English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64168
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-723-1 (git-core)
Summary:Ubuntu USN-723-1 (git-core)
Description:The remote host is missing an update to git-core
announced via advisory USN-723-1.

Details follow:

It was discovered that Git did not properly handle long file paths. If a user
were tricked into performing commands on a specially crafted Git repository, an
attacker could possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2008-3546)

It was discovered that the Git web interface (gitweb) did not correctly handle
shell metacharacters when processing certain commands. A remote attacker could
send specially crafted commands to the Git server and execute arbitrary code
with the privileges of the Git web server. This issue only applied to Ubuntu
7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)

It was discovered that the Git web interface (gitweb) did not properly restrict
the diff.external configuration parameter. A local attacker could exploit this
issue and execute arbitrary code with the privileges of the Git web server.
This issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
git-core 1.1.3-1ubuntu1.1

Ubuntu 7.10:
git-core 1:1.5.2.5-2ubuntu0.1
gitweb 1:1.5.2.5-2ubuntu0.1

Ubuntu 8.04 LTS:
git-core 1:1.5.4.3-1ubuntu2.1
gitweb 1:1.5.4.3-1ubuntu2.1

Ubuntu 8.10:
git-core 1:1.5.6.3-1.1ubuntu2.1
gitweb 1:1.5.6.3-1.1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-723-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3546
Bugtraq: 20080812 rPSA-2008-0253-1 git gitweb (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495391/100/0/threaded
http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
Debian Security Information: DSA-1637 (Google Search)
http://www.debian.org/security/2008/dsa-1637
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00729.html
http://security.gentoo.org/glsa/glsa-200809-16.xml
http://www.ubuntu.com/usn/USN-723-1
BugTraq ID: 30549
http://www.securityfocus.com/bid/30549
http://secunia.com/advisories/33964
http://www.vupen.com/english/advisories/2008/2306
http://www.securitytracker.com/id?1020627
http://secunia.com/advisories/31347
http://secunia.com/advisories/32029
http://secunia.com/advisories/31780
http://secunia.com/advisories/32384
XForce ISS Database: git-multiple-bo(44217)
http://xforce.iss.net/xforce/xfdb/44217
Common Vulnerability Exposure (CVE) ID: CVE-2008-5516
Bugtraq: 20090113 rPSA-2009-0005-1 git gitweb (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500008/100/0/threaded
http://repo.or.cz/w/git.git?a=commitdiff;h=c582abae
http://www.openwall.com/lists/oss-security/2009/01/20/1
http://www.openwall.com/lists/oss-security/2009/01/21/7
http://www.openwall.com/lists/oss-security/2009/01/23/2
Debian Security Information: DSA-1708 (Google Search)
http://www.debian.org/security/2009/dsa-1708
http://www.gentoo.org/security/en/glsa/glsa-200903-15.xml
SuSE Security Announcement: SUSE-SR:2009:001 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00002.html
http://secunia.com/advisories/34194
http://www.vupen.com/english/advisories/2009/0175
http://securityreason.com/securityalert/4919
Common Vulnerability Exposure (CVE) ID: CVE-2008-5517
http://repo.or.cz/w/git.git?a=commitdiff;h=516381d5
BugTraq ID: 33215
http://www.securityfocus.com/bid/33215
Common Vulnerability Exposure (CVE) ID: CVE-2008-5916
http://marc.info/?l=git&m=122975564100860&w=2
http://marc.info/?l=linux-kernel&m=122975564100863&w=2:
http://www.openwall.com/lists/oss-security/2009/01/15/2
http://www.openwall.com/lists/oss-security/2009/01/20/2
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01169.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01170.html
http://osvdb.org/50918
http://secunia.com/advisories/33282
http://securityreason.com/securityalert/4922
XForce ISS Database: git-gitweb-privilege-escalation(47528)
http://xforce.iss.net/xforce/xfdb/47528
Common Vulnerability Exposure (CVE) ID: CVE-2008-3974
BugTraq ID: 33177
http://www.securityfocus.com/bid/33177
http://www.vupen.com/english/advisories/2009/0115
http://osvdb.org/51347
http://www.securitytracker.com/id?1021561
