chromium/third_party/libxml/fuzz/seed_corpus/299d543a09f90c6aeeb787277cd870affd2a6645

<?xml version='1.0' encoding='UTF-8'?>
<nvd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://nvd.nist.gov/feeds/cve/1.2" nvd_xml_version="1.2" pub_date="2008-10-17" xsi:schemaLocation="http://nvd.nist.gov/feeds/cve/1.2 http://nvd.nist.gov/schema/nvdcve.xsd">
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4503" seq="2008-4503" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-11">
        <desc>
            <descript source="cve">The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking."</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45721">adobe-flash-click-hijacking(45721)</ref>
            <ref source="SECTRACK" url="http://www.securitytracker.com/id?1020996">1020996</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31625">31625</ref>
            <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2764">ADV-2008-2764</ref>
            <ref source="CONFIRM" url="http://www.adobe.com/support/security/advisories/apsa08-08.html" adv="1">http://www.adobe.com/support/security/advisories/apsa08-08.html</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32163" adv="1">32163</ref>
            <ref source="MISC" url="http://ha.ckers.org/blog/20081007/clickjacking-details/">http://ha.ckers.org/blog/20081007/clickjacking-details/</ref>
            <ref source="MISC" url="http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/">http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking/</ref>
        </refs>
        <vuln_soft>
            <prod vendor="adobe" name="flash_player">
                <vers num="7" />
                <vers num="7.0" />
                <vers num="7.0.1" />
                <vers num="7.0.25" />
                <vers edition="" num="7.0.63" />
                <vers edition=":linux" num="7.0.63" />
                <vers num="7.0.69.0" />
                <vers num="7.0.70.0" />
                <vers edition="" num="7.0_r67" />
                <vers edition=":solaris" num="7.0_r67" />
                <vers num="7.1" />
                <vers num="7.1.1" />
                <vers num="7.2" />
                <vers edition="" num="8" />
                <vers edition=":professional" num="8" />
                <vers edition=":pro" num="8" />
                <vers num="8.0" />
                <vers num="8.0.24.0" />
                <vers num="8.0.34.0" />
                <vers num="8.0.35.0" />
                <vers num="8.0.39.0" />
                <vers num="9" />
                <vers num="9.0.114.0" />
                <vers num="9.0.115.0" />
                <vers num="9.0.124.0" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-4504" seq="2008-4504" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-09">
        <desc>
            <descript source="cve">Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31627">31627</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/31933" adv="1">31933</ref>
        </refs>
        <vuln_soft>
            <prod vendor="herosoft" name="hero_dvd_player">
                <vers num="3.0.8" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4505" seq="2008-4505" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-09">
        <desc>
            <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. NOTE: due to lack of details from the vendor, it is not clear whether this is a vulnerability.</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45692">lotus-quickr-opendocument-dos(45692)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
            <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
            <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
        </refs>
        <vuln_soft>
            <prod vendor="ibm" name="lotus_quickr">
                <vers num="8.1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4506" seq="2008-4506" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-11">
        <desc>
            <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45694">lotus-quickr-placemanager-security-bypass(45694)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
            <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
            <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
        </refs>
        <vuln_soft>
            <prod vendor="ibm" name="lotus_quickr">
                <vers num="8.1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4507" seq="2008-4507" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
        <desc>
            <descript source="cve">Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45693">lotus-quickr-editor-security-bypass(45693)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31608">31608</ref>
            <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2753" adv="1">ADV-2008-2753</ref>
            <ref source="CONFIRM" url="http://www-01.ibm.com/support/docview.wss?uid=swg27013341">http://www-01.ibm.com/support/docview.wss?uid=swg27013341</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32098" adv="1">32098</ref>
        </refs>
        <vuln_soft>
            <prod vendor="ibm" name="lotus_quickr">
                <vers num="8.1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-4508" seq="2008-4508" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-09">
        <desc>
            <descript source="cve">Stack-based buffer overflow in the file parsing function in Tonec Internet Download Manager, possibly 5.14 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AppleDouble file containing a long string.  NOTE: this is probably a different vulnerability than CVE-2005-2210.</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45711">internetdownloadmanager-file-bo(45711)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31603">31603</ref>
