CVE-2008-3392
published 2008-07-31CVE-2008-3392: Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
PriorityP419medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
0.60%
44.0th percentile
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webwizguide | web_wiz_forum | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
bugzilla·2007-06-29·CVSS 5.0
CVE-2007-3392 [MEDIUM] CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
CVE-2007-3392 Wireshark crashes when inspecting MMS traffic
+++ This bug was initially created as a clone of Bug #246225 +++
Description of problem:
Wireshark was reported to crash due to NULL pointer dereference when
attempting to dissect a fuzzed MMS traffic traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Additional info:
This is fixed in upstream revision 20837.
I was not able to reproduce this on an x86_64 architecture box.
Discussion:
Created attachment 158202
Capture file of MMS traffic that crashes Wireshark
---
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.redhat.com/errata/RHSA-2007-0709.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
---
Reporter change
Bugzilla
CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
bugzilla·2007-06-26·CVSS 5.0
CVE-2007-3392 [MEDIUM] CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
CVE-2007-3392 Wireshark loops infinitely when inspecting SSL traffic
Description of problem:
Wireshark enters an infinite loop when dissecting certain SSL traffic.
Version-Release number of selected component (if applicable):
Wireshark 0.99.5
Additional info:
No reproducer is available. This is fixed in upstream revision 21665.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2007-0710.html
http://rhn.redhat.com/errata/RHSA-2007-0709.html
http://rhn.redhat.com/errata/RHSA-2008-0059.html
---
Reporter changed to [email protected] by request of Jay Turner.
2008-07-31
Published