http://secunia.com/advisories/33525
Common Vulnerability Exposure (CVE) ID: CVE-2009-0318
http://www.openwall.com/lists/oss-security/2009/01/26/2
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html
http://security.gentoo.org/glsa/glsa-200904-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:043
BugTraq ID: 33438
http://www.securityfocus.com/bid/33438
http://secunia.com/advisories/33707
http://secunia.com/advisories/33823
Common Vulnerability Exposure (CVE) ID: CVE-2008-5984
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:040
http://www.mandriva.com/security/advisories?name=MDVSA-2009:046
BugTraq ID: 33448
http://www.securityfocus.com/bid/33448
http://secunia.com/advisories/33672
http://secunia.com/advisories/33703
XForce ISS Database: dia-pysyssetargv-privilege-escalation(48262)
http://xforce.iss.net/xforce/xfdb/48262
Common Vulnerability Exposure (CVE) ID: CVE-2009-0352
Debian Security Information: DSA-1830 (Google Search)
http://www.debian.org/security/2009/dsa-1830
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00240.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:044
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
RedHat Security Advisories: RHSA-2009:0256
http://rhn.redhat.com/errata/RHSA-2009-0256.html
http://www.redhat.com/support/errata/RHSA-2009-0257.html
http://www.redhat.com/support/errata/RHSA-2009-0258.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
SuSE Security Announcement: SUSE-SA:2009:023 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
SuSE Security Announcement: SUSE-SA:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html
http://www.ubuntu.com/usn/usn-717-1
http://www.ubuntulinux.org/support/documentation/usn/usn-741-1
BugTraq ID: 33598
http://www.securityfocus.com/bid/33598
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10699
http://secunia.com/advisories/33802
http://secunia.com/advisories/33831
http://secunia.com/advisories/33841
http://secunia.com/advisories/33846
http://secunia.com/advisories/34387
http://secunia.com/advisories/34324
http://secunia.com/advisories/34417
http://secunia.com/advisories/34462
http://secunia.com/advisories/34464
http://secunia.com/advisories/34527
http://www.vupen.com/english/advisories/2009/0313
http://www.securitytracker.com/id?1021663
http://secunia.com/advisories/33799
http://secunia.com/advisories/33808
http://secunia.com/advisories/33809
http://secunia.com/advisories/33816
http://secunia.com/advisories/33869
Common Vulnerability Exposure (CVE) ID: CVE-2009-0353
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11193
Common Vulnerability Exposure (CVE) ID: CVE-2009-0354
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9796
http://www.securitytracker.com/id?1021664
Common Vulnerability Exposure (CVE) ID: CVE-2009-0355
http://www.ubuntu.com/usn/usn-717-2
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9161
http://www.securitytracker.com/id?1021665
Common Vulnerability Exposure (CVE) ID: CVE-2009-0356
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9922
http://www.securitytracker.com/id?1021666
Common Vulnerability Exposure (CVE) ID: CVE-2009-0357
http://ha.ckers.org/blog/20070511/bluehat-errata/
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9459
http://www.securitytracker.com/id?1021668
Common Vulnerability Exposure (CVE) ID: CVE-2009-0358
http://blogs.imeta.co.uk/JDeabill/archive/2008/07/14/303.aspx
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10610
http://www.securitytracker.com/id?1021667
Common Vulnerability Exposure (CVE) ID: CVE-2009-0316
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:047
BugTraq ID: 33447
http://www.securityfocus.com/bid/33447
XForce ISS Database: vim-pysyssetargv-privilege-escalation(48275)
http://xforce.iss.net/xforce/xfdb/48275
Common Vulnerability Exposure (CVE) ID: CVE-2008-5557
Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1789 (Google Search)
http://www.debian.org/security/2009/dsa-1789
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
HPdes Security Advisory: HPSBUX02431
http://marc.info/?l=bugtraq&m=124654546101607&w=2
HPdes Security Advisory: SSRT090085
