diff options
Diffstat (limited to 'libxml2/test/schemas/nvdcve_0.xml')
-rw-r--r-- | libxml2/test/schemas/nvdcve_0.xml | 5235 |
1 files changed, 0 insertions, 5235 deletions
diff --git a/libxml2/test/schemas/nvdcve_0.xml b/libxml2/test/schemas/nvdcve_0.xml deleted file mode 100644 index 20a0aed..0000000 --- a/libxml2/test/schemas/nvdcve_0.xml +++ /dev/null @@ -1,5235 +0,0 @@ -<?xml version='1.0' encoding='UTF-8'?> -<nvd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nvd.nist.gov/feeds/cve/1.2" nvd_xml_version="1.2" pub_date="2008-10-17" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 http://nvd.nist.gov/schema/nvdcve.xsd"> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4503" seq="2008-4503" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-11">
- <desc>
- <descript source="cve">The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45721">adobe-flash-click-hijacking(45721)</ref>
- <ref source="SECTRACK" url="http://www.securitytracker.com/id?1020996">1020996</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31625">31625</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2764">ADV-2008-2764</ref>
- <ref source="CONFIRM" url="http://www.adobe.com/support/security/advisories/apsa08-08.html" adv="1">http://www.adobe.com/support/security/advisories/apsa08-08.html</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32163" adv="1">32163</ref>
- <ref source="MISC" url="http://ha.ckers.org/blog/20081007/clickjacking-details/">http://ha.ckers.org/blog/20081007/clickjacking-details/</ref>
- <ref source="MISC" url="http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/">http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/</ref>
- </refs>
- <vuln_soft>
- <prod vendor="adobe" name="flash_player">
- <vers num="7" />
- <vers num="7.0" />
- <vers num="7.0.1" />
- <vers num="7.0.25" />
- <vers edition="" num="7.0.63" />
- <vers edition=":linux" num="7.0.63" />
- <vers num="7.0.69.0" />
- <vers num="7.0.70.0" />
- <vers edition="" num="7.0_r67" />
- <vers edition=":solaris" num="7.0_r67" />
- <vers num="7.1" />
- <vers num="7.1.1" />
- <vers num="7.2" />
- <vers edition="" num="8" />
- <vers edition=":professional" num="8" />
- <vers edition=":pro" num="8" />
- <vers num="8.0" />
- <vers num="8.0.24.0" />
- <vers num="8.0.34.0" />
- <vers num="8.0.35.0" />
- <vers num="8.0.39.0" />
- <vers num="9" />
- <vers num="9.0.114.0" />
- <vers num="9.0.115.0" />
- <vers num="9.0.124.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4504" seq="2008-4504" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-09">
- <desc>
- <descript source="cve">Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31627">31627</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/31933" adv="1">31933</ref>
- </refs>
- <vuln_soft>
- <prod vendor="herosoft" name="hero_dvd_player">
- <vers num="3.0.8" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4505" seq="2008-4505" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-09">
- <desc>
- <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45692">lotus-quickr-opendocument-dos(45692)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
- <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ibm" name="lotus_quickr">
- <vers num="8.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4506" seq="2008-4506" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-11">
- <desc>
- <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45694">lotus-quickr-placemanager-security-bypass(45694)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
- <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ibm" name="lotus_quickr">
- <vers num="8.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4507" seq="2008-4507" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
- <desc>
- <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45693">lotus-quickr-editor-security-bypass(45693)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
- <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ibm" name="lotus_quickr">
- <vers num="8.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4508" seq="2008-4508" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-09">
- <desc>
- <descript source="cve">Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string. NOTE: this is probably a different vulnerability than CVE-2005-2210.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45711">internetdownloadmanager-file-bo(45711)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31603">31603</ref>
- <ref source="MISC" url="http://downloads.securityfocus.com/vulnerabilities/exploits/31603.pl">http://downloads.securityfocus.com/vulnerabilities/exploits/31603.pl</ref>
- </refs>
- <vuln_soft>
- <prod vendor="tonec_inc." name="internet_download_manager">
- <vers num="5.14" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4509" seq="2008-4509" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-09">
- <desc>
- <descript source="cve">Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45683">fossgallery-multiple-file-upload(45683)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31574">31574</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6680">6680</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6674">6674</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6670">6670</ref>
- </refs>
- <vuln_soft>
- <prod vendor="foss_gallery" name="foss_gallery">
- <vers edition="beta" num="1.0" />
- <vers edition="beta:public" num="1.0" />
- <vers edition="beta:admin" num="1.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="4.9" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="6.9" name="CVE-2008-4510" seq="2008-4510" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.9" modified="2008-10-09">
- <desc>
- <descript source="cve">Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31570">31570</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6671">6671</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32115" adv="1">32115</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows-nt">
- <vers edition="" num="vista" />
- <vers edition=":home_premium" num="vista" />
- <vers edition=":x64-home_premium" num="vista" />
- <vers edition=":x64-ultimate" num="vista" />
- <vers edition="sp1" num="vista" />
- <vers edition="sp1:x64-home_premium" num="vista" />
- <vers edition="sp1:ultimate" num="vista" />
- <vers edition="sp1:x64-ultimate" num="vista" />
- <vers edition="sp1:home_premium" num="vista" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4511" seq="2008-4511" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
- <desc>
- <descript source="cve">Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496787/100/0/threaded">20080927 ASP News Remote Password Disclouse Vulnerability</ref>
- </refs>
- <vuln_soft>
- <prod vendor="todd_woolums" name="asp_news_management">
- <vers num="2.21" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4512" seq="2008-4512" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
- <desc>
- <descript source="cve">ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496789/100/0/threaded">20080927 shoutbox Remote Password Disclouse Vulnerability</ref>
- </refs>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4513" seq="2008-4513" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-09">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45686">phorum-img-xss(45686)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31589">31589</ref>
- <ref source="CONFIRM" url="http://trac.phorum.org/changeset/3528">http://trac.phorum.org/changeset/3528</ref>
- <ref source="MISC" url="http://nulledcore.com/?p=126">http://nulledcore.com/?p=126</ref>
- </refs>
- <vuln_soft>
- <prod vendor="phorum" name="phorum">
- <vers num="5.2.8" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4514" seq="2008-4514" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
- <desc>
- <descript source="cve">The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31605">31605</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6689">6689</ref>
- </refs>
- <vuln_soft>
- <prod vendor="konqueror" name="konqueror">
- <vers num="3.5.9" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4515" seq="2008-4515" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
- <desc>
- <descript source="cve">Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45696">k9webprotection-multiple-auth-bypass(45696)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31584">31584</ref>
- <ref source="FULLDISC" url="http://seclists.org/fulldisclosure/2008/Oct/0070.html">20081004 Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability</ref>
- <ref source="MISC" url="http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html">http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="blue_coat_systems" name="k9_web_protection">
- <vers edition="beta" num="4.0.230" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4516" seq="2008-4516" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
- <desc>
- <descript source="cve">SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45698">galerie-pic-sql-injection(45698)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31593">31593</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6675">6675</ref>
- </refs>
- <vuln_soft>
- <prod vendor="galerie" name="galerie">
- <vers num="3.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4517" seq="2008-4517" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
- <desc>
- <descript source="cve">SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31585">31585</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6677">6677</ref>
- </refs>
- <vuln_soft>
- <prod vendor="geccbblite" name="geccbblite">
- <vers num="2.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4518" seq="2008-4518" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31582">31582</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6678">6678</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32126" adv="1">32126</ref>
- </refs>
- <vuln_soft>
- <prod vendor="fastpublish" name="fastpublish_cms">
- <vers num="1.9.9.9.9d" />
- <vers num="1.9999d" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4519" seq="2008-4519" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31582">31582</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6678">6678</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32126" adv="1">32126</ref>
- </refs>
- <vuln_soft>
- <prod vendor="fastpublish" name="fastpublish_cms">
- <vers num="1.9.9.9.9d" />
- <vers num="1.9999d" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4520" seq="2008-4520" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31559">31559</ref>
- <ref source="CONFIRM" patch="1" url="http://sourceforge.net/project/shownotes.php?group_id=216367&release_id=630124">http://sourceforge.net/project/shownotes.php?group_id=216367&release_id=630124</ref>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45634">autonessus-bulkupdate-xss(45634)</ref>
- <ref source="MISC" url="http://sourceforge.net/tracker/index.php?func=detail&aid=2141884&group_id=216367&atid=1037394" adv="1">http://sourceforge.net/tracker/index.php?func=detail&aid=2141884&group_id=216367&atid=1037394</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32046" adv="1">32046</ref>
- <ref source="MISC" url="http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&r2=1.3">http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&r2=1.3</ref>
- </refs>
- <vuln_soft>
- <prod vendor="autonessus" name="autonessus">
- <vers num="1.0" />
- <vers num="1.1" />
- <vers num="1.1.1" />
- <vers num="1.2" />
- <vers num="1.2.1" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4521" seq="2008-4521" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31579">31579</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6682">6682</ref>
- </refs>
- <vuln_soft>
- <prod vendor="php-fusion" name="world_of_warcraft_tracker_infusion_module">
- <vers num="2.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4522" seq="2008-4522" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31573">31573</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6669">6669</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32141" adv="1">32141</ref>
- </refs>
- <vuln_soft>
- <prod vendor="jesse-web" name="jmweb_mp3_music_audio_search_and_download_script">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4523" seq="2008-4523" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45641">ipreg-login-sql-injection(45641)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31561">31561</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6657">6657</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ip_reg" name="ip_reg">
- <vers num="0.1" />
- <vers num="0.2" />
- <vers num="0.3" />
- <vers num="0.4" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4524" seq="2008-4524" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="http://www.adaptcms.com/article/51/News/URGENT-AdaptCMS-13-Security-Fix-Released/" adv="1">http://www.adaptcms.com/article/51/News/URGENT-AdaptCMS-13-Security-Fix-Released/</ref>
- <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32171" adv="1">32171</ref>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45642">adaptcmslite-checkuser-sql-injection(45642)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31557">31557</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6662">6662</ref>
- </refs>
- <vuln_soft>
- <prod vendor="adaptcms" name="adaptcms">
- <vers edition="unknown" num="1.3" />
- <vers edition="unknown:lite" num="1.3" />
- <vers edition="unknown:pro" num="1.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4525" seq="2008-4525" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31592">31592</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32168" adv="1">32168</ref>
- <ref source="MISC" url="http://packetstorm.linuxsecurity.com/0810-exploits/ampjuke-sql.txt">http://packetstorm.linuxsecurity.com/0810-exploits/ampjuke-sql.txt</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ampjuke" name="ampjuke">
- <vers num="0.7.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4526" seq="2008-4526" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
- <desc>
- <descript source="cve">Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31566">31566</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6663">6663</ref>
- </refs>
- <vuln_soft>
- <prod vendor="customcms" name="ccms">
- <vers num="3.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4527" seq="2008-4527" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31578">31578</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6683">6683</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32004" adv="1">32004</ref>
- </refs>
- <vuln_soft>
- <prod vendor="php-fusion" name="recepies_module">
- <vers num="1.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4528" seq="2008-4528" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31571">31571</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6667">6667</ref>
- </refs>
- <vuln_soft>
- <prod vendor="phlatline" name="personal_information_manager">
- <vers num="1.01" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4529" seq="2008-4529" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-11">
- <desc>
- <descript source="cve">Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31601">31601</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6685">6685</ref>
- </refs>
- <vuln_soft>
- <prod vendor="asicms" name="asicms">
