Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2009-02-13 CVE-2008-6124 SQL Injection vulnerability in multiple products
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
network
low complexity
moodle debian CWE-89
7.5
2009-01-22 CVE-2009-0255 Use of Insufficiently Random Values vulnerability in multiple products
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
network
low complexity
typo3 debian CWE-330
7.5
2008-12-09 CVE-2008-5394 Link Following vulnerability in Debian Shadow 4.0.18.1
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
local
low complexity
debian CWE-59
7.2
2008-11-21 CVE-2008-5183 NULL Pointer Dereference vulnerability in multiple products
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference.
network
low complexity
apple opensuse debian CWE-476
7.5
2008-11-13 CVE-2008-5024 XML Injection (Aka Blind Xpath Injection) vulnerability in multiple products
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
network
low complexity
mozilla debian canonical CWE-91
7.5
2008-11-13 CVE-2008-5023 Improper Input Validation vulnerability in multiple products
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
network
low complexity
mozilla debian canonical CWE-20
7.5
2008-11-13 CVE-2008-5022 Improper Authentication vulnerability in multiple products
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
network
low complexity
mozilla debian canonical CWE-287
7.5
2008-10-15 CVE-2008-4553 Link Following vulnerability in Qemu 0.9.15
qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.
local
low complexity
qemu debian CWE-59
7.2
2008-10-03 CVE-2008-4440 Link Following vulnerability in Debian Feta
The to-upgrade plugin in feta 1.4.16 allows local users to overwrite arbitrary files via a symlink on the (1) /tmp/feta.install.$USER and (2) /tmp/feta.avail.$USER temporary files.
local
low complexity
debian CWE-59
7.2
2008-10-03 CVE-2008-4406 Link Following vulnerability in Debian Xsabre 0.2.4B
A certain Debian patch to the run scripts for sabre (aka xsabre) 0.2.4b allows local users to delete or overwrite arbitrary files via a symlink attack on unspecified .tmp files.
local
low complexity
debian CWE-59
7.2