CVE-2008-0308 (Symantec AntiVirus Network Attached Storage, Symantec AntiVirus Scan Engine, Syma…)

Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

CVE-2008-1065 (XM_Memberstats)

Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-5397 (Server)

Heap-based buffer overflow in the activePDF Server service (aka APServer.exe) in activePDF Server 3.8.4 and 3.8.5.14, and possibly other versions before 3.8.6.16, allows remote attackers to execute arbitrary code via a packet with a size field that is less than the actual size of the data.

CVE-2008-1064 (Xoops RMSoft Gallery System)

Cross-site scripting (XSS) vulnerability in images.php in the Red Mexico RMSOFT Gallery System (GS) 2.0 module (aka rmgs) for XOOPS allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVE-2008-1061 (Sniplets Plugin)

Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.

CVE-2008-1063 (RMSOFT GS)

Cross-site scripting (XSS) vulnerability index.php in the XM-Memberstats (xmmemberstats) module for XOOPS allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.

CVE-2008-1059 (Sniplets Plugin)

PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.

CVE-2008-1057 (Open_BSD)

The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 allows attackers to cause a denial of service (panic) via malformed IPv6 routing headers.

CVE-2008-1070 (Wireshark)

The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.

CVE-2008-1056 (PowerBroker)

Multiple stack-based buffer overflows in Symark PowerBroker 2.8 through 5.0.1 allow local users to gain privileges via a long argv[0] string when executing (1) pbrun, (2) pbsh, or (3) pbksh. NOTE: the product is often installed in environments with trust relationships that facilitate subsequent remote compromises.

« Previous Entries Next Entries »

Search Box

Badware Alerts

• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2090 (Solaris)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2089 (Solaris)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2080 (Common Data Format)
• CVE-2008-2091 (kubelance)
• CVE-2008-2089 (Solaris)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2093 (community_builder, com_comprofiler)
• CVE-2008-2092 (SPA-2102 Phone Adapter)
• CVE-2008-2092 (SPA-2102 Phone Adapter)

Related Sites

• Chart Vulnerabilities - Chart vulnerabilities discovered within a product

Categories

• Badware
• Badware News

Meta

• Log in
• Main Entries Rss
• Comments Rss