-2008-2897 XF macos-cups-inputvalidation-unspecified(41272) VUPEN ADV-2008-0924 UBUNTU USN-598-1 SECTRACK 1019672 BID 28334 BID 28304 REDHAT RHSA-2008:0206 REDHAT RHSA-2008:0192 MANDRIVA MDVSA-2008:081 DEBIAN DSA-1625 GENTOO GLSA-200804-01 SECUNIA 31324 SECUNIA 29750 SECUNIA 29659 SECUNIA 29655 SECUNIA 29634 SECUNIA 29630 SECUNIA 29603 SECUNIA 29573 SECUNIA 29420 SUSE SUSE-SA:2008:020 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0054 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:50.813-05:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:37:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-nsselectorfromstring-code-execution(41355) VUPEN ADV-2008-0924 SECTRACK 1019649 BID 28341 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0055 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:51.063-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-19T12:40:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-nsfilemanager-priv-escalation(41299) VUPEN ADV-2008-0924 SECTRACK 1019649 BID 28343 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0056 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:51.157-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:43:00.000-04:00 ALLOWS_USER_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-foundation-nsfilemanager-bo(41309) VUPEN ADV-2008-0924 SECTRACK 1019649 BID 28357 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0057 2008-03-18T18:44:00.000-04:00 2011-09-09T00:00:00.000-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T11:06:00.000-04:00 ALLOWS_USER_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-appkit-parser-bo(41298) VUPEN ADV-2008-0924 SECTRACK 1019648 BID 28358 BID 28304 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0058 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:51.563-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:45:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-foundation-nsurl-code-execution(41297) VUPEN ADV-2008-0924 SECTRACK 1019650 BID 28359 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0059 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:51.657-05:00 5.8 NETWORK MEDIUM NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:46:00.000-04:00 CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-foundation-code-execution(41296) VUPEN ADV-2008-0924 SECTRACK 1019650 BID 28367 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." cpe:/o:apple:mac_os_x:10.5.2 cpe:/o:apple:mac_os_x_server:10.5.2 cpe:/o:apple:mac_os_x_server:10.4.11 cpe:/o:apple:mac_os_x:10.4.11 CVE-2008-0060 2008-03-18T19:44:00.000-04:00 2011-03-07T22:03:51.767-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-19T12:49:00.000-04:00 ALLOWS_OTHER_ACCESS CERT TA08-079A APPLE APPLE-SA-2008-03-18 XF macos-helpviewer-code-execution(41295) VUPEN ADV-2008-0924 SECTRACK 1019657 BID 28371 BID 28304 SECUNIA 29420 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. cpe:/a:maradns:maradns:1.0.12 cpe:/a:maradns:maradns:1.0.29 cpe:/a:maradns:maradns:1.2.12.01 cpe:/a:maradns:maradns:1.0.36 cpe:/a:maradns:maradns:1.0.26 cpe:/a:maradns:maradns:1.3.02 cpe:/a:maradns:maradns:1.0.01 cpe:/a:maradns:maradns:1.0.19 cpe:/a:maradns:maradns:1.0.18 cpe:/a:maradns:maradns:1.0.30 cpe:/a:maradns:maradns:1.0.16 cpe:/a:maradns:maradns:1.0.32 cpe:/a:maradns:maradns:1.0.15 cpe:/a:maradns:maradns:1.3.07.02 cpe:/a:maradns:maradns:1.2.12.07 cpe:/a:maradns:maradns:1.0.07 cpe:/a:maradns:maradns:1.0.33 cpe:/a:maradns:maradns:1.3.07 cpe:/a:maradns:maradns:1.0.05 cpe:/a:maradns:maradns:1.0.14 cpe:/a:maradns:maradns:1.0.13 cpe:/a:maradns:maradns:1.0.06 cpe:/a:maradns:maradns:1.2.12.04 cpe:/a:maradns:maradns:1.2.12.06 cpe:/a:maradns:maradns:1.0.34 cpe:/a:maradns:maradns:1.0.20 cpe:/a:maradns:maradns:1.3.07.01 cpe:/a:maradns:maradns:1.3.04 cpe:/a:maradns:maradns:1.0.39 cpe:/a:maradns:maradns:1.0.25 cpe:/a:maradns:maradns:1.2.12.03 cpe:/a:maradns:maradns:1.0.35 cpe:/a:maradns:maradns:1.0.10 cpe:/a:maradns:maradns:1.0.17 cpe:/a:maradns:maradns:1.0.00 cpe:/a:maradns:maradns:1.0.09 cpe:/a:maradns:maradns:1.0.27 cpe:/a:maradns:maradns:1.0.04 cpe:/a:maradns:maradns:1.0.28 cpe:/a:maradns:maradns:1.3.01 cpe:/a:maradns:maradns:1.2.12.02 cpe:/a:maradns:maradns:1.0.02 cpe:/a:maradns:maradns:1.0.23 cpe:/a:maradns:maradns:1.2.12.05 cpe:/a:maradns:maradns:1.3.07.03 cpe:/a:maradns:maradns:1.0.38 cpe:/a:maradns:maradns:1.0.22 cpe:/a:maradns:maradns:1.0.24 cpe:/a:maradns:maradns:1.0.11 cpe:/a:maradns:maradns:1.0.37 cpe:/a:maradns:maradns:1.0.31 cpe:/a:maradns:maradns:1.0.03 cpe:/a:maradns:maradns:1.0.21 cpe:/a:maradns:maradns:1.3.03 cpe:/a:maradns:maradns:1.0.08 cpe:/a:maradns:maradns:1.3.06 cpe:/a:maradns:maradns:1.3.05 CVE-2008-0061 2008-01-03T17:46:00.000-05:00 2011-03-07T22:03:51.907-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-04T08:44:00.000-05:00 VUPEN ADV-2008-0026 CONFIRM http://www.maradns.org/changelog.html CONFIRM http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html BID 27124 DEBIAN DSA-1445 GENTOO GLSA-200801-16 SECUNIA 28650 SECUNIA 28334 SECUNIA 28329 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=204351 MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records." cpe:/a:mit:kerberos_5:1.6.3_kdc CVE-2008-0062 2008-03-19T06:44:00.000-04:00 2011-09-06T22:41:51.410-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-19T16:07:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#895609 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt XF krb5-kdc-code-execution(41275) VUPEN ADV-2008-1744 VUPEN ADV-2008-1102 VUPEN ADV-2008-0924 VUPEN ADV-2008-0922 BUGTRAQ 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc HP SSRT100495 HP HPSBOV02682 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 FEDORA FEDORA-2008-2647 FEDORA FEDORA-2008-2637 CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0009.html UBUNTU USN-587-1 SECTRACK 1019626 BID 28303 BUGTRAQ 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues BUGTRAQ 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation REDHAT RHSA-2008:0182 REDHAT RHSA-2008:0181 REDHAT RHSA-2008:0180 REDHAT RHSA-2008:0164 MANDRIVA MDVSA-2008:071 MANDRIVA MDVSA-2008:070 MANDRIVA MDVSA-2008:069 GENTOO GLSA-200803-31 DEBIAN DSA-1524 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0112 CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html SECUNIA 30535 SECUNIA 29663 SECUNIA 29516 SECUNIA 29464 SECUNIA 29462 SECUNIA 29457 SECUNIA 29451 SECUNIA 29450 SECUNIA 29438 SECUNIA 29435 SECUNIA 29428 SECUNIA 29424 SECUNIA 29423 SECUNIA 29420 SUSE SUSE-SA:2008:016 KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. cpe:/a:mit:kerberos_5:1.6.3_kdc CVE-2008-0063 2008-03-19T06:44:00.000-04:00 2011-03-07T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-03-19T16:09:00.000-04:00 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2008-001.txt FEDORA FEDORA-2008-2647 FEDORA FEDORA-2008-2637 XF krb5-kdc-kerberos4-info-disclosure(41277) VUPEN ADV-2008-1744 VUPEN ADV-2008-1102 VUPEN ADV-2008-0924 VUPEN ADV-2008-0922 CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0009.html UBUNTU USN-587-1 SECTRACK 1019627 BID 28303 BUGTRAQ 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues BUGTRAQ 20080319 rPSA-2008-0112-1 krb5 krb5-server krb5-services krb5-test krb5-workstation BUGTRAQ 20080318 MITKRB5-SA-2008-001: double-free, uninitialized data vulnerabilities in krb5kdc REDHAT RHSA-2008:0182 REDHAT RHSA-2008:0181 REDHAT RHSA-2008:0180 REDHAT RHSA-2008:0164 MANDRIVA MDVSA-2008:071 MANDRIVA MDVSA-2008:070 MANDRIVA MDVSA-2008:069 GENTOO GLSA-200803-31 DEBIAN DSA-1524 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0112 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0112 CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022542.html CONFIRM http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5022520.html SECUNIA 30535 SECUNIA 29663 SECUNIA 29516 SECUNIA 29464 SECUNIA 29462 SECUNIA 29457 SECUNIA 29451 SECUNIA 29450 SECUNIA 29438 SECUNIA 29435 SECUNIA 29428 SECUNIA 29424 SECUNIA 29423 SECUNIA 29420 SUSE SUSE-SA:2008:016 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." cpe:/a:pierreegougelet:nconvert:4.85 cpe:/a:pierreegougelet:xnview:1.91 cpe:/a:pierreegougelet:gfl_sdk:2.870::windows cpe:/a:pierreegougelet:xnview:1.92 CVE-2008-0064 2008-01-31T15:00:00.000-05:00 2011-03-07T22:03:52.297-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-01T10:39:00.000-05:00 ALLOWS_ADMIN_ACCESS SECUNIA 28326 VUPEN ADV-2008-0329 VUPEN ADV-2008-0328 BID 27514 MISC http://secunia.com/secunia_research/2008-1/advisory SECUNIA 28710 Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file. cpe:/a:winamp:nullsoft_winamp:5.5 cpe:/a:winamp:nullsoft_winamp:5.21 cpe:/a:winamp:nullsoft_winamp:5.51 CVE-2008-0065 2008-01-22T15:00:00.000-05:00 2011-03-07T22:03:52.470-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-23T09:29:00.000-05:00 ALLOWS_ADMIN_ACCESS CONFIRM http://www.winamp.com/player/version-history VUPEN ADV-2008-0183 MISC http://secunia.com/secunia_research/2008-2/advisory/ SECUNIA 27865 XF winamp-inmp3-bo(39778) BID 27344 Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. cpe:/a:autonomy:keyview cpe:/a:ibm:lotus_notes:7.0.2 cpe:/a:ibm:lotus_notes:7.0.3 CVE-2008-0066 2008-04-10T14:05:00.000-04:00 2011-03-07T22:03:52.580-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-04-10T15:00:00.000-04:00 ALLOWS_ADMIN_ACCESS XF autonomy-keyview-html-multiple-bo(41724) VUPEN ADV-2008-1156 VUPEN ADV-2008-1153 SECTRACK 1019843 BID 28454 BUGTRAQ 20080414 Secunia Research: Lotus Notes htmsr.dll Buffer Overflows CONFIRM http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453 MISC http://secunia.com/secunia_research/2008-3/advisory/ SECUNIA 28210 SECUNIA 28209 SECUNIA 28140 Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element. cpe:/a:hp:openview_network_node_manager:7.51 CVE-2008-0067 2009-01-08T14:30:00.407-05:00 2011-09-21T22:48:46.553-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-01-08T15:14:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 33147 BUGTRAQ 20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities SECTRACK 1021521 SREASON 8307 SREASON 4885 MISC http://secunia.com/secunia_research/2008-13/ SECUNIA 28074 HP SSRT080144 HP SSRT080144 Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program. cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:7.53 CVE-2008-0068 2008-04-16T14:05:00.000-04:00 2012-10-30T22:50:10.763-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-04-17T12:35:00.000-04:00 XF hpopenview-openview5-directory-traversal(41790) VUPEN ADV-2008-1214 BID 28745 BUGTRAQ 20080414 Secunia Research: HP OpenView Network Node Manager OpenView5.exeDirectory Traversal BUGTRAQ 20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 SREASON 3814 HP HPSBMA02349 HP HPSBMA02349 MISC http://aluigi.altervista.org/adv/closedviewx-adv.txt SECTRACK 1019839 SECTRACK 1019838 OSVDB 44359 MISC http://secunia.com/secunia_research/2008-4/advisory/ SECUNIA 29796 Directory traversal vulnerability in OpenView5.