CVE-2008-0945
published 2008-02-25CVE-2008-0945: Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows…
PriorityP415low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
6.88%
93.3th percentile
Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipswitch | imserver | <= 2.0.8.1 | — |
| ipswitch | instant_messaging | <= 2.0.8.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-4822 Flash Player policy file interpretation flaw
bugzilla·2008-11-05·CVSS 6.8
CVE-2008-4822 [MEDIUM] CVE-2008-4822 Flash Player policy file interpretation flaw
CVE-2008-4822 Flash Player policy file interpretation flaw
A flaw was found in the way Flash Player interprets policy files. It is
possible to bypass a non-root domain policy, possibly allowing a malicious
site to access data in a different domain.
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Fixed in: 9.0.151.0 and 10.0.12.36
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-4819 Flash Player DNS rebind attack
bugzilla·2008-11-05·CVSS 6.8
CVE-2008-4819 [MEDIUM] CVE-2008-4819 Flash Player DNS rebind attack
CVE-2008-4819 Flash Player DNS rebind attack
The Flash Player 9.0.151.0 and 10.0.12.36 update "introduces a change to
mitigate a potential issue that could aid an attacker in executing a DNS
rebinding attack."
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Fixed in: 9.0.151.0 and 10.0.12.36
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-4818 Flash Player XSS
bugzilla·2008-11-05·CVSS 4.3
CVE-2008-4818 [MEDIUM] CVE-2008-4818 Flash Player XSS
CVE-2008-4818 Flash Player XSS
Flash Player contains a flaw in the way it interprets HTTP response
headers. An attacker could use this flaw to conduct a cross-site-scripting
attack against the user running Flash Player.
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Fixed in: 9.0.151.0 and 10.0.12.36
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-4823 Flash Player HTML injection flaw
bugzilla·2008-11-05·CVSS 4.3
CVE-2008-4823 [MEDIUM] CVE-2008-4823 Flash Player HTML injection flaw
CVE-2008-4823 Flash Player HTML injection flaw
A flaw was found in the way Flash Player handles the ActionScript
attribute. A malicious site could use this flaw to inject arbitrary HTML
content confusing the user running the browser.
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Fixed in: 9.0.151.0 and 10.0.12.36
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-4821 Flash Player jar: protocol handler
bugzilla·2008-11-05·CVSS 4.3
CVE-2008-4821 [MEDIUM] CVE-2008-4821 Flash Player jar: protocol handler
CVE-2008-4821 Flash Player jar: protocol handler
A flaw was found in how Flash Player's jar: protocol handler interacts with
Mozilla. This flaw could result in sensitive informatoin being disclosed.
Discussion:
Public now via upstream security bulletin:
http://www.adobe.com/support/security/bulletins/apsb08-20.html
Fixed in: 9.0.151.0 and 10.0.12.36
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-4401 flash-plugin: upload/download user interaction
bugzilla·2008-10-08·CVSS 10.0
CVE-2008-4401 [CRITICAL] CVE-2008-4401 flash-plugin: upload/download user interaction
CVE-2008-4401 flash-plugin: upload/download user interaction
Previosuly ActionScript could initiate uploads and downloads without user
interaction. Flash Player 10 beta changes this behavior.
FileReference.browse and FileReference.download calls now can only be
initiated via user interaction, such as click the mouse or pressing keys on
the keyboard.
For more information please see:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html#head3
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-18.html
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
Bugzilla
CVE-2008-3873 flash: clipboard hijack attack
bugzilla·2008-10-06·CVSS 4.3
CVE-2008-3873 [MEDIUM] CVE-2008-3873 flash: clipboard hijack attack
CVE-2008-3873 flash: clipboard hijack attack
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3873 to the following vulnerability:
The System.setClipboard method in Adobe Flash Player allows remote attackers to
populate the clipboard with a URL that is difficult to delete, as exploited in
the wild in August 2008.
References:
http://blogs.zdnet.com/security/?p=1733
http://blogs.zdnet.com/security/?p=1759
http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html
http://www.securityfocus.com/bid/31117
http://securitytracker.com/id?1020724
Demo:
http://raffon.net/research/flash/cb/test.html
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0945.html
http://rhn.redhat.com/errata/RHSA-2008-0980.html
http://aluigi.altervista.org/adv/ipsimene-adv.txthttp://aluigi.org/poc/ipsimene.ziphttp://secunia.com/advisories/28824http://securityreason.com/securityalert/3697http://www.securityfocus.com/archive/1/487748/100/200/threadedhttp://www.securityfocus.com/bid/27677http://aluigi.altervista.org/adv/ipsimene-adv.txthttp://aluigi.org/poc/ipsimene.ziphttp://secunia.com/advisories/28824http://securityreason.com/securityalert/3697http://www.securityfocus.com/archive/1/487748/100/200/threadedhttp://www.securityfocus.com/bid/27677
2008-02-25
Published