| Date | CVE | Severity | Vendor | Application | Palamida ID | License | Description | Score | Status | CPE Names | Affected Versions | Patch Info | Patch Version | Latest Release |
| 6/20/2008 | CVE-2008-0071 | 4.3 | Bittorrent | Bitorrent | NEW | Bittorrent Open Source License v1.1 | allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header. | 0.42% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-0071 | before 6.0.3 build 8642 | http://www.securityfocus.com/bid/29661/solution | 6.0.3 | 6.0.3 |
6/20/2008 | CVE-2008-1657 | 6.5 | OpenSSH | OpenSSH | 58168 | BSD LIcense | allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file. | 1.47% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-1657 | before 4.9 | http://www.securityfocus.com/bid/28531/solution | 4.9p1 | 5.0p1 |
6/20/2008 | CVE-2008-2266 | 4.6 | UUDeview | UUDeview | 63263 | GNU GPL v2 | allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression. | 0.76% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2266 | 0.5.20 | none | none | 0.5.20 |
6/20/2008 | CVE-2008-2360 | 9 | X | X11 | NEW | MIT License | allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow. | 0.42% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2360 | Release 7.3 | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2360 | xorg-xserver-1.4-cve-2008-2360.diff | R7.3 |
6/20/2008 | CVE-2008-2665 | 5 | PHP | PHP | 47428 | PHP License v3.01 | allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run. | 48.84% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2665 | 5.2.6 and earlier | none | none | 5.2.6 |
6/20/2008 | CVE-2008-2666 | 5 | PHP | PHP | 47428 | PHP License v3.01 | allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function. | 48.84% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2666 | 5.2.6 and earlier | none | none | 5.2.6 |
6/20/2008 | CVE-2008-2708 | 4.9 | Sun | Solaris | NEW | CDDL v1.0 | allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | 68.96% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2708 | 10 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-238688-1 | Solaris 10 with patch 137111-01 or later | 10 |
6/20/2008 | CVE-2008-2708 | 4.9 | Sun | OpenSolaris | NEW | OpenSolaris License | allows local users to cause a denial of service (panic) via unspecified vectors, probably related to core files. | 0.44% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2708 | before snv_93 | http://sunsolve.sun.com/search/document.do?assetkey=1-66-238688-1 | OpenSolaris based upon builds snv_92 or later | 2008.05 |
6/20/2008 | CVE-2008-2721 | 5 | Menalto | Gallery | 2485 | GNU GPL v2 | allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album. | 3.85% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2721 | before 2.2.5 | http://gallery.menalto.com/gallery_2.2.5_released | 2.2.5 | 2.2.5 |
6/20/2008 | CVE-2008-2724 | 5 | Menalto | Gallery | 2485 | GNU GPL v2 | allow remote attackers to bypass intended access restrictions. | 3.85% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2724 | before 2.2.5 | http://gallery.menalto.com/gallery_2.2.5_released | 2.2.5 | 2.2.5 |
6/20/2008 | CVE-2008-2777 | 4.3 | Luca Corbo | Ortro | 58835 | GNU GPL v2 | allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 0.20% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2777 | 1.3.0 and previous | http://www.ortro.net/changelog#release_1.3.1_2008.05.27 | 1.3.1 | 1.3.1 |
6/20/2008 | CVE-2008-2778 | 7.5 | Revokesoft | RevokeBB | 68524 | GNU GPL | allows remote attackers to execute arbitrary SQL commands via the search parameter. | 0.66% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2778 | 1.0 RC11 and 1.0 RC4 | none | none | 1.0 RC11 |
6/20/2008 | CVE-2008-2780 | 6.4 | Albinoloverats | Anubis Plugin | NEW | GNU GPL v3 | allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file. | 0.30% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2780 | 1.2 and previous | http://xforce.iss.net/xforce/xfdb/42652 | 1.3 or later | 1.3 |
6/20/2008 | CVE-2008-2782 | 7.5 | Otomigenx | Otomigenx | NEW | GNU GPL v2 | allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) library_rss.php and (2) rss.php. | 0.35% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2782 | 2.2 | none | none | 2.2 |
6/20/2008 | CVE-2008-2783 | 4.3 | Horde | Kronolith | NEW | GNU GPL v2 | allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 0.64% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2783 | none provided | none | none | 2.2-RC3 |
6/20/2008 | CVE-2008-2783 | 4.3 | Horde | Groupware | NEW | GNU LGPL v2 | allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 1.27% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2783 | none provided | none | none | 1.1.1 |
6/20/2008 | CVE-2008-2783 | 4.3 | Horde | Groupware Webmail Edition | NEW | GNU LGPL v2 | allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to (1) week.php, (2) workweek.php, and (3) day.php; and (4) the horde parameter in the PATH_INFO to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 1.15% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2783 | none provided | none | none | 1.1.1 |
6/20/2008 | CVE-2008-2784 | 6.4 | Spamdyke | Spamdyke | NEW | GNU GPL v2 | allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command. | 0.30% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2784 | before 3.1.8 | http://secunia.com/advisories/30408 | 3.1.8 | 3.1.8 |
6/20/2008 | CVE-2008-2785 | 6.8 | Mozilla | Firefox | 60647 | MPL/GPL/LGPL | Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact and remote attack vectors, aka ZDI-CAN-349. | 68.65% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2785 | 3.0 and 2.0.x | none | none | 3 |
6/20/2008 | CVE-2008-2786 | 10 | Mozilla | Firefox | 60647 | MPL/GPL/LGPL | Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes. | 68.65% | updated | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2786 | 3.0 and 2.0.x | none | none | 3 |
6/20/2008 | CVE-2008-2787 | 4.3 | Opendocman | Opendocman | 21389 | GNU GPL v2 | allows remote attackers to inject arbitrary web script or HTML via the last_message parameter. | 0.70% | NEW | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2787 | 1.2.5 | http://www.securityfocus.com/bid/29765/solution | OpenDocman index.php.patch | 1.2.5 |
6/20/2008 | CVE-2008-2788 | 4.3 | Opendocman | Opendocman | 21389 | GNU GPL v2 | allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | 0.70% | NEW | http://nvd.nist.gov/cpe.cfm?cvename=CVE-2008-2788 | 1.2.5 | http://secunia.com/advisories/30750 | OpenDocman index.php.patch | 1.2.5 |
Monday, June 23, 2008
OSS Vulnerability Report for < 062008 > HIGH RISK 10 - WLI 8.15 - Score - 68.65% - 2 new - 20 updates - 12 patches - 062108-17:51 EST
Subscribe to:
Posts (Atom)