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to read arbitrary files via directory traversal sequences in the Action parameter. cpe:/a:pierreegougelet:xnview:1.92 cpe:/a:pierreegougelet:xnview:1.92.1 CVE-2008-0069 2008-04-02T13:44:00.000-04:00 2011-03-07T22:03:52.830-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-04-02T14:12:00.000-04:00 SECUNIA 29620 XF xnview-slideshow-bo(41542) VUPEN ADV-2008-1044 BID 28579 MILW0RM 5346 MISC http://secunia.com/secunia_research/2008-6/advisory/ Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows user-assisted remote attackers to execute arbitrary code via a long FontName parameter in a slideshow (.sld) file, a different vector than CVE-2008-1461. cpe:/a:orb_networks:orb:2.0.1014 CVE-2008-0070 2008-03-31T13:44:00.000-04:00 2011-03-07T22:03:52.923-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-31T20:30:00.000-04:00 ALLOWS_OTHER_ACCESS XF orb-dimensions-bo(41410) VUPEN ADV-2008-0984 BID 28431 MISC http://secunia.com/secunia_research/2008-5/advisory/ SECUNIA 28203 Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA allows remote attackers to execute arbitrary code via an RPC request that specifies a large number of array dimensions, which triggers a heap-based buffer overflow. cpe:/a:utorrent:utorrent:1.7 cpe:/a:bittorrent:bittorrent:4.0.0 cpe:/a:utorrent:utorrent:1.1.6 cpe:/a:bittorrent:bittorrent:5.0.1 cpe:/a:bittorrent:bittorrent:4.1.7 cpe:/a:bittorrent:bittorrent:4.22.0 cpe:/a:bittorrent:bittorrent:5.2.0 cpe:/a:bittorrent:bittorrent:5.0.8 cpe:/a:bittorrent:bittorrent:4.4.0 cpe:/a:bittorrent:bittorrent:4.1.1 cpe:/a:bittorrent:bittorrent:4.1.8 cpe:/a:utorrent:utorrent:1.1.1 cpe:/a:bittorrent:bittorrent:6.0.1 cpe:/a:utorrent:utorrent:1.2.1 cpe:/a:bittorrent:bittorrent:5.0.4 cpe:/a:bittorrent:bittorrent:4.9.7 cpe:/a:bittorrent:bittorrent:3.9.1 cpe:/a:utorrent:utorrent:1.5 cpe:/a:bittorrent:bittorrent:4.1.6 cpe:/a:bittorrent:bittorrent:4.0.4 cpe:/a:bittorrent:bittorrent:4.20.9 cpe:/a:bittorrent:bittorrent:4.1.5 cpe:/a:bittorrent:bittorrent:4.22.1 cpe:/a:bittorrent:bittorrent:4.1.2 cpe:/a:bittorrent:bittorrent:4.9.3 cpe:/a:bittorrent:bittorrent:4.3.5 cpe:/a:utorrent:utorrent:1.7.3 cpe:/a:utorrent:utorrent:1.2.2 cpe:/a:bittorrent:bittorrent:5.0.5 cpe:/a:bittorrent:bittorrent:4.27.1 cpe:/a:utorrent:utorrent:1.7.2 cpe:/a:utorrent:utorrent:1.1.5 cpe:/a:bittorrent:bittorrent:4.4.1 cpe:/a:bittorrent:bittorrent:4.3.3 cpe:/a:utorrent:utorrent:1.1.7 cpe:/a:bittorrent:bittorrent:4.20.7 cpe:/a:bittorrent:bittorrent:4.2.1 cpe:/a:bittorrent:bittorrent:4.0.2 cpe:/a:bittorrent:bittorrent:4.3.4 cpe:/a:bittorrent:bittorrent:4.2.2 cpe:/a:bittorrent:bittorrent:4.1.0 cpe:/a:bittorrent:bittorrent:4.3.6 cpe:/a:bittorrent:bittorrent:4.20.4 cpe:/a:bittorrent:bittorrent:4.27.2 cpe:/a:utorrent:utorrent:1.7.6 cpe:/a:bittorrent:bittorrent:4.0.3 cpe:/a:utorrent:utorrent:1.6 cpe:/a:bittorrent:bittorrent:4.9.6 cpe:/a:bittorrent:bittorrent:6.0.2 cpe:/a:bittorrent:bittorrent:4.22.4 cpe:/a:bittorrent:bittorrent:4.9.2 cpe:/a:utorrent:utorrent:1.1.3 cpe:/a:bittorrent:bittorrent:4.24.0 cpe:/a:utorrent:utorrent:1.7.4 cpe:/a:bittorrent:bittorrent:4.20.8 cpe:/a:bittorrent:bittorrent:5.0.7 cpe:/a:bittorrent:bittorrent:4.9.9 cpe:/a:bittorrent:bittorrent:5.0.3 cpe:/a:bittorrent:bittorrent:4.20.6 cpe:/a:bittorrent:bittorrent:4.20.2 cpe:/a:bittorrent:bittorrent:4.9.4 cpe:/a:bittorrent:bittorrent:4.9.5 cpe:/a:utorrent:utorrent:1.1.4 cpe:/a:bittorrent:bittorrent:4.2.0 cpe:/a:bittorrent:bittorrent:4.24.2 cpe:/a:utorrent:utorrent:1.7.7 cpe:/a:bittorrent:bittorrent:5.0.6 cpe:/a:utorrent:utorrent:1.4 cpe:/a:bittorrent:bittorrent:4.20.0 cpe:/a:bittorrent:bittorrent:4.1.4 cpe:/a:bittorrent:bittorrent:5.0.2 cpe:/a:bittorrent:bittorrent:4.3.2 cpe:/a:bittorrent:bittorrent:4.20.1 cpe:/a:bittorrent:bittorrent:6.0 cpe:/a:bittorrent:bittorrent:5.0.0 cpe:/a:bittorrent:bittorrent:4.3.0 cpe:/a:utorrent:utorrent:1.4.2 cpe:/a:bittorrent:bittorrent:4.9.8 cpe:/a:utorrent:utorrent:1.7.5 cpe:/a:utorrent:utorrent:1.7.1 cpe:/a:utorrent:utorrent:1.2 cpe:/a:bittorrent:bittorrent:5.0.9 cpe:/a:bittorrent:bittorrent:4.0.1 cpe:/a:bittorrent:bittorrent:4.1.3 cpe:/a:bittorrent:bittorrent:4.26.0 cpe:/a:utorrent:utorrent:1.3 cpe:/a:bittorrent:bittorrent:4.3.1 CVE-2008-0071 2008-06-16T14:41:00.000-04:00 2011-03-07T22:03:53.000-05:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-06-17T09:33:00.000-04:00 BID 29661 VUPEN ADV-2008-1809 VUPEN ADV-2008-1808 SECTRACK 1020265 BUGTRAQ 20080611 Secunia Research: uTorrent / BitTorrent Web UI HTTP "Range" Header DoS MILW0RM 5918 SECTRACK 1020266 SREASON 3943 MISC http://secunia.com/secunia_research/2008-7/advisory/ SECUNIA 30605 SECUNIA 28703 The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. cpe:/a:gnome:evolution:2.12.3 CVE-2008-0072 2008-03-05T19:44:00.000-05:00 2011-03-07T00:00:00.000-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-06T13:42:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#512491 DEBIAN DSA-1512 FEDORA FEDORA-2008-2292 FEDORA FEDORA-2008-2290 CONFIRM https://issues.rpath.com/browse/RPL-2310 XF evolution-emfmultipart-format-string(41011) VUPEN ADV-2008-0768 UBUNTU USN-583-1 SECTRACK 1019540 BID 28102 BUGTRAQ 20080528 rPSA-2008-0105-1 evolution REDHAT RHSA-2008:0178 REDHAT RHSA-2008:0177 MANDRIVA MDVSA-2008:063 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105 GENTOO GLSA-200803-12 MISC http://secunia.com/secunia_research/2008-8/advisory/ SECUNIA 30491 SECUNIA 30437 SECUNIA 29317 SECUNIA 29264 SECUNIA 29258 SECUNIA 29244 SECUNIA 29210 SECUNIA 29163 SECUNIA 29057 SUSE SUSE-SA:2008:014 Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. cpe:/a:xine:xine-lib:1.1.10.1 CVE-2008-0073 2008-03-24T18:44:00.000-04:00 2011-03-07T22:03:54.237-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-03-25T10:44:00.000-04:00 ALLOWS_OTHER_ACCESS CONFIRM http://xinehq.de/index.php/news CONFIRM http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655 XF xinelib-sdpplinparse-bo(41339) VUPEN ADV-2008-0985 VUPEN ADV-2008-0923 UBUNTU USN-635-1 BID 28312 MANDRIVA MDVSA-2008:219 MANDRIVA MDVSA-2008:178 GENTOO GLSA-200808-01 MISC http://secunia.com/secunia_research/2008-10/ SECUNIA 31393 SECUNIA 31372 SECUNIA 30581 SECUNIA 29503 SECUNIA 28694 FEDORA FEDORA-2008-2569 FEDORA FEDORA-2008-2945 CONFIRM http://www.videolan.org/security/sa0803.php SLACKWARE SSA:2008-089-03 SECTRACK 1019682 DEBIAN DSA-1543 DEBIAN DSA-1536 CONFIRM http://wiki.videolan.org/Changelog/0.8.6f GENTOO GLSA-200804-25 SECUNIA 29800 SECUNIA 29766 SECUNIA 29740 SECUNIA 29601 SECUNIA 29578 SECUNIA 29472 SECUNIA 29392 SUSE SUSE-SR:2008:012 SUSE SUSE-SR:2008:007 Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. cpe:/a:microsoft:internet_information_server:6.0 cpe:/a:microsoft:internet_information_server:6.0:beta cpe:/a:microsoft:internet_information_server:5.1 cpe:/a:microsoft:iis:7.0 cpe:/a:microsoft:internet_information_server:5.0 CVE-2008-0074 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:54.313-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-12T17:36:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0507 HP SSRT080016 SECTRACK 1019384 BID 27101 SECUNIA 28849 HP HPSBST02314 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders. cpe:/a:microsoft:internet_information_server:6.0 cpe:/a:microsoft:internet_information_server:6.0:beta cpe:/a:microsoft:internet_information_server:5.1 CVE-2008-0075 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:54.407-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-12T17:38:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0508 HP SSRT080016 SECTRACK 1019385 BID 27676 SECUNIA 28893 HP HPSBST02314 Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. cpe:/a:microsoft:internet_explorer:7::windows_server_2003_x64_edition cpe:/a:microsoft:internet_explorer:6::windows_xp_professional_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp1_itanium cpe:/a:microsoft:internet_explorer:7::windows_xp_professional_x64_edition cpe:/a:microsoft:internet_explorer:7::windows_vista_x64 cpe:/a:microsoft:ie:6:windows_server_2003_sp1 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp2 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_sp2 cpe:/a:microsoft:ie:5.01:windows_2000_sp4 cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium cpe:/a:microsoft:internet_explorer:6::windows_server_2003_x64_edition cpe:/a:microsoft:ie:7:windows_xp_sp2 cpe:/a:microsoft:internet_explorer:7::windows_xp_professional_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:6::windows_xp_professional_x64_edition cpe:/a:microsoft:ie:6:windows_xp_sp2 cpe:/a:microsoft:internet_explorer:7::windows_vista cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp2_itanium cpe:/a:microsoft:ie:7:windows_server_2003_sp1 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_sp2_itanium CVE-2008-0076 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:54.470-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T10:54:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0512 MS MS08-010 HP SSRT080016 SECTRACK 1019379 BID 27668 SECUNIA 28903 HP HPSBST02314 Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." cpe:/a:microsoft:ie:7 cpe:/a:microsoft:ie:6 cpe:/a:microsoft:ie:6:sp1 CVE-2008-0077 2008-02-12T18:00:00.000-05:00 2011-04-13T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T11:17:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C CERT-VN VU#228569 MS MS08-010 MISC http://www.zerodayinitiative.com/advisories/ZDI-08-006.html VUPEN ADV-2008-0512 SECTRACK 1019380 BID 27666 BUGTRAQ 20080213 ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability SECUNIA 28903 HP SSRT080016 HP SSRT080016 IDEFENSE 20080212 Microsoft Internet Explorer Property Memory Corruption Vulnerability Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability." cpe:/a:microsoft:internet_explorer:7::windows_server_2003_x64_edition cpe:/a:microsoft:internet_explorer:6::windows_xp_professional_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp1_itanium cpe:/a:microsoft:internet_explorer:7::windows_xp_professional_x64_edition cpe:/a:microsoft:internet_explorer:7::windows_vista_x64 cpe:/a:microsoft:ie:6:windows_server_2003_sp1 cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp2 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_sp2 cpe:/a:microsoft:ie:5.01:windows_2000_sp4 cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium cpe:/a:microsoft:internet_explorer:6::windows_server_2003_x64_edition cpe:/a:microsoft:ie:7:windows_xp_sp2 cpe:/a:microsoft:internet_explorer:7::windows_xp_professional_x64_edition_sp2 cpe:/a:microsoft:internet_explorer:6::windows_xp_professional_x64_edition cpe:/a:microsoft:activex cpe:/a:microsoft:ie:6:windows_xp_sp2 cpe:/a:microsoft:internet_explorer:7::windows_vista cpe:/a:microsoft:internet_explorer:7::windows_server_2003_sp2_itanium cpe:/a:microsoft:ie:7:windows_server_2003_sp1 cpe:/a:microsoft:internet_explorer:6::windows_server_2003_sp2_itanium CVE-2008-0078 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:54.673-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T11:19:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0512 MS MS08-010 HP SSRT080016 SECTRACK 1019381 BID 27689 SECUNIA 28903 HP HPSBST02314 Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability." cpe:/a:microsoft:webdav_mini-redirector CVE-2008-0080 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:54.767-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T11:33:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0509 MS MS08-007 HP SSRT080016 SECTRACK 1019372 BID 27670 SECUNIA 28894 HP HPSBST02314 Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response. cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2004::mac CVE-2008-0081 2008-01-16T18:00:00.000-05:00 2011-04-15T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-17T10:29:00.000-05:00 CERT TA08-071A BID 27305 MS MS08-014 CONFIRM http://www.microsoft.com/technet/security/advisory/947563.mspx XF microsoft-excel-unspecified-code-execution(39699) VUPEN ADV-2008-0846 VUPEN ADV-2008-0146 MSKB 947563 SECTRACK 1019200 SECUNIA 28506 HP SSRT080028 HP SSRT080028 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490. cpe:/a:microsoft:windows_messenger:5.1 cpe:/a:microsoft:windows_messenger:4.7 CVE-2008-0082 2008-08-12T20:41:00.000-04:00 2011-03-07T22:03:54.970-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-08-13T11:02:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-225A MS MS08-050 VUPEN ADV-2008-2354 SECTRACK 1020681 BID 30551 BUGTRAQ 20080814 Microsoft Windows Messenger Remote Illegal Access Vulnerability SECUNIA 31446 HP HPSBST02360 HP HPSBST02360 An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp2 cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_xp::sp2:x64 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_2003_server:::x64 cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_2003_server::sp1:itanium cpe:/o:microsoft:windows_xp::sp2 CVE-2008-0083 2008-04-08T19:05:00.000-04:00 2011-03-07T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-04-09T08:59:00.000-04:00 CERT TA08-099A BID 28551 MS MS08-022 VUPEN ADV-2008-1146 SECTRACK 1019799 SECUNIA 29712 HP SSRT080048 HP HPSBST02329 The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. cpe:/o:microsoft:windows_vista CVE-2008-0084 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:55.157-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-02-12T17:44:00.000-05:00 CERT TA08-043C VUPEN ADV-2008-0506 