CVE-2008-2430
https://notcve.org/view.php?id=CVE-2008-2430
Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file. Desbordamiento de entero en la Función Open en modules/demux/wav.c en VLC Media Player 0.8.6h ejecutado sobre Windows, permite a atacantes remotos ejecutar código de su elección a través de un fragmento fmt de gran tamaño en un archivo WAV. • http://secunia.com/advisories/30601 http://secunia.com/advisories/31317 http://secunia.com/secunia_research/2008-29/advisory http://security.gentoo.org/glsa/glsa-200807-13.xml http://securityreason.com/securityalert/3976 http://www.securityfocus.com/archive/1/493849/100/0/threaded http://www.securityfocus.com/bid/30058 http://www.securitytracker.com/id?1020429 http://www.videolan.org/developers/vlc/NEWS http://www.vupen.com/english/advisories/2008/1995/references https://ov • CWE-189: Numeric Errors •
CVE-2008-2841 – XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)
https://notcve.org/view.php?id=CVE-2008-2841
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. Vulnerabilidad de inyección de argumento en XChat 2.8.7b y versiones anteriores de Windows, cuando Internet Explorer es ejecutado, permite a atacantes remotos ejecutar comandos de su elección a través del parámetro --command en una URI ircs://. • https://www.exploit-db.com/exploits/5795 http://forum.xchat.org/viewtopic.php?t=4218 http://secunia.com/advisories/30695 http://www.securityfocus.com/bid/29696 https://exchange.xforce.ibmcloud.com/vulnerabilities/43065 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-2821 – Glub Tech Secure FTP 2.5.15 - 'LIST' Directory Traversal
https://notcve.org/view.php?id=CVE-2008-2821
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345. Vulnerabilidad de salto de directorio en el Cliente FTP para Windows de Glub Tech Secure FTP anterior a 2..5.16, permite a los servidores FTP remotos crear o sobreescribir ficheros de su elección a través de una secuencia "..\" en respuesta a un comando LIST. Relacionada con el CVE-2002-1345. • https://www.exploit-db.com/exploits/31920 http://secunia.com/advisories/30725 http://vuln.sg/glubsecureftp2515-en.html http://www.securityfocus.com/bid/29741 http://www.vupen.com/english/advisories/2008/1852/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43093 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-2427 – XnView 1.93.6 - '.taac' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2427
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file. Desbordamiento de búfer basado en Pila en NConvert 4.92, GFL SDK 2.82, y XnView 1.93.6 sobre Windows y 1.70 sobre Linux y FreeBSD, lo que permite a los atacantes remotos asistidos por usuarios para ejecutar código arbitrario a través de un formato clave manipuda en un fichero Sun TAAC. • https://www.exploit-db.com/exploits/5951 http://secunia.com/advisories/30416 http://secunia.com/advisories/30789 http://secunia.com/secunia_research/2008-24/advisory http://securityreason.com/securityalert/3956 http://securitytracker.com/id?1020340 http://www.securityfocus.com/archive/1/493505/100/0/threaded http://www.securityfocus.com/bid/29851 http://www.vupen.com/english/advisories/2008/1896 http://www.vupen.com/english/advisories/2008/1897 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-2674
https://notcve.org/view.php?id=CVE-2008-2674
Unspecified vulnerability in the Interstage Management Console, as used in Fujitsu Interstage Application Server 6.0 through 9.0.0A, Apworks Modelers-J 6.0 through 7.0, and Studio 8.0.1 and 9.0.0, allows remote attackers to read or delete arbitrary files via unspecified vectors. Vulnerabilidad no especificada en la Interstage Management Console, tal como se utiliza en Fujitsu Interstage Application Server 6.0 a 9.0.0A, Apworks Modelers-J 6.0 a 7.0, y Studio 8.0.1 y 9.0.0, permite a atacantes remotos leer o borrar archivos de su elección a través de vectores no especificados. • http://secunia.com/advisories/30589 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html http://www.securityfocus.com/bid/29624 http://www.securitytracker.com/id?1020235 http://www.vupen.com/english/advisories/2008/1771/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42949 •