            <ref source="MISC" url="http://downloads.securityfocus.com/vulnerabilities/exploits/31603.pl">http://downloads.securityfocus.com/vulnerabilities/exploits/31603.pl</ref>
        </refs>
        <vuln_soft>
            <prod vendor="tonec_inc." name="internet_download_manager">
                <vers num="5.14" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4509" seq="2008-4509" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-09">
        <desc>
            <descript source="cve">Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45683">fossgallery-multiple-file-upload(45683)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31574">31574</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6680">6680</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6674">6674</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6670">6670</ref>
        </refs>
        <vuln_soft>
            <prod vendor="foss_gallery" name="foss_gallery">
                <vers edition="beta" num="1.0" />
                <vers edition="beta:public" num="1.0" />
                <vers edition="beta:admin" num="1.0" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:L/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="4.9" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="6.9" name="CVE-2008-4510" seq="2008-4510" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.9" modified="2008-10-09">
        <desc>
            <descript source="cve">Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <local />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31570">31570</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6671">6671</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32115" adv="1">32115</ref>
        </refs>
        <vuln_soft>
            <prod vendor="microsoft" name="windows-nt">
                <vers edition="" num="vista" />
                <vers edition=":home_premium" num="vista" />
                <vers edition=":x64-home_premium" num="vista" />
                <vers edition=":x64-ultimate" num="vista" />
                <vers edition="sp1" num="vista" />
                <vers edition="sp1:x64-home_premium" num="vista" />
                <vers edition="sp1:ultimate" num="vista" />
                <vers edition="sp1:x64-ultimate" num="vista" />
                <vers edition="sp1:home_premium" num="vista" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4511" seq="2008-4511" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
        <desc>
            <descript source="cve">Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.</descript>
        </desc>
        <loss_types>
            <conf />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496787/100/0/threaded">20080927 ASP News Remote Password Disclouse Vulnerability</ref>
        </refs>
        <vuln_soft>
            <prod vendor="todd_woolums" name="asp_news_management">
                <vers num="2.21" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:N/A:N)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4512" seq="2008-4512" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
        <desc>
            <descript source="cve">ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.</descript>
        </desc>
        <loss_types>
            <conf />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496789/100/0/threaded">20080927 shoutbox Remote Password Disclouse Vulnerability</ref>
        </refs>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4513" seq="2008-4513" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-09">
        <desc>
            <descript source="cve">Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.</descript>
        </desc>
        <loss_types>
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45686">phorum-img-xss(45686)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31589">31589</ref>
            <ref source="CONFIRM" url="http://trac.phorum.org/changeset/3528">http://trac.phorum.org/changeset/3528</ref>
            <ref source="MISC" url="http://nulledcore.com/?p=126">http://nulledcore.com/?p=126</ref>
        </refs>
        <vuln_soft>
            <prod vendor="phorum" name="phorum">
                <vers num="5.2.8" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:P)" CVSS_base_score="5.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="2.9" name="CVE-2008-4514" seq="2008-4514" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="5.0" modified="2008-10-09">
        <desc>
            <descript source="cve">The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31605">31605</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6689">6689</ref>
        </refs>
        <vuln_soft>
            <prod vendor="konqueror" name="konqueror">
                <vers num="3.5.9" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4515" seq="2008-4515" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
        <desc>
            <descript source="cve">Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side JavaScript as a protection mechanism, which allows remote attackers to bypass authentication and access the (1) summary, (2) detail, (3) overrides, and (4) pwemail pages by disabling JavaScript.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45696">k9webprotection-multiple-auth-bypass(45696)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31584">31584</ref>
            <ref source="FULLDISC" url="http://seclists.org/fulldisclosure/2008/Oct/0070.html">20081004 Blue Coat K9 Web Protection V4.0.230 Beta Vulnerability</ref>
            <ref source="MISC" url="http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html">http://dicas3000.blogspot.com/2008/10/blue-coat-k9-web-protection-v40230-beta.html</ref>
        </refs>
        <vuln_soft>
            <prod vendor="blue_coat_systems" name="k9_web_protection">
                <vers edition="beta" num="4.0.230" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4516" seq="2008-4516" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
        <desc>
            <descript source="cve">SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45698">galerie-pic-sql-injection(45698)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31593">31593</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6675">6675</ref>
        </refs>
        <vuln_soft>
            <prod vendor="galerie" name="galerie">
                <vers num="3.2" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4517" seq="2008-4517" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-09">
        <desc>
            <descript source="cve">SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31585">31585</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6677">6677</ref>
        </refs>
        <vuln_soft>
            <prod vendor="geccbblite" name="geccbblite">
                <vers num="2.0" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4518" seq="2008-4518" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31582">31582</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6678">6678</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32126" adv="1">32126</ref>
        </refs>
        <vuln_soft>
            <prod vendor="fastpublish" name="fastpublish_cms">
                <vers num="1.9.9.9.9d" />
                <vers num="1.9999d" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4519" seq="2008-4519" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 d allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the target parameter to (1) index2.php and (2) index.php.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31582">31582</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6678">6678</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32126" adv="1">32126</ref>
        </refs>
        <vuln_soft>
            <prod vendor="fastpublish" name="fastpublish_cms">
                <vers num="1.9.9.9.9d" />
                <vers num="1.9999d" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4520" seq="2008-4520" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
        <desc>
            <descript source="cve">Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.</descript>
        </desc>
        <loss_types>
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31559">31559</ref>
            <ref source="CONFIRM" patch="1" url="http://sourceforge.net/project/shownotes.php?group_id=216367&amp;release_id=630124">http://sourceforge.net/project/shownotes.php?group_id=216367&amp;release_id=630124</ref>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45634">autonessus-bulkupdate-xss(45634)</ref>
            <ref source="MISC" url="http://sourceforge.net/tracker/index.php?func=detail&amp;aid=2141884&amp;group_id=216367&amp;atid=1037394" adv="1">http://sourceforge.net/tracker/index.php?func=detail&amp;aid=2141884&amp;group_id=216367&amp;atid=1037394</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32046" adv="1">32046</ref>
            <ref source="MISC" url="http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&amp;r2=1.3">http://autonessus.cvs.sourceforge.net/viewvc/autonessus/AutoNessus/www/bulk_update.pl?r1=1.2&amp;r2=1.3</ref>
        </refs>
        <vuln_soft>
            <prod vendor="autonessus" name="autonessus">
                <vers num="1.0" />
                <vers num="1.1" />
                <vers num="1.1.1" />
                <vers num="1.2" />
                <vers num="1.2.1" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4521" seq="2008-4521" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31579">31579</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6682">6682</ref>
        </refs>
        <vuln_soft>
            <prod vendor="php-fusion" name="world_of_warcraft_tracker_infusion_module">
                <vers num="2.0" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4522" seq="2008-4522" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio Search and Download Script allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the src parameter to (1) listen.php and (2) download.php.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31573">31573</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6669">6669</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32141" adv="1">32141</ref>
        </refs>
        <vuln_soft>
            <prod vendor="jesse-web" name="jmweb_mp3_music_audio_search_and_download_script">
                <vers num="" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4523" seq="2008-4523" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45641">ipreg-login-sql-injection(45641)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31561">31561</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6657">6657</ref>
        </refs>
        <vuln_soft>
            <prod vendor="ip_reg" name="ip_reg">
                <vers num="0.1" />
                <vers num="0.2" />
                <vers num="0.3" />
                <vers num="0.4" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4524" seq="2008-4524" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="CONFIRM" patch="1" url="http://www.adaptcms.com/article/51/News/URGENT-AdaptCMS-13-Security-Fix-Released/" adv="1">http://www.adaptcms.com/article/51/News/URGENT-AdaptCMS-13-Security-Fix-Released/</ref>