HP SSRT080016 SECTRACK 1019383 BID 27634 SECUNIA 28828 HP SSRT080016 Unspecified vulnerability in the TCP/IP support in Microsoft Windows Vista allows remote DHCP servers to cause a denial of service (hang and restart) via a crafted DHCP packet. cpe:/a:microsoft:sql_server:2005:sp2 cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4 cpe:/a:microsoft:sql_server:2005:sp1:x64 cpe:/a:microsoft:sql_server:2005:sp2:x64 cpe:/a:microsoft:sql_server:2005:sp2:itanium cpe:/a:microsoft:wyukon::sp2 cpe:/a:microsoft:sql_server:2005:sp1:itanium cpe:/a:microsoft:wmsde:2000 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/a:microsoft:data_engine:1.0:sp4 cpe:/a:microsoft:sql_server:2005:sp2:express cpe:/a:microsoft:sql_server:2005:sp1:express cpe:/a:microsoft:sql_server:7.0:sp4 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/a:microsoft:sql_server:2000:sp4:itanium cpe:/a:microsoft:wyukon::sp2:x64 cpe:/a:microsoft:sql_server:2005:sp1 cpe:/a:microsoft:sql_server:2000:sp4 CVE-2008-0085 2008-07-08T19:41:00.000-04:00 2012-01-26T22:21:23.330-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-07-09T09:10:00.000-04:00 CERT TA08-190A MS MS08-040 VUPEN ADV-2008-2022 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html SECTRACK 1020441 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX SECUNIA 30970 SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. cpe:/a:microsoft:sql_server:2005:sp2 cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4 cpe:/a:microsoft:data_engine:1.0:sp4 cpe:/a:microsoft:sql_server:7.0:sp4 cpe:/a:microsoft:sql_server_express_edition:2005:sp2 cpe:/a:microsoft:sql_server:2000:sp4 CVE-2008-0086 2008-07-08T19:41:00.000-04:00 2012-01-26T22:21:23.500-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-07-09T09:45:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-190A VUPEN ADV-2008-2022 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html SECTRACK 1020441 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX BUGTRAQ 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability MS MS08-040 SECUNIA 30970 Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. cpe:/o:microsoft:windows_2003_server::sp2:itanium cpe:/o:microsoft:windows_2003_server::sp1 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows-nt:xp:sp2:pro:x64 cpe:/o:microsoft:windows_vista:::x64 cpe:/o:microsoft:windows_2003_server::sp2:x64 cpe:/o:microsoft:windows_2003_server::sp1:itanium cpe:/o:microsoft:windows-nt:xp::pro:x64 cpe:/o:microsoft:windows-nt:vista CVE-2008-0087 2008-04-08T19:05:00.000-04:00 2011-03-07T22:03:55.470-05:00 8.8 NETWORK MEDIUM NONE NONE COMPLETE COMPLETE http://nvd.nist.gov 2008-04-09T09:59:00.000-04:00 CERT TA08-099A BID 28553 VUPEN ADV-2008-1144 MISC http://www.trusteer.com/docs/windowsresolver.html SECTRACK 1019802 BUGTRAQ 20080408 Microsoft Windows DNS Stub Resolver Cache Poisoning (MS08-020) MS MS08-020 SECUNIA 29696 HP SSRT080048 HP HPSBST02329 The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_2003_server:sp2 CVE-2008-0088 2008-02-12T16:00:00.000-05:00 2011-03-07T22:03:55.580-05:00 6.8 NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2008-02-12T17:47:00.000-05:00 CERT TA08-043C VUPEN ADV-2008-0505 MS MS08-003 HP SSRT080016 SECTRACK 1019382 BID 27638 SECUNIA 28764 HP HPSBST02314 Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request. cpe:/a:clip-share:clipshare CVE-2008-0089 2008-01-03T20:46:00.000-05:00 2009-09-11T01:17:31.250-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-04T13:31:00.000-05:00 BID 27108 MILW0RM 4830 SECUNIA 28313 OSVDB 40077 XF clipshare-uprofile-sql-injection(39364) SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. cpe:/a:microsoft:ie:7 cpe:/a:divx:divx_player:6.6.0 CVE-2008-0090 2008-01-03T20:46:00.000-05:00 2008-09-05T17:34:11.420-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-04T13:34:00.000-05:00 BID 27106 MILW0RM 4829 XF divxwebplayer-npUpload-dos(39386) A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. cpe:/a:agency4net:webftp:1 CVE-2008-0091 2008-01-03T20:46:00.000-05:00 2011-03-07T22:03:55.860-05:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-04T13:41:00.000-05:00 VUPEN ADV-2008-0051 BID 27092 MILW0RM 4828 VIM 20080104 true: AGENCY4NET WEBFTP directory traversal; deletion possible XF agency4net-download2-directory-traversal(39343) SECUNIA 28309 Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. cpe:/a:phpwebsite:phpwebsite:1.4.0 CVE-2008-0092 2008-01-03T20:46:00.000-05:00 2008-09-05T17:34:11.717-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-04T13:51:00.000-05:00 BID 27090 BUGTRAQ 20080101 Cross-Site Scripting (XSS) in phpWebSite 1.4.0 search CONFIRM http://phpwebsite.appstate.edu/blog/2143 XF phpwebsite-search-xss(39391) SREASON 3511 SECUNIA 28303 Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. cpe:/a:eticket:eticket:1.5.6_rc3 cpe:/a:eticket:eticket:1.5.5.2 cpe:/a:eticket:eticket:1.5.6_rc2 CVE-2008-0093 2008-01-07T20:46:00.000-05:00 2008-09-05T17:34:11.857-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-08T10:19:00.000-05:00 MISC http://www.digitrustgroup.com/advisories/web-application-security-eticket.html SECUNIA 28331 XF eticket-name-subject-xss(39400) BID 27130 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. cpe:/a:modxcms:modxcms:0.9.6.1 CVE-2008-0094 2008-01-07T21:46:00.000-05:00 2008-10-11T01:48:31.607-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-08T10:28:00.000-05:00 SECUNIA 28220 XF modx-ajaxsearch-file-include(39352) BID 27097 BID 27096 BUGTRAQ 20080102 MODx CMS Source code disclosure, local file inclusion CONFIRM http://modxcms.com/forums/index.php/topic,21290.0.html SREASON 3522 Multiple directory traversal vulnerabilities in MODx Content Management System 0.9.6.1 allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the as_language parameter to assets/snippets/AjaxSearch/AjaxSearch.php, reached through index-ajax.php; and (2) read arbitrary local files via a .. (dot dot) in the file parameter to assets/js/htcmime.php. cpe:/a:asterisk:asterisknow:beta_6 cpe:/a:asterisk:s800i:1.0.3.3 cpe:/a:asterisk:asterisk_appliance_developer_kit:1.4_revision_95945 cpe:/a:asterisk:asterisk_business_edition:c.1.0beta7 cpe:/a:asterisk:open_source:1.4.16 CVE-2008-0095 2008-01-07T21:46:00.000-05:00 2011-03-07T22:03:56.297-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-08T10:36:00.000-05:00 BID 27110 SECUNIA 28312 CONFIRM http://downloads.digium.com/pub/security/AST-2008-001.html MISC http://bugs.digium.com/view.php?id=11637 FEDORA FEDORA-2008-0199 FEDORA FEDORA-2008-0198 XF asterisk-bye-also-dos(39361) VUPEN ADV-2008-0019 SECTRACK 1019152 BUGTRAQ 20080102 AST-2008-001: Crash from transfer using BYE with Also header SECUNIA 28299 SREASON 3520 The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference. cpe:/a:georgia_softworks:ssh2_server:7.01.0003 CVE-2008-0096 2008-01-07T21:46:00.000-05:00 2009-09-15T01:10:28.657-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:04:00.000-05:00 BID 27103 BUGTRAQ 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 SECUNIA 28307 MISC http://aluigi.altervista.org/adv/gswsshit-adv.txt SREASON 3517 Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in the log function; or (2) a long password. cpe:/a:georgia_softworks:ssh2_server:7.01.0003 CVE-2008-0097 2008-01-07T21:46:00.000-05:00 2008-09-05T17:34:12.467-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:08:00.000-05:00 BUGTRAQ 20080102 Multiple vulnerabilities in Georgia SoftWorks SSH2 Server 7.01.0003 SECUNIA 28307 MISC http://aluigi.altervista.org/adv/gswsshit-adv.txt SREASON 3517 Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message. cpe:/a:real:realplayer:11_build_6.0.14.748 CVE-2008-0098 2008-01-07T21:46:00.000-05:00 2011-03-07T22:03:56.563-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-08T11:11:00.000-05:00 VUPEN ADV-2008-0016 MISC http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer BID 27091 SECUNIA 28276 MLIST [Dailydave] 20080101 0day RealPlayer exploit demo MISC http://gleg.net/realplayer11.html SECTRACK 1019153 Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. cpe:/a:myphp_forum:myphp_forum:3.0 CVE-2008-0099 2008-01-07T21:46:00.000-05:00 2009-09-16T01:14:07.767-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:28:00.000-05:00 BID 27118 MILW0RM 4831 Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. cpe:/a:white_dune:white_dune:0.29beta791 CVE-2008-0100 2008-01-07T21:46:00.000-05:00 2008-10-11T01:48:32.387-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:36:00.000-05:00 BID 27102 SECUNIA 28287 XF whitedune-sceneerrorf-bo(39385) BUGTRAQ 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 CONFIRM http://vrml.cip.ica.uni-stuttgart.de/dune/news.html MISC http://aluigi.altervista.org/adv/whitedunboffs-adv.txt SREASON 3516 Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file. cpe:/a:white_dune:white_dune:0.29beta791 CVE-2008-0101 2008-01-07T21:46:00.000-05:00 2008-10-11T01:48:32.497-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:38:00.000-05:00 BID 27102 SECUNIA 28287 XF whitedune-swdegugf-format-string(39388) BUGTRAQ 20080102 Buffer-overflow and format string in White_Dune 0.29beta791 CONFIRM http://vrml.cip.ica.uni-stuttgart.de/dune/news.html MISC http://aluigi.altervista.org/adv/whitedunboffs-adv.txt SREASON 3516 Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file. cpe:/a:microsoft:publisher:2003:sp2 cpe:/a:microsoft:publisher:2000 cpe:/a:microsoft:publisher:2002 CVE-2008-0102 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:56.923-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T11:45:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C MS MS08-012 VUPEN ADV-2008-0514 HP SSRT080016 SECTRACK 1019376 BID 27739 SECUNIA 28906 HP HPSBST02314 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability." cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2004::mac%2Bos cpe:/a:microsoft:office:2003:sp2 CVE-2008-0103 2008-02-12T19:00:00.000-05:00 2011-03-07T22:03:57.017-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T12:46:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C MS MS08-013 VUPEN ADV-2008-0515 HP SSRT080016 SECTRACK 1019375 BID 27738 SECUNIA 28909 HP SSRT080016 Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability." cpe:/a:microsoft:office:2002 cpe:/a:microsoft:office:2000 cpe:/a:microsoft:publisher cpe:/a:microsoft:office:2003:sp2 CVE-2008-0104 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:57.127-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T12:13:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0514 MS MS08-012 HP SSRT080016 SECTRACK 1019377 BID 27740 SECUNIA 28906 HP SSRT080016 Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability." cpe:/a:microsoft:works:8.0 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 CVE-2008-0105 2008-02-12T18:00:00.000-05:00 2011-03-07T22:03:57.237-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T12:15:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0513 MS MS08-011 HP SSRT080016 SECTRACK 1019387 BID 27658 SECUNIA 28904 HP SSRT080016 Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability." cpe:/a:microsoft:sql_server:2005:sp2 cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4 cpe:/a:microsoft:data_engine:1.0:sp4 cpe:/a:microsoft:sql_server:7.0:sp4 cpe:/a:microsoft:sql_server_express_edition:2005:sp2 cpe:/a:microsoft:sql_server:2000:sp4 CVE-2008-0106 2008-07-08T19:41:00.000-04:00 2012-01-26T22:21:26.047-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-07-09T09:57:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-190A VUPEN ADV-2008-2022 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html SECTRACK 1020441 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX BUGTRAQ 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability MS MS08-040 SECUNIA 30970 Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. cpe:/a:microsoft:sql_server:2005:sp2 cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4 cpe:/a:microsoft:sql_server:2005:sp1:x64 cpe:/a:microsoft:sql_server:2005:sp2:x64 cpe:/a:microsoft:sql_server:2005:sp2:itanium cpe:/a:microsoft:wyukon::sp2 cpe:/a:microsoft:sql_server:2005:sp1:itanium cpe:/a:microsoft:wmsde:2000 