cpe:/a:dec:dec_openvms:5.4 cpe:/a:dec:dec_openvms:5.1.1 cpe:/a:dec:dec_openvms:5.1.2 cpe:/a:dec:dec_openvms:5.4.1 cpe:/a:dec:dec_openvms:5.1 cpe:/a:dec:dec_openvms:5.0 cpe:/a:dec:dec_openvms:5.2.1 cpe:/a:dec:dec_openvms:5.3 cpe:/a:dec:dec_openvms:5.2 cpe:/a:dec:dec_openvms:5.4.2 cpe:/a:dec:dec_openvms:5.1b cpe:/a:dec:dec_openvms:5.0.1 cpe:/a:dec:dec_openvms:5.0.2 cpe:/a:dec:dec_openvms:5.3.1 cpe:/a:dec:dec_openvms:5.3.2 CVE-1999-1395 1992-11-17T00:00:00.000-05:00 2009-10-31T00:02:35.750-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT CA-92.16 CERT CA-1992-18 BID 51 XF vms-monitor-gain-privileges(7136) OSVDB 59332 Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges. cpe:/o:microsoft:windows_nt CVE-1999-0593 1999-01-01T00:00:00.000-05:00 2009-10-31T00:01:02.017-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF nt-shutdown-without-logon(1291) MISC http://www.microsoft.com/technet/archive/winntas/deploy/confeat/06wntpcc.mspx?mfr=true CONFIRM http://technet.microsoft.com/en-us/library/cc722469.aspx OSVDB 59333 The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in. cpe:/a:intersystems:cache_database:5 CVE-2003-0498 2003-08-07T00:00:00.000-04:00 2009-11-07T00:18:20.420-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Cach�Ã�© Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. cpe:/a:intersystems:cache_database:5 CVE-2003-0497 2003-08-07T00:00:00.000-04:00 2009-11-07T00:18:19.750-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS Cach�Ã�© Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs. cpe:/a:pear:xml_rpc:1.0.4 cpe:/a:pear:xml_rpc:1.2.0rc7 cpe:/a:pear:xml_rpc:1.0.2 cpe:/a:pear:xml_rpc:1.0.3 cpe:/a:pear:xml_rpc:1.2.0rc3 cpe:/a:pear:xml_rpc:1.3.0rc1 cpe:/a:pear:xml_rpc:1.2.0rc4 cpe:/a:pear:xml_rpc:1.3.0rc2 cpe:/a:pear:xml_rpc:1.2.0rc5 cpe:/a:pear:xml_rpc:1.3.0rc3 cpe:/a:pear:xml_rpc:1.2.0rc6 cpe:/a:pear:xml_rpc:1.2.2 cpe:/a:pear:xml_rpc:1.2.0rc2 cpe:/a:pear:xml_rpc:1.2.1 cpe:/a:pear:xml_rpc:1.2.0 cpe:/a:pear:xml_rpc:1.2.0rc1 cpe:/a:pear:xml_rpc:1.1.0 CVE-2005-1921 2005-07-05T00:00:00.000-04:00 2009-11-07T00:40:39.670-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-07-05T11:58:00.000-04:00 ALLOWS_OTHER_ACCESS MANDRAKE MDKSA-2005:109 MISC http://www.gulftech.org/?node=research&article_id=00087-07012005 MISC http://pear.php.net/package/XML_RPC/download/1.3.1 BUGTRAQ 20050629 Advisory 02/2005: Remote code execution in Serendipity HP HPSBTU02083 MISC http://www.hardened-php.net/advisory-022005.php BID 14088 HP SSRT051069 REDHAT RHSA-2005:564 SUSE SUSE-SA:2005:049 SUSE SUSE-SA:2005:041 SUSE SUSE-SR:2005:018 VUPEN ADV-2005-2827 CONFIRM http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt DEBIAN DSA-789 DEBIAN DSA-747 DEBIAN DSA-746 DEBIAN DSA-745 CONFIRM http://www.ampache.org/announce/3_3_1_2.php CONFIRM http://sourceforge.net/project/shownotes.php?release_id=338803 CONFIRM http://sourceforge.net/project/showfiles.php?group_id=87163 SECTRACK 1015336 GENTOO GLSA-200507-07 GENTOO GLSA-200507-06 GENTOO GLSA-200507-01 SECUNIA 18003 SECUNIA 17674 SECUNIA 17440 SECUNIA 16693 SECUNIA 16339 SECUNIA 16001 SECUNIA 15957 SECUNIA 15947 SECUNIA 15944 SECUNIA 15922 SECUNIA 15917 SECUNIA 15916 SECUNIA 15904 SECUNIA 15903 SECUNIA 15895 SECUNIA 15884 SECUNIA 15883 SECUNIA 15872 SECUNIA 15861 SECUNIA 15855 SECUNIA 15852 SECUNIA 15810 SUSE SUSE-SA:2005:051 BUGTRAQ 20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. cpe:/a:mit:kerberos:5-1.3.2 cpe:/a:mit:kerberos:5-1.3.1 cpe:/a:mit:kerberos:5-1.4.1 cpe:/a:mit:kerberos:5-1.3.3 cpe:/a:mit:kerberos:5-1.3.4 cpe:/a:mit:kerberos:5-1.3 cpe:/a:mit:kerberos:5-1.3.5 cpe:/a:mit:kerberos:5-1.3.6 cpe:/a:mit:kerberos:5-1.4 CVE-2005-1689 2005-07-18T00:00:00.000-04:00 2009-10-29T00:38:07.547-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-07-18T09:53:00.000-04:00 ALLOWS_USER_ACCESS CERT-VN VU#623332 GENTOO GLSA-200507-11 DEBIAN DSA-757 XF kerberos-kdc-krb5recvauth-execute-code(21055) UBUNTU USN-224-1 TURBO TLSA-2005-78 TRUSTIX 2005-0036 BID 14239 HP HPSBUX02152 HP HPSBUX02152 HP HPSBUX02152 REDHAT RHSA-2005:567 REDHAT RHSA-2005:562 SUSE SUSE-SR:2005:017 VUPEN ADV-2006-3776 VUPEN ADV-2005-1066 CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2005-003-recvauth.txt SUNALERT 101810 SECTRACK 1014461 SECUNIA 22090 SECUNIA 17899 SECUNIA 17135 SECUNIA 16041 BUGTRAQ 20050712 MITKRB5-SA-2005-003: double-free in krb5_recvauth APPLE APPLE-SA-2005-08-15 APPLE APPLE-SA-2005-08-17 CONECTIVA CLA-2005:993 SGI 20050703-01-U Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. cpe:/a:pcre:pcre:5.0 cpe:/a:pcre:pcre:6.0 cpe:/a:pcre:pcre:6.1 CVE-2005-2491 2005-08-23T00:00:00.000-04:00 2009-11-01T00:46:24.170-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-08-23T10:18:00.000-04:00 ALLOWS_USER_ACCESS SECTRACK 1014744 BID 14620 HP HPSBUX02074 HP HPSBUX02074 BID 15647 HP HPSBUX02074 FEDORA FLSA:168516 REDHAT RHSA-2006:0197 REDHAT RHSA-2005:761 REDHAT RHSA-2005:358 CONFIRM http://www.php.net/release_4_4_1.php SUSE SUSE-SA:2005:052 SUSE SUSE-SA:2005:049 SUSE SUSE-SA:2005:048 GENTOO GLSA-200509-19 GENTOO GLSA-200509-12 GENTOO GLSA-200509-02 GENTOO GLSA-200509-08 VUPEN ADV-2006-4502 VUPEN ADV-2006-4320 VUPEN ADV-2006-0789 VUPEN ADV-2005-2659 VUPEN ADV-2005-1511 CONFIRM http://www.ethereal.com/appnotes/enpa-sa-00021.html DEBIAN DSA-821 DEBIAN DSA-819 DEBIAN DSA-817 DEBIAN DSA-800 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf SUNALERT 102198 SREASON 604 SECUNIA 22875 SECUNIA 22691 SECUNIA 21522 SECUNIA 19532 SECUNIA 19193 SECUNIA 19072 SECUNIA 17813 SECUNIA 17252 SECUNIA 16679 SECUNIA 16502 OPENPKG OpenPKG-SA-2005.018 SUSE SUSE-SA:2005:051 TRUSTIX TSLSA-2005-0059 HP SSRT061238 APPLE APPLE-SA-2005-11-29 SGI 20060401-01-U SCO SCOSA-2006.10 Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. cpe:/a:alt-n:worldclient:8.1.3 cpe:/a:alt-n:mdaemon:8.1.3 CVE-2005-4209 2005-12-13T06:03:00.000-05:00 2009-10-31T00:54:01.500-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2005-12-13T10:36:00.000-05:00 XF mdaemon-worldclient-subject-dos(23551) BID 15815 MISC http://www.ipomonis.com/advisories/mdaemon.zip SECUNIA 17990 WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability. cpe:/a:apache:http_server:2.0.32:beta:win32 cpe:/a:apache:http_server:1.3.17::win32 cpe:/a:apache:http_server:1.3.23::win32 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:1.3.18 cpe:/a:apache:http_server:1.3.17 cpe:/a:apache:http_server:1.3.18::win32 cpe:/a:apache:http_server:1.3.14::mac_os cpe:/a:apache:http_server:1.3.19 cpe:/a:apache:http_server:1.3.14 cpe:/a:apache:http_server:1.3.25::win32 cpe:/a:apache:http_server:1.3.19::win32 cpe:/a:apache:http_server:1.3.13 cpe:/a:apache:http_server:1.3.16 cpe:/a:apache:mod_imap cpe:/a:apache:http_server:1.3.15 cpe:/a:apache:http_server:1.3.10 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.0.9 cpe:/a:apache:http_server:1.3.15::win32 