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: HPSBMA02492
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
HPdes Security Advisory: SSRT100079
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
http://www.redhat.com/support/errata/RHSA-2009-0350.html
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 32948
http://www.securityfocus.com/bid/32948
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10286
http://securitytracker.com/id?1021482
http://secunia.com/advisories/34642
http://secunia.com/advisories/35003
http://secunia.com/advisories/35074
http://secunia.com/advisories/35306
http://secunia.com/advisories/35650
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: php-multibyte-bo(47525)
http://xforce.iss.net/xforce/xfdb/47525
Common Vulnerability Exposure (CVE) ID: CVE-2008-5658
Bugtraq: 20081204 Advisory 06/2008: PHP ZipArchive::extractTo() Directory Traversal Vulnerability (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
http://www.openwall.com/lists/oss-security/2008/12/04/3
http://www.sektioneins.de/advisories/SE-2008-06.txt
BugTraq ID: 32625
http://www.securityfocus.com/bid/32625
http://osvdb.org/50480
http://www.securitytracker.com/id?1021303
XForce ISS Database: php-ziparchive-directory-traversal(47079)
http://xforce.iss.net/xforce/xfdb/47079
Common Vulnerability Exposure (CVE) ID: CVE-2008-5624
http://securityreason.com/achievement_securityalert/59
Bugtraq: 20081206 SecurityReason: PHP 5.2.6 SAPI php_getuid() overload (Google Search)
http://www.securityfocus.com/archive/1/archive/1/498985/100/0/threaded
BugTraq ID: 32688
http://www.securityfocus.com/bid/32688
http://osvdb.org/52207
http://osvdb.org/50483
XForce ISS Database: php-getuid-safemode-bypass(47318)
http://xforce.iss.net/xforce/xfdb/47318
Common Vulnerability Exposure (CVE) ID: CVE-2008-5625
http://securityreason.com/achievement_securityalert/57
Bugtraq: 20081120 SecurityReason : PHP 5.2.6 (error_log) safe_mode bypass (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.html
http://www.milw0rm.com/exploits/7171
BugTraq ID: 32383
http://www.securityfocus.com/bid/32383
http://osvdb.org/52205
XForce ISS Database: php-error-safemode-bypass(47314)
http://xforce.iss.net/xforce/xfdb/47314
Common Vulnerability Exposure (CVE) ID: CVE-2008-5985
http://www.gentoo.org/security/en/glsa/glsa-200903-16.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:048
BugTraq ID: 33441
http://www.securityfocus.com/bid/33441
http://secunia.com/advisories/34187
Common Vulnerability Exposure (CVE) ID: CVE-2009-0544
http://www.openwall.com/lists/oss-security/2009/02/07/1
http://www.openwall.com/lists/oss-security/2009/02/12/5
http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:049
http://www.mandriva.com/security/advisories?name=MDVSA-2009:050
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
BugTraq ID: 33674
http://www.securityfocus.com/bid/33674
http://secunia.com/advisories/34199
http://secunia.com/advisories/35065
XForce ISS Database: pycrypto-arc2module-bo(48617)
http://xforce.iss.net/xforce/xfdb/48617
Common Vulnerability Exposure (CVE) ID: CVE-2008-3964
http://www.openwall.com/lists/oss-security/2008/09/09/3
http://www.openwall.com/lists/oss-security/2008/09/09/8
http://sourceforge.net/mailarchive/forum.php?thread_name=e56ccc8f0809180317u6a5306fg14683947affb3e1b%40mail.gmail.com&forum_name=png-mng-implement
http://security.gentoo.org/glsa/glsa-200812-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
CERT/CC vulnerability note: VU#889484
http://www.kb.cert.org/vuls/id/889484
BugTraq ID: 31049
http://www.securityfocus.com/bid/31049
http://secunia.com/advisories/35302
http://secunia.com/advisories/35386
http://secunia.com/advisories/31781
http://www.vupen.com/english/advisories/2008/2512
http://secunia.com/advisories/33137
http://www.vupen.com/english/advisories/2009/1462
http://www.vupen.com/english/advisories/2009/1560
XForce ISS Database: libpng-pngpushreadztxt-dos(44928)
http://xforce.iss.net/xforce/xfdb/44928
Common Vulnerability Exposure (CVE) ID: CVE-2008-5907
http://openwall.com/lists/oss-security/2009/01/09/1
http://sourceforge.net/mailarchive/forum.php?thread_name=4B6F0239C13D0245820603C036D180BC79FBAA%40CABOTUKEXCH01.cabot.local&forum_name=png-mng-implement
