Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 11
March 13, 2008

SANS Newsletters Home

Microsoft Office products (3) Cisco User Changeable Password (1) and McAfee ePolicy Orchestrator (1) products had critical new vulnerabilities reported this week. The most enticing story aspect of this week's report is that all of the monthly Microsoft vulnerabilities are in Office products like Excel. That doesn't mean they are writing worse code; it means the really bad guys are using fuzzing tools to find zero day vulnerabilities in Word and Excel that they can use to penetrate organizations with otherwise very good security.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 10 (#1, #2, #3, #6)
    • Other Microsoft Products
    • 3
    • Third Party Windows Apps
    • 11 (#4, #5, #8, #10)
    • Linux
    • 4
    • Solaris
    • 2
    • Aix
    • 1
    • Unix
    • 1
    • Cross Platform
    • 17 (#7, #9)
    • Web Application - Cross Site Scripting
    • 18
    • Web Application - SQL Injection
    • 18
    • Web Application
    • 17
    • Network Device
    • 2

**************************** Sponsored By SANS **************************

Are you a penetration tester who wants to learn about the latest testing procedures and tools to improve your skills? Come to the Penetration Testing and Ethical Hacking Summit to hear experts discuss policy, process and technical aspects of testing. June 2-3, Las Vegas. http://www.sans.org/info/25688

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) CRITICAL: Microsoft Office Multiple Vulnerabilities (MS08-016)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office Excel Viewer
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Office contains a flaw in its handling of Microsoft Excel and Office files. A specially crafted file could trigger one of two memory corruption vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, documents are not opened upon receipt without user interaction. Some technical details are publicly available for these vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (4) CRITICAL: Cisco User Changeable Password Multiple Vulnerabilities
  • Affected:
    • Cisco User Changeable Password versions prior to 4.2

  • Description: Cisco User Changeable Password is a Cisco utility to provide password and other authentication credential updates via a web-based interface. It contains multiple buffer overflow vulnerabilities in its handling of user input. A specially crafted request would allow an unauthenticated attacker to exploit one of these buffer overflows. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that this may afford the attacker access to an authentication database, potentially leading to further exploitation. Note that full technical details and a proof-of-concept are publicly available for this vulnerability. An additional cross-site-scripting vulnerability was also discovered in this product.

  • Status: Cisco confirmed, updates available.

  • References:
  • (6) HIGH: Microsoft Office Web Components Multiple Vulnerabilities (MS08-017)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Visual Studio .NET 2002
    • Microsoft Visual Studio .NET 2003
    • Microsoft BizTalk Server 2000
    • Microsoft BizTalk Server 2002
    • Microsoft Commerce Server 2000
    • Microsoft Internet Security and Acceleration Server 2000

  • Description: The Microsoft Office Web Components are a collection of ActiveX controls used for manipulating office documents. They contain several flaws in their handling of method calls. A specially crafted web page that instantiated one of these components could trigger a memory corruption vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user.

  • Status: Microsoft confirmed, updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "killbit" mechanism for CLSIDs "0002E533-0000-0000-C000-000000000046", "0002E530-0000-0000-C000-000000000046", "0002E510-0000-0000-C000-000000000046", and "0002E511-0000-0000-C000-000000000046".

  • References:
  • (7) HIGH: SAP MaxDB Multiple Vulnerabilities
  • Affected:
    • SAP MaxDB versions 7.6.0.37 and prior

  • Description: MaxDB is an enterprise database system from SAP. It contains multiple flaws in its handling of user requests. A specially crafted user request could trigger one of several memory corruption vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that some versions of MaxDB are open source, and these versions are presumed vulnerable. Therefore, technical details for these vulnerabilities are publicly available via source code analysis.

  • Status: SAP confirmed, updates available. Users can mitigate the impact of these vulnerabilities by blocking access to TCP port 7210.

  • References:
  • (8) HIGH: RealPlayer ActiveX Control Memory Corruption
  • Affected:
    • RealPlayer versions 11.x and prior

  • Description: RealPlayer provides some of its functionality on Microsoft Windows via an ActiveX control. This control contains a flaw in its handling of its "Console" property. A specially crafted web page that instantiates this control could trigger this flaw, leading to memory corruption. Successfully exploiting this corruption would allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details are publicly available for this vulnerability, as is a proof-of-concept.

  • Status: Real has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control using Microsoft's "killbit" mechanism using CLSIDs "2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" and "CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA".