cpe:/a:apache:http_server:2.0.34:beta:win32 cpe:/a:apache:http_server:1.3.13::win32 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:1.3.14::win32 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:1.3.24::win32 cpe:/a:apache:http_server:1.3.16::win32 cpe:/a:apache:http_server:2.0.28:beta:win32 cpe:/a:apache:http_server:1.3.1 cpe:/a:apache:http_server:1.3.0 cpe:/a:apache:http_server:2.0.32 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:1.3.9 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:1.3.8 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.7 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:1.3.6 cpe:/a:apache:http_server:1.3.11::win32 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:1.3.5 cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:1.3.7::dev cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:1.3.2 cpe:/a:apache:http_server:1.3.26::win32 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.24 cpe:/a:apache:http_server:2.0.28:beta cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.3.20::win32 cpe:/a:apache:http_server:1.3.22::win32 cpe:/a:apache:http_server:1.3.12::win32 cpe:/a:apache:http_server:1.3.23 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:1.3.20 CVE-2005-3352 2005-12-13T15:03:00.000-05:00 2009-10-30T00:41:31.233-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-12-14T10:33:00.000-05:00 CERT TA08-150A SECTRACK 1015344 MANDRIVA MDKSA-2006:007 UBUNTU USN-241-1 TRUSTIX TSLSA-2005-0074 BID 15834 HP SSRT061265 FEDORA FLSA-2006:175406 REDHAT RHSA-2006:0158 FEDORA FEDORA-2006-052 OPENPKG OpenPKG-SA-2005.029 GENTOO GLSA-200602-03 VUPEN ADV-2005-2870 AIXAPAR PK16139 SECUNIA 19012 SECUNIA 18743 SECUNIA 18585 SECUNIA 18526 SECUNIA 18517 SECUNIA 18429 SECUNIA 18340 SECUNIA 18339 SECUNIA 18333 SECUNIA 18008 SECUNIA 17319 REDHAT RHSA-2006:0159 SUSE SUSE-SR:2006:004 CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 SGI 20060101-01-U HP SSRT061265 HP HPSBUX02172 HP SSRT061202 SUSE SUSE-SA:2006:043 VUPEN ADV-2008-1697 VUPEN ADV-2008-1246 VUPEN ADV-2008-0924 VUPEN ADV-2006-4868 VUPEN ADV-2006-4300 VUPEN ADV-2006-4015 VUPEN ADV-2006-3995 VUPEN ADV-2006-2423 DEBIAN DSA-1167 AIXAPAR PK25355 SUNALERT 102663 SUNALERT 102662 SLACKWARE SSA:2006-129-01 SLACKWARE SSA:2006-130-01 SECUNIA 30430 SECUNIA 29849 SECUNIA 29420 SECUNIA 25239 SECUNIA 23260 SECUNIA 22669 SECUNIA 22388 SECUNIA 22368 SECUNIA 22140 SECUNIA 21744 SECUNIA 20670 SECUNIA 20046 REDHAT RHSA-2006:0692 SUSE SUSE-SR:2007:011 APPLE APPLE-SA-2008-03-18 APPLE APPLE-SA-2008-05-28 HP SSRT071293 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. CVE-2005-4265 2005-12-15T06:03:00.000-05:00 2009-10-31T00:54:22.077-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4209. Reason: This candidate is a duplicate of CVE-2005-4209. Notes: All CVE users should reference CVE-2005-4209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:ibm:http_server:6.0 cpe:/a:apache:http_server:1.3.1 cpe:/a:apache:http_server:1.3.18 cpe:/a:ibm:http_server:6.1 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:1.3.17 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:1.3.19 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:1.3.11::win32 cpe:/a:apache:http_server:1.3.12::win32 cpe:/a:apache:http_server:1.3.22 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:1.3.20 CVE-2006-3918 2006-07-27T20:04:00.000-04:00 2009-10-31T01:17:06.610-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-07-31T15:50:00.000-04:00 VUPEN ADV-2006-2964 VUPEN ADV-2006-2963 SECUNIA 21174 SECUNIA 21172 REDHAT RHSA-2006:0619 VUPEN ADV-2006-3264 AIXAPAR PK27875 AIXAPAR PK24631 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=394965 SECTRACK 1016569 SECUNIA 21478 SECUNIA 21399 REDHAT RHSA-2006:0618 HP SSRT090192 HP SSRT090192 BUGTRAQ 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" BUGTRAQ 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 UBUNTU USN-575-1 BID 19661 SUSE SUSE-SA:2006:051 VUPEN ADV-2006-5089 VUPEN ADV-2006-4207 DEBIAN DSA-1167 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm SREASON 1294 SECUNIA 29640 SECUNIA 28749 SECUNIA 22523 SECUNIA 22317 SECUNIA 22140 SECUNIA 21986 SECUNIA 21848 SECUNIA 21744 SECUNIA 21598 REDHAT RHSA-2006:0692 OPENBSD [3.9] 012: SECURITY FIX: October 7, 2006 SUSE SUSE-SA:2008:021 CONFIRM http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html SGI 20060801-01-P http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. cpe:/o:ubuntu:ubuntu_linux:5.04 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:1.3.9 cpe:/a:apache:http_server:1.3.8 cpe:/a:apache:http_server:1.3.7 cpe:/a:apache:http_server:1.3.30 cpe:/a:apache:http_server:1.3.6 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:1.3.5 cpe:/a:apache:http_server:1.3.32 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.31 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:1.3.7::dev cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:1.3.33 cpe:/a:apache:http_server:2.0.54 cpe:/o:ubuntu:ubuntu_linux:5.10 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/o:ubuntu:ubuntu_linux:6.06_lts cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:1.3.28 cpe:/a:apache:http_server:2.0.49 CVE-2006-3747 2006-07-28T14:02:00.000-04:00 2009-10-27T00:47:03.577-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-07-31T16:54:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#395412 CERT TA08-150A DEBIAN DSA-1132 DEBIAN DSA-1131 CONFIRM http://www.apache.org/dist/httpd/Announcement2.0.html CONFIRM https://issues.rpath.com/browse/RPL-538 XF apache-modrewrite-offbyone-bo(28063) CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 UBUNTU USN-328-1 BID 19204 HP HPSBUX02164 HP HPSBUX02145 HP HPSBUX02145 HP HPSBUX02145 HP HPSBUX02145 BUGTRAQ 20060820 POC & exploit for Apache mod_rewrite off-by-one BUGTRAQ 20060728 rPSA-2006-0139-1 httpd mod_ssl BUGTRAQ 20060728 Apache mod_rewrite Buffer Overflow Vulnerability BUGTRAQ 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released OSVDB 27588 OPENPKG OpenPKG-SA-2006.015 SUSE SUSE-SA:2006:043 VUPEN ADV-2006-4015 VUPEN ADV-2006-3995 VUPEN ADV-2006-3884 VUPEN ADV-2006-3282 VUPEN ADV-2006-3264 VUPEN ADV-2006-3017 AIXAPAR PK27875 AIXAPAR PK29156 AIXAPAR PK29154 MISC http://svn.apache.org/viewvc?view=rev&revision=426144 SUNALERT 102663 SUNALERT 102662 SECTRACK 1016601 GENTOO GLSA-200608-01 SECUNIA 22388 SECUNIA 22368 SECUNIA 22262 SECUNIA 21509 SECUNIA 21478 SECUNIA 21315 SECUNIA 21313 SECUNIA 21307 SECUNIA 21284 SECUNIA 21273 SECUNIA 21266 SECUNIA 21247 SECUNIA 21245 SECUNIA 21241 SECUNIA 21197 FULLDISC 20060728 [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released FULLDISC 20060728 Apache 1.3.29/2.X mod_rewrite Buffer Overflow Vulnerability CVE-2006-3747 MISC http://kbase.redhat.com/faq/FAQ_68_8653.shtm MANDRIVA MDKSA-2006:133 HP HPSBUX02164 MANDRIVA MDKSA-2006:133 