CVE-2008-0818
published 2008-02-19CVE-2008-0818: Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.50%
82.7th percentile
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freephpgallery | freephpgallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
bugzilla·2008-07-29·CVSS 4.9
CVE-2008-2941 [MEDIUM] CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
CVE-2008-2941 hplip hpssd.py Denial-Of-Service parsing vulnerability
hplip is vulnerable to a Denial-Of-Service-Attack via it's listener port.
Discussion:
Description
The problem is due to a flaw in the request parsing routines.
To reproduce:
$telnet 127.0.0.1 2207
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
msg=0
Connection closed by foreign host.
Impact
afterwards hpssd is down
will file another bug for it
Yes, happens on RHEL-5.2 RC1 too
---
Created attachment 312881
hplip-parse-crash.patch
The parser is very fragile in a lot of places. This patch fixes up all the
delicate bits I could find.
---
Lifting embargo
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0818.html
Bugzilla
CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
bugzilla·2008-07-14·CVSS 7.2
CVE-2008-2940 [HIGH] CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
CVE-2008-2940 hpssd of hplip allows unprivileged user to trigger alert mail
==Description==
hpssd allows unprivileged local users to trigger alert mails
by sending specially crafted packets
Discussion:
Created attachment 312878
hplip-validate-uri.patch
This is the first of two patches to address this problem. This patch performs
validation on the device URI when handling an 'event' message, and improves the
validation code.
---
Created attachment 312880
hplip-static-alerts-table.patch
This is the second patch, which implements a static alerts table, stored in
/etc/hp/alerts.conf. The 'setalerts' message now has no effect.
---
Lifting embargo
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0818.html
http://secunia.com/advisories/28972http://sourceforge.net/forum/forum.php?forum_id=785794http://www.securityfocus.com/bid/27806http://www.vupen.com/english/advisories/2008/0589https://www.exploit-db.com/exploits/5124http://secunia.com/advisories/28972http://sourceforge.net/forum/forum.php?forum_id=785794http://www.securityfocus.com/bid/27806http://www.vupen.com/english/advisories/2008/0589https://www.exploit-db.com/exploits/5124
2008-02-19
Published