  • References:
  • (9) MODERATE Adobe Form Designer and Form Client Multiple Vulnerabilities
  • Affected:
    • Adobe Form Designer versions 5.0 and prior
    • Adobe Form Client versions 5.0 and prior

  • Description: Adobe Form Designer is a tool allowing developers to deploy forms as HTML or PDF documents. The Adobe Form Client is used to view this documents. A specially crafted form file could trigger one of multiple vulnerabilities in the affected application. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. No technical details are publicly available for these vulnerabilities.

  • Status: Adobe confirmed, updates available.

  • References:
  • (10) LOW: Timbuktu Pro Directory Traversal Vulnerability
  • Affected:
    • Timbuktu Pro versions 8.6.5 and prior

  • Description: Timbuktu Pro is a remote computer management product. It contains a flaw in its handling of files uploaded to a remotely managed computer. A specially crafted upload request could trigger a directory traversal vulnerability, allowing the attacker to place a file in any location on the system. A proof-of-concept for this vulnerability is available. Note that this vulnerability does not allow already-existing files to be overwritten or replaced. Authentication may be required to exploit this vulnerability; this is unconfirmed.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 11, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.11.1 - CVE: CVE-2008-0111
  • Platform: Microsoft Office
  • Title: Microsoft Excel Data Validation Record Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to perform sufficient validation of data when loading Excel files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.2 - CVE: CVE-2008-0112
  • Platform: Microsoft Office
  • Title: Microsoft Excel Import Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to perform sufficient validation when importing files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.3 - CVE: CVE-2006-4695
  • Platform: Microsoft Office
  • Title: Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution
  • Description: Microsoft Office Components is a collection of Component Object Model (COM) controls for publishing and viewing spreadsheets, charts, and databases on websites. The software is exposed to a remote code execution issue when parsing a specially crafted execution command.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
  • 08.11.4 - CVE: CVE-2007-1201
  • Platform: Microsoft Office
  • Title: Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution
  • Description: Microsoft Office Component is a collection of Component Object Model (COM) controls for publishing and viewing spreadsheets, charts, and databases on websites. The application is exposed to a remote code execution issue when handling a specially crafted execution command.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
  • 08.11.5 - CVE: CVE-2008-0118
  • Platform: Microsoft Office
  • Title: Microsoft Office File Memory Corruption
  • Description: Microsoft Office is exposed to a remote memory corruption issue because of an improper calculation of values used to allocate memory when Office files are opened. This may lead to an exploitable memory corruption issue.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-016.mspx
  • 08.11.6 - CVE: CVE-2008-0110
  • Platform: Microsoft Office
  • Title: Microsoft Outlook Mailto URI Remote Code Execution
  • Description: Microsoft Outlook is exposed to a remote code execution issue because it fails to adequately validate user-supplied data. This issue occurs when users with the affected application installed visit malicious sites containing "mailto:" URIs. When specially crafted "mailto:" URIs are passed to Outlook, memory corruption may occur in a manner that allows attackers to execute arbitrary code.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-015.mspx
  • 08.11.7 - CVE: CVE-2008-0114
  • Platform: Microsoft Office
  • Title: Microsoft Excel Style Record Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to adequately validate "Style" record information.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.8 - CVE: CVE-2008-0115
  • Platform: Microsoft Office
  • Title: Microsoft Excel Formula Parsing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to adequately parse specially crafted formulas.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.9 - CVE: CVE-2008-0116
  • Platform: Microsoft Office
  • Title: Microsoft Excel Rich Text Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to adequately validate user-supplied Rich Text Format (RTF) data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.10 - CVE: CVE-2008-0117
  • Platform: Microsoft Office
  • Title: Microsoft Excel Conditional Formatting Values Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to adequately validate conditional format values.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
  • 08.11.11 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification of four security bulletins being released on March 11, 2008. The highest severity rating for these issues is "Critical".
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
  • 08.11.12 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Combined JavaScript and XML Remote Information Disclosure
  • Description: Microsoft Internet Explorer is exposed to a remote information disclosure issue because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer.
  • Ref: http://www.0x000000.com/index.php?i=525&bin=1000001101
  • 08.11.13 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer FTP Cross-Site Command Injection
  • Description: Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system that also supports File Transfer Protocol (FTP) client functionality. The application is exposed to an issue that occurs because the application fails to adequately sanitize user-supplied data. Internet Explorer versions 5 and 6 are affected.