Debian Security Information: DSA-1750 (Google Search)
http://www.debian.org/security/2009/dsa-1750
http://security.gentoo.org/glsa/glsa-200903-28.xml
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://secunia.com/advisories/34320
http://secunia.com/advisories/34388
XForce ISS Database: libpng-pngcheckkeyword-memory-corruption(48128)
http://xforce.iss.net/xforce/xfdb/48128
Common Vulnerability Exposure (CVE) ID: CVE-2009-0040
Bugtraq: 20090312 rPSA-2009-0046-1 libpng (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501767/100/0/threaded
Bugtraq: 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503912/100/0/threaded
Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search)
http://www.securityfocus.com/archive/1/archive/1/505990/100/0/threaded
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://www.redhat.com/support/errata/RHSA-2009-0325.html
http://www.redhat.com/support/errata/RHSA-2009-0333.html
http://www.redhat.com/support/errata/RHSA-2009-0340.html
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
SuSE Security Announcement: SUSE-SA:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
Cert/CC Advisory: TA09-218A
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
CERT/CC vulnerability note: VU#649212
http://www.kb.cert.org/vuls/id/649212
BugTraq ID: 33827
http://www.securityfocus.com/bid/33827
BugTraq ID: 33990
http://www.securityfocus.com/bid/33990
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10316
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6458
http://secunia.com/advisories/34145
http://secunia.com/advisories/34210
http://secunia.com/advisories/34265
http://secunia.com/advisories/34272
http://secunia.com/advisories/35258
http://secunia.com/advisories/35379
http://secunia.com/advisories/36096
http://secunia.com/advisories/34137
http://secunia.com/advisories/34140
http://secunia.com/advisories/34143
http://secunia.com/advisories/34152
http://www.vupen.com/english/advisories/2009/0469
http://www.vupen.com/english/advisories/2009/0473
http://secunia.com/advisories/33970
http://secunia.com/advisories/33976
http://www.vupen.com/english/advisories/2009/0632
http://www.vupen.com/english/advisories/2009/1451
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2009/2172
XForce ISS Database: libpng-pointer-arrays-code-execution(48819)
http://xforce.iss.net/xforce/xfdb/48819
Common Vulnerability Exposure (CVE) ID: CVE-2008-1232
Bugtraq: 20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495021/100/0/threaded
Bugtraq: 20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/504351/100/0/threaded
Bugtraq: 20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management (Google Search)
http://www.securityfocus.com/archive/1/archive/1/505556/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html
HPdes Security Advisory: HPSBUX02401
http://marc.info/?l=bugtraq&m=123376588623823&w=2
HPdes Security Advisory: SSRT090005
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0648.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.redhat.com/support/errata/RHSA-2008-0864.html
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
BugTraq ID: 30496
http://www.securityfocus.com/bid/30496
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5985
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11181
http://secunia.com/advisories/33999
http://secunia.com/advisories/34013
http://secunia.com/advisories/35474
http://secunia.com/advisories/36108
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://www.vupen.com/english/advisories/2008/2305
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/0320
http://www.securitytracker.com/id?1020622
http://secunia.com/advisories/31379
http://secunia.com/advisories/31381
http://secunia.com/advisories/31639
http://secunia.com/advisories/31891
http://secunia.com/advisories/31865
http://secunia.com/advisories/32222
http://secunia.com/advisories/31982
http://secunia.com/advisories/33797
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://securityreason.com/securityalert/4098
http://www.vupen.com/english/advisories/2009/0503
