CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0892 – Server: shell command injection in CGI replication monitor
https://notcve.org/view.php?id=CVE-2008-0892
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. Las secuencias de comandos CGI Replication Monitor (monitor de duplicación) en Red Hat Administration Server, como lo usan Red Hat Directory Server 8.0 EL4 y EL5, permite a atacantes remotos ejecutar comandos de su elección. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676 http://secunia.com/advisories/29761 http://secunia.com/advisories/29826 http://secunia.com/advisories/30114 http://www.redhat.com/support/errata/RHSA-2008-0199.html http://www.redhat.com/support/errata/RHSA-2008-0201.html http://www.securityfocus.com/bid/28802 http://www.securitytracker.com/id?1019856 http://www.vupen.com/english/advisories/2008/1449/references https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1796
https://notcve.org/view.php?id=CVE-2008-1796
Comix 3.6.4 creates temporary directories with predictable names, which allows local users to cause an unspecified denial of service. Comix 3.6.4 crea directorios temporales con nombres previsibles, lo cual permite a usuarios locales provocar una denegación de servicio no especificada. • http://secunia.com/advisories/29956 http://security.gentoo.org/glsa/glsa-200804-29.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/41854 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00171.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00183.html •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-1567
https://notcve.org/view.php?id=CVE-2008-1567
phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information. phpMyAdmin versiones anteriores a 2.11.5.1, almacena la clave secreta MySQL de (1) nombre de usuario (2) contraseña, y (3) Blowfish, en texto sin cifrar en un archivo de Sesión bajo /tmp, que permite a los usuarios locales obtener información confidencial. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/29588 http://secunia.com/advisories/29613 http://secunia.com/advisories/29964 http://secunia.com/advisories/30816 http://secunia.com/advisories/32834 http://secunia.com/advisories/33822 http://sourceforge.net/tracker/index.php?func=detail&aid=1909711&group_id=23067&atid=377408 http://www.debian.org/security/2 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.8EPSS: 13%CPEs: 6EXPL: 0CVE-2008-1552
https://notcve.org/view.php?id=CVE-2008-1552
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction. La función silc_pkcs1_decode de la librería silccrypt (silcpkcs1.c) en Secure Internet Live Conferencing (SILC) Toolkit antes de 1.1.7, SILC Client antes de 1.1.4 y SILC Server antes de 1.1.2 permite a atacantes remotos ejecutar código de su elección a través de un mensaje PKCS#1 manipulado, lo que dispara un desbordamiento inferior de entero, un error de signo y un desbordamiento de búfer. NOTA: el investigador lo describe como un desbordamiento de entero, pero CVE utiliza el término "desbordamiento inferior" en casos de estrechamiento de resta sin signo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html http://secunia.com/advisories/29463 http://secunia.com/advisories/29465 http://secunia.com/advisories/29622 http://secunia.com/advisories/29946 http://security.gentoo.org/glsa/glsa-200804-27.xml http://securityreason.com/securityalert/3795 http://silcnet.org/general/news/?item=client_20080320_1 http://silcnet.org/general/news/?item=server_20080320_1 http://silcnet.org/general/news/?item=toolkit_20080320 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2008-0073 – Kantaris 0.3.4 - SSA Subtitle Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0073
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Error de índice de array en la función sdpplin_parse de input/libreal/sdpplin.c en xine-lib 1.1.10.1 permite a servidores RTSP remotos ejecutar código de su elección a través de un parámetro streamid SDP grande. • https://www.exploit-db.com/exploits/5498 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/28694 http://secunia.com/advisories/29392 http://secunia.com/advisories/29472 http://secunia.com/advisories/29503 http://secunia.com/advisories/29578 http://secunia.com/advisories/29601 http://secunia.com/advisories/29740 http://secunia.com/advisories/29766 http:&# • CWE-189: Numeric Errors •