            <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32171" adv="1">32171</ref>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45642">adaptcmslite-checkuser-sql-injection(45642)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31557">31557</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6662">6662</ref>
        </refs>
        <vuln_soft>
            <prod vendor="adaptcms" name="adaptcms">
                <vers edition="unknown" num="1.3" />
                <vers edition="unknown:lite" num="1.3" />
                <vers edition="unknown:pro" num="1.3" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4525" seq="2008-4525" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31592">31592</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32168" adv="1">32168</ref>
            <ref source="MISC" url="http://packetstorm.linuxsecurity.com/0810-exploits/ampjuke-sql.txt">http://packetstorm.linuxsecurity.com/0810-exploits/ampjuke-sql.txt</ref>
        </refs>
        <vuln_soft>
            <prod vendor="ampjuke" name="ampjuke">
                <vers num="0.7.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4526" seq="2008-4526" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
        <desc>
            <descript source="cve">Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31566">31566</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6663">6663</ref>
        </refs>
        <vuln_soft>
            <prod vendor="customcms" name="ccms">
                <vers num="3.1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4527" seq="2008-4527" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action.  NOTE: some of these details are obtained from third party information.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31578">31578</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6683">6683</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32004" adv="1">32004</ref>
        </refs>
        <vuln_soft>
            <prod vendor="php-fusion" name="recepies_module">
                <vers num="1.1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4528" seq="2008-4528" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31571">31571</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6667">6667</ref>
        </refs>
        <vuln_soft>
            <prod vendor="phlatline" name="personal_information_manager">
                <vers num="1.01" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4529" seq="2008-4529" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-11">
        <desc>
            <descript source="cve">Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31601">31601</ref>
            <ref source="MILW0RM" url="http://www.milw0rm.com/exploits/6685">6685</ref>
        </refs>
        <vuln_soft>
            <prod vendor="asicms" name="asicms">
                <vers edition="alpha" num="0.208" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4530" seq="2008-4530" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
        <desc>
            <descript source="cve">Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.</descript>
        </desc>
        <loss_types>
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="CONFIRM" patch="1" url="http://drupal.org/node/315919" adv="1">http://drupal.org/node/315919</ref>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45636">brilliantgallery-unspecified-xss(45636)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31554">31554</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32106" adv="1">32106</ref>
        </refs>
        <vuln_soft>
            <prod vendor="drupal" name="brilliant_gallery">
                <vers num="5.x-1.0" />
                <vers num="5.x-1.1" />
                <vers num="5.x-1.2" />
                <vers num="5.x-2.1" />
                <vers num="5.x-2.10" />
                <vers num="5.x-2.11" />
                <vers num="5.x-2.12" />
                <vers num="5.x-2.13" />
                <vers num="5.x-2.14" />
                <vers num="5.x-2.15" />
                <vers num="5.x-2.16" />
                <vers num="5.x-2.17" />
                <vers num="5.x-2.2" />
                <vers num="5.x-2.3" />
                <vers num="5.x-2.4" />
                <vers num="5.x-2.5" />
                <vers num="5.x-2.6" />
                <vers num="5.x-2.7" />
                <vers num="5.x-2.8" />
                <vers num="5.x-2.9" />
                <vers num="5.x-3.0" />
                <vers num="5.x-3.1" />
                <vers num="5.x-3.2" />
                <vers num="5.x-3.3" />
                <vers num="5.x-4.0" />
                <vers num="5.x-4.1" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4531" seq="2008-4531" severity="High" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries.  NOTE: this might be the same issue as CVE-2008-4338.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="XF" patch="1" url="http://xforce.iss.net/xforce/xfdb/45637">brilliantgallery-unspecified-sql-injection(45637)</ref>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31554">31554</ref>
            <ref source="SECUNIA" patch="1" url="http://secunia.com/advisories/32106" adv="1">32106</ref>
            <ref source="CONFIRM" patch="1" url="http://drupal.org/node/315919">http://drupal.org/node/315919</ref>
        </refs>
        <vuln_soft>
            <prod vendor="drupal" name="brilliant_gallery">
                <vers num="5.x-1.0" />
                <vers num="5.x-1.1" />
                <vers num="5.x-1.2" />
                <vers num="5.x-2.1" />
                <vers num="5.x-2.10" />