http://www.vupen.com/english/advisories/2009/1609
http://www.vupen.com/english/advisories/2009/2194
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: tomcat-httpservletresponse-xss(44155)
http://xforce.iss.net/xforce/xfdb/44155
Common Vulnerability Exposure (CVE) ID: CVE-2008-1947
Bugtraq: 20080602 [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/492958/100/0/threaded
http://marc.info/?l=tomcat-user&m=121244319501278&w=2
Debian Security Information: DSA-1593 (Google Search)
http://www.debian.org/security/2008/dsa-1593
SuSE Security Announcement: SUSE-SR:2008:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
BugTraq ID: 29502
http://www.securityfocus.com/bid/29502
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6009
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11534
http://www.vupen.com/english/advisories/2008/1725
http://www.securitytracker.com/id?1020624
http://secunia.com/advisories/30500
http://secunia.com/advisories/30592
http://secunia.com/advisories/30967
XForce ISS Database: apache-tomcat-hostmanager-xss(42816)
http://xforce.iss.net/xforce/xfdb/42816
Common Vulnerability Exposure (CVE) ID: CVE-2008-2370
Bugtraq: 20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495022/100/0/threaded
http://marc.info/?l=apache-announce&m=124972618803216&w=2
http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3Cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3E
BugTraq ID: 30494
http://www.securityfocus.com/bid/30494
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5876
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10577
http://secunia.com/advisories/35393
http://secunia.com/advisories/36249
http://www.securitytracker.com/id?1020623
http://securityreason.com/securityalert/4099
http://www.vupen.com/english/advisories/2009/1535
http://www.vupen.com/english/advisories/2009/2215
XForce ISS Database: tomcat-requestdispatcher-info-disclosure(44156)
http://xforce.iss.net/xforce/xfdb/44156
Common Vulnerability Exposure (CVE) ID: CVE-2009-0520
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773
http://isc.sans.org/diary.html?storyid=5929
http://security.gentoo.org/glsa/glsa-200903-23.xml
RedHat Security Advisories: RHSA-2009:0332
http://rhn.redhat.com/errata/RHSA-2009-0332.html
RedHat Security Advisories: RHSA-2009:0334
http://rhn.redhat.com/errata/RHSA-2009-0334.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1
BugTraq ID: 33880
http://www.securityfocus.com/bid/33880
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6593
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:16057
http://securitytracker.com/id?1021750
http://secunia.com/advisories/34012
http://secunia.com/advisories/34293
http://secunia.com/advisories/34226
http://www.vupen.com/english/advisories/2009/0513
http://www.vupen.com/english/advisories/2009/0743
XForce ISS Database: flash-invalid-object-bo(48887)
http://xforce.iss.net/xforce/xfdb/48887
Common Vulnerability Exposure (CVE) ID: CVE-2008-4810
http://www.openwall.com/lists/oss-security/2008/10/25/2
http://securityvulns.ru/Udocument746.html
Debian Security Information: DSA-1691 (Google Search)
http://www.debian.org/security/2008/dsa-1691
BugTraq ID: 31862
http://www.securityfocus.com/bid/31862
http://secunia.com/advisories/32329
XForce ISS Database: smarty-expandquotedtext-code-execution(46031)
http://xforce.iss.net/xforce/xfdb/46031
Common Vulnerability Exposure (CVE) ID: CVE-2008-3663
Bugtraq: 20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496601/100/0/threaded
http://int21.de/cve/CVE-2008-3663-squirrelmail.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
SuSE Security Announcement: SUSE-SR:2008:028 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html
BugTraq ID: 31321
http://www.securityfocus.com/bid/31321
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10548
http://secunia.com/advisories/33937
http://securityreason.com/securityalert/4304
XForce ISS Database: squirrelmail-cookie-session-hijacking(45700)
http://xforce.iss.net/xforce/xfdb/45700
Common Vulnerability Exposure (CVE) ID: CVE-2007-5624
https://bugzilla.redhat.com/show_bug.cgi?id=362791
https://bugzilla.redhat.com/show_bug.cgi?id=362801
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00125.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00161.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:067
SuSE Security Announcement: SUSE-SR:2008:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
BugTraq ID: 26152
http://www.securityfocus.com/bid/26152
http://www.vupen.com/english/advisories/2007/3567
http://secunia.com/advisories/27316
http://secunia.com/advisories/27980
XForce ISS Database: nagios-cgi-xss(37350)
http://xforce.iss.net/xforce/xfdb/37350
Common Vulnerability Exposure (CVE) ID: CVE-2008-1360
BugTraq ID: 28250
http://www.securityfocus.com/bid/28250
http://www.vupen.com/english/advisories/2008/0900/references
http://secunia.com/advisories/29363
XForce ISS Database: nagios-unspecified-xss(41210)
http://xforce.iss.net/xforce/xfdb/41210
Common Vulnerability Exposure (CVE) ID: CVE-2007-5803
BugTraq ID: 29140
http://www.securityfocus.com/bid/29140
http://www.vupen.com/english/advisories/2008/1567/references
http://secunia.com/advisories/30202
http://secunia.com/advisories/30283
XForce ISS Database: nagios-cgi-unspecified-xss(42522)
http://xforce.iss.net/xforce/xfdb/42522
Common Vulnerability Exposure (CVE) ID: CVE-2009-0187
Bugtraq: 20090225 Secunia Research: Orbit Downloader Long URL Parsing Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501220/100/0/threaded
http://secunia.com/secunia_research/2009-9/
BugTraq ID: 33894
http://www.securityfocus.com/bid/33894
http://osvdb.org/52294
http://secunia.com/advisories/33843
http://www.vupen.com/english/advisories/2009/0521
XForce ISS Database: orbitdownloader-connecting-bo(48932)
http://xforce.iss.net/xforce/xfdb/48932
Common Vulnerability Exposure (CVE) ID: CVE-2007-3698
http://docs.info.apple.com/article.html?artnum=307177
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
http://dev2dev.bea.com/pub/advisory/249
Cisco Security Advisory: 20070725 Vulnerability in Java Secure Socket Extension
http://www.cisco.com/en/US/products/products_security_response09186a008088bd19.html
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
HPdes Security Advisory: HPSBMA02288
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450
HPdes Security Advisory: SSRT071465
http://www.redhat.com/support/errata/RHSA-2007-0818.html
http://www.redhat.com/support/errata/RHSA-2007-0956.html
http://www.redhat.com/support/errata/RHSA-2007-1086.html
http://www.redhat.com/support/errata/RHSA-2008-0132.html
http://www.redhat.com/support/errata/RHSA-2008-0100.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102997-1
SuSE Security Announcement: SUSE-SA:2008:025 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
BugTraq ID: 24846
http://www.securityfocus.com/bid/24846
http://osvdb.org/36663
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10634
http://www.vupen.com/english/advisories/2007/2495
http://www.vupen.com/english/advisories/2007/2660
http://www.vupen.com/english/advisories/2007/3009
http://www.vupen.com/english/advisories/2007/3861
http://www.vupen.com/english/advisories/2007/4224
http://www.securitytracker.com/id?1018357
http://secunia.com/advisories/26015
http://secunia.com/advisories/26221
http://secunia.com/advisories/26314
http://secunia.com/advisories/26631
http://secunia.com/advisories/26933
http://secunia.com/advisories/27203
http://secunia.com/advisories/26645
http://secunia.com/advisories/27635
http://secunia.com/advisories/27716
http://secunia.com/advisories/28056
http://secunia.com/advisories/28115
http://secunia.com/advisories/28777
http://secunia.com/advisories/28880
http://secunia.com/advisories/29340
http://secunia.com/advisories/29897
XForce ISS Database: sun-jsse-ssltls-dos(35333)
http://xforce.iss.net/xforce/xfdb/35333
Common Vulnerability Exposure (CVE) ID: CVE-2007-3922
http://dev2dev.bea.com/pub/advisory/248
http://www.redhat.com/support/errata/RHSA-2007-0829.html
http://www.redhat.com/support/errata/RHSA-2008-0133.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.486841
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1
SuSE Security Announcement: SUSE-SA:2007:056 (Google Search)
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html