- <vers edition="alpha" num="0.208" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4530" seq="2008-4530" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="http://drupal.org/node/315919" adv="1">http://drupal.org/node/315919</ref>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45636">brilliantgallery-unspecified-xss(45636)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31554">31554</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32106" adv="1">32106</ref>
- </refs>
- <vuln_soft>
- <prod vendor="drupal" name="brilliant_gallery">
- <vers num="5.x-1.0" />
- <vers num="5.x-1.1" />
- <vers num="5.x-1.2" />
- <vers num="5.x-2.1" />
- <vers num="5.x-2.10" />
- <vers num="5.x-2.11" />
- <vers num="5.x-2.12" />
- <vers num="5.x-2.13" />
- <vers num="5.x-2.14" />
- <vers num="5.x-2.15" />
- <vers num="5.x-2.16" />
- <vers num="5.x-2.17" />
- <vers num="5.x-2.2" />
- <vers num="5.x-2.3" />
- <vers num="5.x-2.4" />
- <vers num="5.x-2.5" />
- <vers num="5.x-2.6" />
- <vers num="5.x-2.7" />
- <vers num="5.x-2.8" />
- <vers num="5.x-2.9" />
- <vers num="5.x-3.0" />
- <vers num="5.x-3.1" />
- <vers num="5.x-3.2" />
- <vers num="5.x-3.3" />
- <vers num="5.x-4.0" />
- <vers num="5.x-4.1" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4531" seq="2008-4531" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" patch="1" url="http://xforce.iss.net/xforce/xfdb/45637">brilliantgallery-unspecified-sql-injection(45637)</ref>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31554">31554</ref>
- <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32106" adv="1">32106</ref>
- <ref source="CONFIRM" patch="1" url="http://drupal.org/node/315919">http://drupal.org/node/315919</ref>
- </refs>
- <vuln_soft>
- <prod vendor="drupal" name="brilliant_gallery">
- <vers num="5.x-1.0" />
- <vers num="5.x-1.1" />
- <vers num="5.x-1.2" />
- <vers num="5.x-2.1" />
- <vers num="5.x-2.10" />
- <vers num="5.x-2.11" />
- <vers num="5.x-2.12" />
- <vers num="5.x-2.13" />
- <vers num="5.x-2.14" />
- <vers num="5.x-2.15" />
- <vers num="5.x-2.16" />
- <vers num="5.x-2.17" />
- <vers num="5.x-2.2" />
- <vers num="5.x-2.3" />
- <vers num="5.x-2.4" />
- <vers num="5.x-2.5" />
- <vers num="5.x-2.6" />
- <vers num="5.x-2.7" />
- <vers num="5.x-2.8" />
- <vers num="5.x-2.9" />
- <vers num="5.x-3.0" />
- <vers num="5.x-3.1" />
- <vers num="5.x-3.2" />
- <vers num="5.x-3.3" />
- <vers num="5.x-4.0" />
- <vers num="5.x-4.1" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4532" seq="2008-4532" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45657">websitedirectory-index-xss(45657)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31562">31562</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496967/100/0/threaded">20081003 Website Directory - XSS Exploit</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32176" adv="1">32176</ref>
- </refs>
- <vuln_soft>
- <prod vendor="maxiscript" name="website_directory">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-3432" seq="2008-3432" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-10">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" patch="1" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/08/01/1">[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw</ref>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/07/15/4">[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw</ref>
- <ref source="CONFIRM" url="ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059">ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059</ref>
- <ref source="CONFIRM" url="ftp://ftp.vim.org/pub/vim/patches/6.2.429">ftp://ftp.vim.org/pub/vim/patches/6.2.429</ref>
- </refs>
- <vuln_soft>
- <prod vendor="vim" name="vim">
- <vers num="6.2" />
- <vers num="6.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-3641" seq="2008-3641" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="CONFIRM" patch="1" url="http://cups.org/articles.php?L575" adv="1">http://www.cups.org/articles.php?L575</ref>
- <ref source="REDHAT" url="http://www.redhat.com/support/errata/RHSA-2008-0937.html">RHSA-2008:0937</ref>
- <ref source="MANDRIVA" url="http://www.mandriva.com/security/advisories?name=MDVSA-2008:211">MDVSA-2008:211</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2782">ADV-2008-2782</ref>
- <ref source="CONFIRM" url="http://www.cups.org/str.php?L2911">http://www.cups.org/str.php?L2911</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32226">32226</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32084">32084</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="cups">
- <vers num="1.1" />
- <vers num="1.1.1" />
- <vers num="1.1.10" />
- <vers num="1.1.10-1" />
- <vers num="1.1.11" />
- <vers num="1.1.12" />
- <vers num="1.1.13" />
- <vers num="1.1.14" />
- <vers num="1.1.15" />
- <vers num="1.1.16" />
- <vers num="1.1.17" />
- <vers num="1.1.18" />
- <vers edition="rc1" num="1.1.19" />
- <vers edition="rc2" num="1.1.19" />
- <vers edition="rc3" num="1.1.19" />
- <vers edition="rc4" num="1.1.19" />
- <vers edition="rc5" num="1.1.19" />
- <vers num="1.1.2" />
- <vers edition="rc1" num="1.1.20" />
- <vers edition="rc2" num="1.1.20" />
- <vers edition="rc3" num="1.1.20" />
- <vers edition="rc4" num="1.1.20" />
- <vers edition="rc5" num="1.1.20" />
- <vers edition="rc6" num="1.1.20" />
- <vers edition="rc1" num="1.1.21" />
- <vers edition="rc2" num="1.1.21" />
- <vers edition="rc1" num="1.1.22" />
- <vers edition="rc2" num="1.1.22" />
- <vers edition="rc1" num="1.1.23" />
- <vers num="1.1.3" />
- <vers num="1.1.4" />
- <vers num="1.1.5" />
- <vers num="1.1.5-1" />
- <vers num="1.1.5-2" />
- <vers num="1.1.6" />
- <vers num="1.1.6-1" />
- <vers num="1.1.6-2" />
- <vers num="1.1.6-3" />
- <vers num="1.1.7" />
- <vers num="1.1.8" />
- <vers num="1.1.9" />
- <vers num="1.1.9-1" />
- <vers edition="b1" num="1.2" />
- <vers edition="b2" num="1.2" />
- <vers edition="rc1" num="1.2" />
- <vers edition="rc2" num="1.2" />
- <vers edition="rc3" num="1.2" />
- <vers num="1.2.0" />
- <vers num="1.2.1" />
- <vers num="1.2.10" />
- <vers num="1.2.11" />
- <vers num="1.2.12" />
- <vers num="1.2.2" />
- <vers num="1.2.3" />
- <vers num="1.2.4" />
- <vers num="1.2.5" />
- <vers num="1.2.6" />
- <vers num="1.2.7" />
- <vers num="1.2.8" />
- <vers num="1.2.9" />
- <vers edition="b1" num="1.3" />
- <vers edition="rc1" num="1.3" />
- <vers edition="rc2" num="1.3" />
- <vers num="1.3.0" />
- <vers num="1.3.1" />
- <vers num="1.3.2" />
- <vers num="1.3.3" />
- <vers num="1.3.4" />
- <vers num="1.3.5" />
- <vers num="1.3.6" />
- <vers num="1.3.7" />
- <vers num="1.3.8" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3642" seq="2008-3642" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-3643" seq="2008-3643" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-10">
- <desc>
- <descript source="cve">Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-3645" seq="2008-3645" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-10">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-3646" seq="2008-3646" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-10">
- <desc>
- <descript source="cve">The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3647" seq="2008-3647" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4211" seq="2008-4211" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
- <desc>
- <descript source="cve">Integer signedness error in QuickLook in Mac OS X 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4212" seq="2008-4212" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
- <desc>
- <descript source="cve">Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="4.6" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="6.4" name="CVE-2008-4214" seq="2008-4214" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.6" modified="2008-10-10">
- <desc>
- <descript source="cve">Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- <vers num="10.5.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4215" seq="2008-4215" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
- <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="mac_os_x_server">
- <vers num="10.4.11" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="6.9" CVSS_exploit_subscore="3.4" CVSS_impact_subscore="10.0" name="CVE-2008-4394" seq="2008-4394" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.9" modified="2008-10-10">
- <desc>
- <descript source="cve">Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <local />
- <user_init />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31670">31670</ref>
- <ref source="GENTOO" url="http://security.gentoo.org/glsa/glsa-200810-02.xml">GLSA-200810-02</ref>
- </refs>
- <vuln_soft>
- <prod vendor="gentoo" name="portage">
- <vers edition="r3" num="2.0.51.22" />
- <vers edition="r2" num="2.1.1" />
- <vers num="2.1.3.10" />
- <vers num="2.1.4.4" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4533" seq="2008-4533" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.</descript>
- </desc>
- <sols>
- <sol source="nvd">Patch Information - http://unyora.sakura.ne.jp/soft/EasyHTTPServer/index.html</sol>
- </sols>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31244">31244</ref>
- <ref source="OSVDB" url="http://www.osvdb.org/48222">48222</ref>
- <ref source="JVNDB" url="http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000060.html">JVNDB-2008-000060</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN94163107/index.html">JVN#94163107</ref>
- </refs>
- <vuln_soft>
- <prod vendor="katan" name="web_server">
- <vers num="1.6" />
- <vers num="1.8" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4534" seq="2008-4534" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
- <desc>
- <descript source="cve">SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="http://www.ec-cube.net/info/080829">http://www.ec-cube.net/info/080829</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32065" adv="1">32065</ref>
- <ref source="JVNDB" url="http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000065.html">JVNDB-2008-000065</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN81111541/index.html">JVN#81111541</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ec-cube" name="ec-cube">
- <vers num="1.0" />
- <vers num="1.4.7" />
- <vers edition="b2" num="1.5.0" />
- <vers num="2.1.2a" prev="1" />
- <vers num="2.3.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4535" seq="2008-4535" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MISC" patch="1" url="http://www.ec-cube.net/release/detail.php?release_id=193" adv="1">http://www.ec-cube.net/release/detail.php?release_id=193</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32065">32065</ref>
- <ref source="JVNDB" url="http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000064.html">JVNDB-2008-000064</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN99916563/index.html">JVN#99916563</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ec-cube" name="ec-cube">
- <vers num="1.0" />
- <vers num="1.4.7" />
- <vers edition="b2" num="1.5.0" />
- <vers num="2.1.2a" prev="1" />
- <vers num="2.3.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4536" seq="2008-4536" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MISC" patch="1" url="http://www.ec-cube.net/release/detail.php?release_id=193" adv="1">http://www.ec-cube.net/release/detail.php?release_id=193</ref>
- <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32065" adv="1">32065</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN36085487/index.html">JVN#36085487</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ec-cube" name="ec-cube">
- <vers num="1.0" />
- <vers edition="unknown" num="1.3.4" prev="1" />
- <vers edition="unknown:community_edition" num="1.3.4" prev="1" />
- <vers num="1.4.7" />
- <vers edition="b2" num="1.5.0" />
- <vers num="2.1.2a" prev="1" />
- <vers num="2.3.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4537" seq="2008-4537" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MISC" patch="1" url="http://www.ec-cube.net/release/detail.php?release_id=193" adv="1">http://www.ec-cube.net/release/detail.php?release_id=193</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32065" adv="1">32065</ref>
- <ref source="JVNDB" url="http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000062.html">JVNDB-2008-000062</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN26621646/index.html">JVN#26621646</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ec-cube" name="ec-cube">
- <vers num="1.0" />
- <vers edition="unknown" num="1.3.4" prev="1" />
- <vers edition="unknown:community_edition" num="1.3.4" prev="1" />
- <vers num="1.4.7" />
- <vers edition="b2" num="1.5.0" />
- <vers num="2.1.2a" prev="1" />
- <vers num="2.3.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-3271" seq="2008-3271" severity="Medium" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-14">
- <desc>
- <descript source="cve">Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="https://issues.apache.org/bugzilla/show_bug.cgi?id=25835">https://issues.apache.org/bugzilla/show_bug.cgi?id=25835</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31698">31698</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497220/100/0/threaded">20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure</ref>
- <ref source="CONFIRM" url="http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html">http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html</ref>
- <ref source="CONFIRM" url="http://tomcat.apache.org/security-5.html">http://tomcat.apache.org/security-5.html</ref>
- <ref source="CONFIRM" url="http://tomcat.apache.org/security-4.html" adv="1">http://tomcat.apache.org/security-4.html</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32234" adv="1">32234</ref>
- <ref source="JVN" url="http://jvn.jp/en/jp/JVN30732239/index.html">JVN#30732239</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apache" name="tomcat">
- <vers num="4.1.0" />
- <vers num="4.1.1" />
- <vers num="4.1.10" />
- <vers num="4.1.11" />
- <vers num="4.1.12" />
- <vers num="4.1.13" />
- <vers num="4.1.14" />
- <vers num="4.1.15" />
- <vers num="4.1.16" />
- <vers num="4.1.17" />
- <vers num="4.1.18" />
- <vers num="4.1.19" />
- <vers num="4.1.2" />
- <vers num="4.1.20" />
- <vers num="4.1.21" />
- <vers num="4.1.22" />
- <vers num="4.1.23" />
- <vers num="4.1.24" />
- <vers num="4.1.25" />
- <vers num="4.1.26" />
- <vers num="4.1.27" />
- <vers num="4.1.28" />
- <vers num="4.1.29" />
- <vers edition="beta" num="4.1.3" />
- <vers num="4.1.30" />
- <vers num="4.1.31" />
- <vers num="4.1.4" />
- <vers num="4.1.5" />
- <vers num="4.1.6" />
- <vers num="4.1.7" />
- <vers num="4.1.8" />
- <vers num="4.1.9" />
- <vers num="5.5.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:C)" CVSS_base_score="9.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="8.5" name="CVE-2008-3544" seq="2008-3544" severity="High" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="9.0" modified="2008-10-14">
- <desc>
- <descript source="cve">Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, and possibly 7.01, 7.50, and 7.53, allow remote attackers to execute arbitrary code via a long (1) REQUEST_SEV_CHANGE (aka number 47), (2) REQUEST_SAVE_STATE (aka number 61), or (3) REQUEST_RESTORE_STATE (aka number 62) request to TCP port 2954.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="HP" patch="1" url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01537275" adv="1">SSRT080042</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/28668">28668</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/490541">20080407 Multiple vulnerabilities in HP OpenView NNM 7.53</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/31688" adv="1">31688</ref>
