CVE-2008-2005
published 2008-05-06CVE-2008-2005: The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a…
PriorityP336medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
16.32%
96.6th percentile
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wonderware | intouch | — | — |
| wonderware | suitelink | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r887-hfp4-4397: The SuiteLink Service (aka slssvc
ghsa_unreviewed·2022-05-01
CVE-2008-2005 [MEDIUM] GHSA-r887-hfp4-4397: The SuiteLink Service (aka slssvc
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
Red Hat
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
vendor_redhat·2008-11-19·CVSS 2.6
CVE-2008-5302 [LOW] perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Red Hat
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
vendor_redhat·2008-11-19·CVSS 2.6
CVE-2008-5303 [LOW] perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
perl: File:: Path rmtree race condition (CVE-2004-0452) reintroduced after upstream rebase to 5.8.8-1
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
Red Hat
lynx: remote arbitrary command execution via a crafted lynxcgi: URL
vendor_redhat·2008-10-09·CVSS 7.5
CVE-2008-4690 [HIGH] CWE-78 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
lynx: remote arbitrary command execution via a crafted lynxcgi: URL
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
Red Hat
rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
vendor_redhat·2008-08-24·CVSS 2.1
CVE-2008-4982 [LOW] rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
rkhunter: Insecure auxiliary /tmp file usage (symlink attack possible)
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
Red Hat
bacula-common: Insecure temporary file use in autochangers (symlink attack)
vendor_redhat·2008-08-11·CVSS 3.6
CVE-2008-5373 [LOW] bacula-common: Insecure temporary file use in autochangers (symlink attack)
bacula-common: Insecure temporary file use in autochangers (symlink attack)
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: bacula (Red Hat Enterprise Linux 6) - Affected
Red Hat
Firefox command line URL launches multi-tabs
vendor_redhat·2008-07-15·CVSS 7.5
CVE-2008-2933 [HIGH] Firefox command line URL launches multi-tabs
Firefox command line URL launches multi-tabs
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267.
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
vendor_redhat·2008-04-01·CVSS 10.0
CVE-2008-1374 [CRITICAL] cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
No detection rules found.
Exploit-DB
SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
exploitdb·2015-01-05
CVE-2012-2271 SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows
---
ActiveX Buffer Overflow in SkinCrafter3_vs2005
Affected version=3.8.1.0
Vendor Homepage:http://skincrafter.com/
Software Link:skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
The vulnerability lies in the COM component used by the product SkinCrafter3_vs2005.dll.
Description: Skin Crafter is a software that is used to create custom skins for different windows applications.
SkinCrafter is compatible with Windows XP / Vista / 7 / 8 and earlier versions.
Vulnerability tested on Windows Xp Sp3 (EN),with IE6
Author: metacom
Vulnerability discovered:04.01.2015
junk1 = "";
while(junk1.length
################################################################################
ActiveX Buffer Overflow in SkinCrafter
Exploit-DB
SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
exploitdb·2012-05-17·CVSS 10.0
CVE-2012-2271 [CRITICAL] SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
SkinCrafter ActiveX Control 3.0 - Local Buffer Overflow
---
# Software : SkinCrafter from NMSoft Technologies
# Version : SkinCrafter version 3.0
# Title : Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs3.0
# Link : http://www.skincrafter.com/downloads/SkinCrafter_Demo_2005_2008_x86.zip
# Date : May 17, 2012
# Tested on : XP SP2
# The vulnerability lies in the COM component used by the product SkinCrafter
# from DMSoft Technologies(http://www.dmsofttech.com/projects.html). This COM
# component, SkinCrafter3_vs2005.dll, implememnts a function InitLicenKeys,
# whose parameter is not checked for the bounds, hence leading to the
# overflow condition
====
POC:
====
Exploit !!!!!!!!!!!!!!!!!!!!!!!!!
'Exploit title: Buffer overflow in skincrafter3_vs2005.dll of skinCrafter vs
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
exploitdb·2011-02-08
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin_sqli.rb 11730 2011-02-08 23:31:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Window
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
exploitdb·2011-01-24
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database,
and Microsoft Desktop
Exploit-DB
webClassifieds 2005 - Authentication Bypass
exploitdb·2008-12-29
CVE-2008-5817 webClassifieds 2005 - Authentication Bypass
webClassifieds 2005 - Authentication Bypass
---
** webClassifieds™© 2005 Admin Login Bypass vulnerability
** Prodcut: webClassifieds™© 2005
** Home : http://www.webscribble.com/
** Vunlerability : Admin Bypass
** Risk : low
** Dork : "powered by webClassifieds"
** Discovred by: AnGeL25dZ
** From : Constantine - Algeria
** Contact : [email protected]
** *********************************************************
** Greetz to : ALLAH
** All Members of HackTeachTeam http://www.hackteach.org/
** cold zero, Ra3ch, His0k4
** Exploit:
** http://[PATH]//classifieds/index.php?page=sign_in
**
** user : admin / user : ' or '1=1
** password : ' or '1=1 / password: ' or '1=1
**
** Live demo : http://www.towpartners.com/classifieds/index.php?page=sign_in
# milw0rm.com [2008-12-29]
Exploit-DB
WonderWare SuiteLink 2.0 - Remote Denial of Service (Metasploit)
exploitdb·2008-09-17
CVE-2008-2005 WonderWare SuiteLink 2.0 - Remote Denial of Service (Metasploit)
WonderWare SuiteLink 2.0 - Remote Denial of Service (Metasploit)
---
##
# $Id: suitlink.rb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
module Msf
class Auxiliary::Dos::Windows::Wonderware::SuitLink 'Wonderware SuitLink Denial of Service',
'Description' => %q{
This module exploits a denial of service vulnerability
within the SuitLink service in Wonderware products.