  • Ref: http://www.rapid7.com/advisories/R7-0032.jsp
  • 08.11.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ICQ Toolbar "toolbaru.dll" ActiveX Control "GetPropertyById" Remote Denial of Service
  • Description: ICQ Toolbar is a set of addons for Microsoft Internet Explorer. The application is exposed to a denial of service issue because it fails to perform adequate boundary checks on user-supplied data. ICQ Toolbar version 2.3 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.11.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MicroWorld eScan Server Directory Traversal
  • Description: MicroWorld eScan Server contains a read-only FTP server that is used as part of the eScan Management Console application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. MicroWorld eScan Server version 9.0.742.98 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489228
  • 08.11.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: B21Soft BFup ActiveX Control "FilePath" Remote Buffer Overflow
  • Description: B21Soft BFup ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs when an excessive amount of data is passed to the "FilePath" property of the ActiveX control. B21Soft BFup versions 1.0.308.19 and earlier are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.11.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
  • Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. The application is exposed to multiple remote issues in the IMAP service. MailEnable version 3.13 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489270
  • 08.11.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable SMTP EXPN/VRFY Commands Denial of Service
  • Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. The application is exposed to a remote denial of service issue. This issue arises in the SMTP server when processing "EXPN" and "VRFY" commands and may result in a crash of the affected service.
  • Ref: http://www.securityfocus.com/bid/28154
  • 08.11.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Real Networks RealPlayer "rmoc3260.dll" ActiveX Control Memory Corruption
  • Description: Real Networks RealPlayer is an application that allows users to play various media formats. The application is exposed to a memory corruption issue. Real Networks RealPlayer version 11 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.11.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Server Agents "AClient.exe" Privilege Escalation
  • Description: Symantec Altiris Deployment Server Agents provide core components used by each Altiris solution and support the entire Altiris Infrastructure. The application is exposed to shatter attacks that can result in an escalation of privileges.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.03.10.html
  • 08.11.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer Overflow
  • Description: Kingsoft Antivirus Online Update Module ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.11.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
  • Description: Acronis Snap Deploy is a software deployment application available for Microsoft Windows. The application is exposed to multiple remote issues.
  • Ref: http://aluigi.altervista.org/adv/acropxe-adv.txt
  • 08.11.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service
  • Description: PacketTrap pt360 Tool Suite PRO is an application for managing networks. The TFTP server is a component of the suite. The application is exposed to a remote denial of service issue. PacketTrap pt360 Tool Suite PRO TFTP server version 2.0.3901.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489355
  • 08.11.24 - CVE: CVE-2007-6253
  • Platform: Third Party Windows Apps
  • Title: Adobe Form Designer and Adobe Form Client Multiple Input Validation Vulnerabilities
  • Description: Adobe Form Designer and Adobe Form Client are exposed to multiple input validation issues because they fail to adequately sanitize user-supplied input data.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-09.html
  • 08.11.25 - CVE: Not Available
  • Platform: Linux
  • Title: Panda Internet Security/Antivirus+Firewall 2008 CPoint.sys Memory Corruption
  • Description: Panda Internet Security/Antivirus+Firewall 2008 is exposed to a local kernel memory corruption issue due to insufficient validation of IOCTL requests.
  • Ref: http://www.trapkit.de/advisories/TKADV2008-001.txt
  • 08.11.26 - CVE: CVE-2008-1099
  • Platform: Linux
  • Title: MoinMoin Macro Code Information Disclosure
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for UNIX and Linux platforms. The application is exposed to an information disclosure issue.
  • Ref: http://www.securityfocus.com/bid/28178
  • 08.11.27 - CVE: Not Available
  • Platform: Linux
  • Title: Dovecot Tab Character Password Check Security Bypass
  • Description: Dovecot is a mail-server application for Linux and UNIX-like operating systems. The application is exposed to a security bypass issue because it fails to adequately sanitize user-supplied input. Dovecot versions prior to 1.0.13 and 1.1.rc3 are affected.
  • Ref: http://dovecot.org/list/dovecot-news/2008-March/000064.html
  • 08.11.28 - CVE: Not Available
  • Platform: Linux
  • Title: IBM AIX Multiple Kernel and Command Privilege Escalation Vulnerabilities
  • Description: IBM AIX is exposed to multiple privilege escalation issues. IBM AIX versions 5.2, 5.3 and 6.1 are affected. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154
  • 08.11.29 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 "ipsecah(7P)" Kernel Module Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to a denial of service issue because of an unspecified error that affects the "ipsecah(7P)" kernel module. Solaris 10 for SPARC and x86 architectures is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233761-1
