CVE-2008-5966
published 2009-01-26CVE-2008-5966: globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.29%
81.0th percentile
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| globsy | globsy | <= 1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-5714 qemu: off-by-one error in monitor.c causing VNC passwords to be truncated after 7th character
bugzilla·2009-01-23·CVSS 7.8
CVE-2008-5714 [HIGH] CVE-2008-5714 qemu: off-by-one error in monitor.c causing VNC passwords to be truncated after 7th character
CVE-2008-5714 qemu: off-by-one error in monitor.c causing VNC passwords to be truncated after 7th character
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
Discussion:
More information on setting VNC passwords for Qemu/KVM guests can be found here:
http://www.linux-kvm.com/content/securing-your-vnc-headless-guest-simple-passwords
http://bellard.org/qemu/qemu-doc.html#SEC36
Bugzilla
CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup
bugzilla·2008-06-27·CVSS 7.2
CVE-2007-5966 [HIGH] CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup
CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5966 to the following vulnerability:
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third party information.
Refences:
http://www.securityfocus.com/archive/1/archive/1/485282/100/0/threaded
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.10
https://issues.rpath.com/browse/RPL-2038
http://www.debian.org/security/2007/dsa-1436
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
http://www.ubuntu.com/usn/usn-57
2009-01-26
Published