Affected Platforms: Windows
CVE-2008-5304
The URLPARAM variable of TWiki is not checked completely against malicious input and open to XSS attacks (cve:CVE-2008-5304 ).
- Affected Application: TWiki
- Affected Platforms: Generic
CVE-2008-2940 CVE-2008-2941
Several flaws were discovered in hplip, the first one allowed a local attacker to elevate privileges by using specially-crafted packets to trigger alert mails sent by the root account .The second one was discovered in the hpssd message parser, sending special malformed packets, a local attacker was able to cause a denial of service of the hpssd process (cve:CVE-2008-2940 and cve:CVE-2008-2941 ).
- Affected Application: hplip
- Affected Platforms: Linux
CVE-2008-2370
The process deployment web service in Apache ODE was sensible to deployment messages with forged names. By using a directory traversal path name it was possible for a remote attacker to write files under unwanted locations (like a new WAR under a webapp deployment directory), or overwrite other files or their deletion (cve:CVE-2008-2370 ).
- Affected Application: Apache ODE up to 1.3.2
- Affected Platforms: Generic