CVE-2008-1145 – Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Una vulnerabilidad de salto de directorio en WEBrick en Ruby versiones 1.8 anteriores a 1.8.5-p115 y 1.8.6-p114, y versiones 1.9 hasta 1.9.0-1, cuando se ejecuta en sistemas que admiten separadores de ruta de barra invertida (\) o nombres de archivo sin distinción entre mayúsculas y minúsculas, permite a atacantes remotos acceder a archivos arbitrarios por medio de secuencias o (1) "..%5c" (barra invertida codificada) o (2) nombres de archivo que coinciden con los patrones de la opción :NondisclosureName. • https://www.exploit-db.com/exploits/5215 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29232 http://secunia.com/advisories/29357 http://secunia.com/advisories/29536 http://secunia.com/advisories/30802 http://secunia.com/advisories/31687 http://secunia.com/advisories/32371 http://support.apple.com/kb/HT2163 http://wiki.rpath.com/Advisories:rPSA • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-0932
https://notcve.org/view.php?id=CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter. El archivo diatheke.pl en SWORD Project Diatheke versión 1.5.9 y anteriores, permite a los atacantes remotos ejecutar comandos arbitrarios por medio de metacaracteres shell en el parámetro range. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449 http://secunia.com/advisories/25400 http://secunia.com/advisories/29012 http://secunia.com/advisories/29115 http://secunia.com/advisories/29181 http://security.gentoo.org/glsa/glsa-200803-06.xml http://www.debian.org/security/2008/dsa-1508 http://www.securityfocus.com/bid/27874 http://www.securityfocus.com/bid/27987 http://www.vupen.com/english/advisories/2008/0670/references https://bugzilla.redhat.com/show_bug • CWE-20: Improper Input Validation •
CVE-2008-0668
https://notcve.org/view.php?id=CVE-2008-0668
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. La función excel_read_HLINK en plugins/excel/ms-excel-read.c de Gnome Office Gnumeric antes de 1.8.1. Permite a atacantes remotos ayudados por el usuario ejecutar código de su elección a través de un archivo XLS manipulado que contiene opcodes XLS HLINK, posiblemente debido a un desbordamiento de integer. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://bugs.gentoo.org/show_bug.cgi?id=208356 http://bugzilla.gnome.org/show_bug.cgi?id=505330 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html http://secunia.com/advisories/28725 http://secunia.com/advisories/28799 http://secunia.com/advisories/28948 http://secunia.com/advisories/29702 http://secunia.com/advisories/29896 http://secunia.com/advisories/31339 http://security.gentoo.org/glsa/glsa-200802-05.xml http://www.debian.org/security/2008/ • CWE-189: Numeric Errors •
CVE-2008-0008
https://notcve.org/view.php?id=CVE-2008-0008
The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion. La función pa_drop_root en PulseAudio versión 0.9.8, y una cierta build 0.9.9, no comprueba los valores de retorno de llamadas (1) setresuid, (2) setreuid, (3) setuid y (4) seteuid, cuando intenta perder privilegios, lo que podría permitir a usuarios locales alcanzar privilegios causando que esas llamadas fallen por ataques tales como el agotamiento de recursos. • http://bugs.gentoo.org/show_bug.cgi?id=207214 http://pulseaudio.org/changeset/2100 http://secunia.com/advisories/28608 http://secunia.com/advisories/28623 http://secunia.com/advisories/28738 http://secunia.com/advisories/28952 http://security.gentoo.org/glsa/glsa-200802-07.xml http://www.debian.org/security/2008/dsa-1476 http://www.mandriva.com/security/advisories?name=MDVSA-2008:027 http://www.securityfocus.com/bid/27449 http://www.ubuntu.com/usn/usn-573-1 http • CWE-20: Improper Input Validation •
CVE-2007-6427 – xfree86: memory corruption via XInput extension
https://notcve.org/view.php?id=CVE-2007-6427
The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. La extensión XInput de X.Org Xserver versiones anteriores a 1.4.1 permite a atacantes locales o remotos dependientes del contexto ejecutar código de su elección mediante peticiones relativas al intercambio de bytes y corrupción de cabecera dentro d múltiples funciones, vulnerabilidad distinta de CVE-2007-4990. • http://bugs.gentoo.org/show_bug.cgi?id=204362 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01543321 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.freedesktop.org/archives/xorg/2008-January/031918.html http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00004.html http://lists.opensuse.org/ope • CWE-787: Out-of-bounds Write •