VUPEN ADV-2008-1697 VUPEN ADV-2008-1246 VUPEN ADV-2008-0924 VUPEN ADV-2007-2783 VUPEN ADV-2006-4868 VUPEN ADV-2006-4300 VUPEN ADV-2006-4207 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007951 SREASON 1312 SECUNIA 30430 SECUNIA 29849 SECUNIA 29420 SECUNIA 26329 SECUNIA 23260 SECUNIA 23028 SECUNIA 22523 SECUNIA 21346 TRUSTIX 2006-0044 APPLE APPLE-SA-2008-03-18 APPLE APPLE-SA-2008-05-28 HP HPSBMA02328 HP SSRT061275 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. cpe:/a:openssl:openssl:0.9.3 cpe:/a:openssl:openssl:0.9.4 cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.5 cpe:/a:openssl:openssl:0.9.6 cpe:/a:openssl:openssl:0.9.6a cpe:/a:openssl:openssl:0.9.6b cpe:/a:openssl:openssl:0.9.1c cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.6c cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.6d cpe:/a:openssl:openssl:0.9.6a:beta1 cpe:/a:openssl:openssl:0.9.6e cpe:/a:openssl:openssl:0.9.6f cpe:/a:openssl:openssl:0.9.6a:beta3 cpe:/a:openssl:openssl:0.9.6g cpe:/a:openssl:openssl:0.9.6a:beta2 cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.6:beta1 cpe:/a:openssl:openssl:0.9.6:beta2 cpe:/a:openssl:openssl:0.9.6:beta3 cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.5:beta2 cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.2b cpe:/a:openssl:openssl:0.9.5:beta1 cpe:/a:openssl:openssl:0.9.5a cpe:/a:openssl:openssl:0.9.3a cpe:/a:openssl:openssl:0.9.6m cpe:/a:openssl:openssl:0.9.6k cpe:/a:openssl:openssl:0.9.5a:beta2 cpe:/a:openssl:openssl:0.9.5a:beta1 cpe:/a:openssl:openssl:0.9.6l cpe:/a:openssl:openssl:0.9.6i cpe:/a:openssl:openssl:0.9.6j CVE-2006-4339 2006-09-05T13:04:00.000-04:00 2009-11-03T01:10:43.750-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-09-05T13:17:00.000-04:00 ALLOWS_USER_ACCESS CERT-VN VU#845620 CERT TA06-333A DEBIAN DSA-1173 UBUNTU USN-339-1 BID 19849 CONFIRM http://www.openssl.org/news/secadv_20060905.txt VUPEN ADV-2006-3453 DEBIAN DSA-1174 SECUNIA 21709 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 HP SSRT071304 CONFIRM https://issues.rpath.com/browse/RPL-616 XF openssl-rsa-security-bypass(28755) HP HPSBUX02153 HP HPSBUX02153 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 HP HPSBUX02165 BUGTRAQ 20060912 ERRATA: [ GLSA 200609-05 ] OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery BUGTRAQ 20060905 rPSA-2006-0163-1 openssl openssl-scripts REDHAT RHSA-2008:0629 REDHAT RHSA-2006:0661 OSVDB 28549 CONFIRM http://www.opera.com/support/search/supsearch.dml?index=845 OPENBSD [3.9] 20060908 011: SECURITY FIX: September 8, 2006 SUSE SUSE-SA:2006:055 MISC http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/ MANDRIVA MDKSA-2006:161 MLIST [ietf-openpgp] 20060827 Bleichenbacher's RSA signature forgery based on implementation error VUPEN ADV-2006-3793 VUPEN ADV-2006-3730 VUPEN ADV-2006-3566 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm SLACKWARE SSA:2006-257-02 SECTRACK 1016791 GENTOO GLSA-200609-18 GENTOO GLSA-200609-05 FREEBSD FreeBSD-SA-06:19 SECUNIA 31492 SECUNIA 22259 SECUNIA 22161 SECUNIA 22036 SECUNIA 21982 SECUNIA 21930 SECUNIA 21927 SECUNIA 21906 SECUNIA 21873 SECUNIA 21870 SECUNIA 21852 SECUNIA 21846 SECUNIA 21823 SECUNIA 21812 SECUNIA 21791 SECUNIA 21785 SECUNIA 21778 SECUNIA 21776 SECUNIA 21767 HP HPSBMA02250 HP SSRT061273 MANDRIVA MDKSA-2006:178 MANDRIVA MDKSA-2006:177 SGI 20060901-01-P HP SSRT071304 CONFIRM https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html CONFIRM https://issues.rpath.com/browse/RPL-1633 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 HP HPSBUX02153 CONFIRM http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html CONFIRM http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html CONFIRM http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html CONFIRM http://www.vmware.com/support/server/doc/releasenotes_server.html CONFIRM http://www.vmware.com/support/player2/doc/releasenotes_player2.html CONFIRM http://www.vmware.com/support/player/doc/releasenotes_player.html CONFIRM http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html CONFIRM http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html CONFIRM http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html CONFIRM http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html CONFIRM http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0005.html CONFIRM http://www.sybase.com/detail?id=1047991 CONFIRM http://www.serv-u.com/releasenotes/ BID 28276 BID 22083 BUGTRAQ 20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues BUGTRAQ 20070110 VMware ESX server security updates HP HPSBUX02165 REDHAT RHSA-2007:0073 REDHAT RHSA-2007:0072 REDHAT RHSA-2007:0062 CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html OPENPKG OpenPKG-SA-2006.029 OPENPKG OpenPKG-SA-2006.018 SUSE SUSE-SA:2007:010 SUSE SUSE-SA:2006:061 SUSE SUSE-SR:2006:026 MANDRIVA MDKSA-2006:207 MANDRIVA MDKSA-2006:178 MANDRIVA MDKSA-2006:177 GENTOO GLSA-200610-06 VUPEN ADV-2008-0905 VUPEN ADV-2007-4224 VUPEN ADV-2007-2783 VUPEN ADV-2007-2315 VUPEN ADV-2007-2163 VUPEN ADV-2007-1945 VUPEN ADV-2007-1815 VUPEN ADV-2007-1401 VUPEN ADV-2007-0343 VUPEN ADV-2007-0254 VUPEN ADV-2006-5146 VUPEN ADV-2006-4750 VUPEN ADV-2006-4744 VUPEN ADV-2006-4586 VUPEN ADV-2006-4417 VUPEN ADV-2006-4366 VUPEN ADV-2006-4329 VUPEN ADV-2006-4327 VUPEN ADV-2006-4216 VUPEN ADV-2006-4207 VUPEN ADV-2006-4206 VUPEN ADV-2006-4205 VUPEN ADV-2006-3936 VUPEN ADV-2006-3899 VUPEN ADV-2006-3748 CISCO 20061108 Multiple Vulnerabilities in OpenSSL library CISCO 20061108 Multiple Vulnerabilities in OpenSSL Library CONFIRM http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html CONFIRM http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf CONFIRM http://support.attachmate.com/techdocs/2137.html CONFIRM http://support.attachmate.com/techdocs/2128.html CONFIRM http://support.attachmate.com/techdocs/2127.html SUNALERT 201534 SUNALERT 201247 SUNALERT 200708 SUNALERT 102759 SUNALERT 102744 SUNALERT 102722 SUNALERT 102696 SUNALERT 102686 SUNALERT 102657 SUNALERT 102656 SUNALERT 102648 SLACKWARE SSA:2006-310-01 SECTRACK 1017522 SECUNIA 28115 SECUNIA 26893 SECUNIA 26329 SECUNIA 25649 SECUNIA 25399 SECUNIA 25284 SECUNIA 24950 SECUNIA 24930 SECUNIA 24099 SECUNIA 23915 SECUNIA 23841 SECUNIA 23794 SECUNIA 23680 SECUNIA 23455 SECUNIA 23155 SECUNIA 22949 SECUNIA 22948 SECUNIA 22940 SECUNIA 22939 SECUNIA 22938 SECUNIA 22937 SECUNIA 22936 SECUNIA 22934 SECUNIA 22932 SECUNIA 22799 SECUNIA 22758 SECUNIA 22733 SECUNIA 22711 SECUNIA 22689 SECUNIA 22671 SECUNIA 22585 SECUNIA 22545 SECUNIA 22523 SECUNIA 22513 SECUNIA 22509 SECUNIA 22446 SECUNIA 22325 SECUNIA 22284 SECUNIA 22260 SECUNIA 22232 SECUNIA 22226 SECUNIA 22066 SECUNIA 22044 CONFIRM http://openvpn.net/changelog.html MLIST [bind-announce] 20061103 Internet Systems Consortium Security Advisory. [revised] MLIST [security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues APPLE APPLE-SA-2007-12-14 APPLE APPLE-SA-2006-11-28 HP HPSBUX02186 HP HPSBMA02250 HP SSRT061273 MANDRIVA MDKSA-2006:207 MISC http://docs.info.apple.com/article.html?artnum=307177 CONFIRM http://docs.info.apple.com/article.html?artnum=304829 BEA BEA07-169.00 OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1. cpe:/a:microsoft:internet_explorer:6 cpe:/a:microsoft:xml_core_services:3.0 CVE-2007-0099 2007-01-08T15:28:00.000-05:00 2009-11-05T00:00:00.