- <ref source="MISC" url="http://downloads.securityfocus.com/vulnerabilities/exploits/28668.c">http://downloads.securityfocus.com/vulnerabilities/exploits/28668.c</ref>
- <ref source="MISC" url="http://aluigi.altervista.org/adv/closedview_old-adv.txt">http://aluigi.altervista.org/adv/closedview_old-adv.txt</ref>
- </refs>
- <vuln_soft>
- <prod vendor="hp" name="openview_network_node_manager">
- <vers num="7.01" />
- <vers num="7.50" />
- <vers num="7.51" />
- <vers num="7.53" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-3545" seq="2008-3545" severity="High" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-14">
- <desc>
- <descript source="cve">Unspecified vulnerability in ovtopmd in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2008-3536, CVE-2008-3537, and CVE-2008-3544. NOTE: due to insufficient details from the vendor, it is not clear whether this is the same as CVE-2008-1853.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="HP" patch="1" url="http://marc.info/?l=bugtraq&m=122356907004075&w=2">SSRT080046</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31669">31669</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021014">1021014</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/29796" adv="1">29796</ref>
- </refs>
- <vuln_soft>
- <prod vendor="hp" name="openview_network_node_manager">
- <vers num="7.01" />
- <vers num="7.51" />
- <vers num="7.53" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4411" seq="2008-4411" severity="Medium" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-13">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31663">31663</ref>
- <ref source="FRSIRT" patch="1" url="http://www.frsirt.com/english/advisories/2008/2778" adv="1">ADV-2008-2778</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021015">1021015</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32199" adv="1">32199</ref>
- <ref source="HP" url="http://marc.info/?l=bugtraq&m=122356588429626&w=2">HPSBMA02376</ref>
- </refs>
- <vuln_soft>
- <prod vendor="hp" name="system_management_homepage">
- <vers num="2.0.0" />
- <vers num="2.0.1" />
- <vers num="2.0.2" />
- <vers num="2.1" />
- <vers num="2.1.0-103" />
- <vers num="2.1.0-103(a)" />
- <vers num="2.1.0-109" />
- <vers num="2.1.0-118" />
- <vers num="2.1.1" />
- <vers num="2.1.10" />
- <vers num="2.1.10-186" />
- <vers num="2.1.11" />
- <vers num="2.1.11-197" />
- <vers num="2.1.12-118" />
- <vers num="2.1.12-200" prev="1" />
- <vers num="2.1.2" />
- <vers num="2.1.2-127" />
- <vers num="2.1.3" />
- <vers num="2.1.3.132" />
- <vers num="2.1.4" />
- <vers num="2.1.4-143" />
- <vers num="2.1.5" />
- <vers num="2.1.5-146" />
- <vers num="2.1.6" />
- <vers num="2.1.6-156" />
- <vers num="2.1.7" />
- <vers num="2.1.7-168" />
- <vers num="2.1.8" />
- <vers num="2.1.8-177" />
- <vers num="2.1.9" />
- <vers num="2.1.9-178" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="2.1" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="2.9" name="CVE-2008-4540" seq="2008-4540" severity="Low" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="2.1" modified="2008-10-14">
- <desc>
- <descript source="cve">Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497151/100/0/threaded">20081008 Windows Mobile 6 insecure password handling and too short WLAN-password</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_mobile">
- <vers num="6.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4541" seq="2008-4541" severity="High" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-14">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via unspecified vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45782">sun-webproxy-ftp-bo(45782)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31691">31691</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2781" adv="1">ADV-2008-2781</ref>
- <ref source="SUNALERT" url="http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1">242986</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021038">1021038</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32227" adv="1">32227</ref>
- </refs>
- <vuln_soft>
- <prod vendor="sun" name="java_system_web_proxy_server">
- <vers edition="sp1" num="4.0" />
- <vers edition="sp1" num="4.0.1" />
- <vers edition="sp2" num="4.0.1" />
- <vers edition="sp3" num="4.0.1" />
- <vers edition="sp4" num="4.0.1" />
- <vers edition="sp5" num="4.0.1" />
- <vers edition="sp6" num="4.0.1" />
- <vers edition="sp1" num="4.0.2" />
- <vers edition="sp2" num="4.0.2" />
- <vers edition="sp3" num="4.0.2" />
- <vers edition="sp4" num="4.0.2" />
- <vers edition="sp5" num="4.0.2" />
- <vers edition="sp6" num="4.0.2" />
- <vers edition="sp1" num="4.0.3" />
- <vers edition="sp2" num="4.0.3" />
- <vers edition="sp3" num="4.0.3" />
- <vers edition="sp4" num="4.0.3" />
- <vers edition="sp5" num="4.0.3" />
- <vers edition="sp6" num="4.0.3" />
- <vers edition="sp1" num="4.0.4" />
- <vers edition="sp2" num="4.0.4" />
- <vers edition="sp3" num="4.0.4" />
- <vers edition="sp4" num="4.0.4" />
- <vers edition="sp5" num="4.0.4" />
- <vers edition="sp6" num="4.0.4" />
- <vers edition="sp1" num="4.0.5" />
- <vers edition="sp2" num="4.0.5" />
- <vers edition="sp3" num="4.0.5" />
- <vers edition="sp4" num="4.0.5" />
- <vers edition="sp5" num="4.0.5" />
- <vers edition="sp6" num="4.0.5" />
- <vers edition="" num="4.0.6" />
- <vers edition=":windows" num="4.0.6" />
- <vers edition=":x86" num="4.0.6" />
- <vers edition=":hp_ux" num="4.0.6" />
- <vers edition=":sparc" num="4.0.6" />
- <vers edition=":linux" num="4.0.6" />
- <vers edition="" num="4.0.7" />
- <vers edition=":sparc" num="4.0.7" />
- <vers edition=":windows" num="4.0.7" />
- <vers edition=":x86" num="4.0.7" />
- <vers edition=":hp_ux" num="4.0.7" />
- <vers edition=":linux" num="4.0.7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_base_score="3.5" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="2.9" name="CVE-2008-4542" seq="2008-4542" severity="Low" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="3.5" modified="2008-10-14">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MISC" url="http://www.voipshield.com/research-details.php?id=127">http://www.voipshield.com/research-details.php?id=127</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31642">31642</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2771" adv="1">ADV-2008-2771</ref>
- <ref source="CISCO" url="http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" adv="1">20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021012">1021012</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32207" adv="1">32207</ref>
- </refs>
- <vuln_soft>
- <prod vendor="cisco" name="unity">
- <vers num="4.0" />
- <vers num="4.0(1)" />
- <vers num="4.0(2)" />
- <vers edition="sr2" num="4.0(3)" />
- <vers edition="sr1" num="4.0(4)" />
- <vers num="4.0(5)" />
- <vers num="4.1(1)" />
- <vers num="4.2(1)" prev="1" />
- <vers num="5.0" />
- <vers num="5.0(1)" prev="1" />
- <vers num="7.0" />
- <vers num="7.0(2)" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.1" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.9" name="CVE-2008-4543" seq="2008-4543" severity="High" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="7.1" modified="2008-10-14">
- <desc>
- <descript source="cve">Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8, when using anonymous authentication (aka native Unity authentication), allows remote attackers to cause a denial of service (session exhaustion) via a large number of connections.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.voipshield.com/research-details.php?id=128">http://www.voipshield.com/research-details.php?id=128</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31642">31642</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2771" adv="1">ADV-2008-2771</ref>
- <ref source="CISCO" url="http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" adv="1">20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021013">1021013</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32187" adv="1">32187</ref>
- </refs>
- <vuln_soft>
- <prod vendor="cisco" name="unity">
- <vers num="4.0" />
- <vers num="4.0(1)" />
- <vers num="4.0(2)" />
- <vers edition="sr2" num="4.0(3)" />
- <vers edition="sr1" num="4.0(4)" />
- <vers num="4.0(5)" />
- <vers num="4.1(1)" />
- <vers num="4.2(1)" prev="1" />
- <vers num="5.0" />
- <vers num="5.0(1)" prev="1" />
- <vers num="7.0" />
- <vers num="7.0(2)" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4544" seq="2008-4544" severity="Medium" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-14">
- <desc>
- <descript source="cve">Unspecified vulnerability in an unspecified Microsoft API, as used by Cisco Unity and possibly other products, allows remote attackers to cause a denial of service by sending crafted packets to dynamic UDP ports, related to a "processing error."</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.voipshield.com/research-details.php?id=129">http://www.voipshield.com/research-details.php?id=129</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31642">31642</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2771" adv="1">ADV-2008-2771</ref>
- <ref source="CISCO" url="http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" adv="1">20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021020">1021020</ref>
- </refs>
- <vuln_soft>
- <prod vendor="cisco" name="unity">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_base_score="4.0" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="2.9" name="CVE-2008-4545" seq="2008-4545" severity="Medium" type="CVE" published="2008-10-13" CVSS_version="2.0" CVSS_score="4.0" modified="2008-10-14">
- <desc>
- <descript source="cve">Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x before 7.0(2)ES8 uses weak permissions for the D:\CommServer\Reports directory, which allows remote authenticated users to obtain sensitive information by reading files in this directory.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.voipshield.com/research-details.php?id=130">http://www.voipshield.com/research-details.php?id=130</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31642">31642</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2771" adv="1">ADV-2008-2771</ref>
- <ref source="CISCO" url="http://www.cisco.com/en/US/products/products_security_response09186a0080a0d861.html" adv="1">20081008 VoIPshield Reported Vulnerabilities in Cisco Unity Server</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021022">1021022</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32187" adv="1">32187</ref>
- </refs>
- <vuln_soft>
- <prod vendor="cisco" name="unity">
- <vers num="4.0" />
- <vers num="4.0(1)" />
- <vers num="4.0(2)" />
- <vers edition="sr2" num="4.0(3)" />
- <vers edition="sr1" num="4.0(4)" />
- <vers num="4.0(5)" />
- <vers num="4.1(1)" />
- <vers num="4.2(1)" prev="1" />
- <vers num="5.0" />
- <vers num="5.0(1)" prev="1" />
- <vers num="7.0" />
- <vers num="7.0(2)" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4441" seq="2008-4441" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-17">
- <desc>
- <descript source="cve">The Marvell driver for the Linksys WAP4400N Wi-Fi access point with firmware 1.2.14 on the Marvell 88W8361P-BEM1 chipset, when WEP mode is enabled, does not properly parse malformed 802.11 frames, which allows remote attackers to cause a denial of service (reboot or hang-up) via a malformed association request containing the WEP flag, as demonstrated by a request that is too short, a different vulnerability than CVE-2008-1144 and CVE-2008-1197.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45841">linksys-wap4400n-request-dos(45841)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31742">31742</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497285/100/0/threaded">20081013 Marvell Driver Malformed Association Request Vulnerability</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2805">ADV-2008-2805</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32259">32259</ref>
- </refs>
- <vuln_soft>
- <prod vendor="linksys" name="wap400n">
- <vers num="1.2.14" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:N/A:P)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4546" seq="2008-4546" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-14">
- <desc>
- <descript source="cve">Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and 10.0.12.10 allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496929/100/0/threaded">20081002 Adobe Flash Player plug-in null pointer dereference and browser crash</ref>
- <ref source="MISC" url="http://www.mochimedia.com/~matthew/flashcrash/">http://www.mochimedia.com/~matthew/flashcrash/</ref>
- </refs>
- <vuln_soft>
- <prod vendor="adobe" name="flash_player">
- <vers num="10.0.12.10" />
- <vers num="9.0.112.0" />
- <vers num="9.0.115.0" />
- <vers num="9.0.45.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4547" seq="2008-4547" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39640">dvrhost-pdvrocx-bo(39640)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27267">27267</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4903">4903</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28443" adv="1">28443</ref>
- </refs>
- <vuln_soft>
- <prod vendor="dvrhost" name="web_cms">
- <vers num="1.0.1.25" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4548" seq="2008-4548" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39725">rtssentry-ptzcampanelctrl-bo(39725)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27304">27304</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4918">4918</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28435" adv="1">28435</ref>
- </refs>
- <vuln_soft>
- <prod vendor="rtssentry" name="rtssentry">
- <vers num="2.1.0.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:N/A:N)" CVSS_base_score="2.6" CVSS_exploit_subscore="4.9" CVSS_impact_subscore="2.9" name="CVE-2008-4549" seq="2008-4549" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="2.6" modified="2008-10-15">
- <desc>
- <descript source="cve">The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39921">toolbar-imageshacktoolbar-info-disclosure(39921)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27439">27439</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/486941/100/200/threaded">20080124 ImageShack Toolbar FileUploader Class insecurities</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4981">4981</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28644" adv="1">28644</ref>
- </refs>
- <vuln_soft>
- <prod vendor="imageshack" name="imageshack_toolbar">
- <vers num="4.5.7" />
- <vers num="4.5.7.69" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4551" seq="2008-4551" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="SECTRACK" url="http://www.securitytracker.com/id?1020903">1020903</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31291">31291</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2660" adv="1">ADV-2008-2660</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/31963" adv="1">31963</ref>
- <ref source="MISC" url="http://labs.mudynamics.com/advisories/MU-200809-01.txt">http://labs.mudynamics.com/advisories/MU-200809-01.txt</ref>
- <ref source="CONFIRM" url="http://download.strongswan.org/CHANGES4.txt">http://download.strongswan.org/CHANGES4.txt</ref>
- </refs>
- <vuln_soft>
- <prod vendor="strongswan" name="strongswan">
- <vers num="2.0.0" />
- <vers num="2.0.1" />