                <vers num="5.x-2.11" />
                <vers num="5.x-2.12" />
                <vers num="5.x-2.13" />
                <vers num="5.x-2.14" />
                <vers num="5.x-2.15" />
                <vers num="5.x-2.16" />
                <vers num="5.x-2.17" />
                <vers num="5.x-2.2" />
                <vers num="5.x-2.3" />
                <vers num="5.x-2.4" />
                <vers num="5.x-2.5" />
                <vers num="5.x-2.6" />
                <vers num="5.x-2.7" />
                <vers num="5.x-2.8" />
                <vers num="5.x-2.9" />
                <vers num="5.x-3.0" />
                <vers num="5.x-3.1" />
                <vers num="5.x-3.2" />
                <vers num="5.x-3.3" />
                <vers num="5.x-4.0" />
                <vers num="5.x-4.1" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:N/I:P/A:N)" CVSS_base_score="4.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="2.9" name="CVE-2008-4532" seq="2008-4532" severity="Medium" type="CVE" published="2008-10-09" CVSS_version="2.0" CVSS_score="4.3" modified="2008-10-10">
        <desc>
            <descript source="cve">Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.</descript>
        </desc>
        <loss_types>
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="XF" url="http://xforce.iss.net/xforce/xfdb/45657">websitedirectory-index-xss(45657)</ref>
            <ref source="BID" url="http://www.securityfocus.com/bid/31562">31562</ref>
            <ref source="BUGTRAQ" url="http://www.securityfocus.com/archive/1/archive/1/496967/100/0/threaded">20081003 Website Directory - XSS Exploit</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32176" adv="1">32176</ref>
        </refs>
        <vuln_soft>
            <prod vendor="maxiscript" name="website_directory">
                <vers num="" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-3432" seq="2008-3432" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-10">
        <desc>
            <descript source="cve">Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" patch="1" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
            <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/08/01/1">[oss-security] 20080731 Re: Re: More arbitrary code executions in Netrw</ref>
            <ref source="MLIST" url="http://www.openwall.com/lists/oss-security/2008/07/15/4">[oss-security] 20080715 Re: Re: More arbitrary code executions in Netrw</ref>
            <ref source="CONFIRM" url="ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059">ftp://ftp.vim.org/pub/vim/patches/6.3/6.3.059</ref>
            <ref source="CONFIRM" url="ftp://ftp.vim.org/pub/vim/patches/6.2.429">ftp://ftp.vim.org/pub/vim/patches/6.2.429</ref>
        </refs>
        <vuln_soft>
            <prod vendor="vim" name="vim">
                <vers num="6.2" />
                <vers num="6.3" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-3641" seq="2008-3641" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-15">
        <desc>
            <descript source="cve">The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="CONFIRM" patch="1" url="http://cups.org/articles.php?L575" adv="1">http://www.cups.org/articles.php?L575</ref>
            <ref source="REDHAT" url="http://www.redhat.com/support/errata/RHSA-2008-0937.html">RHSA-2008:0937</ref>
            <ref source="MANDRIVA" url="http://www.mandriva.com/security/advisories?name=MDVSA-2008:211">MDVSA-2008:211</ref>
            <ref source="FRSIRT" url="http://www.frsirt.com/english/advisories/2008/2782">ADV-2008-2782</ref>
            <ref source="CONFIRM" url="http://www.cups.org/str.php?L2911">http://www.cups.org/str.php?L2911</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32226">32226</ref>
            <ref source="SECUNIA" url="http://secunia.com/advisories/32084">32084</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="cups">
                <vers num="1.1" />
                <vers num="1.1.1" />
                <vers num="1.1.10" />
                <vers num="1.1.10-1" />
                <vers num="1.1.11" />
                <vers num="1.1.12" />
                <vers num="1.1.13" />
                <vers num="1.1.14" />
                <vers num="1.1.15" />
                <vers num="1.1.16" />
                <vers num="1.1.17" />
                <vers num="1.1.18" />
                <vers edition="rc1" num="1.1.19" />
                <vers edition="rc2" num="1.1.19" />
                <vers edition="rc3" num="1.1.19" />
                <vers edition="rc4" num="1.1.19" />
                <vers edition="rc5" num="1.1.19" />
                <vers num="1.1.2" />
                <vers edition="rc1" num="1.1.20" />
                <vers edition="rc2" num="1.1.20" />
                <vers edition="rc3" num="1.1.20" />
                <vers edition="rc4" num="1.1.20" />
                <vers edition="rc5" num="1.1.20" />
                <vers edition="rc6" num="1.1.20" />
                <vers edition="rc1" num="1.1.21" />
                <vers edition="rc2" num="1.1.21" />
                <vers edition="rc1" num="1.1.22" />
                <vers edition="rc2" num="1.1.22" />
                <vers edition="rc1" num="1.1.23" />
                <vers num="1.1.3" />
                <vers num="1.1.4" />
                <vers num="1.1.5" />
                <vers num="1.1.5-1" />
                <vers num="1.1.5-2" />
                <vers num="1.1.6" />
                <vers num="1.1.6-1" />
                <vers num="1.1.6-2" />
                <vers num="1.1.6-3" />
                <vers num="1.1.7" />
                <vers num="1.1.8" />
                <vers num="1.1.9" />