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2007-01-08T16:05:00.000-05:00 CERT TA08-316A BID 21872 MS MS08-069 VUPEN ADV-2008-3111 BUGTRAQ 20070104 Re: RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 RE: [Full-disclosure] Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) BUGTRAQ 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) SECTRACK 1021164 SECUNIA 23655 FULLDISC 20070104 Concurrency strikes MSIE (potentially exploitable msxml3 flaws) OSVDB 32627 MISC http://isc.sans.org/diary.php?storyid=2004 FULLDISC 20070104 Re: Concurrency strikes MSIE (potentially exploitablemsxml3 flaws) Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." cpe:/a:sun:jdk:1.5.0:update9 cpe:/a:sun:sdk:1.4.2_08 cpe:/a:sun:sdk:1.4.2_09 cpe:/a:sun:jdk:1.5.0:update8 cpe:/a:sun:jdk:1.5.0:update5 cpe:/a:sun:jdk:1.5.0:update4 cpe:/a:sun:jdk:1.5.0:update7 cpe:/a:sun:jre:1.3.1:update18 cpe:/a:sun:jdk:1.5.0:update3 cpe:/a:sun:sdk:1.4.2_03 cpe:/a:sun:jre:1.3.1:update16 cpe:/a:sun:jre:1.4.2:update8 cpe:/a:sun:jre:1.4.2:update7 cpe:/a:sun:jre:1.4.2:update9 cpe:/a:sun:jre:1.4.2:update4 cpe:/a:sun:jre:1.4.2:update3 cpe:/a:sun:jre:1.4.2:update6 cpe:/a:sun:sdk:1.3.1_16 cpe:/a:sun:jre:1.4.2:update5 cpe:/a:sun:sdk:1.3.1_18 cpe:/a:sun:jre:1.4.2:update2 cpe:/a:sun:jre:1.4.2:update1 cpe:/a:sun:sdk:1.4.2 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.4.2:update12 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.4.2:update10 cpe:/a:sun:jre:1.4.2:update11 cpe:/a:sun:sdk:1.4.2_12 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:sdk:1.3.1_01a cpe:/a:sun:sdk:1.3.1_01 cpe:/a:sun:sdk:1.4.2_10 CVE-2007-0243 2006-06-16T00:00:00.000-04:00 2007-01-17T17:28:00.000-05:00 2009-11-02T01:21:54.047-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-01-18T09:13:00.000-05:00 ALLOWS_OTHER_ACCESS CERT TA07-022A CERT-VN VU#388289 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-005.html SUNALERT 102760 XF jre-gif-bo(31537) BID 22085 BUGTRAQ 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit BUGTRAQ 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability REDHAT RHSA-2007:0956 REDHAT RHSA-2007:0167 REDHAT RHSA-2007:0166 SUSE SUSE-SA:2007:045 GENTOO GLSA-200702-07 VUPEN ADV-2007-4224 VUPEN ADV-2007-1814 VUPEN ADV-2007-0936 VUPEN ADV-2007-0211 CONFIRM http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html CONFIRM http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html SECTRACK 1017520 SREASON 2158 GENTOO GLSA-200702-08 SECUNIA 28115 SECUNIA 27203 SECUNIA 26645 SECUNIA 26119 SECUNIA 26049 SECUNIA 25283 SECUNIA 24993 SECUNIA 24468 SECUNIA 24202 SECUNIA 24189 SECUNIA 23757 OSVDB 32834 APPLE APPLE-SA-2007-12-14 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 HP SSRT071318 MISC http://docs.info.apple.com/article.html?artnum=307177 BEA BEA07-172.00 REDHAT RHSA-2008:0261 Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:4.4.7 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 CVE-2007-2872 2007-06-04T13:30:00.000-04:00 2009-11-01T01:33:05.217-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-06-05T08:38:00.000-04:00 CONFIRM http://www.php.net/releases/5_2_3.php FEDORA FEDORA-2007-2215 FEDORA FEDORA-2007-709 CONFIRM https://launchpad.net/bugs/173043 CONFIRM https://issues.rpath.com/browse/RPL-1702 CONFIRM https://issues.rpath.com/browse/RPL-1693 XF php-chunksplit-security-bypass(39398) VUPEN ADV-2008-0059 UBUNTU USN-549-1 UBUNTU USN-549-2 TRUSTIX 2007-0023 SECTRACK 1018186 BID 24261 BUGTRAQ 20070601 SEC Consult SA-20070601-0 :: PHP chunk_split() integer overflow MISC http://www.sec-consult.com/291.html REDHAT RHSA-2007:0891 REDHAT RHSA-2007:0890 REDHAT RHSA-2007:0888 CONFIRM http://www.php.net/releases/4_4_8.php CONFIRM http://www.php.net/ChangeLog-4.php OPENPKG OpenPKG-SA-2007.020 MANDRIVA MDKSA-2007:187 GENTOO GLSA-200710-02 VUPEN ADV-2007-3386 VUPEN ADV-2007-2061 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-449.htm SLACKWARE SSA:2007-152-01 SECUNIA 28318 SECUNIA 27864 SECUNIA 27545 SECUNIA 27377 SECUNIA 27351 SECUNIA 27110 SECUNIA 27102 SECUNIA 27037 SECUNIA 26967 SECUNIA 26930 SECUNIA 26895 SECUNIA 26871 SECUNIA 26838 SECUNIA 26231 SECUNIA 26048 SECUNIA 25535 SECUNIA 25456 REDHAT RHSA-2007:0889 SUSE SUSE-SA:2007:044 HP HPSBUX02308 HP HPSBUX02262 HP HPSBUX02262 HP SSRT080056 VUPEN ADV-2008-0398 SLACKWARE SSA:2008-045-03 SECUNIA 30040 SECUNIA 28936 SECUNIA 28750 SECUNIA 28658 SUSE SUSE-SA:2008:004 HP HPSBUX02308 Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments. cpe:/a:mozilla:firefox:2.0 cpe:/a:mozilla:firefox:0.10 cpe:/a:mozilla:firefox:1.0 cpe:/a:mozilla:firefox:2.0:rc2 cpe:/a:mozilla:firefox:2.0:rc3 cpe:/a:mozilla:firefox:0.9 cpe:/a:mozilla:firefox:2.0:beta1 cpe:/a:mozilla:firefox:0.8 cpe:/a:mozilla:firefox:0.10.1 cpe:/a:mozilla:firefox:1.5.6 cpe:/a:mozilla:firefox:1.5.0.1 cpe:/a:mozilla:firefox:1.5.5 cpe:/a:mozilla:firefox:1.5.0.2 cpe:/a:mozilla:firefox:1.5.4 cpe:/a:mozilla:firefox:1.5.0.11 cpe:/a:mozilla:firefox:1.5.0.3 cpe:/a:mozilla:firefox:1.5.3 cpe:/a:mozilla:firefox:1.5.0.10 cpe:/a:mozilla:firefox:1.5.0.4 cpe:/a:mozilla:firefox:1.5.0.5 cpe:/a:mozilla:firefox:1.5.0.6 cpe:/a:mozilla:firefox:1.5.8 cpe:/a:mozilla:firefox:1.5.0.7 cpe:/a:mozilla:firefox:1.5.7 cpe:/a:mozilla:firefox:1.5.0.8 cpe:/a:mozilla:firefox:1.5 cpe:/a:mozilla:firefox:1.5.2 cpe:/a:mozilla:firefox:1.5.1 cpe:/a:mozilla:firefox:2.0.0.2 cpe:/a:mozilla:firefox:1.0.8 cpe:/a:mozilla:firefox:2.0.0.1 cpe:/a:mozilla:firefox:2.0.0.4 cpe:/a:mozilla:firefox:2.0.0.3 cpe:/a:mozilla:firefox:0.9.3 cpe:/a:mozilla:firefox:1.5.0.9 cpe:/a:mozilla:firefox:1.0.1 cpe:/a:mozilla:firefox:0.9.2 cpe:/a:mozilla:firefox:1.0.2 cpe:/a:mozilla:firefox:0.9.1 cpe:/a:mozilla:firefox:1.0.3 cpe:/a:mozilla:firefox:1.0.4 cpe:/a:mozilla:firefox:1.0.5 cpe:/a:mozilla:firefox:1.0.6 cpe:/a:mozilla:firefox:1.0.7 CVE-2007-3285 2007-06-20T15:30:00.000-04:00 2009-10-26T01:02:24.127-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-06-21T10:26:00.000-04:00 ALLOWS_OTHER_ACCESS MISC https://bugzilla.mozilla.org/show_bug.cgi?id=383478 UBUNTU USN-490-1 SECTRACK 1018413 BID 24447 SUSE SUSE-SA:2007:049 CONFIRM http://www.mozilla.org/security/announce/2007/mfsa2007-22.html MANDRIVA MDKSA-2007:152 MISC http://www.0x000000.com/?i=333 CONFIRM http://support.novell.com/techcenter/psdb/07d098f99c9fe6956523beae37f32fda.html SECUNIA 26271 SECUNIA 26258 SECUNIA 26216 SECUNIA 26204 SECUNIA 