- <vers num="2.0.2" />
- <vers num="2.1.0" />
- <vers num="2.1.1" />
- <vers num="2.1.2" />
- <vers num="2.1.3" />
- <vers num="2.1.4" />
- <vers num="2.1.5" />
- <vers num="2.2.0" />
- <vers num="2.2.1" />
- <vers num="2.2.2" />
- <vers num="2.3.0" />
- <vers num="2.3.1" />
- <vers num="2.3.2" />
- <vers num="2.4.0" />
- <vers num="2.4.0a" />
- <vers num="2.4.1" />
- <vers num="2.4.2" />
- <vers num="2.4.3" />
- <vers num="2.5.0" />
- <vers num="2.5.1" />
- <vers num="2.5.2" />
- <vers num="2.5.3" />
- <vers num="2.5.4" />
- <vers num="2.5.5" />
- <vers num="2.5.6" />
- <vers num="2.5.7" />
- <vers num="2.6.0" />
- <vers num="2.6.1" />
- <vers num="2.6.2" />
- <vers num="2.6.3" />
- <vers num="2.6.4" />
- <vers num="2.7.0" />
- <vers num="4.0.0" />
- <vers num="4.0.1" />
- <vers num="4.0.2" />
- <vers num="4.0.3" />
- <vers num="4.0.4" />
- <vers num="4.0.5" />
- <vers num="4.0.6" />
- <vers num="4.0.7" />
- <vers num="4.1.0" />
- <vers num="4.1.1" />
- <vers num="4.1.10" />
- <vers num="4.1.11" />
- <vers num="4.1.2" />
- <vers num="4.1.3" />
- <vers num="4.1.4" />
- <vers num="4.1.5" />
- <vers num="4.1.6" />
- <vers num="4.1.7" />
- <vers num="4.1.8" />
- <vers num="4.1.9" />
- <vers num="4.2.0" />
- <vers num="4.2.1" />
- <vers num="4.2.2" />
- <vers num="4.2.3" />
- <vers num="4.2.4" />
- <vers num="4.2.5" />
- <vers num="4.2.6" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4552" seq="2008-4552" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-15">
- <desc>
- <descript source="cve">nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the host_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended access restrictions.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="https://bugzilla.redhat.com/show_bug.cgi?id=458676">https://bugzilla.redhat.com/show_bug.cgi?id=458676</ref>
- </refs>
- <vuln_soft>
- <prod vendor="nfs" name="nfs-utils">
- <vers num="0.2" />
- <vers num="0.2.1" />
- <vers num="0.3.1" />
- <vers num="0.3.3" />
- <vers num="1.0" />
- <vers num="1.0.1" />
- <vers num="1.0.10" />
- <vers num="1.0.11" />
- <vers num="1.0.12" />
- <vers num="1.0.2" />
- <vers num="1.0.3" />
- <vers num="1.0.4" />
- <vers num="1.0.6" />
- <vers edition="pre-1" num="1.0.7" />
- <vers edition="pre-2" num="1.0.7" />
- <vers edition="rc-1" num="1.0.8" />
- <vers edition="rc-2" num="1.0.8" />
- <vers edition="rc-3" num="1.0.8" />
- <vers edition="rc-4" num="1.0.8" />
- <vers num="1.0.9" />
- <vers edition="rc-1" num="1.1.0" />
- <vers num="1.1.1" />
- <vers num="1.1.2" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-3639" seq="2008-3639" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="SECTRACK" url="http://www.securitytracker.com/id?1021033">1021033</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31690">31690</ref>
- <ref source="REDHAT" url="http://www.redhat.com/support/errata/RHSA-2008-0937.html">RHSA-2008:0937</ref>
- <ref source="MANDRIVA" url="http://www.mandriva.com/security/advisories?name=MDVSA-2008:211">MDVSA-2008:211</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2782" adv="1">ADV-2008-2782</ref>
- <ref source="CONFIRM" url="http://www.cups.org/str.php?L2918" adv="1">http://www.cups.org/str.php?L2918</ref>
- <ref source="CONFIRM" url="http://www.cups.org/articles.php?L575">http://www.cups.org/articles.php?L575</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32226" adv="1">32226</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32084" adv="1">32084</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="cups">
- <vers num="1.1" />
- <vers num="1.1.1" />
- <vers num="1.1.10" />
- <vers num="1.1.10-1" />
- <vers num="1.1.11" />
- <vers num="1.1.12" />
- <vers num="1.1.13" />
- <vers num="1.1.14" />
- <vers num="1.1.15" />
- <vers num="1.1.16" />
- <vers num="1.1.17" />
- <vers num="1.1.18" />
- <vers edition="rc1" num="1.1.19" />
- <vers edition="rc2" num="1.1.19" />
- <vers edition="rc3" num="1.1.19" />
- <vers edition="rc4" num="1.1.19" />
- <vers edition="rc5" num="1.1.19" />
- <vers num="1.1.2" />
- <vers edition="rc1" num="1.1.20" />
- <vers edition="rc2" num="1.1.20" />
- <vers edition="rc3" num="1.1.20" />
- <vers edition="rc4" num="1.1.20" />
- <vers edition="rc5" num="1.1.20" />
- <vers edition="rc6" num="1.1.20" />
- <vers edition="rc1" num="1.1.21" />
- <vers edition="rc2" num="1.1.21" />
- <vers edition="rc1" num="1.1.22" />
- <vers edition="rc2" num="1.1.22" />
- <vers edition="rc1" num="1.1.23" />
- <vers num="1.1.3" />
- <vers num="1.1.4" />
- <vers num="1.1.5" />
- <vers num="1.1.5-1" />
- <vers num="1.1.5-2" />
- <vers num="1.1.6" />
- <vers num="1.1.6-1" />
- <vers num="1.1.6-2" />
- <vers num="1.1.6-3" />
- <vers num="1.1.7" />
- <vers num="1.1.8" />
- <vers num="1.1.9" />
- <vers num="1.1.9-1" />
- <vers edition="b1" num="1.2" />
- <vers edition="b2" num="1.2" />
- <vers edition="rc1" num="1.2" />
- <vers edition="rc2" num="1.2" />
- <vers edition="rc3" num="1.2" />
- <vers num="1.2.0" />
- <vers num="1.2.1" />
- <vers num="1.2.10" />
- <vers num="1.2.11" />
- <vers num="1.2.12" />
- <vers num="1.2.2" />
- <vers num="1.2.3" />
- <vers num="1.2.4" />
- <vers num="1.2.5" />
- <vers num="1.2.6" />
- <vers num="1.2.7" />
- <vers num="1.2.8" />
- <vers num="1.2.9" />
- <vers edition="b1" num="1.3" />
- <vers edition="rc1" num="1.3" />
- <vers edition="rc2" num="1.3" />
- <vers num="1.3.0" />
- <vers num="1.3.1" />
- <vers num="1.3.2" />
- <vers num="1.3.3" />
- <vers num="1.3.4" />
- <vers num="1.3.5" />
- <vers num="1.3.6" />
- <vers num="1.3.7" />
- <vers num="1.3.8" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-3640" seq="2008-3640" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-15">
- <desc>
- <descript source="cve">Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="SECTRACK" url="http://www.securitytracker.com/id?1021034">1021034</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31690">31690</ref>
- <ref source="REDHAT" url="http://www.redhat.com/support/errata/RHSA-2008-0937.html">RHSA-2008:0937</ref>
- <ref source="MANDRIVA" url="http://www.mandriva.com/security/advisories?name=MDVSA-2008:211">MDVSA-2008:211</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2782" adv="1">ADV-2008-2782</ref>
- <ref source="CONFIRM" url="http://www.cups.org/str.php?L2919">http://www.cups.org/str.php?L2919</ref>
- <ref source="CONFIRM" url="http://www.cups.org/articles.php?L575">http://www.cups.org/articles.php?L575</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32226" adv="1">32226</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32084" adv="1">32084</ref>
- </refs>
- <vuln_soft>
- <prod vendor="apple" name="cups">
- <vers num="1.1" />
- <vers num="1.1.1" />
- <vers num="1.1.10" />
- <vers num="1.1.10-1" />
- <vers num="1.1.11" />
- <vers num="1.1.12" />
- <vers num="1.1.13" />
- <vers num="1.1.14" />
- <vers num="1.1.15" />
- <vers num="1.1.16" />
- <vers num="1.1.17" />
- <vers num="1.1.18" />
- <vers edition="rc1" num="1.1.19" />
- <vers edition="rc2" num="1.1.19" />
- <vers edition="rc3" num="1.1.19" />
- <vers edition="rc4" num="1.1.19" />
- <vers edition="rc5" num="1.1.19" />
- <vers num="1.1.2" />
- <vers edition="rc1" num="1.1.20" />
- <vers edition="rc2" num="1.1.20" />
- <vers edition="rc3" num="1.1.20" />
- <vers edition="rc4" num="1.1.20" />
- <vers edition="rc5" num="1.1.20" />
- <vers edition="rc6" num="1.1.20" />
- <vers edition="rc1" num="1.1.21" />
- <vers edition="rc2" num="1.1.21" />
- <vers edition="rc1" num="1.1.22" />
- <vers edition="rc2" num="1.1.22" />
- <vers edition="rc1" num="1.1.23" />
- <vers num="1.1.3" />
- <vers num="1.1.4" />
- <vers num="1.1.5" />
- <vers num="1.1.5-1" />
- <vers num="1.1.5-2" />
- <vers num="1.1.6" />
- <vers num="1.1.6-1" />
- <vers num="1.1.6-2" />
- <vers num="1.1.6-3" />
- <vers num="1.1.7" />
- <vers num="1.1.8" />
- <vers num="1.1.9" />
- <vers num="1.1.9-1" />
- <vers edition="b1" num="1.2" />
- <vers edition="b2" num="1.2" />
- <vers edition="rc1" num="1.2" />
- <vers edition="rc2" num="1.2" />
- <vers edition="rc3" num="1.2" />
- <vers num="1.2.0" />
- <vers num="1.2.1" />
- <vers num="1.2.10" />
- <vers num="1.2.11" />
- <vers num="1.2.12" />
- <vers num="1.2.2" />
- <vers num="1.2.3" />
- <vers num="1.2.4" />
- <vers num="1.2.5" />
- <vers num="1.2.6" />
- <vers num="1.2.7" />
- <vers num="1.2.8" />
- <vers num="1.2.9" />
- <vers edition="b1" num="1.3" />
- <vers edition="rc1" num="1.3" />
- <vers edition="rc2" num="1.3" />
- <vers num="1.3.0" />
- <vers num="1.3.1" />
- <vers num="1.3.2" />
- <vers num="1.3.3" />
- <vers num="1.3.4" />
- <vers num="1.3.5" />
- <vers num="1.3.6" />
- <vers num="1.3.7" />
- <vers num="1.3.8" prev="1" />
- </prod>
- <prod vendor="cups" name="cups">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4385" seq="2008-4385" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Husdawg, LLC Systems Requirements Lab 3 allows remote attackers to force the download and execution of arbitrary programs via unknown vectors in (1) ActiveX control (sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CERT-VN" url="http://www.kb.cert.org/vuls/id/166651" adv="1">VU#166651</ref>
- <ref source="CONFIRM" url="http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html" adv="1">http://www.systemrequirementslab.com/bulletins/security_bulletin_1.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="systemrequirementslab" name="system_requirements_lab">
- <vers num="3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4397" seq="2008-4397" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" adv="1">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497281/100/0/threaded">20081011 CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ca" name="arcserve_backup">
- <vers num="r11.1" />
- <vers num="r11.5" />
- <vers num="r12.0" />
- </prod>
- <prod vendor="ca" name="business_protection_suite">
- <vers edition="" num="r2" />
- <vers edition=":microsoft_small_business_server_premium" num="r2" />
- <vers edition=":microsoft_small_business_server_standard" num="r2" />
- </prod>
- <prod vendor="ca" name="server_protection_suite">
- <vers num="r2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4398" seq="2008-4398" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" adv="1">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ca" name="arcserve_backup">
- <vers num="r11.1" />
- <vers num="r11.5" />
- <vers num="r12.0" />
- </prod>
- <prod vendor="ca" name="business_protection_suite">
- <vers edition="" num="r2" />
- <vers edition=":microsoft_small_business_server_premium" num="r2" />
- <vers edition=":microsoft_small_business_server_standard" num="r2" />
- </prod>
- <prod vendor="ca" name="server_protection_suite">
- <vers num="r2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4399" seq="2008-4399" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation."</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" adv="1">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ca" name="arcserve_backup">
- <vers num="r11.1" />
- <vers num="r11.5" />
- <vers num="r12.0" />
- </prod>
- <prod vendor="ca" name="business_protection_suite">
- <vers edition="" num="r2" />
- <vers edition=":microsoft_small_business_server_premium" num="r2" />
- <vers edition=":microsoft_small_business_server_standard" num="r2" />
- </prod>
- <prod vendor="ca" name="server_protection_suite">
- <vers num="r2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4400" seq="2008-4400" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation."</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" patch="1" url="https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143" adv="1">https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ca" name="arcserve_backup">
- <vers num="r11.1" />
- <vers num="r11.5" />
- <vers num="r12.0" />
- </prod>
- <prod vendor="ca" name="business_protection_suite">
- <vers edition="" num="r2" />
- <vers edition=":microsoft_small_business_server_premium" num="r2" />
- <vers edition=":microsoft_small_business_server_standard" num="r2" />
- </prod>
- <prod vendor="ca" name="server_protection_suite">
- <vers num="r2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:C/I:C/A:C)" CVSS_base_score="8.5" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="10.0" name="CVE-2008-4555" seq="2008-4555" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="8.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31648">31648</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497150/100/0/threaded">20081008 Advisory: Graphviz Buffer Overflow Code Execution</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32186" adv="1">32186</ref>
- <ref source="MISC" url="http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html">http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html</ref>
- <ref source="CONFIRM" url="http://bugs.gentoo.org/show_bug.cgi?id=240636">http://bugs.gentoo.org/show_bug.cgi?id=240636</ref>
- </refs>
- <vuln_soft>
- <prod vendor="graphviz" name="graphviz">
- <vers num="1.10_2003-09-15_0415_1" />
- <vers num="1.10_2003-09-15_0415_2" />
- <vers num="1.12.1" />
- <vers num="1.12.2" />
- <vers num="1.12.3" />
- <vers num="1.14.1" />
- <vers num="1.16.1" />
- <vers num="1.5.1" />
- <vers num="1.5.2" />
- <vers num="1.5.3" />
- <vers num="1.7.16.1" />
- <vers num="1.7.16.2" />
- <vers num="1.7.5.1" />
- <vers num="1.7.5.2" />
- <vers num="1.7.5.3" />
- <vers num="1.7.5.4" />
- <vers num="1.7.5.5" />
- <vers num="1.7.5.6" />
- <vers num="1.7.5.7" />
- <vers num="1.7.5_0.1" />
- <vers num="1.7.5_0.2" />
- <vers num="1.7.5_0.3" />
- <vers num="1.8.5.1" />
- <vers num="1.8.5.2" />
- <vers num="1.8.9.1" />
- <vers num="2.10" />
- <vers num="2.12" />
- <vers num="2.14" />
- <vers num="2.16" />
- <vers num="2.18" />
- <vers num="2.2" />
- <vers num="2.2.1" />
- <vers num="2.2.1.1" />
- <vers num="2.2.2" />
- <vers num="2.20.0" />
- <vers num="2.20.1" />
- <vers num="2.20.2" prev="1" />
- <vers num="2.4" />
- <vers num="2.6" />
- <vers num="2.8" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="2.1" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="2.9" name="CVE-2008-2588" seq="2008-2588" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="2.1" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="jdeveloper">
- <vers num="10.1.2.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:S/C:N/I:N/A:P)" CVSS_base_score="1.7" CVSS_exploit_subscore="3.1" CVSS_impact_subscore="2.9" name="CVE-2008-2619" seq="2008-2619" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="1.7" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="application_server">
- <vers num="1.0.2.2" />
- <vers num="10.1.2.2" />
- <vers num="9.0.4.3" />
- </prod>
- <prod vendor="oracle" name="e-business_suite">
- <vers num="11.5.10.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_base_score="6.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="6.4" name="CVE-2008-2624" seq="2008-2624" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:N)" CVSS_base_score="4.0" CVSS_exploit_subscore="4.9" CVSS_impact_subscore="4.9" name="CVE-2008-2625" seq="2008-2625" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.2" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-3975" seq="2008-3975" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="application_server">
- <vers num="10.1.2.3" />
- <vers num="9.0.4.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3976" seq="2008-3976" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-3977" seq="2008-3977" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="application_server">
- <vers num="10.1.2.3" />