cpe:/o:microsoft:windows_server_2008:::x64 cpe:/a:microsoft:data_engine:1.0:sp4 cpe:/a:microsoft:sql_server:2005:sp2:express cpe:/a:microsoft:sql_server:2005:sp1:express cpe:/a:microsoft:sql_server:7.0:sp4 cpe:/o:microsoft:windows_server_2008:::x32 cpe:/a:microsoft:sql_server:2000:sp4:itanium cpe:/a:microsoft:wyukon::sp2:x64 cpe:/a:microsoft:sql_server:2005:sp1 cpe:/a:microsoft:sql_server:2000:sp4 CVE-2008-0107 2008-07-08T19:41:00.000-04:00 2012-01-26T22:21:26.220-05:00 9.0 NETWORK LOW SINGLE_INSTANCE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-07-09T10:18:00.000-04:00 CERT TA08-190A MS MS08-040 VUPEN ADV-2008-2022 CONFIRM http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0003.html SECTRACK 1020441 BID 30119 BUGTRAQ 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX BUGTRAQ 20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability MISC http://www.insomniasec.com/advisories/ISVA-080709.1.htm SECUNIA 30970 IDEFENSE 20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability." cpe:/a:microsoft:works:8.0 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 CVE-2008-0108 2008-02-12T18:00:00.000-05:00 2011-03-07T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T12:20:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C VUPEN ADV-2008-0513 SECTRACK 1019388 BID 27659 MILW0RM 5107 MS MS08-011 SECUNIA 28904 HP SSRT080016 HP SSRT080016 IDEFENSE 20080208 Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability." cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:word cpe:/a:microsoft:office:2003 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 CVE-2008-0109 2008-02-12T18:00:00.000-05:00 2011-03-10T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-13T12:21:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA08-043C CERT-VN VU#692417 MS MS08-009 VUPEN ADV-2008-0511 SECTRACK 1019374 BID 27656 BUGTRAQ 20080213 [Reversemode Advisory] February Advisories : Microsoft Word 2003 + Fortinet Forticlient SECUNIA 28901 HP SSRT080016 HP SSRT080016 Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption. cpe:/a:microsoft:office:2007 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 CVE-2008-0110 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:57.767-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T11:03:00.000-04:00 CERT TA08-071A CERT-VN VU#393305 BID 28147 MS MS08-015 VUPEN ADV-2008-0847 SECTRACK 1019579 SECUNIA 29320 HP HPSBST02320 HP HPSBST02320 Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI. cpe:/a:microsoft:office:2007 cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2004::mac CVE-2008-0111 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:57.877-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T11:27:00.000-04:00 CERT TA08-071A BID 28094 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019582 HP SSRT080028 HP HPSBST02320 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability." cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:2004::mac CVE-2008-0112 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:57.953-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T12:37:00.000-04:00 CERT TA08-071A BID 28095 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019583 HP SSRT080028 HP HPSBST02320 Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability." cpe:/a:microsoft:excel_viewer:2003 CVE-2008-0113 2008-03-11T19:44:00.000-04:00 2011-04-12T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T12:42:00.000-04:00 CERT TA08-071A MS MS08-016 MISC http://www.zerodayinitiative.com/advisories/ZDI-08-008 VUPEN ADV-2008-0848 SECTRACK 1019578 BUGTRAQ 20080311 ZDI-08-008: Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability SECUNIA 29321 HP HPSBST02320 HP HPSBST02320 Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2004::mac CVE-2008-0114 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:58.157-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T12:47:00.000-04:00 CERT TA08-071A BID 28166 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019584 HP HPSBST02320 HP HPSBST02320 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007 cpe:/a:microsoft:excel:2007 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:office:2004::mac CVE-2008-0115 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:58.250-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T12:54:00.000-04:00 CERT TA08-071A BID 28167 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019585 HP HPSBST02320 HP HPSBST02320 Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:office_compatibility_pack_for_word_excel_ppt_2007 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:2004::mac CVE-2008-0116 2008-03-11T19:44:00.000-04:00 2011-04-18T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T12:56:00.000-04:00 CERT TA08-071A BID 28168 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019586 BUGTRAQ 20080311 TPTI-08-03: Microsoft Excel Rich Text Memory Corruption Vulnerability HP HPSBST02320 HP HPSBST02320 MISC http://dvlabs.tippingpoint.com/advisory/TPTI-08-03 Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." cpe:/a:microsoft:office:2007 cpe:/a:microsoft:excel:2003:sp2 cpe:/a:microsoft:compatibility_pack_word_excel_powerpoint_2007 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:2007 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:excel:2002:sp3 cpe:/a:microsoft:excel_viewer:2003 cpe:/a:microsoft:excel:2000:sp3 cpe:/a:microsoft:office:2008::mac cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac CVE-2008-0117 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:58.437-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T13:00:00.000-04:00 CERT TA08-071A BID 28170 MS MS08-014 VUPEN ADV-2008-0846 SECTRACK 1019587 HP SSRT080028 HP HPSBST02320 Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability." cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac CVE-2008-0118 2008-03-11T19:44:00.000-04:00 2011-03-07T22:03:58.517-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-03-12T13:32:00.000-04:00 CERT TA08-071A BID 28146 MS MS08-016 VUPEN ADV-2008-0848 SECTRACK 1019578 SECUNIA 29321 HP HPSBST02320 HP HPSBST02320 Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." cpe:/a:microsoft:office:2007 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2007_sp1 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp3 CVE-2008-0119 2008-05-13T18:20:00.000-04:00 2011-03-07T22:03:58.597-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-05-13T20:39:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA08-134A MS MS08-027 VUPEN ADV-2008-1505 SECTRACK 1020015 BID 29158 BUGTRAQ 20080514 Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability SECUNIA 30150 HP HPSBST02336 HP HPSBST02336 Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." cpe:/a:microsoft:office_powerpoint_viewer:2003 CVE-2008-0120 2008-08-12T20:41:00.000-04:00 2011-03-07T22:03:58.703-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-08-13T10:59:00.000-04:00 CERT TA08-225A MS MS08-051 SECUNIA 31453 VUPEN ADV-2008-2355 SECTRACK 1020676 BID 30552 HP SSRT080117 HP SSRT080117 IDEFENSE 20080812 Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." cpe:/a:microsoft:office_powerpoint_viewer:2003 CVE-2008-0121 2008-08-12T20:41:00.000-04:00 2011-03-07T22:03:58.813-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-08-13T11:09:00.000-04:00 CERT TA08-225A VUPEN ADV-2008-2355 SECTRACK 1020676 BID 30554 MS MS08-051 SECUNIA 31453 HP HPSBST02360 HP HPSBST02360 IDEFENSE 20080812 Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." cpe:/a:isc:bind:9.4.2 CVE-2008-0122 2008-01-15T21:00:00.000-05:00 2011-08-30T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-16T12:43:00.000-05:00 CERT-VN VU#203611 BID 27283 FREEBSD FreeBSD-SA-08:02 FEDORA FEDORA-2008-0904 FEDORA FEDORA-2008-0903 CONFIRM https://issues.rpath.com/browse/RPL-2169 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=429149 XF freebsd-inetnetwork-bo(39670) CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow VUPEN ADV-2008-1743 VUPEN ADV-2008-0703 VUPEN ADV-2008-0193 SECTRACK 1019189 BUGTRAQ 20080124 rPSA-2008-0029-1 bind bind-utils REDHAT RHSA-2008:0300 CONFIRM http://www.isc.org/index.pl?/sw/bind/bind-security.php CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm SUNALERT 238493 SECUNIA 30718 SECUNIA 30538 SECUNIA 30313 SECUNIA 29323 SECUNIA 29161 SECUNIA 28579 SECUNIA 28487 SECUNIA 28429 SECUNIA 28367 SUSE SUSE-SR:2008:006 Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. cpe:/a:moodle:moodle:1.8.3 CVE-2008-0123 2008-01-11T20:46:00.000-05:00 2011-03-07T22:03:59.047-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-14T09:41:00.000-05:00 VUPEN ADV-2008-0164 MISC http://int21.de/cve/CVE-2008-0123-moodle.html FULLDISC 20080111 Cross site scripting (XSS) in Moodle 1.8.3 XF moodle-install-xss(39630) BID 27259 BUGTRAQ 20080111 Cross site scripting (XSS) in Moodle 1.8.3 SECUNIA 28838 SUSE SUSE-SR:2008:003 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. cpe:/a:s9y:serendipity:0.8_beta_6_snapshot cpe:/a:s9y:serendipity:1.0_beta3 cpe:/a:s9y:serendipity:0.7_beta4 cpe:/a:s9y:serendipity:0.8.2 cpe:/a:s9y:serendipity:0.6 cpe:/a:s9y:serendipity:0.3 cpe:/a:s9y:serendipity:1.1.1 cpe:/a:s9y:serendipity:0.7_beta2 cpe:/a:s9y:serendipity:1.2.1 cpe:/a:s9y:serendipity:0.5_pl1 cpe:/a:s9y:serendipity:0.9.1 cpe:/a:s9y:serendipity:1.0_beta2 cpe:/a:s9y:serendipity:0.8.1 cpe:/a:s9y:serendipity:1.0.4 cpe:/a:s9y:serendipity:0.8 cpe:/a:s9y:serendipity:1.1.4 cpe:/a:s9y:serendipity:1.2__beta5 cpe:/a:s9y:serendipity:0.8_beta5 cpe:/a:s9y:serendipity:0.7_beta1 cpe:/a:s9y:serendipity:1.1.3 cpe:/a:s9y:serendipity:0.7.1 cpe:/a:s9y:serendipity:0.6_pl3 cpe:/a:s9y:serendipity:0.6_pl2 cpe:/a:s9y:serendipity:0.7_rc1 cpe:/a:s9y:serendipity:0.8_beta6 cpe:/a:s9y:serendipity:0.7_beta3 cpe:/a:s9y:serendipity:1.2 cpe:/a:s9y:serendipity:0.6_rc1 cpe:/a:s9y:serendipity:1.0.3 cpe:/a:s9y:serendipity:0.6_rc2 cpe:/a:s9y:serendipity:0.4 cpe:/a:s9y:serendipity:0.6_pl1 cpe:/a:s9y:serendipity:0.5 cpe:/a:s9y:serendipity:0.7 CVE-2008-0124 2008-02-28T15:44:00.000-05:00 2011-03-07T22:03:59.143-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-29T09:35:00.000-05:00 CONFIRM http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html XF serendipity-realname-username-xss(40851) VUPEN ADV-2008-0700 SECTRACK 1019502 BID 28003 DEBIAN DSA-1528 SECUNIA 29502 SECUNIA 29128 MISC http://int21.de/cve/CVE-2008-0124-s9y.html Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file. cpe:/a:phpstats:phpstats:0.1_alpha CVE-2008-0125 2008-03-24T18:44:00.000-04:00 2008-10-11T01:48:35.120-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-03-25T10:50:00.000-04:00 XF phpstats-phpstats-xss(41261) BID 28291 BUGTRAQ 20080317 Cross Site Scripting (XSS) in phpstats 0.1_alpha, CVE-2008-0125 SREASON 3765 Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter. cpe:/a:mcafee:e-business_server:8.5.2 CVE-2008-0127 2008-01-09T19:46:00.000-05:00 2011-03-07T22:03:59.377-05:00 8.8 NETWORK MEDIUM NONE NONE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-10T11:17:00.000-05:00 BID 27197 BUGTRAQ 20080109 [INFIGO-2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS - Corrected BUGTRAQ 20080109 [INFIGO 2008-01-06]: McAfee E-Business Server Remote Preauth Code Execution / DoS CONFIRM https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472 XF mcafee-ebusiness-packet-code-execution(39563) XF mcafee-ebusiness-authentication-packet-dos(39561) VUPEN ADV-2008-0087 MILW0RM 4878 SECTRACK 1019170 SREASON 3530 SECUNIA 28408 The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet. cpe:/a:apache:tomcat:5.5.20 CVE-2008-0128 2008-01-22T21:00:00.000-05:00 2011-03-07T22:03:59.470-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-23T10:10:00.000-05:00 CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=41217 XF apache-singlesignon-information-disclosure(39804) VUPEN ADV-2009-0233 VUPEN ADV-2008-0192 BID 27365 BUGTRAQ 20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1) BUGTRAQ 20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities CONFIRM http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540 CONFIRM http://security-tracker.debian.net/tracker/CVE-2008-0128 SECUNIA 33668 SECUNIA 31493 SECUNIA 28552 SECUNIA 28549 REDHAT