},
'Author' => [ 'belay tows' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 1 $',
'References' =>
[
[ 'BID', '28974' ],
[ 'CVE', '2008-2005' ],
],
'DisclosureDate' => 'May 0
Exploit-DB
CMScout 2.05 - 'bit' Local File Inclusion
exploitdb·2008-07-27
CVE-2008-3415 CMScout 2.05 - 'bit' Local File Inclusion
CMScout 2.05 - 'bit' Local File Inclusion
---
#####################################################################################
#### CMScout 2.05 LFI ####
#####################################################################################
# #
#AUTHOR : IRCRASH (R3d.W0rm) #
#Discovered by : IRCRASH (R3d.W0rm) #
#Our Site : Http://IRCRASH.COM #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm #
#####################################################################################
# #
#Script Download : www.cmscout.co.za #
# #
#DORK : "Powered by CMScout ©2005 CMScout Group" #
# #
#####################################################################################
# [Lfi] #
#http://Example/common.php?bit=file.type%00 #
# #
#Note : You can mix a shell code and image then upload this image
Exploit-DB
Astanda Directory Project 1.2 - 'link_id' SQL Injection
exploitdb·2008-02-06
CVE-2008-0649 Astanda Directory Project 1.2 - 'link_id' SQL Injection
Astanda Directory Project 1.2 - 'link_id' SQL Injection
---
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=#
# ~Author: you_kn0w #
# ~Contact: you-know[at]linuxmail[dot]org #
# ~Website: www.youknowz.info #
# ~Script: Astanda Directory Project #
# ~Bug: APD Remote SQL Injection #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# Script Information #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# #
# Script name: Astanda Directory Project #
# Script site: http://www.astanda.com/adp #
# Script demo: http://www.astanda.com/adp/admin#
# Description: Search Engine #
# Version: v.1.2 & v.1.3 #
#=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=#
# [-]Dorks:
intext: Powered by APD
intext: © Copyright 2005, 2006, Astanda.com, Pavel Golovko
inurl:detail.php?link_id=
# [+]How To Exploit:
h
Exploit-DB
phpWebSite 0.10.0 - 'module' SQL Injection
exploitdb·2005-09-15
CVE-2008-0092 phpWebSite 0.10.0 - 'module' SQL Injection
phpWebSite 0.10.0 - 'module' SQL Injection
---
#!/usr/bin/perl
use LWP::Simple;
$serv = $ARGV[0];
$path = $ARGV[1];
$name = $ARGV[2];
sub usage
{
print "\nUsage: $0 [server] [path] [username] \n";
print "sever - URL\n";
print "path - path to index.php\n";
print "username - name register user\n\n";
exit ();}
sub work
{
print qq(
#==---[ phpWebSite SQL-injection |
#==---[ tested ob phpWebSite-0.10.0 |
#==---[ Gr33tz: blf, 1dt.w0lf, Pengo, |
#==---[ edisan, foster, whice |
#==---[ (c)oded by x97Rang 2005 RST/GHC |
#==---[ http://rst.void.ru |
#==---[ http://ghc.ru |
---------------------------------\n\n);&chv;&board}
sub chv
{
$ver = sprintf("http://%s%s/docs/CHANGELOG.txt",$serv,$path);
$getv = get "$ver";
if ($getv =~ /(phpWebSite-)(\d{1})\.(\d{1,2})\.(\d{1})/){print"[*] Version: $1$2
Bugzilla
CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack)
bugzilla·2008-12-09·CVSS 3.6
CVE-2008-5373 [LOW] CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack)
CVE-2008-5373 bacula-common: Insecure temporary file use in autochangers (symlink attack)
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-5373 to
the following vulnerability:
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users
to overwrite arbitrary files via a symlink attack on a /tmp/mtx.#####
temporary file, probably a related issue to CVE-2005-2995.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5373
ttp://lists.debian.org/debian-devel/2008/08/msg00347.html
http://uvw.ru/report.sid.txt
Affected files in Fedora's bacula-common package:
/usr/share/doc/bacula-common-2.0.3/examples/autochangers/locking-mtx-changer
/usr/share/doc/bacula-common-2.0.3/examples/autochangers/mtx-changer.Adic-Scalar-100
/usr/share/doc/bacula-common-2.