- <vers num="9.0.4.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_base_score="4.9" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="4.9" name="CVE-2008-3980" seq="2008-3980" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.9" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Upgrade component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3982" seq="2008-3982" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3983" seq="2008-3983" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3984" seq="2008-3984" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-3985" seq="2008-3985" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="e-business_suite">
- <vers num="12.0.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:H/Au:S/C:P/I:N/A:N)" CVSS_base_score="1.0" CVSS_exploit_subscore="1.5" CVSS_impact_subscore="2.9" name="CVE-2008-3986" seq="2008-3986" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="1.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="application_server">
- <vers num="10.1.2.2" />
- <vers num="9.0.4.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:H/Au:S/C:P/I:N/A:N)" CVSS_base_score="1.0" CVSS_exploit_subscore="1.5" CVSS_impact_subscore="2.9" name="CVE-2008-3987" seq="2008-3987" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="1.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="application_server">
- <vers num="10.1.2.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-3988" seq="2008-3988" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the iSupplier Portal component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="e-business_suite">
- <vers num="10.2" />
- <vers num="11.5" />
- <vers num="12.0.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:P)" CVSS_base_score="6.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="6.4" name="CVE-2008-3989" seq="2008-3989" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability, related to DMSYS.ODM_MODEL_UTIL.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.2.0.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_base_score="4.0" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="2.9" name="CVE-2008-3990" seq="2008-3990" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:N/I:N/A:P)" CVSS_base_score="4.0" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="2.9" name="CVE-2008-3991" seq="2008-3991" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3992" seq="2008-3992" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to DMSYS.DBMS_DM_EXP_INTERNAL.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.2.0.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:N/I:P/A:N)" CVSS_base_score="3.5" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="2.9" name="CVE-2008-3993" seq="2008-3993" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="3.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="e-business_suite">
- <vers num="10.2" />
- <vers num="11.5" />
- <vers num="12.0.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3994" seq="2008-3994" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to WMSYS.LTADM.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.3" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- <prod vendor="oracle" name="database_9i">
- <vers num="9.2.0.8" />
- <vers num="9.2.0.8dv" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3995" seq="2008-3995" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.4" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="5.5" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="4.9" name="CVE-2008-3996" seq="2008-3996" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_10g">
- <vers num="10.1.0.5" />
- <vers num="10.2.0.4" />
- </prod>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_base_score="4.9" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="4.9" name="CVE-2008-3998" seq="2008-3998" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.9" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="e-business_suite">
- <vers num="12.0.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_base_score="6.4" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="4.9" name="CVE-2008-4000" seq="2008-4000" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.4" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="jdedwards" name="enterpriseone">
- <vers num="8.48.18" />
- </prod>
- <prod vendor="oracle" name="jd_edwards_enterpriseone">
- <vers num="8.49.14" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_enterprise">
- <vers num="8.48.18" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_peopletools">
- <vers num="8.49.14" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:P/A:N)" CVSS_base_score="4.9" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="4.9" name="CVE-2008-4001" seq="2008-4001" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.9" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne EP 8.9 and EP 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="jd_edwards_enterpriseone_ep">
- <vers num="8.9" />
- <vers num="9.0" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_enterprise">
- <vers num="8.9" />
- <vers num="9.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:S/C:P/I:N/A:N)" CVSS_base_score="3.5" CVSS_exploit_subscore="6.8" CVSS_impact_subscore="2.9" name="CVE-2008-4002" seq="2008-4002" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="3.5" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote authenticated users to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="jd_edwards_enterpriseone">
- <vers num="8.48.18" />
- <vers num="8.49.14" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_enterprise">
- <vers num="8.48.18" />
- <vers num="8.49.14" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4003" seq="2008-4003" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="jd_edwards_enterpriseone">
- <vers num="8.48.18" />
- <vers num="8.49.14" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_enterprise">
- <vers num="8.48.18" />
- <vers num="8.49.14" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:S/C:P/I:P/A:N)" CVSS_base_score="3.2" CVSS_exploit_subscore="3.1" CVSS_impact_subscore="4.9" name="CVE-2008-4004" seq="2008-4004" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="3.2" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the JDE EnterpriseOne Business Service Server component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.97.2.2 and 8.98.0.1 allows local users to affect confidentiality and integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="jdedwards" name="enterpriseone">
- <vers num="8.97.2.2" />
- <vers num="8.98.0.1" />
- </prod>
- <prod vendor="oracle" name="peoplesoft_enterprise">
- <vers num="8.97.2.2" />
- <vers num="8.98.0.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:M/C:P/I:P/A:P)" CVSS_base_score="4.3" CVSS_exploit_subscore="3.2" CVSS_impact_subscore="6.4" name="CVE-2008-4005" seq="2008-4005" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="database_11i">
- <vers num="11.1.0.6" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4008" seq="2008-4008" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="bea_product_suite">
- <vers edition="mp1" num="10.0" />
- <vers num="10.3" />
- <vers edition="sp7" num="6.1" />
- <vers edition="sp7" num="7.0" />
- <vers edition="sp6" num="8.1" />
- <vers num="9.0" />
- <vers num="9.1" />
- <vers edition="mp3" num="9.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_base_score="5.1" CVSS_exploit_subscore="4.9" CVSS_impact_subscore="6.4" name="CVE-2008-4009" seq="2008-4009" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.1" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="bea_product_suite">
- <vers num="9.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4010" seq="2008-4010" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite 10.3, 10.2, 10.0 MP1, 9.2 MP3, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="bea_product_suite">
- <vers edition="mp1" num="10.0" />
- <vers num="10.2" />
- <vers num="10.3" />
- <vers edition="sp6" num="8.1" />
- <vers edition="mp3" num="9.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:S/C:N/I:P/A:N)" CVSS_base_score="2.1" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="2.9" name="CVE-2008-4011" seq="2008-4011" severity="Low" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="2.1" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote authenticated users to affect integrity via unknown vectors.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="bea_product_suite">
- <vers edition="mp1" num="10.0" />
- <vers num="9.0" />
- <vers num="9.1" />
- <vers edition="mp3" num="9.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:H/Au:N/C:P/I:P/A:P)" CVSS_base_score="5.1" CVSS_exploit_subscore="4.9" CVSS_impact_subscore="6.4" name="CVE-2008-4012" seq="2008-4012" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="5.1" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Workshop component in BEA Product Suite WLW 8.1SP5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html" adv="1">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="bea" name="weblogic_workshop">
- <vers edition="sp5" num="8.1" />
- </prod>
- <prod vendor="oracle" name="weblogic_workshop">
- <vers edition="sp5" num="8.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4013" seq="2008-4013" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-15">
- <desc>
- <descript source="cve">Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html">http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="oracle" name="bea_product_suite">
- <vers edition="mp1" num="10.0" />
- <vers edition="sp6" num="8.1" />
- <vers num="9.0" />
- <vers num="9.1" />
- <vers edition="mp3" num="9.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4478" seq="2008-4478" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.zerodayinitiative.com/advisories/ZDI-08-065">http://www.zerodayinitiative.com/advisories/ZDI-08-065</ref>
- <ref source="MISC" url="http://www.zerodayinitiative.com/advisories/ZDI-08-063">http://www.zerodayinitiative.com/advisories/ZDI-08-063</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497165/100/0/threaded">20081008 ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497163/100/0/threaded">20081008 ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability</ref>
- <ref source="CONFIRM" url="http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953" adv="1">http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953</ref>
- </refs>
- <vuln_soft>
- <prod vendor="novell" name="edirectory">
- <vers num="8.7" />
- <vers edition="sp1" num="8.7.1" />
- <vers num="8.7.3" />
- <vers num="8.7.3.10" prev="1" />
- <vers num="8.7.3.8" />
- <vers num="8.7.3.8_presp9" />
- <vers edition="" num="8.7.3.9" />
- <vers edition=":linux" num="8.7.3.9" />
- <vers edition=":windows_2003" num="8.7.3.9" />
- <vers edition=":solaris" num="8.7.3.9" />
- <vers edition=":windows_2000" num="8.7.3.9" />
- <vers edition="" num="8.8" />
- <vers edition=":solaris" num="8.8" />
- <vers edition=":windows_2003" num="8.8" />
- <vers edition=":windows_2000" num="8.8" />
- <vers edition=":linux" num="8.8" />
- <vers edition="" num="8.8.1" />
- <vers edition=":windows_2003" num="8.8.1" />
- <vers edition=":windows_2000" num="8.8.1" />
- <vers edition=":linux" num="8.8.1" />
- <vers edition=":solaris" num="8.8.1" />
- <vers edition="" num="8.8.2" />
- <vers edition=":solaris" num="8.8.2" />
- <vers edition=":windows_2000" num="8.8.2" />
- <vers edition=":windows_2003" num="8.8.2" />
- <vers edition=":linux" num="8.8.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4479" seq="2008-4479" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.zerodayinitiative.com/advisories/ZDI-08-064">http://www.zerodayinitiative.com/advisories/ZDI-08-064</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497164/100/0/threaded">20081008 ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability</ref>
- <ref source="CONFIRM" url="http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953">http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953</ref>
- </refs>
- <vuln_soft>
- <prod vendor="novell" name="edirectory">
- <vers num="8.7.3" />
- <vers num="8.7.3.10" prev="1" />
- <vers num="8.7.3.8" />
- <vers num="8.7.3.8_presp9" />
- <vers edition="" num="8.7.3.9" />
- <vers edition=":windows_2003" num="8.7.3.9" />
- <vers edition=":solaris" num="8.7.3.9" />
- <vers edition=":linux" num="8.7.3.9" />
- <vers edition=":windows_2000" num="8.7.3.9" />
- <vers edition="" num="8.8" />
- <vers edition=":solaris" num="8.8" />
- <vers edition=":windows_2003" num="8.8" />
- <vers edition=":windows_2000" num="8.8" />
- <vers edition=":linux" num="8.8" />
- <vers edition="" num="8.8.1" />
- <vers edition=":windows_2000" num="8.8.1" />
- <vers edition=":linux" num="8.8.1" />
- <vers edition=":windows_2003" num="8.8.1" />
- <vers edition=":solaris" num="8.8.1" />
- <vers edition="" num="8.8.2" prev="1" />
- <vers edition=":linux" num="8.8.2" prev="1" />
- <vers edition=":solaris" num="8.8.2" prev="1" />
- <vers edition=":windows_2000" num="8.8.2" prev="1" />
- <vers edition=":windows_2003" num="8.8.2" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4480" seq="2008-4480" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MISC" url="http://www.zerodayinitiative.com/advisories/ZDI-08-066/">http://www.zerodayinitiative.com/advisories/ZDI-08-066/</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497169/100/0/threaded">20081008 ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability</ref>
- <ref source="CONFIRM" url="http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953" adv="1">http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953</ref>
- </refs>
- <vuln_soft>
- <prod vendor="novell" name="edirectory">
- <vers num="8.7.3" />
- <vers num="8.7.3.10" prev="1" />
- <vers num="8.7.3.8" />
- <vers num="8.7.3.8_presp9" />
- <vers edition="" num="8.7.3.9" />
- <vers edition=":windows_2003" num="8.7.3.9" />
- <vers edition=":solaris" num="8.7.3.9" />
- <vers edition=":linux" num="8.7.3.9" />
- <vers edition=":windows_2000" num="8.7.3.9" />
- <vers edition="" num="8.8" />
- <vers edition=":solaris" num="8.8" />
- <vers edition=":windows_2003" num="8.8" />
- <vers edition=":windows_2000" num="8.8" />
- <vers edition=":linux" num="8.8" />
- <vers edition="" num="8.8.1" />
- <vers edition=":windows_2000" num="8.8.1" />
- <vers edition=":linux" num="8.8.1" />
- <vers edition=":windows_2003" num="8.8.1" />
- <vers edition=":solaris" num="8.8.1" />
- <vers edition="" num="8.8.2" prev="1" />
- <vers edition=":linux" num="8.8.2" prev="1" />
- <vers edition=":solaris" num="8.8.2" prev="1" />
- <vers edition=":windows_2000" num="8.8.2" prev="1" />
- <vers edition=":windows_2003" num="8.8.2" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4556" seq="2008-4556" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31751">31751</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497311/100/0/threaded">20081014 [RISE-2008001] Sun Solstice AdminSuite sadmind adm_build_path()Buffer Overflow Vulnerability</ref>
- <ref source="MISC" url="http://risesecurity.org/advisories/RISE-2008001.txt">http://risesecurity.org/advisories/RISE-2008001.txt</ref>
- </refs>
- <vuln_soft>
- <prod vendor="sun" name="solaris">
- <vers edition="" num="8" />
- <vers edition=":x86" num="8" />
- <vers edition=":sparc" num="8" />
- <vers edition="" num="9" />
- <vers edition=":x86" num="9" />
- <vers edition=":sparc" num="9" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4557" seq="2008-4557" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39450">cutenews-html-code-execution(39450)</ref>
