CVE-2008-2872
published 2008-06-26CVE-2008-2872: SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aspindir | shibby_shop | <= 2.2 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type
bugzilla·2008-10-23·CVSS 5.0
CVE-2008-4682 [MEDIUM] CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type
CVE-2008-4682 wireshark: DoS (app abort) via a malformed .ncf file with an unknown/unexpected packet type
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4682 to
the following vulnerability:
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to
cause a denial of service (application abort) via a malformed Tamos
CommView capture file (aka .ncf file) with an "unknown/unexpected
packet type" that triggers a failed assertion.
Affected Wireshark versions: 0.99.7 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2926
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisories/3
Bugzilla
CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
bugzilla·2008-10-23·CVSS 4.3
CVE-2008-4684 [MEDIUM] CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
CVE-2008-4684 wireshark: DoS (app crash) via certain series of packets by enabling the (1) PRP or (2) MATE post dissector
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4684 to
the following vulnerability:
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly
handle exceptions thrown by post dissectors, which allows remote
attackers to cause a denial of service (application crash) via a
certain series of packets, as demonstrated by enabling the (1) PRP or
(2) MATE post dissector.
Affected Wireshark versions: 0.99.2 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2549
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://secur
Bugzilla
CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB).
bugzilla·2008-10-23·CVSS 4.3
CVE-2008-4680 [MEDIUM] CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB).
CVE-2008-4680 wireshark: DoS (app crash or abort) via malformed USB Request Block (URB).
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4680 to
the following vulnerability:
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3
allows remote attackers to cause a denial of service (application
crash or abort) via a malformed USB Request Block (URB).
Affected Wireshark versions: 0.99.7 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2922
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisories/32355
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
Bugzilla
CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets
bugzilla·2008-10-23·CVSS 4.3
CVE-2008-4681 [MEDIUM] CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets
CVE-2008-4681 wireshark: DoS (app crash or abort) in Bluetooth RFCOMM dissector via unknown packets
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4681 to
the following vulnerability:
Unspecified vulnerability in the Bluetooth RFCOMM dissector in
Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a
denial of service (application crash or abort) via unknown packets.
Affected Wireshark versions: 0.99.7 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisories/32355
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2009-0
Bugzilla
CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets
bugzilla·2008-10-23·CVSS 5.0
CVE-2008-4685 [MEDIUM] CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets
CVE-2008-4685 wireshark: DoS (app crash or abort) in Q.931 dissector via certain packets
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4685 to
the following vulnerability:
Use-after-free vulnerability in the dissect_q931_cause_ie function in
packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3
allows remote attackers to cause a denial of service (application
crash or abort) via certain packets that trigger an exception.
Affected Wireshark versions: 0.10.3 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2870
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisori
Bugzilla
CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length
bugzilla·2008-10-23·CVSS 5.0
CVE-2008-4683 [MEDIUM] CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length
CVE-2008-4683 wireshark: DoS (app crash or abort) in Bluetooth ACL dissector via a packet with an invalid length
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4683 to
the following vulnerability:
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL
dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to
cause a denial of service (application crash or abort) via a packet
with an invalid length, related to an erroneous tvb_memcpy call.
Affected Wireshark versions: 0.99.2 through 1.0.3
References:
http://www.wireshark.org/security/wnpa-sec-2008-06.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1513
http://www.securityfocus.com/bid/31838
http://www.frsirt.com/english/advisories/2008/2872
http://securitytracker.com/id?1021069
http://secunia.com/advisories/30787http://www.securityfocus.com/bid/29875https://exchange.xforce.ibmcloud.com/vulnerabilities/43295https://www.exploit-db.com/exploits/5895http://secunia.com/advisories/30787http://www.securityfocus.com/bid/29875https://exchange.xforce.ibmcloud.com/vulnerabilities/43295https://www.exploit-db.com/exploits/5895
2008-06-26
Published