  • 08.11.30 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 Inter-Process Communication (IPC) Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. Solaris is exposed to a denial of service issue because of an unspecified error that affects the Inter-Process Communication (IPC) message queue sub-system. This issue allows local unprivileged attackers to block all input/output operations on a message queue. Solaris 10 for SPARC and x86 architectures is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231403-1
  • 08.11.31 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "man" Local Privilege Escalation
  • Description: IBM AIX is exposed to a local privilege escalation issue because it fails to specify full paths to executables. Specifically, the "man" utility fails to specify the full path to executables that it calls.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ17177
  • 08.11.32 - CVE: Not Available
  • Platform: Unix
  • Title: SynCE "vdccm" Daemon Remote Unspecified Denial of Service
  • Description: SynCE is an open-source project that provides tools to communicate between Microsoft Windows CE or Pocket PC devices and computers running Linux/UNIX. The application is exposed to a denial of service issue. SynCE "vdccm" Daemon versions prior to 0.10.1 are affected.
  • Ref: http://sourceforge.net/forum/forum.php?forum_id=766440
  • 08.11.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perforce Server Multiple Remote Denial of Service Vulnerabilities
  • Description: Perforce Server is a file repository application. The application is exposed to multiple remote denial of service issues. Perforce Server version 2007.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489179
  • 08.11.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Interstage Smart Repository Multiple Unspecified Denial of Service Vulnerabilities
  • Description: Fujitsu Interstage Smart Repository is exposed to two denial of service issues. One issue occurs when the application handles an incorrect request. The other issue occurs because of the way the application handles large data that is sent to the attribute value registered in it. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html
  • 08.11.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Programmer's Notepad "ctags" Buffer Overflow
  • Description: Programmer's Notepad is an open-source text editor. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when processing malformed "ctags". Programmer's Notepad version 2.0.6.1 is affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=581499&group_id=45545
  • 08.11.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
  • Description: The Ruby programming language comes standard with the WEBrick web server package. It can be used as a component of larger programs to enable web server functionality. It is exposed to remote directory traversal and information disclosure issues.
  • Ref: http://www.securityfocus.com/archive/1/489205
  • 08.11.37 - CVE: CVE-2008-1193
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Image Parsing Heap Buffer Overflow
  • Description: Sun Java Runtime Environment is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability is due to an integer overflow that occurs in the "SpCurveToPublic()" function.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0186.html
  • 08.11.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Rational ClearQuest Information Disclosure Weakness
  • Description: IBM Rational ClearQuest is an application for managing software projects. The application is exposed to an information disclosure issue due to a design error. Specifically, the application produces different error messages for unsuccessful login attempts depending on whether the attempt was performed with a valid or invalid username. IBM Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24018297
  • 08.11.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Rational ClearQuest User Identifier Information Disclosure Weakness
  • Description: IBM Rational ClearQuest is an application for managing software projects. The application is exposed to an information disclosure issue due to a design error. Specifically, the application uses session cookies that contain information about the user. IBM Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24018297
  • 08.11.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acronis True Image Echo Enterprise Server Multiple Remote Denial of Service Vulnerabilities
  • Description: Acronis True Image Echo Enterprise Server is an application that allows users to view and manage backup for all systems on the network. The application is exposed to multiple remote denial of service issues.
  • Ref: http://aluigi.altervista.org/adv/acrogroup-adv.txt
  • 08.11.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Remotely Anywhere "Accept-Charset" Parameter NULL Pointer Denial of Service
  • Description: Remotely Anywhere is an application that allows remote administration of computers. It is exposed to a remote denial of service issue because it fails to adequately sanitize user-supplied input. Remotely Anywhere Server and Workstation version 8.0.688 is affected.
  • Ref: http://www.securityfocus.com/bid/28175
  • 08.11.42 - CVE: CVE-2008-0306
  • Platform: Cross Platform
  • Title: SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
  • Description: MaxDB is a database application developed by SAP. It is available for multiple platforms. The application is exposed to a local privilege escalation issue in the "sdbstarter" utility. This issue is due to the handling of certain unspecified environment variables used to specify configuration settings of various MaxDB components. MaxDB version 7.6.0.37 on both Linux and Solaris platforms is affected.
  • Ref: http://www.securityfocus.com/archive/1/489361
  • 08.11.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Motorola Timbuktu Pro File Upload and Denial of Service Vulnerabilities