26149 SECUNIA 26072 OSVDB 38032 HP SSRT061181 CONFIRM ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt VUPEN ADV-2007-4256 SUNALERT 201516 SUNALERT 103177 SECUNIA 28135 HP SSRT061181 Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. cpe:/a:apache:http_server:2.0.32:beta cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.2.5 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.1.6 cpe:/a:apache:http_server:2.1.5 cpe:/a:apache:http_server:2.1.4 cpe:/a:apache:http_server:2.0.9 cpe:/a:apache:http_server:2.1.3 cpe:/a:apache:http_server:2.1.8 cpe:/a:apache:http_server:2.1.7 cpe:/a:apache:http_server:2.1.2 cpe:/a:apache:http_server:2.1.1 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.34:beta cpe:/a:apache:http_server:2.0.32 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:2.0.28:beta cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.0.60 cpe:/a:apache:http_server:2.1 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:2.0.61 CVE-2007-4465 2007-09-13T20:17:00.000-04:00 2009-10-31T01:47:12.093-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-09-14T09:40:00.000-04:00 CERT TA08-150A BID 25653 BUGTRAQ 20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html CONFIRM http://www.apache.org/dist/httpd/CHANGES_2.2.6 SREASON 3113 SREASONRES 20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability SECUNIA 35650 SECUNIA 33105 SECUNIA 31651 HP SSRT090192 HP SSRT090192 HP SSRT090085 HP SSRT090085 HP HPSBUX02365 HP HPSBUX02365 FEDORA FEDORA-2007-707 XF apache-utf7-xss(36586) UBUNTU USN-575-1 REDHAT RHSA-2008:0261 REDHAT RHSA-2008:0008 REDHAT RHSA-2008:0006 REDHAT RHSA-2008:0005 REDHAT RHSA-2008:0004 REDHAT RHSA-2007:0911 FEDORA FEDORA-2007-2214 SUSE SUSE-SA:2007:061 MANDRIVA MDVSA-2008:014 VUPEN ADV-2008-1697 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm SECTRACK 1019194 GENTOO GLSA-200711-06 SECUNIA 30430 SECUNIA 28749 SECUNIA 28607 SECUNIA 28471 SECUNIA 28467 SECUNIA 27732 SECUNIA 27563 SECUNIA 26952 SECUNIA 26842 APPLE APPLE-SA-2008-05-28 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219 Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection. cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.2.0 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.1.6 cpe:/a:apache:http_server:2.1.5 cpe:/a:apache:http_server:2.1.4 cpe:/a:apache:http_server:2.1.3 cpe:/a:apache:http_server:2.1.8 cpe:/a:apache:http_server:2.1.7 cpe:/a:apache:http_server:2.1.2 cpe:/a:apache:http_server:2.1.1 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.49 CVE-2007-6203 2007-12-03T17:46:00.000-05:00 2009-10-31T01:52:50.377-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2007-12-04T11:13:00.000-05:00 XF apache-413error-xss(38800) UBUNTU USN-731-1 SECTRACK 1019030 BID 26663 BUGTRAQ 20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html VUPEN ADV-2008-1875 VUPEN ADV-2007-4301 VUPEN ADV-2007-4060 AIXAPAR PK57952 SECUNIA 34219 SECUNIA 33105 SECUNIA 30732 SECUNIA 28196 SECUNIA 27906 MISC http://procheckup.com/Vulnerability_PR07-37.php HP HPSBUX02465 HP HPSBUX02465 VUPEN ADV-2008-1623 VUPEN ADV-2008-0924 AIXAPAR PK65782 SREASON 3411 GENTOO GLSA-200803-19 SECUNIA 30356 SECUNIA 29640 SECUNIA 29420 SECUNIA 29348 SUSE SUSE-SA:2008:021 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:2.0 CVE-2008-0005 2008-01-11T19:46:00.000-05:00 2009-10-31T01:54:30.797-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-01-14T09:37:00.000-05:00 FEDORA FEDORA-2008-1695 FEDORA FEDORA-2008-1711 XF apache-modproxyftp-utf7-xss(39615) UBUNTU USN-575-1 SECTRACK 1019185 BID 27234 BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server BUGTRAQ 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability REDHAT RHSA-2008:0009 REDHAT RHSA-2008:0008 REDHAT RHSA-2008:0007 REDHAT RHSA-2008:0006 REDHAT RHSA-2008:0005 REDHAT RHSA-2008:0004 MANDRIVA MDVSA-2008:016 MANDRIVA MDVSA-2008:015 MANDRIVA MDVSA-2008:014 VUPEN ADV-2008-1875 VUPEN ADV-2008-0924 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm SREASON 3526 SREASONRES 20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability GENTOO GLSA-200803-19 SECUNIA 35650 SECUNIA 30732 SECUNIA 29640 SECUNIA 29420 SECUNIA 29348 SECUNIA 28977 SECUNIA 28749 SECUNIA 28607 SECUNIA 28526 SECUNIA 28471 SECUNIA 28467 HP HPSBUX02465 HP HPSBUX02465 HP HPSBUX02431 HP HPSBUX02431 MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server SUSE SUSE-SA:2008:021 APPLE APPLE-SA-2008-03-18 CONFIRM http://docs.info.apple.com/article.html?artnum=307562 mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding. cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:5.0.0:beta4 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 CVE-2008-0599 2008-05-05T13:20:00.000-04:00 2009-10-31T01:56:17.733-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-05-06T10:01:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#147027 FEDORA FEDORA-2008-3606 FEDORA FEDORA-2008-3864 CONFIRM https://issues.rpath.com/browse/RPL-2503 XF php-vector-unspecified(42137) UBUNTU USN-628-1 SECTRACK 1019958 BID 29009 BUGTRAQ 20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl REDHAT RHSA-2008:0505 CONFIRM http://www.php.net/ChangeLog-5.php MLIST [oss-security] 20080502 CVE Request (PHP) MANDRIVA MDVSA-2008:128 MANDRIVA MDVSA-2008:127 VUPEN ADV-2008-2268 VUPEN ADV-2008-1810 VUPEN ADV-2008-1412 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176 SECUNIA 35650 SECUNIA 31326 SECUNIA 31200 SECUNIA 30828 SECUNIA 30757 SECUNIA 30616 SECUNIA 30345 SECUNIA 30083 SECUNIA 30048 SLACKWARE SSA:2008-128-01 HP SSRT090192 HP SSRT090192 HP HPSBUX02431 HP HPSBUX02431 APPLE APPLE-SA-2008-07-31 HP SSRT080063 HP SSRT080063 CONFIRM http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. cpe:/a:apache:http_server:2.0.32:beta cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.0.56 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.2.5 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache:http_server:2.1.6 cpe:/a:apache:http_server:2.1.5 cpe:/a:apache:http_server:2.1.4 cpe:/a:apache:http_server:2.0.9 cpe:/a:apache:http_server:2.1.3 cpe:/a:apache:http_server:2.1.8 cpe:/a:apache:http_server:2.1.7 cpe:/a:apache:http_server:2.1.2 cpe:/a:apache:http_server:2.1.1 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.34:beta cpe:/a:apache:http_server:2.0.32 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:2.0.28:beta cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.0.60 cpe:/a:apache:http_server:2.1 cpe:/a:apache:http_server:2.0 cpe:/a:apache:http_server:2.0.61 CVE-2008-2168 2008-05-13T17:20:00.000-04:00 2009-10-31T02:01:05.907-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-05-13T20:26:00.000-04:00 XF apache-403-xss(42303) UBUNTU USN-731-1 BID 29112 BUGTRAQ 20080512 Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability BUGTRAQ 20080510 Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability BUGTRAQ 20080510 Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability BUGTRAQ 20080508 Apache Server HTML Injection and UTF-7 XSS Vulnerability SREASON 3889 SECUNIA 35650 SECUNIA 34219 SECUNIA 31651 HP HPSBUX02465 HP HPSBUX02465 HP SSRT090085 HP SSRT090085 HP SSRT080118 HP SSRT080118 Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. cpe:/a:apache_software_foundation:apache_http_server:2.2.8 cpe:/a:apache_software_foundation:apache_http_server:2.0.63 CVE-2008-2364 2008-06-13T14:41:00.000-04:00 2009-10-31T02:01:38.453-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-06-16T09:42:00.000-04:00 BID 29653 VUPEN ADV-2008-1798 FEDORA FEDORA-2008-6314 FEDORA FEDORA-2008-6393 XF apache-modproxy-module-dos(42987) UBUNTU USN-731-1 SECTRACK 1020267 BID 31681 BUGTRAQ 20081122 rPSA-2008-0328-1 httpd mod_ssl BUGTRAQ 20080729 rPSA-2008-0236-1 httpd mod_ssl REDHAT RHSA-2008:0966 MANDRIVA MDVSA-2008:237 MANDRIVA MDVSA-2008:195 VUPEN ADV-2009-0320 VUPEN ADV-2008-2780 AIXAPAR PK67579 CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg27008517 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328 CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=666154&r2=666153&pathrev=666154 CONFIRM http://support.apple.com/kb/HT3216 SUNALERT 247666 GENTOO GLSA-200807-06 SECUNIA 34418 SECUNIA 34259 SECUNIA 34219 SECUNIA 33797 SECUNIA 33156 SECUNIA 32838 SECUNIA 32685 SECUNIA 32222 SECUNIA 31904 SECUNIA 31651 SECUNIA 31416 SECUNIA 31404 SECUNIA 31026 SECUNIA 30621 REDHAT RHSA-2008:0967 HP SSRT090192 HP SSRT090192 HP SSRT090005 HP SSRT090005 SUSE SUSE-SR:2009:007 SUSE SUSE-SR:2009:006 APPLE APPLE-SA-2008-10-09 HP HPSBUX02365 HP HPSBUX02365 The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:5.0:rc2 cpe:/a:php:php:5.0:rc3 cpe:/a:php:php:5.0:rc1 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.1.4 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.1.5 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.1.6 cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.3 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.1.2 cpe:/a:php:php:5.1.3 CVE-2008-2666 2008-06-19T21:41:00.000-04:00 2009-10-31T02:02:17.547-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-06-20T10:24:00.000-04:00 CERT TA09-133A XF php-chdir-ftoc-security-bypass(43198) VUPEN ADV-2009-1297 SECTRACK 1020328 BID 29796 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SREASON 3942 SREASONRES 20080617 PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass SECUNIA 35650 SECUNIA 35074 HP HPSBUX02465 HP HPSBUX02465 HP HPSBUX02431 HP HPSBUX02431 APPLE APPLE-SA-2009-05-12 Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. cpe:/a:php:php:5.2.6 CVE-2008-2665 2008-06-19T21:41:00.000-04:00 2009-10-31T02:02:17.420-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2008-06-20T10:12:00.000-04:00 CERT TA09-133A XF php-posixaccess-security-bypass(43196) VUPEN ADV-2009-1297 SECTRACK 1020327 BID 29797 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SREASON 3941 SREASONRES 20080617 PHP 5.2.6 posix_access() (posix ext) safe_mode bypass SECUNIA 35650 SECUNIA 35074 HP HPSBUX02465 HP HPSBUX02465 HP SSRT090085 HP SSRT090085 APPLE APPLE-SA-2009-05-12 Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:4.0 CVE-2008-2829 2008-06-23T16:41:00.000-04:00 2009-10-31T02:03:01.827-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-06-23T17:29:00.000-04:00 CERT TA09-133A VUPEN ADV-2009-1297 BID 29829 FEDORA FEDORA-2009-3848 FEDORA FEDORA-2009-3768 CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=221969 XF php-phpimap-dos(43357) UBUNTU USN-628-1 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl MLIST [oss-security] 20080624 Re: CVE request: php 5.2.6 ext/imap buffer overflows MLIST [oss-security] 20080619 CVE request: php 5.2.6 ext/imap buffer overflows MANDRIVA MDVSA-2008:128 MANDRIVA MDVSA-2008:127 MANDRIVA MDVSA-2008:126 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SECUNIA 35650 SECUNIA 35306 SECUNIA 35074 SECUNIA 31200 OSVDB 46641 HP HPSBUX02465 HP HPSBUX02465 HP SSRT090085 HP SSRT090085 SUSE SUSE-SR:2008:027 APPLE APPLE-SA-2009-05-12 MISC http://bugs.php.net/bug.php?id=42862 php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow" error message, related to the rfc822_write_address function. cpe:/a:pcre:pcre:7.7 CVE-2008-2371 2008-07-07T19:41:00.000-04:00 2009-10-31T02:01:39.203-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-07-08T10:43:00.000-04:00 ALLOWS_OTHER_ACCESS CERT TA09-133A FEDORA FEDORA-2008-6048 FEDORA FEDORA-2008-6025 VUPEN ADV-2009-1297 VUPEN ADV-2008-2336 UBUNTU USN-628-1 UBUNTU USN-624-1 BID 31681 BID 30087 BUGTRAQ 20081027 rPSA-2008-0305-1 pcre MANDRIVA MDVSA-2009:023 MANDRIVA MDVSA-2008:147 GENTOO GLSA-200807-03 VUPEN ADV-2008-2780 VUPEN ADV-2008-2006 VUPEN ADV-2008-2005 DEBIAN DSA-1602 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3216 SECUNIA 35650 SECUNIA 35074 SECUNIA 32454 SECUNIA 32222 SECUNIA 31200 SECUNIA 30990 SECUNIA 30972 SECUNIA 30967 SECUNIA 30961 SECUNIA 30958 SECUNIA 30945 SECUNIA 30944 SECUNIA 30916 HP HPSBUX02465 HP HPSBUX02465 HP HPSBUX02431 HP HPSBUX02431 SUSE SUSE-SR:2008:014 APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2008-10-09 CONFIRM http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=228091 Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches. cpe:/a:apache_software_foundation:apache:2.2.6 cpe:/a:apache_software_foundation:apache:2.2.8 cpe:/a:apache_software_foundation:apache:2.2.9 cpe:/a:apache:http_server:2.0.55 cpe:/a:apache:http_server:2.2.1 cpe:/a:apache:http_server:2.0.57 cpe:/a:apache:http_server:2.0.58 cpe:/a:apache:http_server:2.0.59 cpe:/a:apache:http_server:2.0.50 cpe:/a:apache:http_server:2.0.51 cpe:/a:apache:http_server:2.2.4 cpe:/a:apache:http_server:2.0.52 cpe:/a:apache:http_server:2.0.53 cpe:/a:apache:http_server:2.2.2 cpe:/a:apache:http_server:2.0.54 cpe:/a:apache:http_server:2.2.3 cpe:/a:apache_software_foundation:apache:2.0.13 cpe:/a:apache_software_foundation:apache:2.0.14 cpe:/a:apache_software_foundation:apache:2.0.11 cpe:/a:apache_software_foundation:apache:2.0.12 cpe:/a:apache_software_foundation:apache:2.0.17 cpe:/a:apache_software_foundation:apache:2.0.18 cpe:/a:apache_software_foundation:apache:2.0.15 cpe:/a:apache_software_foundation:apache:2.0.16 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.49 cpe:/a:apache_software_foundation:apache:2.0:a2 cpe:/a:apache_software_foundation:apache:2.0:a1 cpe:/a:apache_software_foundation:apache:2.0.19 cpe:/a:apache_software_foundation:apache:2.0:a6 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache_software_foundation:apache:2.0:a5 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache_software_foundation:apache:2.0:a4 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache_software_foundation:apache:2.0:a3 