Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2006

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting (XSS)42 documents8 sources

Severity

4.3MEDIUM

EPSS

16.2%

top 5.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Ical

Timeline

PublishedMay 22

Latest updateMay 1

Description

Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/ical3.0.1

🔴Vulnerability Details

GHSA

GHSA-693w-9mm2-8px6: Apple iCal 3↗2022-05-01

▶

CVEList

CVE-2008-2006: Apple iCal 3↗2008-05-22

▶

💥Exploits & PoCs

Exploit-DB

Joomla! Component Jobline 1.3.1 - Blind SQL Injection↗2009-07-17

▶

Exploit-DB

ClipShare Pro 2006-2007 - 'chid' SQL Injection↗2008-11-15

▶

Exploit-DB

ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)↗2008-09-25

▶

Exploit-DB

Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow↗2008-09-06

▶

Exploit-DB

Page Manager CMS 2006-02-04 - Arbitrary File Upload↗2008-06-25

▶

📋Vendor Advisories

Red Hat

php: XSS via PHP error messages↗2008-12-19

▶

Red Hat

phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled↗2008-10-27

▶

Red Hat

awstats: Cross-site scripting (XSS) vulnerability↗2008-06-23

▶

Red Hat

cups: overflow in gif image filter↗2008-04-01

▶

Red Hat

wireshark: crash in LDAP dissector↗2008-03-28

▶

🕵️Threat Intelligence

Tenable

Marcus Ranum PaulDotCom Interview on Penetration Testing↗2008-12-14

▶

💬Community

Bugzilla

CVE-2008-5814 php: XSS via PHP error messages↗2009-01-15

▶

Bugzilla

CVE-2008-4775 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled↗2008-10-29

▶

Bugzilla

CVE-2008-3714 awstats: Cross-site scripting (XSS) vulnerability↗2008-08-20

▶

Bugzilla

CVE-2006-5755 kernel: local denial of service due to NT bit leakage↗2008-08-04

▶

Bugzilla

CVE-2008-1562 wireshark: crash in LDAP dissector↗2008-04-01

▶