  • Description: Motorola Timbuktu Pro is an application for remote computer access. It's available for Apple Mac OS X and Microsoft Windows. The application is exposed to multiple remote issues. Motorola Timbuktu Pro version 8.6.5 for Windows is affected.
  • Ref: http://www.securityfocus.com/archive/1/489360
  • 08.11.44 - CVE: CVE-2008-0307
  • Platform: Cross Platform
  • Title: SAP MaxDB "vserver" Component Remote Heap Memory Corruption
  • Description: SAP MaxDB is a database application developed by SAP. The application is exposed to a heap memory corruption issue in the "vserver" component which is listening on TCP port 7210 by default. MaxDB version 7.6.0.37 running on the Linux operating system is affected.
  • Ref: http://www.securityfocus.com/archive/1/489357
  • 08.11.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
  • Description: ASG-Sentry is an application that monitors, manages and controls networks. The application is available for Microsoft Windows and Unix-like operating systems. ASG-Sentry version 7.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489359
  • 08.11.46 - CVE: CVE-2008-0727, CVE-2008-0949
  • Platform: Cross Platform
  • Title: IBM Informix Dynamic Server Multiple Remote Vulnerabilities
  • Description: IBM Informix Dynamic Server is an application server that runs on various platforms. The application is exposed to multiple remote issues.
  • Ref: http://www.securityfocus.com/bid/28198
  • 08.11.47 - CVE: CVE-2008-0890
  • Platform: Cross Platform
  • Title: Red Hat Directory Server 7.1 Local Insecure Permissions
  • Description: Red Hat Directory Server is a directory service for LDAP (Lightweight Directory Access Protocol). The application is exposed to an insecure permissions issue affecting the "/opt/redhat-ds/java/jars" directory. Red Hat Directory Server version 7.1 prior to Service Pack 4 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0173.html
  • 08.11.48 - CVE: CVE-2008-1203
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Administration Interface Failed Login Audit
  • Description: Adobe ColdFusion is an application server and software development framework used for creating dynamic web-based content. The application is exposed to an issue that allows attackers to conceal login attempts to the administrative interface because failed login attempts are not logged. ColdFusion MX versions 7 and 8 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-08.html
  • 08.11.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Prior to 6.1.0.15 Multiple Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility for creating enterprise web applications. The application is exposed to multiple remote issues. IBM WebSphere Application Server versions prior to 6.1.0.15 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27007951
  • 08.11.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Podcast Generator "set_permissions.php" Cross-Site Scripting
  • Description: Podcast Generator is a PHP-based podcasting script. The application is exposed to a cross-site scripting issue because it fails to adequately sanitize user-supplied input to the "scriptlang" parameter of the "set_permissions.php" script. Podcast Generator version 0.96.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28106
  • 08.11.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Access Manager Administration Console Multiple Cross-Site Scripting Vulnerabilities
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. The application is exposed to an undisclosed cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters when processing the "Help" and "Version" windows in the Administration Console. Sun Java System Access Manager versions 7.1 and 7 2005Q4 (7.0) are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201251-1
  • 08.11.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Xitex WebContent M1 "redirect.do" Cross-Site Scripting
  • Description: Xitex WebContent M1 is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to adequately sanitize user-supplied input to the "sid" parameter of the "redirect.do" script.
  • Ref: http://www.securityfocus.com/bid/28115
  • 08.11.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Check Point VPN-1 UTM Edge Login Page Cross-Site Scripting
  • Description: Check Point VPN-1 UTM Edge is an appliance that provides VPN server functionality. It has a web interface that can be used for administration purposes. The web interface is exposed to a cross-site scripting issue because it fails to adequately sanitize user-supplied input to the "user" HTTP POST parameter of the login page. Check Point VPN-1 UTM Edge firmware version 7.0.48x is affected.
  • Ref: http://www.louhi.fi/advisory/checkpoint_080306.txt
  • 08.11.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BosDates Multiple Cross-Site Scripting Vulnerabilities
  • Description: BosDates is a calendar application that is written in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. This issue affects the "type" parameter of the "calendar.php" script and the "category" parameter of the "calendar_search.php" script.
  • Ref: http://www.securityfocus.com/bid/28117/references
  • 08.11.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dokeos Multiple Remote Code Execution and Cross-Site Scripting Vulnerabilities
  • Description: Dokeos is a PHP-based application for online learning. The application is exposed to multiple unspecified cross-site scripting and multiple unspecified remote code execution issues because the application fails to sufficiently sanitize user-supplied data. Dokeos version 1.8.4 prior to SP3 is affected.
  • Ref: http://www.dokeos.com/wiki/index.php/Security
  • 08.11.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: imageVue Multiple "path" Parameter Cross-Site Scripting Vulnerabilities