RHSA-2008:0630 CONFIRM http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx REDHAT RHSA-2008:0261 SECUNIA 29242 SUSE SUSE-SR:2008:005 The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie. cpe:/a:siteatschool:siteatschool:2.3.10 CVE-2008-0129 2008-01-08T06:46:00.000-05:00 2008-09-05T17:34:17.343-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:49:00.000-05:00 MILW0RM 4832 XF siteatschool-slideshowfull-sql-injection(39417) BID 27120 SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. cpe:/a:instantsoftwares:dating_site CVE-2008-0130 2008-01-08T06:46:00.000-05:00 2011-08-05T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T11:52:00.000-05:00 XF dating-site-login-sql-injection(39326) XF dating-site-login-sql-injection(39326) SECUNIA 28283 OSVDB 39766 SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:instantsoftwares:dating_site CVE-2008-0131 2008-01-08T06:46:00.000-05:00 2009-09-15T01:10:32.453-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-08T11:54:00.000-05:00 BID 27121 SECUNIA 28283 Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:pragma_systems:fortressssh:5.0_build_4_r_293 CVE-2008-0132 2008-01-08T06:46:00.000-05:00 2008-09-05T17:34:17.780-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-08T11:58:00.000-05:00 XF fortressssh-sshd-dos(39354) MISC http://aluigi.org/poc/pragmassh.zip MISC http://aluigi.altervista.org/adv/pragmassh-adv.txt BID 27141 BUGTRAQ 20080104 Some DoS in some telnet servers Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username. cpe:/a:thomas_perez:tribisur:2.1 CVE-2008-0133 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:17.937-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-08T15:04:00.000-05:00 BID 27149 MILW0RM 4840 SECUNIA 28362 XF tribisur-catmain-forum-sql-injection(39443) Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. cpe:/a:snitz_communications:snitz_forums_2000:3.1:sr4 cpe:/a:snitz_communications:snitz_forums_2000:3.4.02 cpe:/a:snitz_communications:snitz_forums_2000:3.4.05 cpe:/a:snitz_communications:snitz_forums_2000:3.4.03 cpe:/a:snitz_communications:snitz_forums_2000:3.1 cpe:/a:snitz_communications:snitz_forums_2000:3.3.01 cpe:/a:snitz_communications:snitz_forums_2000:3.0 cpe:/a:snitz_communications:snitz_forums_2000:3.4.04 cpe:/a:snitz_communications:snitz_forums_2000:3.3.02 cpe:/a:snitz_communications:snitz_forums_2000:3.3 cpe:/a:snitz_communications:snitz_forums_2000:3.4.06 cpe:/a:snitz_communications:snitz_forums_2000:3.2.03 cpe:/a:snitz_communications:snitz_forums_2000:3.3.03 CVE-2008-0134 2008-01-08T14:46:00.000-05:00 2012-10-24T12:34:56.597-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-08T15:07:00.000-05:00 BID 27162 BUGTRAQ 20080107 [HSC] Snitz Forums Multiple Vulnerabilities MISC http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt SECUNIA 28284 MISC http://hackerscenter.com/archive/view.asp?id=28145 Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. cpe:/a:snitz_communications:snitz_forums_2000:3.1:sr4 cpe:/a:snitz_communications:snitz_forums_2000:3.4.02 cpe:/a:snitz_communications:snitz_forums_2000:3.4.05 cpe:/a:snitz_communications:snitz_forums_2000:3.4.03 cpe:/a:snitz_communications:snitz_forums_2000:3.1 cpe:/a:snitz_communications:snitz_forums_2000:3.3.01 cpe:/a:snitz_communications:snitz_forums_2000:3.0 cpe:/a:snitz_communications:snitz_forums_2000:3.4.04 cpe:/a:snitz_communications:snitz_forums_2000:3.3.02 cpe:/a:snitz_communications:snitz_forums_2000:3.3 cpe:/a:snitz_communications:snitz_forums_2000:3.4.06 cpe:/a:snitz_communications:snitz_forums_2000:3.2.03 cpe:/a:snitz_communications:snitz_forums_2000:3.3.03 CVE-2008-0135 2008-01-08T14:46:00.000-05:00 2012-10-24T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-08T15:16:00.000-05:00 BUGTRAQ 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities BUGTRAQ 20080107 [HSC] Snitz Forums Multiple Vulnerabilities MISC http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt MISC http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb. cpe:/a:snitz_communications:snitz_forums_2000:3.4.05 CVE-2008-0136 2008-01-08T14:46:00.000-05:00 2012-10-24T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-08T15:18:00.000-05:00 BUGTRAQ 20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities BUGTRAQ 20080107 [HSC] Snitz Forums Multiple Vulnerabilities MISC http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt MISC http://hackerscenter.com/archive/view.asp?id=28145 Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive information via a direct request to forum/whereami.asp, which reveals the database path. cpe:/a:snetworks:php_classifieds:5.0 CVE-2008-0137 2008-01-08T14:46:00.000-05:00 2011-03-07T22:04:00.360-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:23:00.000-05:00 VUPEN ADV-2008-0053 MILW0RM 4838 XF snetworks-configinc-file-include(39468) PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. cpe:/a:xoops:xoopsgallery_module:1.3.3_9 CVE-2008-0138 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:18.670-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:30:00.000-05:00 XF xoops-modgallery-zendhashkey-file-include(39461) BID 27155 MILW0RM 4847 PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. cpe:/a:loudblog:loudblog:0.8.0 CVE-2008-0139 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:18.810-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:35:00.000-05:00 BID 27157 SECUNIA 28336 MILW0RM 4849 XF loudblog-template-code-execution(39445) Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. cpe:/a:uebimiau:webmail:2.7.2 cpe:/a:uebimiau:webmail:2.7.10 CVE-2008-0140 2008-01-08T14:46:00.000-05:00 2008-10-22T01:44:05.437-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-09T10:38:00.000-05:00 XF uebimiau-webmail-error-directory-traversal(39460) BID 27154 MILW0RM 4846 VIM 20080107 Uebimiau Web-Mail 2.7.10/2.7.2 Remote File Disclosure Vulnerability Directory traversal vulnerability in error.php in Uebimiau Webmail 2.7.10 and 2.7.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the selected_theme parameter, a different vector than CVE-2007-3172. cpe:/a:webportal:webportal_cms:0.6_beta CVE-2008-0141 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:19.123-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:44:00.000-05:00 BID 27145 MILW0RM 4835 XF webportal-action-weak-security(39486) actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. cpe:/a:webportal:webportal_cms:0.6_beta CVE-2008-0142 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:19.263-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:50:00.000-05:00 MILW0RM 4835 Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. cpe:/a:spacial_audio_solutions:sam_broadcaster cpe:/a:spacial_audio_solutions:samphpweb CVE-2008-0143 2008-01-08T14:46:00.000-05:00 2008-09-05T17:34:19.420-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T10:56:00.000-05:00 XF samPHPweb-db-file-include(39397) CONFIRM http://www.spacialaudio.com/news/index.html BID 27137 MILW0RM 4834 SECUNIA 28355 PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. cpe:/a:phprisk:netrisk:1.9.7 CVE-2008-0144 2008-01-08T14:46:00.000-05:00 2009-09-15T01:10:34.750-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T11:05:00.000-05:00 XF netrisk-index-file-include(39419) BID 27136 MILW0RM 4833 SECUNIA 28328 BUGTRAQ 20080105 NetRisk 1.9.7 Remote File Inclusion Vulnerability PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. cpe:/a:php:php:4.4.7 CVE-2008-0145 2008-01-08T14:46:00.000-05:00 2009-09-16T01:14:13.390-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T11:12:00.000-05:00 XF php-glob-openbasedir-security-bypass(39401) VUPEN ADV-2008-0059 CONFIRM http://www.php.net/releases/4_4_8.php CONFIRM http://www.php.net/ChangeLog-4.php SECUNIA 28318 CONFIRM http://bugs.php.net/bug.php?id=41655 SLACKWARE SSA:2008-045-03 SECUNIA 28936 Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. cpe:/a:hughes_technologies:w3-msql CVE-2008-0146 2008-01-08T14:46:00.000-05:00 2009-09-15T01:10:34.953-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-09T11:15:00.000-05:00 BID 27116 BUGTRAQ 20080103 xss in w3-msql error page SECUNIA 28294 OSVDB 51235 SREASON 3521 Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the top-level URI. cpe:/a:smallnuke:smallnuke:2.0.4 CVE-2008-0147 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:20.013-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T13:47:00.000-05:00 BID 27180 MILW0RM 4863 SECUNIA 28301 XF smallnuke-index-sql-injection(39525) SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. cpe:/a:tutos:tutos:1.3 CVE-2008-0148 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:20.153-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-09T13:50:00.000-05:00 SECUNIA 28291 MILW0RM 4861 XF tutos-cmd-command-execution(39531) TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request. cpe:/a:tutos:tutos:1.3 CVE-2008-0149 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:20.310-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-09T13:53:00.000-05:00 SECUNIA 28291 MILW0RM 4861 TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. cpe:/a:aruba_networks:aruba_mobility_controllers:2.5.4.25 cpe:/a:aruba_networks:aruba_mobility_controllers:2.5.2.11 cpe:/a:aruba_networks:aruba_mobility_controllers:2.3.6.15 cpe:/a:aruba_networks:aruba_mobility_controllers:2.4.8.11-fips cpe:/a:aruba_networks:aruba_mobility_controllers:2.5.5.7 cpe:/a:aruba_networks:aruba_mobility_controllers:3.1.1.3 CVE-2008-0150 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:20.450-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T13:59:00.000-05:00 BID 27144 BUGTRAQ 20080104 Aruba Mobility Controller User Authentication Vulnerability - Aruba Advisory ID: AID-122207 CONFIRM http://www.arubanetworks.com/support/alerts/aid-122207.asc SECUNIA 28357 SREASON 3529 Unspecified vulnerability in the LDAP authentication feature in Aruba Mobility Controller 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, and 2.4.8.11-FIPS or earlier allows remote attackers to bypass authentication mechanisms and obtain management or VPN interface access. cpe:/a:foxitsoftware:wac_server:2.1.0.910 cpe:/a:foxitsoftware:wac_server:2.0 CVE-2008-0151 2008-01-08T19:46:00.000-05:00 2009-08-25T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-09T14:12:00.000-05:00 XF wacserver-option-dos(39427) BID 27142 BUGTRAQ 20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503 BUGTRAQ 20080104 Some DoS in some telnet servers SREASON 3525 SECUNIA 28272 MISC http://aluigi.altervista.org/adv/wachof-adv.txt MISC http://aluigi.altervista.org/adv/waccaz-adv.txt Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options. cpe:/o:seattle_lab_software:slnet_rf_telnet_server:4.1.1.3758 CVE-2008-0152 2008-01-08T19:46:00.000-05:00 2011-09-21T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-09T14:16:00.000-05:00 BID 27134 SECUNIA 28316 BUGTRAQ 20080104 Some DoS in some telnet servers MISC http://aluigi.altervista.org/adv/slnetmsg-adv.txt SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier allows user-assisted remote attackers to cause a denial of service (crash) via unspecified telnet options, which triggers a NULL pointer dereference. NOTE: the crash is not user-assisted when the server is running in debug mode. cpe:/a:pragma_systems:pragma_telnetserver:7.0.4.589 CVE-2008-0153 2008-01-08T19:46:00.000-05:00 2008-10-11T01:48:37.560-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-09T14:21:00.000-05:00 XF pragmatelnetserver-telnetd-dos(39353) BID 27143 BUGTRAQ 20080104 Some DoS in some telnet servers MISC http://aluigi.altervista.org/adv/pragmatel-adv.txt telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference. cpe:/a:evilboard:evilboard:0.1a CVE-2008-0154 2008-01-08T19:46:00.000-05:00 2009-09-15T01:10:35.703-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T14:24:00.000-05:00 XF evilboard-index-sql-injection(39529) BID 27190 MILW0RM 4865 SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. cpe:/a:evilboard:evilboard:0.1a CVE-2008-0155 2008-01-08T19:46:00.000-05:00 2009-09-15T01:10:35.920-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-09T14:25:00.000-05:00 BID 27190 MILW0RM 4865 XF evilboard-index-xss(39526) Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter. cpe:/a:million_dollar_script:million_dollar_script:2.0.14 CVE-2008-0156 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:21.343-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-09T14:28:00.000-05:00 XF milliondollarscript-index-dir-traversal(39492) BID 27174 BUGTRAQ 20080107 Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability. SREASON 3524 Absolute path traversal vulnerability in index.php in Million Dollar Script 2.0.14 allows remote attackers to read arbitrary files via encoded "/" (%2F) sequences in the link parameter. cpe:/a:flexbb:flexbb:0.6.3 cpe:/a:flexbb:flexbb:1.0_10005_beta_release_1 CVE-2008-0157 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:21.483-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T14:31:00.000-05:00 XF flexbb-flexbbtempid-sql-injection(39475) BID 27164 MILW0RM 4858 SECUNIA 28373 SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. cpe:/a:shop-script:shop-script:2.0 CVE-2008-0158 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:21.640-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-09T14:35:00.000-05:00 XF shopscript-index-directory-traversal(39449) BID 27165 MISC http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt MILW0RM 4855 Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter. cpe:/a:eggblog:eggblog:3.1.0 CVE-2008-0159 2008-01-08T19:46:00.000-05:00 2008-09-05T17:34:21.780-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-09T14:38:00.000-05:00 XF eggblog-eggblogmail-sql-injection(39473) BID 27168 MILW0RM 4860 SECUNIA 28371 SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. cpe:/a:sam_lantinga:splitvt:1.6.6 CVE-2008-0162 2008-02-22T16:44:00.000-05:00 2008-09-05T17:34:21.920-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-25T09:57:00.000-05:00 ALLOWS_ADMIN_ACCESS DEBIAN DSA-1500 BID 27936 SECUNIA 29080 SECUNIA 29064 GENTOO GLSA-200803-05 SECUNIA 29190 misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges. cpe:/o:linux:linux_kernel:2.6.0 CVE-2008-0163 2008-02-12T16:00:00.000-05:00 2008-09-05T17:34:22.107-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-12T17:54:00.000-05:00 DEBIAN DSA-1494 XF linux-kernel-proc-unauth-access(40486) BID 27798 BID 27704 SECUNIA 28875 Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc. cpe:/a:plone:plone_cms:3.0.5 cpe:/a:plone:plone_cms:3.0.6 CVE-2008-0164 2008-03-19T20:44:00.000-04:00 2008-09-05T17:34:22.263-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-03-20T10:22:00.000-04:00 BUGTRAQ 20080313 PR08-02: Plone CMS Security Research - the Art of Plowning MISC http://www.procheckup.com/Hacking_Plone_CMS.pdf SECUNIA 29361 MISC http://plone.org/about/security/advisories/cve-2008-0164 XF plone-joinform-csrf(41263) SREASON 3754 Multiple cross-site request forgery (CSRF) vulnerabilities in Plone CMS 3.0.5 and 3.0.6 allow remote attackers to (1) add arbitrary accounts via the join_form page and (2) change the privileges of arbitrary groups via the prefs_groups_overview page. cpe:/a:ikiwiki:ikiwiki:2.41 CVE-2008-0165 2008-04-21T09:05:00.000-04:00 2011-03-07T22:04:03.080-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-04-21T14:09:00.000-04:00 XF ikiwiki-change-password-csrf(41904) VUPEN ADV-2008-1297 DEBIAN DSA-1553 SECUNIA 29932 SECUNIA 29907 CONFIRM http://ikiwiki.info/security/#index31h2 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445 Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms. cpe:/a:openssl_project:openssl:0.9.8d-9 cpe:/a:openssl_project:openssl:0.9.8c-1 cpe:/a:openssl_project:openssl:0.9.8d-4 cpe:/a:openssl_project:openssl:0.9.8c-9 cpe:/a:openssl_project:openssl:0.9.8f-4 cpe:/a:openssl_project:openssl:0.9.8c-7 cpe:/a:openssl_project:openssl:0.9.8e-3 cpe:/a:openssl_project:openssl:0.9.8e-6 cpe:/a:openssl_project:openssl:0.9.8g-1 cpe:/a:openssl_project:openssl:0.9.8f-3 cpe:/a:openssl_project:openssl:0.9.8c-4 cpe:/a:openssl_project:openssl:0.9.8d-7 cpe:/a:openssl_project:openssl:0.9.8e-5 cpe:/a:openssl_project:openssl:0.9.8c-2 cpe:/a:openssl_project:openssl:0.9.8f-2 cpe:/a:openssl_project:openssl:0.9.8g-7 cpe:/a:openssl_project:openssl:0.9.8g-2 cpe:/a:openssl_project:openssl:0.9.8d-5 cpe:/a:openssl_project:openssl:0.9.8f-1 cpe:/a:openssl_project:openssl:0.9.8g-6 cpe:/a:openssl_project:openssl:0.9.8g-4 cpe:/a:openssl_project:openssl:0.9.8d-2 cpe:/a:openssl_project:openssl:0.9.8f-6 cpe:/a:openssl_project:openssl:0.9.8d-3 cpe:/a:openssl_project:openssl:0.9.8c-6 cpe:/a:openssl_project:openssl:0.9.8d-6 cpe:/a:openssl_project:openssl:0.9.8f-5 cpe:/a:openssl_project:openssl:0.9.8c-8 cpe:/a:openssl_project:openssl:0.9.8e-2 cpe:/a:openssl_project:openssl:0.9.8f-7 cpe:/a:openssl_project:openssl:0.9.8e-4 cpe:/a:openssl_project:openssl:0.9.8f-8 cpe:/a:openssl_project:openssl:0.9.8g-3 cpe:/a:openssl_project:openssl:0.9.8e-8 cpe:/a:openssl_project:openssl:0.9.8d-1 cpe:/a:openssl_project:openssl:0.9.8e-9 cpe:/a:openssl_project:openssl:0.9.8e-1 cpe:/a:openssl_project:openssl:0.9.8e-7 cpe:/a:openssl_project:openssl:0.9.8c-5 cpe:/a:openssl_project:openssl:0.9.8d-8 cpe:/a:openssl_project:openssl:0.9.8f-9 cpe:/a:openssl_project:openssl:0.9.8c-3 cpe:/a:openssl_project:openssl:0.9.8g-8 cpe:/a:openssl_project:openssl:0.9.8g-5 cpe:/a:openssl_project:openssl:0.9.8g-9 CVE-2008-0166 2008-05-13T13:20:00.000-04:00 2009-02-21T00:00:00.000-05:00 7.8 NETWORK LOW NONE COMPLETE NONE NONE http://nvd.nist.gov 2008-05-13T14:25:00.000-04:00 CERT TA08-137A CERT-VN VU#925211 UBUNTU USN-612-2 UBUNTU USN-612-1 DEBIAN DSA-1576 DEBIAN DSA-1571 XF openssl-rng-weak-security(42375) UBUNTU USN-612-7 UBUNTU USN-612-4 UBUNTU USN-612-3 SECTRACK 1020017 BID 29179 BUGTRAQ 20080515 Debian generated SSH-Keys working exploit MILW0RM 5720 MILW0RM 5632 MILW0RM 5622 MLIST [rsyncrypto-devel] 20080523 Advisory - Rsyncrypto maybe affected from Debian OpenSSL reduced entropy problem SECUNIA 30249 SECUNIA 30239 SECUNIA 30231 SECUNIA 30221 SECUNIA 30220 SECUNIA 30136 MISC http://metasploit.com/users/hdm/tools/debian-openssl/ OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. cpe:/a:gforge:gforge:4.5.14 CVE-2008-0167 2008-05-18T10:20:00.000-04:00 2011-03-07T22:04:04.047-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-05-19T09:16:00.000-04:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-1577 XF gforge-unspecified-symlink(42456) VUPEN ADV-2008-1537 BID 29215 CONFIRM http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz SECUNIA 30286 SECUNIA 30088 The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances. cpe:/a:ikiwiki:ikiwiki:1.39 cpe:/a:ikiwiki:ikiwiki:1.38 cpe:/a:ikiwiki:ikiwiki:2.18 cpe:/a:ikiwiki:ikiwiki:2.7 cpe:/a:ikiwiki:ikiwiki:2.6 cpe:/a:ikiwiki:ikiwiki:2.14 cpe:/a:ikiwiki:ikiwiki:2.20 cpe:/a:ikiwiki:ikiwiki:2.5 cpe:/a:ikiwiki:ikiwiki:1.37 cpe:/a:ikiwiki:ikiwiki:1.34.1 cpe:/a:ikiwiki:ikiwiki:2.31.3 cpe:/a:ikiwiki:ikiwiki:1.34.2 cpe:/a:ikiwiki:ikiwiki:1.34 cpe:/a:ikiwiki:ikiwiki:2.31.1 cpe:/a:ikiwiki:ikiwiki:2.3 cpe:/a:ikiwiki:ikiwiki:1.46 cpe:/a:ikiwiki:ikiwiki:2.1 cpe:/a:ikiwiki:ikiwiki:1.35 cpe:/a:ikiwiki:ikiwiki:1.43 cpe:/a:ikiwiki:ikiwiki:2.42 cpe:/a:ikiwiki:ikiwiki:2.15 cpe:/a:ikiwiki:ikiwiki:1.5 cpe:/a:ikiwiki:ikiwiki:2.8 cpe:/a:ikiwiki:ikiwiki:2.9 cpe:/a:ikiwiki:ikiwiki:2.17 cpe:/a:ikiwiki:ikiwiki:2.43 cpe:/a:ikiwiki:ikiwiki:2.2 cpe:/a:ikiwiki:ikiwiki:2.31.2 cpe:/a:ikiwiki:ikiwiki:2.19 cpe:/a:ikiwiki:ikiwiki:2.0 cpe:/a:ikiwiki:ikiwiki:2.40 cpe:/a:ikiwiki:ikiwiki:2.16 cpe:/a:ikiwiki:ikiwiki:1.44 cpe:/a:ikiwiki:ikiwiki:1.48 cpe:/a:ikiwiki:ikiwiki:2.41 cpe:/a:ikiwiki:ikiwiki:1.41 cpe:/a:ikiwiki:ikiwiki:1.47 cpe:/a:ikiwiki:ikiwiki:2.30 cpe:/a:ikiwiki:ikiwiki:1.49 cpe:/a:ikiwiki:ikiwiki:1.36 cpe:/a:ikiwiki:ikiwiki:2.11 cpe:/a:ikiwiki:ikiwiki:2.47 cpe:/a:ikiwiki:ikiwiki:2.12 cpe:/a:ikiwiki:ikiwiki:2.31 cpe:/a:ikiwiki:ikiwiki:1.40 cpe:/a:ikiwiki:ikiwiki:1.51 cpe:/a:ikiwiki:ikiwiki:1.45 cpe:/a:ikiwiki:ikiwiki:1.42 cpe:/a:ikiwiki:ikiwiki:2.13 cpe:/a:ikiwiki:ikiwiki:2.44 cpe:/a:ikiwiki:ikiwiki:2.4 cpe:/a:ikiwiki:ikiwiki:2.10 CVE-2008-0169 2008-06-03T11:32:00.000-04:00 2011-03-07T22:04:04.143-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-06-03T15:29:00.000-04:00 ALLOWS_OTHER_ACCESS XF ikiwiki-openid-passwordauth-auth-bypass(42798) VUPEN ADV-2008-1710 BID 29479 MLIST [oss-security] 20080531 Re: CVE id request: ikiwiki SECUNIA 30468 CONFIRM http://ikiwiki.info/security/#index33h2 CONFIRM http://ikiwiki.info/news/version_2.48/index.html CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770 Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence. cpe:/a:boost:boost_regex_library cpe:/a:boost:boost:1.33 cpe:/a:boost:boost:1.34 CVE-2008-0171 2008-01-17T18:00:00.000-05:00 2011-03-07T22:04:04.250-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-18T09:25:00.000-05:00 CONFIRM https://issues.rpath.com/browse/RPL-2143 VUPEN ADV-2008-0249 UBUNTU USN-570-1 BID 27325 CONFIRM http://svn.boost.org/trac/boost/changeset/42745 CONFIRM http://svn.boost.org/trac/boost/changeset/42674 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA FEDORA-2008-0880 BUGTRAQ 20080213 rPSA-2008-0063-1 boost MANDRIVA MDVSA-2008:032 GENTOO GLSA-200802-08 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0063 SECUNIA 29323 SECUNIA 28943 SECUNIA 28860 SECUNIA 28705 SECUNIA 28545 SECUNIA 28527 SECUNIA 28511 SUSE SUSE-SR:2008:006 regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. cpe:/a:boost:boost:1.33 cpe:/a:boost:boost:1.34 CVE-2008-0172 2008-01-17T18:00:00.000-05:00 2011-03-07T22:04:04.347-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-18T09:28:00.000-05:00 CONFIRM https://issues.rpath.com/browse/RPL-2143 VUPEN ADV-2008-0249 UBUNTU USN-570-1 BID 27325 CONFIRM http://svn.boost.org/trac/boost/changeset/42745 CONFIRM http://svn.boost.org/trac/boost/changeset/42674 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=205955 FEDORA FEDORA-2008-0880 BUGTRAQ 20080213 rPSA-2008-0063-1 boost MANDRIVA MDVSA-2008:032 GENTOO GLSA-200802-08 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0063 SECUNIA 29323 SECUNIA 28943 SECUNIA 28860 SECUNIA 28705 SECUNIA 28545 SECUNIA 28527 SECUNIA 28511 SUSE SUSE-SR:2008:006 The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression. cpe:/a:gforge:gforge:4.6.99 CVE-2008-0173 2008-01-15T15:00:00.000-05:00 2011-03-07T22:04:04.437-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-15T15:27:00.000-05:00 DEBIAN DSA-1459 VUPEN ADV-2008-0115 BID 27266 XF gforge-multiple-sql-injection(39666) SECUNIA 28451 SECUNIA 28395 SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. cpe:/a:ge_fanuc:proficy_real-time_information_portal:2.6 CVE-2008-0174 2008-01-28T21:00:00.000-05:00 2008-09-10T21:04:42.680-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-29T14:11:00.000-05:00 CERT-VN VU#180876 BID 30754 BUGTRAQ 20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability CONFIRM http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459 SECTRACK 1019273 BUGTRAQ 20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability SREASON 3590 GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. cpe:/a:ge_fanuc:proficy_real-time_information_portal:2.6 CVE-2008-0175 2008-01-28T21:00:00.000-05:00 2011-03-07T22:04:04.657-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-29T14:17:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#339345 VUPEN ADV-2008-0307 SECTRACK 1019274 BID 27446 BUGTRAQ 20080125 C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution CONFIRM http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460 SECUNIA 28678 BUGTRAQ 20080129 Re: C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution SREASON 3591 Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. cpe:/a:ge_fanuc:cimplicity:6.1_sp6_hf_010708_162517_6106 cpe:/a:ge_fanuc:cimplicity:7.0_sim8 CVE-2008-0176 2008-01-28T21:00:00.000-05:00 2011-03-07T22:04:04.750-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-29T14:23:00.000-05:00 CERT-VN VU#308556 VUPEN ADV-2008-0306 SECTRACK 1019275 BID 27447 BUGTRAQ 20080125 C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow CONFIRM http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458 SECUNIA 28663 BUGTRAQ 20080129 Re: C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow SREASON 3592 Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. cpe:/a:kame:ipcomp CVE-2008-0177 2008-02-07T17:00:00.000-05:00 2011-03-07T22:04:05.080-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-02-08T12:52:00.000-05:00 CERT-VN VU#110947 CERT TA08-150A BID 27642 SECUNIA 28788 VUPEN ADV-2008-2094 VUPEN ADV-2008-1697 VUPEN ADV-2008-0688 VUPEN ADV-2008-0441 CONFIRM http://www.