JVN Info.

Id
50295  
Name
JVNDB-2008-005605  
Title
RunCMS の Section モジュールにおける SQL インジェクションの脆弱性  
Summary
RunCMS の sections (Section) モジュールには、SQL インジェクションの脆弱性が存在します。  
Nvdinfo
CVE-2008-1462  
Cvssv2
6.8  
Jvnurl
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-005605.html  
Published Date
2008-03-24  
Registered Date
2012-12-20  
Last Updated Date
2012-12-20  

Actions

Related Nessuslogs

Id Log ID Jvninfo Id Plugin ID CVE CVSS Risk Host Protocol Port Name Synopsis Description Solution See Also Plugin Output Actions
51597 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50295 89678 CVE-2009-3080 9.3 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. https://www.vmware.com/security/advisories/VMSA-2011-0009 http://lists.vmware.com/pipermail/security-announce/2011/000158.html Version : ESX 4.0 Installed build : 208167 Fixed build : 392990
51852 H28_MUN_DWEB_Q4_172_16_240_seg.csv 50295 89740 CVE-2009-3080 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 or ESXi version 3.5 / 4.0. https://www.vmware.com/security/advisories/VMSA-2010-0009 http://lists.vmware.com/pipermail/security-announce/2010/000099.html Version : ESX 4.0 Installed build : 208167 Fixed build : 256968
57178 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50295 89678 CVE-2009-3080 9.3 High 172.16.240.115 tcp 443 VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Linux Kernel in the do_anonymous_page() function due to improper separation of the stack and the heap. An attacker can exploit this to execute arbitrary code. (CVE-2010-2240) - A packet filter bypass exists in the Linux Kernel e1000 driver due to processing trailing payload data as a complete frame. A remote attacker can exploit this to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536) - A use-after-free error exists in the Linux Kernel when IPV6_RECVPKTINFO is set on a listening socket. A remote attacker can exploit this, via a SYN packet while the socket is in a listening (TCP_LISTEN) state, to cause a kernel panic, resulting in a denial of service condition. (CVE-2010-1188) - An array index error exists in the Linux Kernel in the gdth_read_event() function. A local attacker can exploit this, via a negative event index in an IOCTL request, to cause a denial of service condition. (CVE-2009-3080) - A race condition exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to gain privileges by mounting a filesystem on top of an arbitrary directory. (CVE-2011-1787) - A flaw exists in the VMware Host Guest File System (HGFS) that allows a Solaris or FreeBSD guest operating system user to modify arbitrary guest operating system files. (CVE-2011-2145) - A flaw exists in the VMware Host Guest File System (HGFS) that allows guest operating system users to disclose host operating system files and directories. (CVE-2011-2146) - A flaw exists in the bundled Tom Sawyer GET Extension Factory that allows a remote attacker to cause a denial of service condition or the execution of arbitrary code via a crafted HTML document. (CVE-2011-2217) Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1 / 5.0. https://www.vmware.com/security/advisories/VMSA-2011-0009 http://lists.vmware.com/pipermail/security-announce/2011/000158.html Version : ESX 4.0 Installed build : 208167 Fixed build : 392990
57433 H28_DWEB_NW_Scan_Q1_172_16_240_Seg_20160518_hepxqa.csv 50295 89740 CVE-2009-3080 10 Critical 172.16.240.115 tcp 443 VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) The remote VMware ESX / ESXi host is missing a security-related patch. The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd Apply the appropriate patch according to the vendor advisory that pertains to ESX version 3.5 / 4.0 or ESXi version 3.5 / 4.0. https://www.vmware.com/security/advisories/VMSA-2010-0009 http://lists.vmware.com/pipermail/security-announce/2010/000099.html Version : ESX 4.0 Installed build : 208167 Fixed build : 256968