- <ref source="OSVDB" url="http://www.osvdb.org/40236">40236</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4851">4851</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28330" adv="1">28330</ref>
- </refs>
- <vuln_soft>
- <prod vendor="cutephp" name="cutenews">
- <vers num="1.1.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4558" seq="2008-4558" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-15">
- <desc>
- <descript source="cve">Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MISC" patch="1" url="http://www.coresecurity.com/content/vlc-xspf-memory-corruption">http://www.coresecurity.com/content/vlc-xspf-memory-corruption</ref>
- </refs>
- <vuln_soft>
- <prod vendor="videolan" name="vlc_media_player">
- <vers num="0.9.2" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:C/I:C/A:C)" CVSS_base_score="9.0" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="10.0" name="CVE-2008-1446" seq="2008-1446" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-062.mspx">MS08-062</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="iis">
- <vers num="5.0" />
- <vers num="5.1" />
- <vers edition="beta" num="6.0" />
- <vers num="7.0" />
- </prod>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-2250" seq="2008-2250" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-15">
- <desc>
- <descript source="cve">The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx" adv="1">MS08-061</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_vista">
- <vers edition=":x64" num="" />
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers num="sp1" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- <vers edition="x64" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-2251" seq="2008-2251" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-15">
- <desc>
- <descript source="cve">Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx" adv="1">MS08-061</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- <vers edition="x64" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-2252" seq="2008-2252" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-15">
- <desc>
- <descript source="cve">The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx" adv="1">MS08-061</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_vista">
- <vers edition=":x64" num="" />
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers num="sp1" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- <vers edition="x64" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-3464" seq="2008-3464" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-15">
- <desc>
- <descript source="cve">afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "AFD Kernel Overwrite Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx" adv="1">MS08-066</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2003_server">
- <vers edition=":x64" num="" />
- <vers edition="sp1" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:itanium" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="professional" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition=":professional_x64" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:professional_x64" num="" />
- <vers edition="sp3" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-3466" seq="2008-3466" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary code via a crafted SNA RPC message, aka "HIS Command Execution Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-059.mspx" adv="1">MS08-059</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsft" name="host_integration_server">
- <vers edition="sp2" num="2000" />
- <vers edition="sp2:server" num="2000" />
- <vers edition="unknown" num="2000" />
- <vers edition="unknown:administrator_client" num="2000" />
- <vers edition="sp1" num="2004" />
- <vers edition="sp1:server" num="2004" />
- <vers edition="unknown" num="2004" />
- <vers edition="unknown:client" num="2004" />
- <vers edition="unknown:server" num="2004" />
- <vers edition="unknown" num="2006" />
- <vers edition="unknown:x32" num="2006" />
- <vers edition="x64" num="2006unknown" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-3471" seq="2008-3471" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac do not properly allocate memory when loading Excel objects during parsing of the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted BIFF file, aka "File Format Parsing Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx">MS08-057</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsft" name="open_xml_file_format_converter">
- <vers edition="mac" num="unknown" />
- </prod>
- <prod vendor="microsoft" name="office">
- <vers edition="sp3" num="2000" />
- <vers edition="sp2" num="2003" />
- <vers edition="sp3" num="2003" />
- <vers edition="" num="2004" />
- <vers edition=":mac" num="2004" />
- <vers edition="sp1" num="2007" />
- <vers edition="" num="2008" />
- <vers edition=":mac" num="2008" />
- <vers edition="sp3" num="xp" />
- </prod>
- <prod vendor="microsoft" name="office_compatibility_pack_for_word_excel_ppt_2007">
- <vers edition=":sp1" num="" />
- </prod>
- <prod vendor="microsoft" name="office_excel_viewer">
- <vers edition="sp3" num="2003" />
- </prod>
- <prod vendor="microsoft" name="office_sharepoint_server">
- <vers edition="sp1" num="2007" />
- <vers edition="sp1:x64" num="2007" />
- <vers edition="unknown" num="2007" />
- <vers edition="unknown:x64" num="2007" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3472" seq="2008-3472" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx">MS08-058</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3473" seq="2008-3473" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx" adv="1">MS08-058</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-3474" seq="2008-3474" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability."</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx">MS08-058</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3475" seq="2008-3475" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Internet Explorer 6 does not properly handle errors associated with access to an object that has been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx" adv="1">MS08-058</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3476" seq="2008-3476" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx" adv="1">MS08-058</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3477" seq="2008-3477" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Calendar Object Validation Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx" adv="1">MS08-057</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="internet_explorer">
- <vers edition="sp4" num="5.01" />
- <vers edition="sp1" num="6" />
- <vers num="7" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-3479" seq="2008-3479" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">The Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 SP4 does not properly validate parameters to string APIs, which allows remote attackers to execute arbitrary code via a crafted RPC call that overflows a "heap request," aka "Message Queuing Service Remote Code Execution Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx" adv="1">MS08-065</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4019" seq="2008-4019" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx" adv="1">MS08-057</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsft" name="open_xml_file_format_converter">
- <vers edition="mac" num="unknown" />
- </prod>
- <prod vendor="microsoft" name="office">
- <vers edition="sp3" num="2000" />
- <vers edition="sp2" num="2003" />
- <vers edition="sp3" num="2003" />
- <vers edition="" num="2004" />
- <vers edition=":mac" num="2004" />
- <vers edition="sp1" num="2007" />
- <vers edition="" num="2008" />
- <vers edition=":mac" num="2008" />
- <vers edition="sp3" num="xp" />
- </prod>
- <prod vendor="microsoft" name="office_compatibility_pack_for_word_excel_ppt_2007">
- <vers edition=":sp1" num="" />
- </prod>
- <prod vendor="microsoft" name="office_excel_viewer">
- <vers edition="sp3" num="2003" />
- </prod>
- <prod vendor="microsoft" name="office_sharepoint_server">
- <vers edition="sp1" num="2007" />
- <vers edition="sp1:x64" num="2007" />
- <vers edition="unknown" num="2007" />
- <vers edition="unknown:x64" num="2007" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4020" seq="2008-4020" severity="Medium" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-15">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx" adv="1">MS08-056</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="office">
- <vers edition="sp3" num="xp" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4023" seq="2008-4023" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx" adv="1">MS08-060</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-4036" seq="2008-4036" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-15">
- <desc>
- <descript source="cve">Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx">MS08-064</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_vista">
- <vers edition=":x64" num="" />
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers num="sp1" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- <vers edition="x64" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4038" seq="2008-4038" severity="High" type="CVE" published="2008-10-14" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MS" url="http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx" adv="1">MS08-063</ref>
- </refs>
- <vuln_soft>
- <prod vendor="microsoft" name="windows_2000">
- <vers edition="sp4" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2003">
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers edition="sp1:itanium" num="" />
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp2:itanium" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_server_2008">
- <vers edition=":itanium" num="" />
- <vers edition=":x32" num="" />
- <vers edition=":x64" num="" />
- </prod>
- <prod vendor="microsoft" name="windows_vista">
- <vers edition=":x64" num="" />
- <vers edition="sp1" num="" />
- <vers edition="sp1:x64" num="" />
- <vers num="sp1" />
- </prod>
- <prod vendor="microsoft" name="windows_xp">
- <vers edition="sp2" num="" />
- <vers edition="sp2:x64" num="" />
- <vers edition="sp3" num="" />
- <vers edition="x64" num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4569" seq="2008-4569" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31724">31724</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6731">6731</ref>
- </refs>
- <vuln_soft>
- <prod vendor="xigla" name="absolute_poll_manager_xe">
- <vers num="4.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4570" seq="2008-4570" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31723">31723</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6736">6736</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32223" adv="1">32223</ref>
- </refs>
- <vuln_soft>
- <prod vendor="real-estate-scripts" name="real-estate-scripts">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4571" seq="2008-4571" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-16">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/27098">27098</ref>
- <ref source="CONFIRM" patch="1" url="http://plone.org/products/plone/releases/3.0.4">http://plone.org/products/plone/releases/3.0.4</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28293" adv="1">28293</ref>
- <ref source="CONFIRM" url="http://dev.plone.org/plone/ticket/7439" adv="1">http://dev.plone.org/plone/ticket/7439</ref>
- </refs>
- <vuln_soft>
- <prod vendor="plone" name="plone">
- <vers num="2.0.5" />
- <vers num="2.1.2" />
- <vers num="2.5" />
- <vers num="2.5.1" />
- <vers num="2.5.1_rc" />
- <vers num="2.5.4" />
- <vers num="2.5_beta1" />
- <vers num="3.0" />
- <vers num="3.0.1" />
- <vers num="3.0.2" />
- <vers num="3.0.3" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4572" seq="2008-4572" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-16">
- <desc>
- <descript source="cve">GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31729">31729</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6738">6738</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2794" adv="1">ADV-2008-2794</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32218" adv="1">32218</ref>
- </refs>
- <vuln_soft>
- <prod vendor="guildftpd" name="guildftpd">
- <vers num="0.999.14" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4573" seq="2008-4573" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31713">31713</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6725">6725</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32238" adv="1">32238</ref>
- </refs>
- <vuln_soft>
- <prod vendor="aspindir" name="munzursoft_web_portal_w3">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4574" seq="2008-4574" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45801">aop-linkid-sql-injection(45801)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31704">31704</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6720">6720</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32244">32244</ref>
- </refs>
- <vuln_soft>
- <prod vendor="aspindir" name="ayco_okul_portali">
- <vers num="" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-4553" seq="2008-4553" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-16">
- <desc>
- <descript source="cve">qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/14/4">[oss-security] 20081014 Re: CVE id request: qemu</ref>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/13/2">[oss-security] 20081013 CVE id request: qemu</ref>
- <ref source="CONFIRM" url="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496394</ref>
- </refs>
- <vuln_soft>
- <prod vendor="qemu" name="qemu">
- <vers num="0.9.1-5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="4.6" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="6.4" name="CVE-2008-4554" seq="2008-4554" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="4.6" modified="2008-10-16">
- <desc>
- <descript source="cve">The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/14/5">[oss-security] 20081014 Re: CVE request: kernel: don't allow splice() to files opened with O_APPEND</ref>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/13/1">[oss-security] 20081013 CVE request: kernel: don't allow splice() to files opened with O_APPEND</ref>
- <ref source="CONFIRM" url="http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27">http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27</ref>
- <ref source="CONFIRM" url="http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f">http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.26.y.git;a=commit;h=efc968d450e013049a662d22727cf132618dcb2f</ref>
- </refs>
- <vuln_soft>
- <prod vendor="linux" name="kernel">
- <vers num="2.2.27" />
- <vers num="2.4.36" />
- <vers num="2.4.36.1" />
- <vers num="2.4.36.2" />
- <vers num="2.4.36.3" />
- <vers num="2.4.36.4" />
- <vers num="2.4.36.5" />
- <vers num="2.4.36.6" />
- <vers num="2.6" />
- <vers edition="rc1" num="2.6.18" />
- <vers edition="rc2" num="2.6.18" />
- <vers edition="rc3" num="2.6.18" />
- <vers edition="rc4" num="2.6.18" />
- <vers edition="rc5" num="2.6.18" />
- <vers edition="rc6" num="2.6.18" />
- <vers edition="rc7" num="2.6.18" />
- <vers num="2.6.19.4" />
- <vers num="2.6.19.5" />
- <vers num="2.6.19.6" />
- <vers num="2.6.19.7" />
- <vers num="2.6.20.16" />
- <vers num="2.6.20.17" />