                <vers num="1.1.9-1" />
                <vers edition="b1" num="1.2" />
                <vers edition="b2" num="1.2" />
                <vers edition="rc1" num="1.2" />
                <vers edition="rc2" num="1.2" />
                <vers edition="rc3" num="1.2" />
                <vers num="1.2.0" />
                <vers num="1.2.1" />
                <vers num="1.2.10" />
                <vers num="1.2.11" />
                <vers num="1.2.12" />
                <vers num="1.2.2" />
                <vers num="1.2.3" />
                <vers num="1.2.4" />
                <vers num="1.2.5" />
                <vers num="1.2.6" />
                <vers num="1.2.7" />
                <vers num="1.2.8" />
                <vers num="1.2.9" />
                <vers edition="b1" num="1.3" />
                <vers edition="rc1" num="1.3" />
                <vers edition="rc2" num="1.3" />
                <vers num="1.3.0" />
                <vers num="1.3.1" />
                <vers num="1.3.2" />
                <vers num="1.3.3" />
                <vers num="1.3.4" />
                <vers num="1.3.5" />
                <vers num="1.3.6" />
                <vers num="1.3.7" />
                <vers num="1.3.8" prev="1" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3642" seq="2008-3642" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-10">
        <desc>
            <descript source="cve">Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:N/I:N/A:C)" CVSS_base_score="7.8" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.9" name="CVE-2008-3643" seq="2008-3643" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.8" modified="2008-10-10">
        <desc>
            <descript source="cve">Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."</descript>
        </desc>
        <loss_types>
            <avail />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:L/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="7.2" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="10.0" name="CVE-2008-3645" seq="2008-3645" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.2" modified="2008-10-10">
        <desc>
            <descript source="cve">Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <local />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:P/I:P/A:P)" CVSS_base_score="6.8" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="6.4" name="CVE-2008-3646" seq="2008-3646" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.8" modified="2008-10-10">
        <desc>
            <descript source="cve">The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="9.3" CVSS_exploit_subscore="8.6" CVSS_impact_subscore="10.0" name="CVE-2008-3647" seq="2008-3647" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="9.3" modified="2008-10-10">
        <desc>
            <descript source="cve">Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <network />
            <user_init />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4211" seq="2008-4211" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
        <desc>
            <descript source="cve">Integer signedness error in QuickLook in Mac OS X 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:C/I:C/A:C)" CVSS_base_score="10.0" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="10.0" name="CVE-2008-4212" seq="2008-4212" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="10.0" modified="2008-10-10">
        <desc>
            <descript source="cve">Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:L/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="4.6" CVSS_exploit_subscore="3.9" CVSS_impact_subscore="6.4" name="CVE-2008-4214" seq="2008-4214" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="4.6" modified="2008-10-10">
        <desc>
            <descript source="cve">Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
        </loss_types>
        <range>
            <local />
        </range>
        <refs>
            <ref source="BID" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
                <vers num="10.5.5" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:N/AC:L/Au:N/C:P/I:P/A:P)" CVSS_base_score="7.5" CVSS_exploit_subscore="10.0" CVSS_impact_subscore="6.4" name="CVE-2008-4215" seq="2008-4215" severity="High" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="7.5" modified="2008-10-10">
        <desc>
            <descript source="cve">Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot other="1" />
        </loss_types>
        <range>
            <network />
        </range>
        <refs>
            <ref source="BID" patch="1" url="http://www.securityfocus.com/bid/31681">31681</ref>
            <ref source="APPLE" url="http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" adv="1">APPLE-SA-2008-10-09</ref>
        </refs>
        <vuln_soft>
            <prod vendor="apple" name="mac_os_x_server">
                <vers num="10.4.11" />
            </prod>
        </vuln_soft>
    </entry>
    <entry CVSS_vector="(AV:L/AC:M/Au:N/C:C/I:C/A:C)" CVSS_base_score="6.9" CVSS_exploit_subscore="3.4" CVSS_impact_subscore="10.0" name="CVE-2008-4394" seq="2008-4394" severity="Medium" type="CVE" published="2008-10-10" CVSS_version="2.0" CVSS_score="6.9" modified="2008-10-10">
        <desc>
            <descript source="cve">Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.</descript>
        </desc>
        <loss_types>
            <avail />
            <conf />
            <int />
            <sec_prot admin="1" />
        </loss_types>
        <range>
            <local />
            <user_init />
        </range>
        <refs>
            <re