CVE-2008-2939 - (Medium) :
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache
2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and
earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards
in a pathname in an FTP URI.
Note: After some upstream versioning limbo, this is the official first release
of argus 3.0 considered to be an release-candidate. Bug fixes for this
version will make its way into the upcoming 3.0.1!
Note: After some upstream versioning limbo, this is the official first release
of argus 3.0 considered to be an release-candidate. Bug fixes for this
version will make its way into the upcoming 3.0.1!
CVE-2008-1720 (High) :
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might
allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-1276 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and
Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted
filename.
CVE-2007-3156 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and
Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid,
(2) message, or (3) question parameter. NOTE: some of these details are obtained from third
party information.
CVE-2007-5066 (High) :
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users
to execute arbitrary commands via a crafted URL.
CVE-2008-0720 (Medium) :
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320
allows remote attackers to inject arbitrary web script or HTML via the search parameter to
webmin_search.cgi (aka the search section), and possibly other components accessed through
a "search box" or "open file box." NOTE: some of these details are obtained from third party
information.
CVE-2008-0983 (Medium) :
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a
file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large
number of connections, which triggers an out-of-bounds access.
CVE-2008-1111 (Medium) :
mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a
fork failure occurs, which might allow remote attackers to obtain sensitive information.
CVE-2008-1270 (Medium) :
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME,
which might allow remote attackers to read arbitrary files, as demonstrated by accessing the
~nobody directory.
Instead of simply copying the 'ip_vs.h' header file we apply a patch that
assures the installation of a 'sanitized' version while building the
linux-header package.