- <vers num="2.6.20.18" />
- <vers num="2.6.20.19" />
- <vers num="2.6.20.20" />
- <vers num="2.6.20.21" />
- <vers num="2.6.21.5" />
- <vers num="2.6.21.6" />
- <vers num="2.6.21.7" />
- <vers num="2.6.22" />
- <vers num="2.6.22.1" />
- <vers num="2.6.22.10" />
- <vers num="2.6.22.11" />
- <vers num="2.6.22.12" />
- <vers num="2.6.22.13" />
- <vers num="2.6.22.14" />
- <vers num="2.6.22.15" />
- <vers num="2.6.22.17" />
- <vers num="2.6.22.18" />
- <vers num="2.6.22.19" />
- <vers num="2.6.22.2" />
- <vers num="2.6.22.20" />
- <vers num="2.6.22.21" />
- <vers num="2.6.22.22" />
- <vers num="2.6.22.8" />
- <vers num="2.6.22.9" />
- <vers num="2.6.22_rc1" />
- <vers num="2.6.22_rc7" />
- <vers num="2.6.23" />
- <vers num="2.6.23.10" />
- <vers num="2.6.23.11" />
- <vers num="2.6.23.12" />
- <vers num="2.6.23.13" />
- <vers num="2.6.23.15" />
- <vers num="2.6.23.16" />
- <vers num="2.6.23.17" />
- <vers num="2.6.23.8" />
- <vers num="2.6.23.9" />
- <vers num="2.6.23_rc1" />
- <vers num="2.6.24" />
- <vers num="2.6.24.1" />
- <vers num="2.6.24.2" />
- <vers num="2.6.24.3" />
- <vers num="2.6.24.4" />
- <vers num="2.6.24.5" />
- <vers num="2.6.24.6" />
- <vers num="2.6.24.7" />
- <vers num="2.6.24_rc1" />
- <vers num="2.6.24_rc4" />
- <vers num="2.6.24_rc5" />
- <vers edition="" num="2.6.25" />
- <vers edition=":x86_64" num="2.6.25" />
- <vers edition="" num="2.6.25.1" />
- <vers edition=":x86_64" num="2.6.25.1" />
- <vers edition="" num="2.6.25.10" />
- <vers edition=":x86_64" num="2.6.25.10" />
- <vers edition="" num="2.6.25.11" />
- <vers edition=":x86_64" num="2.6.25.11" />
- <vers edition="" num="2.6.25.12" />
- <vers edition=":x86_64" num="2.6.25.12" />
- <vers num="2.6.25.13" />
- <vers num="2.6.25.14" />
- <vers num="2.6.25.15" />
- <vers edition="" num="2.6.25.2" />
- <vers edition=":x86_64" num="2.6.25.2" />
- <vers edition="" num="2.6.25.3" />
- <vers edition=":x86_64" num="2.6.25.3" />
- <vers edition="" num="2.6.25.4" />
- <vers edition=":x86_64" num="2.6.25.4" />
- <vers edition="" num="2.6.25.5" />
- <vers edition=":x86_64" num="2.6.25.5" />
- <vers edition="" num="2.6.25.6" />
- <vers edition=":x86_64" num="2.6.25.6" />
- <vers edition="" num="2.6.25.7" />
- <vers edition=":x86_64" num="2.6.25.7" />
- <vers edition="" num="2.6.25.8" />
- <vers edition=":x86_64" num="2.6.25.8" />
- <vers edition="" num="2.6.25.9" />
- <vers edition=":x86_64" num="2.6.25.9" />
- <vers edition="rc4" num="2.6.26" />
- <vers num="2.6.26.1" />
- <vers num="2.6.26.2" />
- <vers num="2.6.26.3" />
- <vers num="2.6.26.4" />
- <vers num="2.6.26.5" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4575" seq="2008-4575" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-15">
- <desc>
- <descript source="cve">Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) possibly other unspecified vectors.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="CONFIRM" url="https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020">https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020</ref>
- <ref source="CONFIRM" url="http://www.sentex.net/~mwandel/jhead/changes.txt">http://www.sentex.net/~mwandel/jhead/changes.txt</ref>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/15/6">[oss-security] 20081015 Re: CVE request: jhead</ref>
- </refs>
- <vuln_soft>
- <prod vendor="sentex" name="jhead">
- <vers num="1.2" />
- <vers num="1.3" />
- <vers num="1.4" />
- <vers num="1.5" />
- <vers num="1.6" />
- <vers num="1.7" />
- <vers num="1.8" />
- <vers num="1.9" />
- <vers num="2.0" />
- <vers num="2.1" />
- <vers num="2.2" />
- <vers num="2.3" />
- <vers num="2.4" />
- <vers num="2.4-1" />
- <vers num="2.4-2" />
- <vers num="2.5" />
- <vers num="2.6" />
- <vers num="2.7" />
- <vers num="2.8" />
- <vers num="2.82" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4576" seq="2008-4576" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-16">
- <desc>
- <descript source="cve">sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.</descript>
- </desc>
- <loss_types>
- <avail />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MLIST" url="http://www.gossamer-threads.com/lists/linux/kernel/981012?page=last">[linux-kernel] 20081006 [patch 58/71] sctp: Fix oops when INIT-ACK indicates that peer doesnt support AUTH</ref>
- <ref source="CONFIRM" url="http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18">http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.18</ref>
- </refs>
- <vuln_soft>
- <prod vendor="linux" name="kernel">
- <vers num="2.2.27" />
- <vers num="2.4.36" />
- <vers num="2.4.36.1" />
- <vers num="2.4.36.2" />
- <vers num="2.4.36.3" />
- <vers num="2.4.36.4" />
- <vers num="2.4.36.5" />
- <vers num="2.4.36.6" />
- <vers num="2.6" />
- <vers edition="rc1" num="2.6.18" />
- <vers edition="rc2" num="2.6.18" />
- <vers edition="rc3" num="2.6.18" />
- <vers edition="rc4" num="2.6.18" />
- <vers edition="rc5" num="2.6.18" />
- <vers edition="rc6" num="2.6.18" />
- <vers edition="rc7" num="2.6.18" />
- <vers num="2.6.19.4" />
- <vers num="2.6.19.5" />
- <vers num="2.6.19.6" />
- <vers num="2.6.19.7" />
- <vers num="2.6.20.16" />
- <vers num="2.6.20.17" />
- <vers num="2.6.20.18" />
- <vers num="2.6.20.19" />
- <vers num="2.6.20.20" />
- <vers num="2.6.20.21" />
- <vers num="2.6.21.5" />
- <vers num="2.6.21.6" />
- <vers num="2.6.21.7" />
- <vers num="2.6.22" />
- <vers num="2.6.22.1" />
- <vers num="2.6.22.10" />
- <vers num="2.6.22.11" />
- <vers num="2.6.22.12" />
- <vers num="2.6.22.13" />
- <vers num="2.6.22.14" />
- <vers num="2.6.22.15" />
- <vers num="2.6.22.17" />
- <vers num="2.6.22.18" />
- <vers num="2.6.22.19" />
- <vers num="2.6.22.2" />
- <vers num="2.6.22.20" />
- <vers num="2.6.22.21" />
- <vers num="2.6.22.22" />
- <vers num="2.6.22.8" />
- <vers num="2.6.22.9" />
- <vers num="2.6.22_rc1" />
- <vers num="2.6.22_rc7" />
- <vers num="2.6.23" />
- <vers num="2.6.23.10" />
- <vers num="2.6.23.11" />
- <vers num="2.6.23.12" />
- <vers num="2.6.23.13" />
- <vers num="2.6.23.15" />
- <vers num="2.6.23.16" />
- <vers num="2.6.23.17" />
- <vers num="2.6.23.8" />
- <vers num="2.6.23.9" />
- <vers num="2.6.23_rc1" />
- <vers num="2.6.24" />
- <vers num="2.6.24.1" />
- <vers num="2.6.24.2" />
- <vers num="2.6.24.3" />
- <vers num="2.6.24.4" />
- <vers num="2.6.24.5" />
- <vers num="2.6.24.6" />
- <vers num="2.6.24.7" />
- <vers num="2.6.24_rc1" />
- <vers num="2.6.24_rc4" />
- <vers num="2.6.24_rc5" />
- <vers num="2.6.25" />
- <vers edition="" num="2.6.25.1" />
- <vers edition=":x86_64" num="2.6.25.1" />
- <vers edition="" num="2.6.25.10" />
- <vers edition=":x86_64" num="2.6.25.10" />
- <vers edition="" num="2.6.25.11" />
- <vers edition=":x86_64" num="2.6.25.11" />
- <vers edition="" num="2.6.25.12" />
- <vers edition=":x86_64" num="2.6.25.12" />
- <vers num="2.6.25.13" />
- <vers num="2.6.25.14" />
- <vers num="2.6.25.15" />
- <vers num="2.6.25.16" />
- <vers num="2.6.25.17" prev="1" />
- <vers edition="" num="2.6.25.2" />
- <vers edition=":x86_64" num="2.6.25.2" />
- <vers edition="" num="2.6.25.3" />
- <vers edition=":x86_64" num="2.6.25.3" />
- <vers edition="" num="2.6.25.4" />
- <vers edition=":x86_64" num="2.6.25.4" />
- <vers edition="" num="2.6.25.5" />
- <vers edition=":x86_64" num="2.6.25.5" />
- <vers edition="" num="2.6.25.6" />
- <vers edition=":x86_64" num="2.6.25.6" />
- <vers edition="" num="2.6.25.7" />
- <vers edition=":x86_64" num="2.6.25.7" />
- <vers edition="" num="2.6.25.8" />
- <vers edition=":x86_64" num="2.6.25.8" />
- <vers edition="" num="2.6.25.9" />
- <vers edition=":x86_64" num="2.6.25.9" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:N)" CVSS_base_score="6.4" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="4.9" name="CVE-2008-4577" seq="2008-4577" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="6.4" modified="2008-10-16">
- <desc>
- <descript source="cve">The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.</descript>
- </desc>
- <loss_types>
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="FRSIRT" patch="1" url="http://www.frsirt.com/english/advisories/2008/2745" adv="1">ADV-2008-2745</ref>
- <ref source="MLIST" patch="1" url="http://www.dovecot.org/list/dovecot-news/2008-October/000085.html">[Dovecot-news] 20081005 v1.1.4 released</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31587">31587</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32164" adv="1">32164</ref>
- <ref source="CONFIRM" url="http://bugs.gentoo.org/show_bug.cgi?id=240409">http://bugs.gentoo.org/show_bug.cgi?id=240409</ref>
- </refs>
- <vuln_soft>
- <prod vendor="dovecot" name="dovecot">
- <vers num="0.99.13" />
- <vers num="0.99.14" />
- <vers num="1.0" />
- <vers num="1.0.10" />
- <vers num="1.0.12" />
- <vers num="1.0.2" />
- <vers num="1.0.3" />
- <vers num="1.0.4" />
- <vers num="1.0.5" />
- <vers num="1.0.6" />
- <vers num="1.0.7" />
- <vers num="1.0.8" />
- <vers num="1.0.9" />
- <vers num="1.0.beta1" />
- <vers num="1.0.beta2" />
- <vers num="1.0.beta3" />
- <vers num="1.0.beta4" />
- <vers num="1.0.beta5" />
- <vers num="1.0.beta6" />
- <vers num="1.0.beta7" />
- <vers num="1.0.beta8" />
- <vers num="1.0.beta9" />
- <vers num="1.0.rc1" />
- <vers num="1.0.rc10" />
- <vers num="1.0.rc11" />
- <vers num="1.0.rc12" />
- <vers num="1.0.rc13" />
- <vers num="1.0.rc14" />
- <vers num="1.0.rc15" />
- <vers num="1.0.rc16" />
- <vers num="1.0.rc17" />
- <vers num="1.0.rc18" />
- <vers num="1.0.rc19" />
- <vers num="1.0.rc2" />
- <vers num="1.0.rc20" />
- <vers num="1.0.rc21" />
- <vers num="1.0.rc22" />
- <vers num="1.0.rc23" />
- <vers num="1.0.rc24" />
- <vers num="1.0.rc25" />
- <vers num="1.0.rc26" />
- <vers num="1.0.rc27" />
- <vers num="1.0.rc28" />
- <vers num="1.0.rc3" />
- <vers num="1.0.rc4" />
- <vers num="1.0.rc5" />
- <vers num="1.0.rc6" />
- <vers num="1.0.rc7" />
- <vers num="1.0.rc8" />
- <vers num="1.0.rc9" />
- <vers num="1.0_rc29" />
- <vers edition="rc2" num="1.1" />
- <vers num="1.1.0" />
- <vers num="1.1.1" />
- <vers num="1.1.2" />
- <vers num="1.1.3" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4578" seq="2008-4578" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-16">
- <desc>
- <descript source="cve">The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MLIST" patch="1" url="http://www.dovecot.org/list/dovecot-news/2008-October/000085.html">[Dovecot-news] 20081005 v1.1.4 released</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31587">31587</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2745" adv="1">ADV-2008-2745</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32164" adv="1">32164</ref>
- <ref source="CONFIRM" url="http://bugs.gentoo.org/show_bug.cgi?id=240409">http://bugs.gentoo.org/show_bug.cgi?id=240409</ref>
- </refs>
- <vuln_soft>
- <prod vendor="dovecot" name="dovecot">
- <vers num="0.99.13" />
- <vers num="0.99.14" />
- <vers num="1.0" />
- <vers num="1.0.10" />
- <vers num="1.0.12" />
- <vers num="1.0.2" />
- <vers num="1.0.3" />
- <vers num="1.0.4" />
- <vers num="1.0.5" />
- <vers num="1.0.6" />
- <vers num="1.0.7" />
- <vers num="1.0.8" />
- <vers num="1.0.9" />
- <vers num="1.0.beta1" />
- <vers num="1.0.beta2" />
- <vers num="1.0.beta3" />
- <vers num="1.0.beta4" />
- <vers num="1.0.beta5" />
- <vers num="1.0.beta6" />
- <vers num="1.0.beta7" />
- <vers num="1.0.beta8" />
- <vers num="1.0.beta9" />
- <vers num="1.0.rc1" />
- <vers num="1.0.rc10" />
- <vers num="1.0.rc11" />
- <vers num="1.0.rc12" />
- <vers num="1.0.rc13" />
- <vers num="1.0.rc14" />
- <vers num="1.0.rc15" />
- <vers num="1.0.rc16" />
- <vers num="1.0.rc17" />
- <vers num="1.0.rc18" />
- <vers num="1.0.rc19" />
- <vers num="1.0.rc2" />
- <vers num="1.0.rc20" />
- <vers num="1.0.rc21" />
- <vers num="1.0.rc22" />
- <vers num="1.0.rc23" />
- <vers num="1.0.rc24" />
- <vers num="1.0.rc25" />
- <vers num="1.0.rc26" />
- <vers num="1.0.rc27" />
- <vers num="1.0.rc28" />
- <vers num="1.0.rc3" />
- <vers num="1.0.rc4" />
- <vers num="1.0.rc5" />
- <vers num="1.0.rc6" />
- <vers num="1.0.rc7" />
- <vers num="1.0.rc8" />
- <vers num="1.0.rc9" />
- <vers num="1.0_rc29" />
- <vers edition="rc2" num="1.1" />
- <vers num="1.1.0" />
- <vers num="1.1.1" />
- <vers num="1.1.2" />
- <vers num="1.1.3" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="1.9" CVSS_exploit_subscore="3.4" CVSS_impact_subscore="2.9" name="CVE-2008-4579" seq="2008-4579" severity="Low" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="1.9" modified="2008-10-16">
- <desc>
- <descript source="cve">The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/13/3">[oss-security] 20081013 Re: CVE Request</ref>
- <ref source="MISC" url="http://bugs.gentoo.org/show_bug.cgi?id=240576">http://bugs.gentoo.org/show_bug.cgi?id=240576</ref>
- </refs>
- <vuln_soft>
- <prod vendor="gentoo" name="cman">
- <vers edition="r1" num="2.02.00" />
- </prod>
- <prod vendor="gentoo" name="fence">
- <vers edition="r1" num="2.02.00" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-4580" seq="2008-4580" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-16">
- <desc>
- <descript source="cve">fence_manual in fence allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/10/13/3">[oss-security] 20081013 Re: CVE Request</ref>
- </refs>
- <vuln_soft>
- <prod vendor="gentoo" name="cman">
- <vers edition="r1" num="2.02.00" />
- </prod>
- <prod vendor="gentoo" name="fence">
- <vers edition="r1" num="2.02.00" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:S/C:P/I:N/A:N)" CVSS_base_score="4.0" CVSS_exploit_subscore="8.0" CVSS_impact_subscore="2.9" name="CVE-2008-4581" seq="2008-4581" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="4.0" modified="2008-10-16">
- <desc>
- <descript source="cve">The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31748">31748</ref>
- <ref source="AIXAPAR" url="http://www-1.ibm.com/support/docview.wss?uid=swg1HD71425" adv="1">HD71425</ref>
- <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27012567&aid=1">http://www-01.ibm.com/support/docview.wss?uid=swg27012567&aid=1</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32105">32105</ref>
- </refs>
- <vuln_soft>
- <prod vendor="ibm" name="enovia_smarteam">
- <vers num="5" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:N/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4582" seq="2008-4582" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-16">
- <desc>
- <descript source="cve">Mozilla Firefox 3.0.1 through 3.0.3 on Windows does not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.</descript>
- </desc>
- <loss_types>
- <conf />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497091/100/0/threaded">20081007 Firefox Privacy Broken If Used to Open Web Page File</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32192" adv="1">32192</ref>
- <ref source="MISC" url="http://liudieyu0.blog124.fc2.com/blog-entry-6.html">http://liudieyu0.blog124.fc2.com/blog-entry-6.html</ref>
- </refs>
- <vuln_soft>
- <prod vendor="mozilla" name="firefox">
- <vers num="3.0.1" />
- <vers num="3.0.2" />
- <vers num="3.0.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4583" seq="2008-4583" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname in the SavePkcs8File method.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/27540">27540</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/5028">5028</ref>
- </refs>
- <vuln_soft>
- <prod vendor="chilkat_software" name="ftp">
- <vers num="2.0" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4584" seq="2008-4584" severity="Medium" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-16">
- <desc>