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache_software_foundation:apache:2.0.26 cpe:/a:apache_software_foundation:apache:2.0.27 cpe:/a:apache_software_foundation:apache:2.0.29 cpe:/a:apache_software_foundation:apache:2.0.22 cpe:/a:apache_software_foundation:apache:2.0.23 cpe:/a:apache_software_foundation:apache:2.0.24 cpe:/a:apache_software_foundation:apache:2.0.25 cpe:/a:apache_software_foundation:apache:2.0.20 cpe:/a:apache_software_foundation:apache:2.0.21 cpe:/a:apache_software_foundation:apache:2.0:a8 cpe:/a:apache_software_foundation:apache:2.0:a7 cpe:/a:apache_software_foundation:apache:2.0:a9 cpe:/a:apache_software_foundation:apache:2.0.63 cpe:/a:apache:http_server:2.0.32 cpe:/a:apache_software_foundation:apache:2.0.61 cpe:/a:apache:http_server:2.0.38 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache_software_foundation:apache:2.0.33 cpe:/a:apache_software_foundation:apache:2.0.34 cpe:/a:apache_software_foundation:apache:2.0.31 cpe:/a:apache_software_foundation:apache:2.0.30 cpe:/a:apache:http_server:2.0.28 cpe:/a:apache:http_server:2.2 cpe:/a:apache:http_server:2.0 CVE-2008-2939 2008-08-06T14:41:00.000-04:00 2009-10-31T02:03:29.500-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2008-08-07T09:35:00.000-04:00 CERT TA09-133A CERT-VN VU#663763 XF apache-modproxyftp-xss(44223) VUPEN ADV-2009-1297 UBUNTU USN-731-1 SECTRACK 1020635 BID 30560 BUGTRAQ 20081122 rPSA-2008-0328-1 httpd mod_ssl BUGTRAQ 20081122 rPSA-2008-0327-1 httpd mod_ssl BUGTRAQ 20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting REDHAT RHSA-2008:0966 MISC http://www.rapid7.com/advisories/R7-0033 MANDRIVA MDVSA-2009:124 MANDRIVA MDVSA-2008:195 MANDRIVA MDVSA-2008:194 VUPEN ADV-2009-0320 VUPEN ADV-2008-2461 VUPEN ADV-2008-2315 AIXAPAR PK70937 AIXAPAR PK70197 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0327 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=682871 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=682870 CONFIRM http://svn.apache.org/viewvc?view=rev&revision=682868 CONFIRM http://support.apple.com/kb/HT3549 SUNALERT 247666 SECUNIA 35074 SECUNIA 34219 SECUNIA 33797 SECUNIA 33156 SECUNIA 32838 SECUNIA 32685 SECUNIA 31673 SECUNIA 31384 REDHAT RHSA-2008:0967 HP HPSBUX02465 HP HPSBUX02465 HP SSRT090005 HP SSRT090005 SUSE SUSE-SR:2008:024 APPLE APPLE-SA-2009-05-12 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.8 cpe:/a:php:php:4.4.7 cpe:/a:php:php:4.4.6 CVE-2008-3660 2008-08-14T20:41:00.000-04:00 2009-10-31T02:05:32.233-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2008-08-15T13:34:00.000-04:00 CERT TA09-133A FEDORA FEDORA-2009-3848 FEDORA FEDORA-2009-3768 XF php-curl-unspecified(44402) VUPEN ADV-2009-1297 VUPEN ADV-2008-2336 SECTRACK 1020994 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl REDHAT RHSA-2009:0350 MLIST [oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues MLIST [oss-security] 20080808 CVE request: php-5.2.6 overflow issues MANDRIVA MDVSA-2009:024 MANDRIVA MDVSA-2009:023 MANDRIVA MDVSA-2009:022 MANDRIVA MDVSA-2009:021 DEBIAN DSA-1647 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SECUNIA 35650 SECUNIA 35306 SECUNIA 35074 SECUNIA 32148 SECUNIA 31982 HP SSRT090192 HP SSRT090192 HP HPSBUX02431 HP HPSBUX02431 SUSE SUSE-SR:2008:018 APPLE APPLE-SA-2009-05-12 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=234102 PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php. cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.8 cpe:/a:php:php:4.4.7 cpe:/a:php:php:4.4.6 CVE-2008-3659 2008-08-14T20:41:00.000-04:00 2009-10-31T02:05:32.110-04:00 6.4 NETWORK LOW NONE NONE PARTIAL PARTIAL http://nvd.nist.gov 2008-08-15T13:07:00.000-04:00 CERT TA09-133A CONFIRM http://www.php.net/archive/2008.php#id2008-08-07-1 XF php-memnstr-bo(44405) VUPEN ADV-2009-1297 VUPEN ADV-2008-2336 SECTRACK 1020995 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl MLIST [oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues MLIST [oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues MLIST [oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues MLIST [oss-security] 20080808 CVE request: php-5.2.6 overflow issues MANDRIVA MDVSA-2009:024 MANDRIVA MDVSA-2009:023 MANDRIVA MDVSA-2009:022 MANDRIVA MDVSA-2009:021 DEBIAN DSA-1647 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SECUNIA 35650 SECUNIA 35074 SECUNIA 32316 SECUNIA 32148 SECUNIA 31982 OSVDB 47483 CONFIRM http://news.php.net/php.cvs/52002 HP HPSBUX02465 HP HPSBUX02465 HP SSRT090085 HP SSRT090085 SUSE SUSE-SR:2008:021 SUSE SUSE-SR:2008:018 APPLE APPLE-SA-2009-05-12 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=234102 Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible. cpe:/a:php:php:5.2.0 cpe:/a:php:php:5.2.1 cpe:/a:php:php:5.2.2 cpe:/a:php:php:5.2.3 cpe:/a:php:php:5.2.4 cpe:/a:php:php:5.2.5 cpe:/a:php:php:5.2.6 cpe:/a:php:php:4.4.4 cpe:/a:php:php:4.4.5 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.3 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.4.8 cpe:/a:php:php:4.4.7 cpe:/a:php:php:4.4.6 CVE-2008-3658 2008-08-14T20:41:00.000-04:00 2009-10-31T02:05:31.983-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-08-15T12:51:00.000-04:00 CERT TA09-133A FEDORA FEDORA-2009-3848 FEDORA FEDORA-2009-3768 XF php-imageloadfont-dos(44401) VUPEN ADV-2009-1297 VUPEN ADV-2008-2336 BID 30649 BUGTRAQ 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl HP HPSBTU02382 HP HPSBTU02382 REDHAT RHSA-2009:0350 CONFIRM http://www.php.net/archive/2008.php#id2008-08-07-1 MLIST [oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues MLIST [oss-security] 20080808 CVE request: php-5.2.6 overflow issues MANDRIVA MDVSA-2009:024 MANDRIVA MDVSA-2009:023 MANDRIVA MDVSA-2009:022 MANDRIVA MDVSA-2009:021 VUPEN ADV-2009-0320 VUPEN ADV-2008-3275 DEBIAN DSA-1647 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0035 CONFIRM http://support.apple.com/kb/HT3549 SECUNIA 35306 SECUNIA 35074 SECUNIA 33797 SECUNIA 32884 SECUNIA 32316 SECUNIA 32148 SECUNIA 31982 OSVDB 47484 MISC http://news.php.net/php.cvs/51219 HP SSRT090192 HP SSRT090192 HP HPSBUX02401 HP HPSBUX02401 SUSE SUSE-SR:2008:021 SUSE SUSE-SR:2008:018 APPLE APPLE-SA-2009-05-12 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=234102 Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. cpe:/o:linux:kernel:2.6.25.8::x86_64 cpe:/o:linux:kernel:2.6.20.17 cpe:/o:linux:kernel:2.6.20.16 cpe:/o:linux:kernel:2.6.20.19 cpe:/o:linux:kernel:2.6.20.18 cpe:/o:linux:kernel:2.6.25.9 cpe:/o:linux:kernel:2.6.25.8 cpe:/o:linux:kernel:2.6.25.7 cpe:/o:linux:kernel:2.6.25.6 cpe:/o:linux:kernel:2.6.25.1 cpe:/o:linux:kernel:2.6.22_rc1 cpe:/o:linux:kernel:2.6.25::x86_64 cpe:/o:linux:kernel:2.6.25.5 cpe:/o:linux:kernel:2.6.25.4 cpe:/o:linux:kernel:2.6.25.3 cpe:/o:linux:kernel:2.6.25.2 cpe:/o:linux:kernel:2.6.23.17 cpe:/o:linux:kernel:2.6.22_rc7 cpe:/o:linux:kernel:2.6.26:rc4 cpe:/o:linux:kernel:2.6.23.10 