The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Debian Woody

phpMyAdmin: Cross-Site framing and XSS
An attacker can display phpMyAdmin frame inside another page, and can generate a Cross Site Scripting in setup.php in order to run operations in the context on the connected victim...
BID-30420, CVE-2008-3456, CVE-2008-3457, DSA-1641-1, FEDORA-2008-6810, FEDORA-2008-6868, MDVSA-2008:202, PMASA-2008-6, SUSE-SR:2008:026, VIGILANCE-VUL-7976
DNS: cache poisoning
An attacker can predict DNS queries in order to poison the DNS client or cache (caching resolver)...
107064, 239392, 240048, 6702096, 7000912, 953230, BID-30131, c01506861, c01660723, CAU-EX-2008-0002, CAU-EX-2008-0003, CERTA-2002-AVI-189, CERTA-2002-AVI-200, cisco-sa-20080708-dns, CR102424, CR99135, CSCso81854, CVE-2008-1447, draft-ietf-dnsext-forgery-resilience-05, DSA-1544-2, DSA-1603-1, DSA-1604-1, DSA-1605-1, DSA-1617-1, DSA-1619-1, DSA-1619-2, DSA-1623-1, FEDORA-2008-6256, FEDORA-2008-6281, FEDORA-2009-1069, FreeBSD-SA-08:06.bind, HPSBMP02404, HPSBTU02358, HPSBUX02351, MDVSA-2008:139, MS08-037, NetBSD-SA2008-009, powerdns-advisory-2008-01, PSN-2008-06-040, RHSA-2008:0533-01, RHSA-2008:0789-01, SOL8938, SSA:2008-191-02, SSA:2008-205-01, SSRT080058, SSRT090014, SUSE-SA:2008:033, TA08-190B, TLSA-2008-26, VIGILANCE-VUL-7937, VMSA-2008-0014, VMSA-2008-0014.1, VMSA-2008-0014.2, VU#800113
phpMyAdmin: Cross-site Request Forgery of db, convchars and collation_connection
An attacker can create a Cross-site Request Forgery attack in phpMyAdmin...
CERTA-2008-AVI-383, CVE-2008-3197, DSA-1641-1, FEDORA-2008-6450, FEDORA-2008-6502, MDVSA-2008:202, SUSE-SR:2009:003, VIGILANCE-VUL-7952
Firefox/Seamonkey/Thunderbird: several vulnerabilities
Several vulnerabilities were announced in Firefox/Seamonkey/Thunderbird, the worst one leading to code execution...
256408, 440230, 441120, 441169, 441360, 5031400, 6786624, BID-30242, BID-30244, BID-30266, CERTA-2002-AVI-189, CERTA-2008-AVI-368, CERTA-2008-AVI-376, CVE-2008-2785, CVE-2008-2933, CVE-2008-2934, CVE-2008-3198, DSA-1614-1, DSA-1615-1, DSA-1621-1, DSA-1697-1, FEDORA-2008-6491, FEDORA-2008-6517, FEDORA-2008-6518, FEDORA-2008-6519, FEDORA-2008-6706, FEDORA-2008-6737, MDVSA-2008:148, MDVSA-2008:155, MDVSA-2008:155-1, MFSA 2008-34, MFSA 2008-35, MFSA 2008-36, RHSA-2008:0597-01, RHSA-2008:0598-02, RHSA-2008:0599-01, RHSA-2008:0616-01, SSA:2008-198-01, SSA:2008-198-02, SSA:2008-210-05, TLSA-2008-28, TLSA-2008-30, VIGILANCE-VUL-7948, VU#130923, ZDI-08-044
Linux kernel: memory corruption of sctp_getsockopt_local_addrs_old
A local attacker can create a SCTP socket in order to stop the system and possibly to execute code...
BID-29990, CERTA-2002-AVI-206, CVE-2008-2826, DSA-1630-1, MDVSA-2008:167, MDVSA-2008:174, RHSA-2008:0585-01, RHSA-2008:0849-5, SUSE-SA:2008:037, SUSE-SA:2008:052, VIGILANCE-VUL-7935
Linux kernel: denial of service via do_change_type
A local attacker can use do_change_type() to change parameters of a mount point...
454388, BID-30126, CERTA-2002-AVI-206, CVE-2008-2931, DSA-1630-1, RHSA-2008:0885-01, SUSE-SA:2008:035, SUSE-SA:2008:038, SUSE-SA:2008:048, SUSE-SA:2008:049, SUSE-SR:2008:025, VIGILANCE-VUL-7934
Linux kernel: denial of service of drivers
A local attacker can use vulnerabilities of several drivers in order to create a denial of service...
BID-30076, CERTA-2002-AVI-206, CVE-2008-2812, DSA-1630-1, RHSA-2008:0612-01, RHSA-2008:0665-01, RHSA-2008:0973-03, SUSE-SA:2008:035, SUSE-SA:2008:037, SUSE-SA:2008:038, SUSE-SA:2008:047, SUSE-SA:2008:048, SUSE-SA:2008:049, SUSE-SA:2008:052, SUSE-SR:2008:025, SUSE-SU-2011:0928-1, VIGILANCE-VUL-7928, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2
PCRE: buffer overflow via an option
When attacker can change the regular expression used by a program, he can corrupt its memory in order for example to execute code...
452079, BID-30087, c01905287, CERTA-2002-AVI-200, CVE-2008-2371, DSA-1602-1, FEDORA-2008-6025, FEDORA-2008-6048, FEDORA-2008-6110, FEDORA-2008-6111, HPSBUX02465, MDVSA-2008:147, SSA:2008-210-09, SSRT090192, SUSE-SR:2008:014, VIGILANCE-VUL-7926
Ruby: denial of service of rb_ary_fill
When a Ruby program uses the Array.fill() method with incorrect parameters, it stops...
453589, CERTA-2008-AVI-364, CVE-2008-2376, DSA-1612-1, DSA-1618-1, FEDORA-2008-6033, FEDORA-2008-6094, MDVSA-2008:140, MDVSA-2008:141, MDVSA-2008:142, RHSA-2008:0561-01, RHSA-2008:0562-01, VIGILANCE-VUL-7925
Thunderbird: several vulnerabilities
Several vulnerabilities were announced in Thunderbird, the worst one leading to code execution...
BID-30038, CERTA-2002-AVI-189, CERTA-2008-AVI-350, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811, DSA-1615-1, DSA-1621-1, FEDORA-2008-6706, FEDORA-2008-6737, MDVSA-2008:155, MDVSA-2008:155-1, MFSA 2008-21, MFSA 2008-24, MFSA 2008-25, MFSA 2008-26, MFSA 2008-29, MFSA 2008-31, MFSA 2008-33, RHSA-2008:0616-01, SSA:2008-210-05, TLSA-2008-30, VIGILANCE-VUL-7924, VU#607267
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Woody: