CVE-2008-0171 (Medium) :
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost
1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion
and crash) via an invalid regular expression.
CVE-2008-0172 (Medium) :
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka
Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of
service (NULL dereference and crash) via an invalid regular expression.
CVE-2008-1720 (High) :
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might
allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-1276 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and
Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted
filename.
CVE-2007-3156 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and
Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid,
(2) message, or (3) question parameter. NOTE: some of these details are obtained from third
party information.
CVE-2007-5066 (High) :
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users
to execute arbitrary commands via a crafted URL.
CVE-2008-0720 (Medium) :
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320
allows remote attackers to inject arbitrary web script or HTML via the search parameter to
webmin_search.cgi (aka the search section), and possibly other components accessed through
a "search box" or "open file box." NOTE: some of these details are obtained from third party
information.
CVE-2008-0564 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote
attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing
templates and (2) the list's "info attribute" in the web administrator interface, a different
vulnerability than CVE-2006-3636.
CVE-2007-6389 (Low) :
The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to
read the clipboard contents and X selection data for a locked session by using ctrl-V.
CVE-2008-0887 (Medium) :
gnome-screensaver before 2.22.1, when a remote authentication server is enabled, crashes
upon an unlock attempt during a network outage, which allows physically proximate attackers to
gain access to the locked session, a related issue to CVE-2007-1859.
Aldas Nabazas
Christian Wiese
Alejandro Mery
Nagy Karoly Gabriel