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ipcomp_input.c.diff?r1=1.36;r2=1.37 SECUNIA 31074 SECUNIA 28816 APPLE APPLE-SA-2008-07-11 CONFIRM http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/netinet6/ipcomp_input.c?f=u&only_with_tag=netbsd-3-1 MILW0RM 5191 SECTRACK 1019314 FREEBSD FreeBSD-SA-08:04 SECUNIA 30430 SECUNIA 29130 SECUNIA 28979 APPLE APPLE-SA-2008-05-28 The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME project before 20071201 does not properly check the return value of the m_pulldown function, which allows remote attackers to cause a denial of service (system crash) via an IPv6 packet with an IPComp header. cpe:/a:liferay:liferay_enterprise_portal:4.3.6 CVE-2008-0178 2008-02-04T19:00:00.000-05:00 2008-09-05T17:34:24.373-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-05T10:50:00.000-05:00 CERT-VN VU#326065 BID 27547 CONFIRM http://support.liferay.com/browse/LEP-4736 SECUNIA 28742 Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header. cpe:/a:liferay:liferay_enterprise_portal:4.3.6 CVE-2008-0179 2008-02-04T19:00:00.000-05:00 2008-09-05T17:34:24.513-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-05T10:56:00.000-05:00 CERT-VN VU#888209 BID 27550 CONFIRM http://support.liferay.com/browse/LEP-4737 SECUNIA 28742 Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format. cpe:/a:liferay:liferay_enterprise_portal:2.1.1 cpe:/a:liferay:liferay_enterprise_portal:4.1 cpe:/a:liferay:liferay_enterprise_portal:4.1.1 cpe:/a:liferay:liferay_enterprise_portal:4.3.6 cpe:/a:liferay:liferay_enterprise_portal:4.1.3 cpe:/a:liferay:liferay_enterprise_portal:3.6.1 cpe:/a:liferay:liferay_enterprise_portal cpe:/a:liferay:liferay_enterprise_portal:4.3.1 cpe:/a:liferay:liferay_enterprise_portal:2.0 cpe:/a:liferay:liferay_enterprise_portal:2.2.0 cpe:/a:liferay:liferay_enterprise_portal:2.1.0 cpe:/a:liferay:liferay_enterprise_portal:1.0 CVE-2008-0180 2008-02-04T19:00:00.000-05:00 2008-09-05T17:34:24.670-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-05T10:59:00.000-05:00 CERT-VN VU#732449 BID 27546 CONFIRM http://support.liferay.com/browse/LEP-4738 SECUNIA 28742 Cross-site scripting (XSS) vulnerability in themes/_unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile. cpe:/a:liferay:liferay_enterprise_portal:4.3.6 CVE-2008-0181 2008-02-04T19:00:00.000-05:00 2008-09-05T17:34:24.843-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-05T11:00:00.000-05:00 CERT-VN VU#217825 BID 27554 CONFIRM http://support.liferay.com/browse/LEP-4739 SECUNIA 28742 Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message. cpe:/a:liferay:liferay_enterprise_portal:4.3.6 CVE-2008-0182 2008-02-04T19:00:00.000-05:00 2008-09-05T17:34:24.983-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-02-05T11:10:00.000-05:00 CERT-VN VU#767825 CONFIRM http://support.liferay.com/browse/LEP-4739 SECUNIA 28742 Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. cpe:/a:prenotazioni_on_line:syshotel_on_line_system CVE-2008-0184 2008-01-09T17:46:00.000-05:00 2008-09-05T17:34:25.137-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-10T10:50:00.000-05:00 BID 27184 BUGTRAQ 20080108 sysHotel On Line Remote File Disclosure Vulnerability. SREASON 3528 Absolute path traversal vulnerability in index.php in Sys-Hotel on Line System allows remote attackers to read arbitrary files via an encoded "/" ("%2F") in the file parameter. cpe:/a:netrisk:netrisk:1.9.7 CVE-2008-0185 2008-01-09T17:46:00.000-05:00 2009-09-11T01:17:43.547-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-10T10:53:00.000-05:00 BID 27161 MILW0RM 4852 MISC http://sourceforge.net/project/shownotes.php?release_id=551208&group_id=129681 SECUNIA 28328 BUGTRAQ 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). cpe:/a:phprisk:netrisk:1.9.7 CVE-2008-0186 2008-01-09T17:46:00.000-05:00 2009-09-11T01:17:43.670-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T10:53:00.000-05:00 BID 27161 MILW0RM 4852 BUGTRAQ 20080106 netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss) SECUNIA 28369 Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144. cpe:/a:spacial_audio_solutions:samphpweb:4.2.2 CVE-2008-0187 2008-01-09T17:46:00.000-05:00 2008-09-05T17:34:25.577-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-10T10:55:00.000-05:00 XF sambroadcaster-songinfo-sql-injection(39463) BID 27147 MILW0RM 4836 SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. CVE-2008-0188 2008-01-16T19:00:00.000-05:00 2008-09-10T21:04:44.540-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. CVE-2008-0189 2008-01-16T19:00:00.000-05:00 2008-09-10T21:04:44.790-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none. cpe:/a:awesometemplateengine:awesometemplateengine:1 CVE-2008-0190 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:25.903-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:25:00.000-05:00 XF awesometemplateengine-multiple-xss(39396) BID 27125 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1694/ MISC http://securityvulns.ru/Sdocument784.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in templates/example_template.php in AwesomeTemplateEngine allow remote attackers to inject arbitrary web script or HTML via the (1) data[title], (2) data[message], (3) data[table][1][item], (4) data[table][1][url], or (5) data[poweredby] parameter. cpe:/a:wordpress:wordpress:2.2 cpe:/a:wordpress:wordpress:2.3 CVE-2008-0191 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.060-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-10T11:27:00.000-05:00 XF wordpress-p-path-disclosure(39423) BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1634/ MISC http://securityvulns.ru/Sdocument663.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure. cpe:/a:wordpress:wordpress:2.0.9 CVE-2008-0192 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.200-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:32:00.000-05:00 XF wordpress-popuptitle-xss(39426) BID 27123 MISC http://websecurity.com.ua/1658/ MISC http://securityvulns.ru/Sdocument714.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. cpe:/a:wordpress:wordpress:2.2_revision5003 cpe:/a:wordpress:wordpress:2.2 cpe:/a:wordpress:wordpress:2.1.1 cpe:/a:wordpress:wordpress:2.2_revision5002 cpe:/a:wordpress:wordpress:2.2.0 cpe:/a:wordpress:wordpress:2.3 cpe:/a:wordpress:wordpress:2.1 cpe:/a:wordpress:wordpress:2.2.2 cpe:/a:wordpress:wordpress:2.1.3 cpe:/a:wordpress:wordpress:2.1.3_rc1 cpe:/a:wordpress:wordpress:2.2.1 cpe:/a:wordpress:wordpress:2.1.2 cpe:/a:wordpress:wordpress:2.2.3 cpe:/a:wordpress:wordpress:2.0.11 cpe:/a:wordpress:wordpress:2.1.3_rc2 CVE-2008-0193 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.357-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:35:00.000-05:00 BID 27123 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1676/ MISC http://securityvulns.ru/Sdocument755.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest DEBIAN DSA-1502 SREASON 3539 SECUNIA 29014 Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. cpe:/a:wordpress:wordpress:2.0.3 CVE-2008-0194 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.530-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-10T11:39:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1676/ MISC http://securityvulns.ru/Sdocument755.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest DEBIAN DSA-1502 SREASON 3539 SECUNIA 29014 Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1. cpe:/a:wordpress:wordpress:2.0.11 CVE-2008-0195 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.687-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:43:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1687/ MISC http://websecurity.com.ua/1686/ MISC http://websecurity.com.ua/1683/ MISC http://websecurity.com.ua/1679/ MISC http://securityvulns.ru/Sdocument773.html MISC http://securityvulns.ru/Sdocument772.html MISC http://securityvulns.ru/Sdocument768.html MISC http://securityvulns.ru/Sdocument762.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages. cpe:/a:wordpress:wordpress:2.0.11 CVE-2008-0196 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.827-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-01-10T11:45:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1687/ MISC http://websecurity.com.ua/1686/ MISC http://websecurity.com.ua/1683/ MISC http://websecurity.com.ua/1679/ MISC http://securityvulns.ru/Sdocument773.html MISC http://securityvulns.ru/Sdocument772.html MISC http://securityvulns.ru/Sdocument768.html MISC http://securityvulns.ru/Sdocument762.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php. cpe:/a:wordpress:wp-contactform:1.5_alpha CVE-2008-0197 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:26.967-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:45:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1641/ MISC http://websecurity.com.ua/1600/ MISC http://securityvulns.ru/Sdocument667.html MISC http://securityvulns.ru/Sdocument546.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element. cpe:/a:wordpress:wordpress CVE-2008-0198 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:27.123-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T11:48:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1641/ MISC http://websecurity.com.ua/1600/ MISC http://securityvulns.ru/Sdocument667.html MISC http://securityvulns.ru/Sdocument546.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php. cpe:/a:pro_search:pro_search:0.16 CVE-2008-0199 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:27.263-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-01-10T11:57:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1259/ MISC http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 MISC http://securityvulns.ru/Sdocument731.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 PRO-Search 0.17 and earlier allows remote attackers to cause a denial of service via certain values of the show_page and time parameters to the default URI. cpe:/a:medialand:rotabanner_local:3 CVE-2008-0200 2008-01-09T19:46:00.000-05:00 2009-09-11T01:17:44.813-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T12:54:00.000-05:00 BID 27138 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1442/ MISC http://securityvulns.ru/Sdocument625.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in account/index.html in RotaBanner Local 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) drop parameter. cpe:/a:expressionengine:expressionengine:1.2.1 CVE-2008-0201 2008-01-09T19:46:00.000-05:00 2008-10-22T01:44:13.437-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T12:56:00.000-05:00 XF expressionengine-index-xss(39442) BID 27128 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1454/ MISC http://securityvulns.ru/Sdocument472.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Cross-site scripting (XSS) vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter. cpe:/a:expressionengine:expressionengine:1.2.1 CVE-2008-0202 2008-01-09T19:46:00.000-05:00 2008-10-22T01:44:13.657-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:02:00.000-05:00 BID 27128 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1454/ MISC http://securityvulns.ru/Sdocument472.html FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. cpe:/a:wordpress:cryptographp:1.2 CVE-2008-0203 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:27.857-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:06:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1596/ FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php. cpe:/a:wordpress:math_comment_spam_protection_plugin:2.1 CVE-2008-0204 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:27.997-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:08:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1576/ FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. cpe:/a:wordpress:math_comment_spam_protection_plugin:2.1 CVE-2008-0205 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:28.153-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:09:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1576/ FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no_answer or (2) mcsp_opt_msg_wrong_answer parameter to wp-admin/options-general.php. cpe:/a:wordpress:captcha:2.5d CVE-2008-0206 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:28.297-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:10:00.000-05:00 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1588/ FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in captcha\captcha.php in the Captcha! 