Bugzilla
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
bugzilla·2008-11-28·CVSS 2.6
CVE-2008-5302 [LOW] CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Created attachment 325021
Ours perl-5.8.0-CAN-2005-0448-rmtree.patch applied against perl_5.8.0-90.4
Common Vulnerabilities and Exposures originally assigned an identifier CVE-2005-0448 to the following vulnerability:
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CVE-2004-0452.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
It was discovered that after upstream perl rebase to 5.8.8-1, this issue
was reintroduced (seems upstream didn't apply fix for CVE-2005-0448).
This issue already fixed again in perl-5.1
Bugzilla
CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
bugzilla·2008-10-23·CVSS 7.5
CVE-2008-4690 [HIGH] CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4690 to
the following vulnerability:
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx
is configured as a URL handler, allows remote attackers to execute
arbitrary commands via a crafted lynxcgi: URL, a related issue to
CVE-2005-2929. NOTE: this might only be a vulnerability in limited
deployments that have defined a lynxcgi: handler.
Affected Lynx versions: 2.8.6dev.15 and earlier
References:
http://www.openwall.com/lists/oss-security/2008/10/09/2
Discussion:
The versions of Lynx currently shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5, and Fedora 8 and 9 have original patch for CVE-2005-2929 applied. Their cur
Bugzilla
CVE-2008-2827 perl: insecure use of chmod in rmtree
bugzilla·2008-06-24·CVSS 2.6
CVE-2008-2827 [LOW] CVE-2008-2827 perl: insecure use of chmod in rmtree
CVE-2008-2827 perl: insecure use of chmod in rmtree
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2827 to the following vulnerability:
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly
check permissions before performing a chmod, which allows local users
to modify the permissions of arbitrary files via a symlink attack, a
different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
http://rt.cpan.org/Public/Bug/Display.html?id=36982
Discussion:
Created attachment 310113
Test case extracted from CPAN bug report
---
This issue did not affect the versions of perl as shipped with Red Hat
Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1 and Fedora 8.
---
Propose
Bugzilla
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
bugzilla·2008-03-20·CVSS 10.0
CVE-2008-1374 [CRITICAL] CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
It was discovered that patch applied to cups packages as shipped in Red Hat
Enterprise Linux 3 and 4 to address security issues in xpdf code known as
CVE-2004-0888 / CVE-2005-0206 was incomplete.
On certain platforms, malicious pdf file could still cause a crash or possibly
cause code execution when it's processed by pdftops filter.
This issue affects 64-bit platforms. cups packages in Red Hat Enterprise Linux
5 are not affected by this problem.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0206.html
Bugzilla
CVE-2005-2494 kcheckpass privilege escalation
bugzilla·2005-08-29·CVSS 7.2
CVE-2005-2494 [HIGH] CVE-2005-2494 kcheckpass privilege escalation
CVE-2005-2494 kcheckpass privilege escalation
This text was scavanged from the KDE advisory:
KDE Security Advisory: kcheckpass local root vulnerability
Original Release Date: 2008-09-05
URL: http://www.kde.org/info/security/advisory-20050905-1.txt
0. References
CAN-2005-FIXME
1. Systems affected:
All KDE releases starting from KDE 3.2.0 up to including
KDE 3.4.2.
2. Overview:
Ilja van Sprundel from suresec.org notified the KDE
security team about a serious lock file handling error
in kcheckpass that can, in some configurations, be used
to gain root access.
In order for an exploit to succeed, the directory /var/lock
has to be writeable for a user that is allowed to invoke
kcheckpass.
3. Impact:
A local user can escalate its privileges to the root user.
Discussion:
Created att
http://secunia.com/advisories/30063http://www.coresecurity.com/?action=item&id=2187http://www.kb.cert.org/vuls/id/596268http://www.securityfocus.com/archive/1/491623/100/0/threadedhttp://www.securityfocus.com/bid/28974http://www.securitytracker.com/id?1019966https://exchange.xforce.ibmcloud.com/vulnerabilities/42221https://www.exploit-db.com/exploits/6474http://secunia.com/advisories/30063http://www.coresecurity.com/?action=item&id=2187http://www.kb.cert.org/vuls/id/596268http://www.securityfocus.com/archive/1/491623/100/0/threadedhttp://www.securityfocus.com/bid/28974http://www.securitytracker.com/id?1019966https://exchange.xforce.ibmcloud.com/vulnerabilities/42221https://www.exploit-db.com/exploits/6474
2008-05-06
Published