LiveActive security incident?Get immediate response
CVE archive

November 2008

Browse CVE records published in November 2008, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 438 matching CVEs · Page 1 of 9.

Unknown · CVSS Not scored

CVE-2008-4953: firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/....

firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.

Published Nov 5, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-5230: The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors'...

The Temporal Key Integrity Protocol (TKIP) implementation in unspecified Cisco products and other vendors' products, as used in WPA and WPA2 on Wi-Fi networks, has insufficient countermeasures against certain crafted and replayed packets, which makes it easier for remote attackers to decrypt packets from an access point (AP) to a client and spoof packets from an AP to a client, and conduct ARP poisoning attacks or other attacks, as demonstrated by tkiptun-ng.

Published Nov 25, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-4950: gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp...

gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.

Published Nov 5, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-4977: postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on...

postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disputes this vulnerability, stating "This is not a real issue ... users would have to edit a script under /usr/lib to enable it.

Published Nov 6, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-2429: Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute a...

Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.

Published Nov 26, 2008 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2008-7303: The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all cre...

The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.

Published Nov 15, 2011 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-4943: bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tm...

bulmages-servers 0.11.1 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/error.txt, (b) /tmp/errores.txt, and possibly other temporary files, related to the (1) creabulmafact, (2) creabulmacont, and possibly (3) actualizabulmacont, (4) installbulmages-db, and (5) actualizabulmafact scripts.

Published Nov 5, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-4930: MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type tha...

MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka "Incomplete protection against MIME-sniffing." NOTE: this could be leveraged for XSS and other attacks.

Published Nov 4, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-5283: Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unk...

Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote attackers to delete uploaded files via unknown vectors related to the delall action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE analysis suggests that the most recent version as of 20081128 is 1.2, and the File Upload Manager does not have a "delall" action.

Published Nov 29, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-4927: Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of ser...

Microsoft Windows Media Player (WMP) 9.0 through 11 allows user-assisted attackers to cause a denial of service (application crash) via a malformed (1) MIDI or (2) DAT file, related to "MThd Header Parsing." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 4, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-4955: freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tm...

freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-#####.pid, (2) /tmp/freevo-gdb, (3) /tmp/freevo-gdb.sh, and (4) /tmp/*.stats temporary files. NOTE: this issue is only a vulnerability when a verbose debug mode is activated by modifying source code.

Published Nov 5, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-5135: os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1)...

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.

Published Nov 18, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-4946: convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output t...

convirt 0.8.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/set_output temporary file, related to the (1) _template_/provision.sh, (2) Linux_CD_Install/provision.sh, (3) Fedora_PV_Install/provision.sh, (4) CentOS_PV_Install/provision.sh, (5) common/provision.sh, (6) example/provision.sh, and (7) Windows_CD_Install/provision.sh scripts in image_store/.

Published Nov 5, 2008 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2008-7247: sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the...

sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.

Published Nov 30, 2009 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5246: Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary...

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the (1) id3v22_interp_frame and (2) id3v24_interp_frame functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 26, 2008 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2008-5225: Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.

Published Nov 25, 2008 · Updated Aug 7, 2024