2.5d and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) captcha_ttffolder, (2) captcha_numchars, (3) captcha_ttfrange, or (4) captcha_secret parameter. cpe:/a:pro_search:pro_search:0.17 CVE-2008-0207 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:28.450-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:11:00.000-05:00 BID 27126 BUGTRAQ 20080103 securityvulns.com russian vulnerabilities digest MISC http://websecurity.com.ua/1259/ MISC http://sourceforge.net/project/shownotes.php?release_id=563784&group_id=149797 MISC http://securityvulns.ru/Sdocument731.html SECUNIA 28335 FULLDISC 20080103 securityvulns.com russian vulnerabilities digest SREASON 3539 Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter to the default URI. cpe:/a:snitz_communications:snitz_forums_2000:3.1:sr4 cpe:/a:snitz_communications:snitz_forums_2000:3.4.02 cpe:/a:snitz_communications:snitz_forums_2000:3.4.03 cpe:/a:snitz_communications:snitz_forums_2000:3.4.05 cpe:/a:snitz_communications:snitz_forums_2000:3.1 cpe:/a:snitz_communications:snitz_forums_2000:3.3.01 cpe:/a:snitz_communications:snitz_forums_2000:3.0 cpe:/a:snitz_communications:snitz_forums_2000:3.4.04 cpe:/a:snitz_communications:snitz_forums_2000:3.3.02 cpe:/a:snitz_communications:snitz_forums_2000:3.3 cpe:/a:snitz_communications:snitz_forums_2000:3.2.03 cpe:/a:snitz_communications:snitz_forums_2000:3.3.03 CVE-2008-0208 2008-01-09T19:46:00.000-05:00 2012-10-24T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:12:00.000-05:00 BID 27162 BUGTRAQ 20080107 [HSC] Snitz Forums Multiple Vulnerabilities MISC http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt SECUNIA 28284 MISC http://hackerscenter.com/archive/view.asp?id=28145 Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums 2000 3.4.05 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter. cpe:/a:snitz_communications:snitz_forums_2000:3.1:sr4 cpe:/a:snitz_communications:snitz_forums_2000:3.4.02 cpe:/a:snitz_communications:snitz_forums_2000:3.4.05 cpe:/a:snitz_communications:snitz_forums_2000:3.4.03 cpe:/a:snitz_communications:snitz_forums_2000:3.1 cpe:/a:snitz_communications:snitz_forums_2000:3.3.01 cpe:/a:snitz_communications:snitz_forums_2000:3.0 cpe:/a:snitz_communications:snitz_forums_2000:3.4.04 cpe:/a:snitz_communications:snitz_forums_2000:3.3.02 cpe:/a:snitz_communications:snitz_forums_2000:3.3 cpe:/a:snitz_communications:snitz_forums_2000:3.4.06 cpe:/a:snitz_communications:snitz_forums_2000:3.2.03 cpe:/a:snitz_communications:snitz_forums_2000:3.3.03 CVE-2008-0209 2008-01-09T19:46:00.000-05:00 2012-10-24T00:00:00.000-04:00 5.8 NETWORK MEDIUM NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:14:00.000-05:00 BUGTRAQ 20080107 [HSC] Snitz Forums Multiple Vulnerabilities MISC http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt MISC http://hackerscenter.com/archive/view.asp?id=28145 Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to redirect users to arbitrary web sites via a URL in the target parameter. cpe:/a:uebimiau:webmail:2.7.2 cpe:/a:uebimiau:webmail:2.7.10 CVE-2008-0210 2008-01-09T19:46:00.000-05:00 2008-09-05T17:34:28.903-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-10T13:14:00.000-05:00 BID 27154 MILW0RM 4846 Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication state variables from being set through HTTP requests, which allows remote attackers to bypass authentication via a sess[auth]=1 parameter settting. NOTE: this can be leveraged to conduct directory traversal attacks without authentication by using CVE-2008-0140. cpe:/h:compaq:6515_series_bios:f.0a cpe:/h:compaq:2510_series_bios:f.08 cpe:/h:compaq:2210_series_bios:f.04 cpe:/h:compaq:6520_series_bios:f.08 cpe:/h:compaq:6715_series_bios:f.0a cpe:/h:compaq:6710_series_bios:f.0f cpe:/h:compaq:6720_series_bios:f.08 cpe:/h:compaq:2710_series_bios:f.0d cpe:/h:compaq:6910_series_bios:f.11 cpe:/h:compaq:6510_series_bios:f.0f cpe:/h:compaq:8710_series_bios:f.08 cpe:/h:compaq:6820_series_bios:f.08 cpe:/h:compaq:8510_series_bios:f.0e CVE-2008-0211 2008-03-31T19:44:00.000-04:00 2011-03-07T22:04:08.500-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-04-01T10:21:00.000-04:00 HP HPSBGN02305 XF compaq-businessnotebook-pcbios-dos(41520) VUPEN ADV-2008-1042 BID 28494 SECTRACK 1019729 HP SSRT080004 Unspecified vulnerability in the BIOS F.04 through F.11 for the HP Compaq Business Notebook PC allows local users to cause a denial of service via unspecified vectors. cpe:/a:hp:openview_network_node_manager:7.01 cpe:/a:hp:openview_network_node_manager:7.51 cpe:/a:hp:openview_network_node_manager:6.41 CVE-2008-0212 2008-02-06T16:00:00.000-05:00 2011-08-25T00:00:00.000-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-02-07T08:40:00.000-05:00 BID 27629 VUPEN ADV-2008-0424 SECTRACK 1019306 HP SSRT071420 HP SSRT071420 SECUNIA 28798 IDEFENSE 20080204 Hewlett-Packard Network Node Manager Topology Manager Service DoS Vulnerability ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. cpe:/a:hp:virtual_rooms:6 CVE-2008-0213 2008-02-07T17:00:00.000-05:00 2011-05-18T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-08T12:59:00.000-05:00 ALLOWS_OTHER_ACCESS SECTRACK 1019311 HP HPSBGN02310 HP HPSBGN02310 Unspecified vulnerability in a certain ActiveX control for HP Virtual Rooms (HPVR) 6 and earlier allows remote attackers to execute arbitrary code via unknown vectors. cpe:/a:hp:select_identity:4.10 cpe:/a:hp:select_identity:4.01 cpe:/a:hp:select_identity:4.12 cpe:/a:hp:select_identity:4.11 cpe:/a:hp:select_identity:4.20 cpe:/a:hp:select_identity:4.00 cpe:/a:hp:select_identity:4.13 CVE-2008-0214 2008-02-07T21:00:00.000-05:00 2011-03-07T22:04:09.063-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-02-08T13:23:00.000-05:00 ALLOWS_USER_ACCESS HP SSRT080013 VUPEN ADV-2008-0472 BID 27667 HP HPSBMA02309 SECTRACK 1019322 SECUNIA 28844 Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to gain access via unknown vectors. cpe:/a:hp:storage_essentials_srm_enterprise:5.1.3 cpe:/a:hp:storage_essentials_srm_standard:5.1.3 CVE-2008-0215 2008-02-11T21:00:00.000-05:00 2011-03-07T22:04:09.173-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-02-12T13:07:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2008-0440 SECTRACK 1019312 BID 27643 SECUNIA 28813 HP SSRT071474 HP SSRT071474 Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors. cpe:/o:freebsd:freebsd:6.2:stable cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:6.2 cpe:/o:freebsd:freebsd:6.1:stable cpe:/o:freebsd:freebsd:6.1:release cpe:/o:freebsd:freebsd:6.1 cpe:/o:freebsd:freebsd:6.3 cpe:/o:freebsd:freebsd:7.0:pre-release cpe:/o:freebsd:freebsd:6.1:release_p10 cpe:/o:freebsd:freebsd:7.0:current cpe:/o:freebsd:freebsd:6.0 cpe:/o:freebsd:freebsd:7.0 cpe:/o:freebsd:freebsd:6.0:release CVE-2008-0216 2008-01-15T21:00:00.000-05:00 2008-09-05T17:34:29.873-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-16T12:45:00.000-05:00 FREEBSD FreeBSD-SA-08:01 XF freebsd-ptsname-information-disclosure(39667) SECTRACK 1019191 BID 27284 SECUNIA 28498 The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not properly verify that a certain portion of a device name is associated with a pty of a user who is calling the pt_chown function, which might allow local users to read data from the pty from another user. cpe:/o:freebsd:freebsd:6.2 cpe:/o:freebsd:freebsd:6.1 cpe:/o:freebsd:freebsd:5.5 cpe:/o:freebsd:freebsd:5.0 cpe:/o:freebsd:freebsd:7.0:pre-release cpe:/o:freebsd:freebsd:6.0 cpe:/o:freebsd:freebsd:7.0 CVE-2008-0217 2008-01-15T21:00:00.000-05:00 2008-09-05T17:34:30.043-04:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-16T13:01:00.000-05:00 FREEBSD FreeBSD-SA-08:01 XF freebsd-openpty-information-disclosure(39665) SECTRACK 1019191 BID 27284 SECUNIA 28498 The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script. cpe:/a:merak:icewarp_mail_server CVE-2008-0218 2008-01-10T18:46:00.000-05:00 2011-03-07T22:04:09.423-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-11T09:42:00.000-05:00 XF icewarpmailserver-index-xss(39564) VUPEN ADV-2008-0135 MISC http://www.securityfocus.com/data/vulnerabilities/exploits/27189.html BID 27189 SECUNIA 28460 Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:php_webquest:php_webquest:2.6 CVE-2008-0219 2008-01-10T18:46:00.000-05:00 2008-10-11T01:48:43.637-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-11T09:47:00.000-05:00 XF webquest-soportehorizontalw-sql-injection(39560) BID 27192 MILW0RM 4867 SECUNIA 26821 SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. cpe:/a:gateway:weblaunch cpe:/a:gateway:cweblaunchctl_activex_control:1.0.0.1 CVE-2008-0220 2008-01-10T18:46:00.000-05:00 2011-03-07T22:04:09.597-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-11T10:01:00.000-05:00 CERT-VN VU#735441 VUPEN ADV-2008-0077 BID 27193 MILW0RM 4982 MILW0RM 4869 SECUNIA 28379 FULLDISC 20080109 Gateway WebLaunch ActiveX Control Insecure Method Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. cpe:/a:gateway:weblaunch:1.0.0.1 CVE-2008-0221 2008-01-10T18:46:00.000-05:00 2011-03-07T22:04:09.687-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-11T10:04:00.000-05:00 ALLOWS_ADMIN_ACCESS VUPEN ADV-2008-0077 MILW0RM 4869 SECUNIA 28379 FULLDISC 20080109 Gateway WebLaunch ActiveX Control Insecure Method Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information. cpe:/a:wordpress:filemanager:1.2 CVE-2008-0222 2008-01-10T18:46:00.000-05:00 2008-09-05T17:34:30.810-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-11T10:05:00.000-05:00 XF wordpress-wpfilemanager-file-upload(39462) BID 27151 MILW0RM 4844 Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. cpe:/a:justsystem:ichitaro_lite2 cpe:/a:justsystem:ichitaro:12.0 cpe:/a:justsystem:ichitaro:2007 cpe:/a:justsystem:ichitaro:linux cpe:/a:justsystem:ichitaro_viewer cpe:/a:justsystem:ichitaro:2004 cpe:/a:justsystem:ichitaro:2006 cpe:/a:justsystem:ichitaro:11.0 cpe:/a:justsystem:ichitaro:2005 cpe:/a:justsystem:ichitaro:13.0 CVE-2008-0223 2008-01-10T18:46:00.000-05:00 2011-03-07T22:04:10.157-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-01-11T10:08:00.000-05:00 ALLOWS_ADMIN_ACCESS XF justsystems-jsfc-bo(39501) VUPEN ADV-2008-0045 SECTRACK 1019168 BID 27153 CONFIRM http://www.justsystems.com/jp/info/pd8001.html MISC http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107 SECUNIA 28275 JVN JVN#08237857 Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file. cpe:/a:runcms:runcms:1.6 cpe:/a:runcms:runcms:1.6.1 cpe:/a:runcms:runcms:1.5.3 CVE-2008-0224 2008-01-10T18:46:00.000-05:00 2008-09-05T17:34:31.137-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-01-11T10:09:00.000-05:00 XF runcms-newbb-client-sql-injection(39478) BID 27152 SECUNIA 28340 MILW0RM 4845 SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. cpe:/a:xine:xine-lib:1.1.9 CVE-2008-0225 2008-01-10T18:46:00.000-05:00 2011-10-17T00:00:00.000-04:00 6.4 NETWORK LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2008-01-11T10:11:00.000-05:00 FEDORA FEDORA-2008-0718 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=428620 VUPEN ADV-2008-0163 UBUNTU USN-635-1 BID 27198 SUSE SUSE-SR:2008:002 MANDRIVA MDVSA-2008:045 MANDRIVA MDVSA-2008:020 DEBIAN DSA-1472 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=567872 GENTOO GLSA-200801-12 SECUNIA 31393 SECUNIA 28955 SECUNIA 28674 SECUNIA 28636 SECUNIA 28507 SECUNIA 28489 SECUNIA 28384 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=205197 MISC http://aluigi.altervista.org/adv/xinermffhof-adv.txt Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.