CVE-2008-0906
published 2008-02-22CVE-2008-0906: SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
bugzilla·2008-07-09·CVSS 10.0
CVE-2008-3112 [CRITICAL] CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)
Sunalert, 238905, Second Issue
A vulnerability in Java Web Start may allow an untrusted Java Web Start
application downloaded from a website to create arbitrary files with the
permissions of the user running the untrusted Java Web Start application.
Discussion:
This was resolved via:
http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHE
Bugzilla
CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
bugzilla·2008-07-09·CVSS 5.0
CVE-2008-3114 [MEDIUM] CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)
Sunalert, 238905, Fourth Issue
A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to determine the location of the Java Web Start cache.
Discussion:
This was resolved via:
http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0955.html (RHEL3, RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0790.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0638.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHEL4, RHEL5)
Bugzilla
CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
bugzilla·2008-07-09·CVSS 7.5
CVE-2008-3109 [HIGH] CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
CVE-2008-3109 CVE-2008-3110 Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
A vulnerability in the Java Runtime Environment relating to scripting language
support may allow an untrusted applet or application to elevate its privileges.
For example, an untrusted applet may grant itself permissions to read and write
local files or execute local applications that are accessible to the user
running the untrusted applet.
A second vulnerability in the Java Runtime Environment relating to scripting
language support may allow an untrusted applet to access information from
another applet.
Discussion:
This issue has been addressed via:
RHEL Supplementary version 5 (RHSA-2008:0594 (java-1.6.0-sun) and RHSA-2008:0906 (java-1.6.0-ibm))
Red Hat
2008-02-22
Published