- <descript source="cve">Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/40041">chilkatmail-chilkatcert-file-overwrite(40041)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27493">27493</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/5005">5005</ref>
- </refs>
- <vuln_soft>
- <prod vendor="chilkat_software" name="mail">
- <vers num="7.8" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4585" seq="2008-4585" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39842">belongsitebuilder-admin-security-bypass(39842)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27402">27402</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/486803/100/200/threaded">20080122 Belong Site Builder 0.1b Bypass Admincp</ref>
- </refs>
- <vuln_soft>
- <prod vendor="belong_software" name="site_builder">
- <vers edition="beta" num="0.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4586" seq="2008-4586" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-16">
- <desc>
- <descript source="cve">Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/27279">27279</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4913">4913</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28496" adv="1">28496</ref>
- </refs>
- <vuln_soft>
- <prod vendor="acresso" name="flexnet_connect">
- <vers num="6.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-4587" seq="2008-4587" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-16">
- <desc>
- <descript source="cve">Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/39653">macrovision-flexnet-file-overwrite(39653)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/27279">27279</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/4909">4909</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/28496" adv="1">28496</ref>
- </refs>
- <vuln_soft>
- <prod vendor="acresso" name="flexnet_connect">
- <vers num="6.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4588" seq="2008-4588" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-16">
- <desc>
- <descript source="cve">Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45864">eservftp-abor-bo(45864)</ref>
- <ref source="MISC" url="http://www.zeroscience.org/codes/eserv_bof.txt">http://www.zeroscience.org/codes/eserv_bof.txt</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31753">31753</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6752">6752</ref>
- </refs>
- <vuln_soft>
- <prod vendor="etype" name="eserv">
- <vers num="3.0" />
- <vers num="3.25" />
- <vers num="3.26" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-4589" seq="2008-4589" severity="High" type="CVE" published="2008-10-15" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-16">
- <desc>
- <descript source="cve">Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo Rescue and Recovery 4.20, including 4.20.0511 and 4.20.0512, allows local users to execute arbitrary code via a long file name.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- </loss_types>
- <range>
- <local />
- </range>
- <refs>
- <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31737">31737</ref>
- <ref source="CONFIRM" patch="1" url="http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html" adv="1">http://www-307.ibm.com/pc/support/site.wss/MIGR-70699.html</ref>
- <ref source="CONFIRM" patch="1" url="http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html" adv="1">http://www-307.ibm.com/pc/support/site.wss/MIGR-4Q2QAK.html</ref>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45839">lenovo-rescue-recovery-tvtumin-bo(45839)</ref>
- <ref source="SECTRACK" url="http://www.securitytracker.com/id?1021041">1021041</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497277/100/0/threaded">20081010 iSEC Partners Security Advisory - 2008-002-lenovornr - Lenovo Rescue and Recovery 4.20</ref>
- <ref source="MISC" url="http://www.isecpartners.com/advisories/2008-02-lenovornr.txt">http://www.isecpartners.com/advisories/2008-02-lenovornr.txt</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2806" adv="1">ADV-2008-2806</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32252" adv="1">32252</ref>
- </refs>
- <vuln_soft>
- <prod vendor="lenovo" name="resuce_and_recovery">
- <vers num="4.20" />
- <vers num="4.20.0511" />
- <vers num="4.20.0512" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4590" seq="2008-4590" severity="High" type="CVE" published="2008-10-16" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-16">
- <desc>
- <descript source="cve">Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot other="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45799">stash-news-sql-injection(45799)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31687">31687</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6714">6714</ref>
- </refs>
- <vuln_soft>
- <prod vendor="stash" name="stash">
- <vers num="1.0.3" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4591" seq="2008-4591" severity="Medium" type="CVE" published="2008-10-16" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-16">
- <desc>
- <descript source="cve">Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- <user_init />
- </range>
- <refs>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6425">6425</ref>
- </refs>
- <vuln_soft>
- <prod vendor="phpwebgallery" name="phpwebgallery">
- <vers num="1.3.4" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4592" seq="2008-4592" severity="High" type="CVE" published="2008-10-16" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-16">
- <desc>
- <descript source="cve">Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.</descript>
- </desc>
- <loss_types>
- <avail />
- <conf />
- <int />
- <sec_prot admin="1" />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6427">6427</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2550" adv="1">ADV-2008-2550</ref>
- </refs>
- <vuln_soft>
- <prod vendor="sportspanel" name="sports_clubs_web_portal">
- <vers num="0.0.1" />
- </prod>
- </vuln_soft>
- </entry> - <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:P/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4401" seq="2008-4401" severity="Medium" type="CVE" published="2008-10-17" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-17">
- <desc>
- <descript source="cve">ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not require user interaction in conjunction with (1) the FileReference.browse operation in the FileReference upload API or (2) the FileReference.download operation in the FileReference download API, which allows remote attackers to create a browse dialog box, and possibly have unspecified other impact, via an SWF file.</descript>
- </desc>
- <loss_types>
- <int />
- </loss_types>
- <range>
- <network />
- </range>
- <refs>
- <ref source="XF" patch="1" url="http://xforce.iss.net/xforce/xfdb/45913">adobe-flash-filereference-file-upload(45913)</ref>
- <ref source="CONFIRM" patch="1" url="http://www.adobe.com/support/security/bulletins/apsb08-18.html">http://www.adobe.com/support/security/bulletins/apsb08-18.html</ref>
- <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32270" adv="1">32270</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2838" adv="1">ADV-2008-2838</ref>
- <ref source="CONFIRM" url="http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html">http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021061">1021061</ref>
- </refs>
- <vuln_soft>
- <prod vendor="adobe" name="flash_player">
- <vers num="7" />
- <vers num="7.0" />
- <vers num="7.0.1" />
- <vers num="7.0.25" />
- <vers num="7.0.63" />
- <vers num="7.0.69.0" />
- <vers num="7.0.70.0" />
- <vers num="7.0_r67" />
- <vers num="7.1" />
- <vers num="7.1.1" />
- <vers num="7.2" />
- <vers num="8" />
- <vers num="8.0" />
- <vers num="8.0.24.0" />
- <vers num="8.0.34.0" />
- <vers num="8.0.35.0" />
- <vers num="8.0.39.0" />
- <vers num="9" />
- <vers num="9.0.112.0" />
- <vers num="9.0.114.0" />
- <vers num="9.0.115.0" />
- <vers num="9.0.124.0" prev="1" />
- </prod>
- </vuln_soft>
- </entry> - <entry name="CVE-2008-4473" seq="2008-4473" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45914">adobe-flash-cs3-bo(45914)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31769">31769</ref>
- <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/497397/100/0/threaded">20081015 Multiple Flash Authoring Heap Overflows - Malformed SWF Files</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2837">ADV-2008-2837</ref>
- <ref source="CONFIRM" url="http://www.adobe.com/support/security/advisories/apsa08-09.html">http://www.adobe.com/support/security/advisories/apsa08-09.html</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021060">1021060</ref>
- <ref source="MISC" url="http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf">http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32246">32246</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4412" seq="2008-4412" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Unspecified vulnerability in HP Systems Insight Manager (SIM) before 5.2 Update 2 (C.05.02.02.00) allows remote attackers to obtain sensitive information via unspecified vectors.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45916">hp-sim-unspecified-security-bypass(45916)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31777">31777</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2836">ADV-2008-2836</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32287">32287</ref>
- <ref source="HP" url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962">SSRT080035</ref>
- <ref source="HP" url="http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01571962">HPSBMA02378</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4593" seq="2008-4593" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.</descript>
- </desc>
- <refs>
- <ref source="MISC" url="http://www.karlkraft.com/index.php/2008/10/03/yet-another-iphone-emergency-call-security-bug/">http://www.karlkraft.com/index.php/2008/10/03/yet-another-iphone-emergency-call-security-bug/</ref>
- <ref source="SECTRACK" url="http://securitytracker.com/id?1021021">1021021</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4594" seq="2008-4594" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45842">linksys-wap4400n-unspecified(45842)</ref>
- <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2805">ADV-2008-2805</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32259">32259</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4595" seq="2008-4595" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.</descript>
- </desc>
- <refs>
- <ref source="CONFIRM" url="http://sourceforge.net/project/shownotes.php?release_id=632842">http://sourceforge.net/project/shownotes.php?release_id=632842</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32245">32245</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4596" seq="2008-4596" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45925">shindigintegrator-unspecified-xss(45925)</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32285">32285</ref>
- <ref source="CONFIRM" url="http://drupal.org/node/321758">http://drupal.org/node/321758</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4597" seq="2008-4597" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Shindig-Integrator 5.x, a module for Drupal, does not properly restrict generated page access, which allows remote attackers to gain privileges via unspecified vectors.</descript>
- </desc>
- <refs>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32285">32285</ref>
- <ref source="CONFIRM" url="http://drupal.org/node/321758">http://drupal.org/node/321758</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4598" seq="2008-4598" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Unspecified vulnerability in Shindig-Integrator 5.x, a module for Drupal, has unspecified impact and remote attack vectors related to "numerous flaws" that are not related to XSS or access control, a different vulnerability than CVE-2008-4596 and CVE-2008-4597.</descript>
- </desc>
- <refs>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32285">32285</ref>
- <ref source="CONFIRM" url="http://drupal.org/node/321758">http://drupal.org/node/321758</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4599" seq="2008-4599" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45926">mosaiccommerce-category-sql-injection(45926)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31782">31782</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6763">6763</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4600" seq="2008-4600" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">configure.php in PokerMax Poker League Tournament Script 0.13 allows remote attackers to bypass authentication and gain administrative access by setting the ValidUserAdmin cookie.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45931">pokermax-cookie-security-bypass(45931)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31784">31784</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6766">6766</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32312">32312</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4601" seq="2008-4601" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.</descript>
- </desc>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31794">31794</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32311">32311</ref>
- <ref source="MISC" url="http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt">http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4602" seq="2008-4602" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Directory traversal vulnerability in index.php in Post Affiliate Pro 2.0 allows remote authenticated users to read and possibly execute arbitrary local files via a .. (dot dot) in the md parameter.</descript>
- </desc>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31796">31796</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6772">6772</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4603" seq="2008-4603" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.</descript>
- </desc>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31793">31793</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6769">6769</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4604" seq="2008-4604" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.</descript>
- </desc>
- <refs>
- <ref source="BID" url="http://www.securityfocus.com/bid/31788">31788</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6762">6762</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32307">32307</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4605" seq="2008-4605" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45929">cafeengine-dish-menu-sql-injection(45929)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31786">31786</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6762">6762</ref>
- <ref source="SECUNIA" url="http://secunia.com/advisories/32308">32308</ref>
- </refs>
- </entry> - <entry name="CVE-2008-4606" seq="2008-4606" type="CVE" published="2008-10-17" modified="2008-10-17">
- <desc>
- <descript source="cve">Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to it.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.</descript>
- </desc>
- <refs>
- <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45934">ipreg-locationid-vlanid-sql-injection(45934)</ref>
- <ref source="BID" url="http://www.securityfocus.com/bid/31781">31781</ref>
- <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6765">6765</ref>
- </refs>
- </entry> - -</nvd>
\ No newline at end of file |