CVE-2008-2675
published 2008-06-12CVE-2008-2675: Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.02%
59.1th percentile
Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softcomplex | php_image_gallery | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-3932 wireshark: infinite loop in the NCP dissector
bugzilla·2008-09-05·CVSS 5.0
CVE-2008-3932 [MEDIUM] CVE-2008-3932 wireshark: infinite loop in the NCP dissector
CVE-2008-3932 wireshark: infinite loop in the NCP dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3932 to
the following vulnerability:
Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to
cause a denial of service (hang) via a crafted NCP packet that
triggers an infinite loop.
References:
http://www.wireshark.org/security/wnpa-sec-2008-05.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
Discussion:
wireshark-1.0.3-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
---
wireshark-1.0.3-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
---
This issue was addressed in:
Red H
Bugzilla
CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
bugzilla·2008-09-05·CVSS 10.0
CVE-2008-3146 [CRITICAL] CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
CVE-2008-3146 wireshark: multiple buffer overflows in NCP dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-3146 to the following vulnerability:
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly
Ethereal) 0.9.7 through 1.0.2 allows attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
crafted NCP packet that causes an invalid pointer to be used.
References:
http://www.wireshark.org/security/wnpa-sec-2008-05.html
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2675
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
Discussion:
wireshark-1.0.3-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug repo
2008-06-12
Published