BugTraq ID: 25054
http://www.securityfocus.com/bid/25054
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10387
http://www.vupen.com/english/advisories/2007/2573
http://www.securitytracker.com/id?1018428
http://secunia.com/advisories/26369
http://secunia.com/advisories/27266
http://secunia.com/advisories/30805
XForce ISS Database: sun-java-class-unauthorized-access(35491)
http://xforce.iss.net/xforce/xfdb/35491
Common Vulnerability Exposure (CVE) ID: CVE-2008-5263
Bugtraq: 20090225 Secunia Research: ksquirrel-libs Radiance RGBE Buffer Overflows (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501228/100/0/threaded
http://secunia.com/secunia_research/2008-63/
BugTraq ID: 33902
http://www.securityfocus.com/bid/33902
http://secunia.com/advisories/33469
http://www.vupen.com/english/advisories/2009/0528
XForce ISS Database: ksquirrellibs-rgbe-bo(48901)
http://xforce.iss.net/xforce/xfdb/48901
Common Vulnerability Exposure (CVE) ID: CVE-2009-0615
Cisco Security Advisory: 20090225 Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc84.shtml
BugTraq ID: 33903
http://www.securityfocus.com/bid/33903
http://www.securitytracker.com/id?1021770
Common Vulnerability Exposure (CVE) ID: CVE-2009-0616
http://www.securitytracker.com/id?1021771
Common Vulnerability Exposure (CVE) ID: CVE-2009-0617
Common Vulnerability Exposure (CVE) ID: CVE-2009-0618
http://www.securitytracker.com/id?1021772
Common Vulnerability Exposure (CVE) ID: CVE-2009-0620
Cisco Security Advisory: 20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml
BugTraq ID: 33900
http://www.securityfocus.com/bid/33900
Common Vulnerability Exposure (CVE) ID: CVE-2009-0621
Common Vulnerability Exposure (CVE) ID: CVE-2009-0622
Common Vulnerability Exposure (CVE) ID: CVE-2009-0623
Common Vulnerability Exposure (CVE) ID: CVE-2009-0624
http://www.securitytracker.com/id?1021769
Common Vulnerability Exposure (CVE) ID: CVE-2009-0625
Common Vulnerability Exposure (CVE) ID: CVE-2009-0490
http://www.milw0rm.com/exploits/7634
http://n2.nabble.com/Audacity-%22String_parse::get_nonspace_quoted()%22-Buffer-Overflow-td2139537.html
BugTraq ID: 33090
http://www.securityfocus.com/bid/33090
http://www.vupen.com/english/advisories/2009/0008
http://osvdb.org/51070
http://secunia.com/advisories/33356
Common Vulnerability Exposure (CVE) ID: CVE-2009-0614
Cisco Security Advisory: 20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml
BugTraq ID: 33901
http://www.securityfocus.com/bid/33901
XForce ISS Database: cisco-meetingplace-unauth-access(48888)
http://xforce.iss.net/xforce/xfdb/48888
Common Vulnerability Exposure (CVE) ID: CVE-2009-0542
Bugtraq: 20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500823/100/0/threaded
Bugtraq: 20090210 ProFTPd with mod_mysql Authentication Bypass Exploit (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500851/100/0/threaded
Bugtraq: 20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500833/100/0/threaded
Bugtraq: 20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500852/100/0/threaded
http://www.milw0rm.com/exploits/8037
http://www.openwall.com/lists/oss-security/2009/02/11/1
http://www.openwall.com/lists/oss-security/2009/02/11/5
http://www.openwall.com/lists/oss-security/2009/02/11/3
Debian Security Information: DSA-1730 (Google Search)
http://www.debian.org/security/2009/dsa-1730
http://security.gentoo.org/glsa/glsa-200903-27.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:061
http://secunia.com/advisories/34268
Common Vulnerability Exposure (CVE) ID: CVE-2009-0543
http://www.openwall.com/lists/oss-security/2009/02/11/4
Common Vulnerability Exposure (CVE) ID: CVE-2009-0478
Bugtraq: 20090204 Squid Proxy Cache Denial of Service in request handling (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500653/100/0/threaded
http://www.milw0rm.com/exploits/8021
http://security.gentoo.org/glsa/glsa-200903-38.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:034
BugTraq ID: 33604
http://www.securityfocus.com/bid/33604
http://www.securitytracker.com/id?1021684
http://secunia.com/advisories/33731
http://secunia.com/advisories/34467
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.