cpe:/o:linux:kernel:2.6.23.11 cpe:/o:linux:kernel:2.6.20.20 cpe:/o:linux:kernel:2.6.23.12 cpe:/o:linux:kernel:2.6.23.13 cpe:/o:linux:kernel:2.6.20.21 cpe:/o:linux:kernel:2.6.23.15 cpe:/o:linux:kernel:2.6.23.16 cpe:/o:linux:kernel:2.6.22.1 cpe:/o:linux:kernel:2.6.22.2 cpe:/o:linux:kernel:2.6.23.8 cpe:/o:linux:kernel:2.6.18:rc2 cpe:/o:linux:kernel:2.6.23.9 cpe:/o:linux:kernel:2.6.18:rc1 cpe:/o:linux:kernel:2.6.18:rc4 cpe:/o:linux:kernel:2.6.18:rc3 cpe:/o:linux:kernel:2.6.22.8 cpe:/o:linux:kernel:2.6.18:rc6 cpe:/o:linux:kernel:2.6.22.9 cpe:/o:linux:kernel:2.6.18:rc5 cpe:/o:linux:kernel:2.6.18:rc7 cpe:/o:linux:kernel:2.6.25.10::x86_64 cpe:/o:linux:kernel:2.4.36.5 cpe:/o:linux:kernel:2.4.36.4 cpe:/o:linux:kernel:2.4.36.6 cpe:/o:linux:kernel:2.4.36.1 cpe:/o:linux:kernel:2.4.36.3 cpe:/o:linux:kernel:2.4.36.2 cpe:/o:linux:kernel:2.6.25.7::x86_64 cpe:/o:linux:kernel:2.6.25.17 cpe:/o:linux:kernel:2.6.25.16 cpe:/o:linux:kernel:2.6.25.15 cpe:/o:linux:kernel:2.6.25.14 cpe:/o:linux:kernel:2.6.25.9::x86_64 cpe:/o:linux:kernel:2.6.25.13 cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.6.25.12 cpe:/o:linux:kernel:2.6.25.11 cpe:/o:linux:kernel:2.6.21.6 cpe:/o:linux:kernel:2.6.21.7 cpe:/o:linux:kernel:2.6.25.10 cpe:/o:linux:kernel:2.6.23_rc1 cpe:/o:linux:kernel:2.6.21.5 cpe:/o:linux:kernel:2.6.25.6::x86_64 cpe:/o:linux:kernel:2.6.25.11::x86_64 cpe:/o:linux:kernel:2.6.22.18 cpe:/o:linux:kernel:2.6.22.19 cpe:/o:linux:kernel:2.6.22.17 cpe:/o:linux:kernel:2.6.22.14 cpe:/o:linux:kernel:2.6.22.15 cpe:/o:linux:kernel:2.6.22.12 cpe:/o:linux:kernel:2.6.22.13 cpe:/o:linux:kernel:2.6.18 cpe:/o:linux:kernel:2.6.22.10 cpe:/o:linux:kernel:2.6.22.11 cpe:/o:linux:kernel:2.6.24_rc5 cpe:/o:linux:kernel:2.6.24_rc4 cpe:/o:linux:kernel:2.6.25.4::x86_64 cpe:/o:linux:kernel:2.6.25.3::x86_64 cpe:/o:linux:kernel:2.6.24_rc1 cpe:/o:linux:kernel:2.4.36 cpe:/o:linux:kernel:2.6.26.5 cpe:/o:linux:kernel:2.6.26.3 cpe:/o:linux:kernel:2.6.26.4 cpe:/o:linux:kernel:2.6.26.1 cpe:/o:linux:kernel:2.6.26.2 cpe:/o:linux:kernel:2.6.26 cpe:/o:linux:kernel:2.6.22.20 cpe:/o:linux:kernel:2.6.25 cpe:/o:linux:kernel:2.6.22.21 cpe:/o:linux:kernel:2.6.27 cpe:/o:linux:kernel:2.6.25.12::x86_64 cpe:/o:linux:kernel:2.6.25.2::x86_64 cpe:/o:linux:kernel:2.6.22.22 cpe:/o:linux:kernel:2.6.24.6 cpe:/o:linux:kernel:2.6.25.1::x86_64 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.2.27 cpe:/o:linux:kernel:2.6.24.5 cpe:/o:linux:kernel:2.6.23 cpe:/o:linux:kernel:2.6.24.4 cpe:/o:linux:kernel:2.6.24 cpe:/o:linux:kernel:2.6.24.3 cpe:/o:linux:kernel:2.6.24.2 cpe:/o:linux:kernel:2.6.24.1 cpe:/o:linux:kernel:2.6.24.7 cpe:/o:linux:kernel:2.6.19.4 cpe:/o:linux:kernel:2.6.19.5 cpe:/o:linux:kernel:2.6.19.6 cpe:/o:linux:kernel:2.6.19.7 cpe:/o:linux:kernel:2.6.27.1 cpe:/o:linux:kernel:2.6.27.3 cpe:/o:linux:kernel:2.6.27.2 cpe:/o:linux:kernel:2.6.27.4 cpe:/o:linux:kernel:2.6.25.5::x86_64 CVE-2008-5029 2008-11-10T11:15:12.060-05:00 2009-11-06T01:46:41.687-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-11-11T11:21:00.000-05:00 BID 32154 REDHAT RHSA-2009:1550 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=470201 UBUNTU USN-679-1 SECTRACK 1021511 SECTRACK 1021292 BID 33079 BUGTRAQ 20090101 Linux Kernel 2.6.18/2.6.24/2.6.20/2.6.22/2.6.21 denial of service exploit REDHAT RHSA-2009:0225 REDHAT RHSA-2009:0014 REDHAT RHSA-2009:0009 MLIST [oss-security] 20081106 CVE request: kernel: Unix sockets kernel panic MANDRIVA MDVSA-2008:234 DEBIAN DSA-1687 DEBIAN DSA-1681 SREASON 4573 SECUNIA 33704 SECUNIA 33641 SECUNIA 33623 SECUNIA 33586 SECUNIA 33556 SECUNIA 33180 SECUNIA 32998 SECUNIA 32918 MLIST [linux-netdev] 20081106 UNIX sockets kernel panic SUSE SUSE-SA:2009:008 SUSE SUSE-SA:2009:004 SUSE SUSE-SA:2008:057 MISC http://darkircop.org/unix.c The __scm_destroy function in net/core/scm.c in the Linux kernel 2.6.27.4, 2.6.26, and earlier makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors. cpe:/o:linux:kernel:2.6.28:rc4 cpe:/o:linux:kernel:2.6.28:rc5 cpe:/o:linux:kernel:2.6.28:rc1 cpe:/o:linux:kernel:2.6.28:rc2 cpe:/o:linux:kernel:2.6.28:rc3 cpe:/o:linux:kernel:2.6.28 CVE-2008-5300 2008-12-01T12:30:00.203-05:00 2009-11-06T01:47:08.127-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-12-02T14:14:00.000-05:00 FEDORA FEDORA-2008-11618 REDHAT RHSA-2009:1550 CONFIRM https://issues.rpath.com/browse/RPL-2915 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=470201 XF linux-kernel-sendmsg-dos(46943) UBUNTU USN-714-1 UBUNTU USN-715-1 BID 32516 BUGTRAQ 20081209 rPSA-2008-0332-1 kernel REDHAT RHSA-2009:0053 REDHAT RHSA-2009:0014 MANDRIVA MDVSA-2009:032 DEBIAN DSA-1681 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0332 SREASON 4673 SECUNIA 33854 SECUNIA 33756 SECUNIA 33706 SECUNIA 33556 SECUNIA 33348 SECUNIA 33083 SECUNIA 32998 SECUNIA 32913 OSVDB 50272 MLIST [linux-netdev] 20081125 [PATCH] Fix soft lockups/OOM issues w/ unix garbage collector MLIST [linux-netdev] 20081120 soft lockups/OOM after unix socket fixes CONFIRM http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=473259 Linux kernel 2.6.28 allows local users to cause a denial of service ("soft lockup" and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029. cpe:/a:sun:jre:6:update_10 cpe:/a:sun:jre:6:update_8 cpe:/a:sun:jre:6:update_7 cpe:/a:sun:jre:6:update_6 cpe:/a:sun:jre:6:update_5 cpe:/a:sun:jre:6:update_4 cpe:/a:sun:jre:6:update_3 cpe:/a:sun:jre:6:update_2 cpe:/a:sun:jre:6:update_1 cpe:/a:sun:jre:5.0:update_16 cpe:/a:sun:jre:5.0:update_15 cpe:/a:sun:jre:5.0:update_14 cpe:/a:sun:jdk:6:update_2 cpe:/a:sun:jre:5.0:update_13 cpe:/a:sun:jdk:6:update_1 cpe:/a:sun:jdk:5.0:update_1 cpe:/a:sun:jre:5.0:update_12 cpe:/a:sun:jdk:6:update_4 cpe:/a:sun:jdk:5.0:update_2 cpe:/a:sun:jre:5.0:update_11 cpe:/a:sun:jdk:6:update_3 cpe:/a:sun:jdk:6:update_10 cpe:/a:sun:jdk:5.0:update_3 cpe:/a:sun:jdk:6:update_6 cpe:/a:sun:jdk:6 cpe:/a:sun:jdk:6:update_5 cpe:/a:sun:jdk:6:update_8 cpe:/a:sun:jdk:6:update_7 cpe:/a:sun:jre:5.0:update_2 cpe:/a:sun:jre:5.0:update_1 cpe:/a:sun:jre:6 cpe:/a:sun:jdk:5.0:update_16 cpe:/a:sun:jdk:5.0:update_15 cpe:/a:sun:jdk:5.0:update_12 cpe:/a:sun:jre:5.0:update_10 cpe:/a:sun:jdk:5.0:update_11 cpe:/a:sun:jdk:5.0:update_14 cpe:/a:sun:jre:5.0 cpe:/a:sun:jdk:5.0:update_13 cpe:/a:sun:jdk:5.0:update_10 CVE-2008-5349 2008-12-05T06:30:00.457-05:00 2009-10-27T01:19:15.000-04:00 7.1 NETWORK MEDIUM NONE NONE NONE COMPLETE http://nvd.nist.gov 2008-12-05T13:44:00.000-05:00 CERT TA08-340A SUNALERT 246286 REDHAT RHSA-2009:0466 CONFIRM http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf VUPEN ADV-2009-1426 SECTRACK 1021309 BID 32608 HP HPSBUX02429 REDHAT RHSA-2009:0016 VUPEN ADV-2008-3339 CONFIRM http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm SECUNIA 35255 SECUNIA 34972 SECUNIA 34259 SECUNIA 33709 SECUNIA 33015 SECUNIA 32991 REDHAT RHSA-2008:1025 REDHAT RHSA-2008:1018 OSVDB 50504 SUSE SUSE-SR:2009:016 SUSE