  • Description: ImageVue is a web-based photo gallery application that is implemented in Flash and PHP. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. ImageVue version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/28138
  • 08.11.57 - CVE: CVE-2008-0460
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki "api.php" Cross-Site Scripting
  • Description: MediaWiki is a PHP-based wiki application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter in the "api.php" script. Ref: https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
  • 08.11.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BosClassifieds "account.php" Cross-Site Scripting
  • Description: BosClassifieds is a classified-ad application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to adequately sanitize user-supplied input to the "returnTo" parameter of the "account.php" script. BosClassifieds version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28140
  • 08.11.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Neptune Web Server 404 Error Page Cross-Site Scripting
  • Description: Neptune Web Server is an application server developed by Silver Forge Systems. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue occurs in the 404 error page. Neptune Web Server Professional Edition version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489282
  • 08.11.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RemotelyAnywhere HTTP Service Cross-Site Scripting
  • Description: RemotelyAnywhere is an application that allows remote administration of computers. The application is exposed to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the "img" directory of its HTTP service.
  • Ref: http://www.securityfocus.com/archive/1/489395
  • 08.11.61 - CVE: CVE-2008-1098
  • Platform: Web Application - Cross Site Scripting
  • Title: MoinMoin GUI Editor Multiple Cross-Site Scripting Vulnerabilities
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for UNIX and Linux platforms. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to unspecified parameters of the "GUI editor formatter" and the code to delete pages.
  • Ref: http://www.securityfocus.com/bid/28173
  • 08.11.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EncapsGallery "file" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: EncapsGallery is a photo gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "file" parameter of the "watermark.php" and "catalog_watermark.php" scripts. EncapsGallery version 1.11.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28178
  • 08.11.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ManageEngine ServiceDesk Plus "SolutionSearch.do" Cross-Site Scripting
  • Description: ManageEngine ServiceDesk Plus is a Help Desk management application. It is available for Windows and Linux. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "searchText" parameter in the "SolutionSearch.do" script. ManageEngine ServiceDesk Plus version 7.0.0 Build 7011 for Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/bid/28191
  • 08.11.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java Server Faces Cross-Site Scripting
  • Description: Sun Java Server Faces is a Java-based Web application development framework. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Sun Java Server Faces version 1.2 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233561-1
  • 08.11.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Savvy Content Manager "searchterms" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Savvy Content Manager is a commercially-available web content application implemented in Cold Fusion. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.besavvy.com/blog/index.cfm/2008/3/11/Security-Patch
  • 08.11.66 - CVE: CVE-2008-0643, CVE-2008-0644
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
  • Description: ColdFusion is software for developing web applications. ColdFusion is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Adobe ColdFusion MX versions 7 and 8 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-07.html
  • 08.11.67 - CVE: CVE-2008-1202
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting
  • Description: Adobe LiveCycle is a process management solution for document services. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. The issue occurs in the web management login page.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-10.html
  • 08.11.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Yellow_Pages Module "cid" Parameter SQL Injection
  • Description: Yellow_Pages is a directory listing application for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter. Yellow_Pages component version 1 is affected.
  • Ref: http://www.paglasoft.com/product8
  • 08.11.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke KutubiSitte Module "kid" Parameter SQL Injection
  • Description: KutubiSitte is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kid" parameter.
  • Ref: http://www.securityfocus.com/archive/1/489219
  • 08.11.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke 4nChat Module "roomid" Parameter SQL Injection
  • Description: 4nChat is a chat application for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "roomid" parameter.
  • Ref: http://www.securityfocus.com/bid/28128
  • 08.11.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS WF-Downloads Module "viewcat.php" SQL Injection
  • Description: The WF-Downloads module is a PHP-based application for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "viewcat.php" script before using it in an SQL query. Ref: http://smartfactory.ca/modules/wfdownloads/singlefile.php?cid=16&lid=107
  • 08.11.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBB Filebase Module "filebase.php" SQL Injection
  • Description: Filebase is a module for phpBB. It allows users to upload files to a phpBB forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "filebase.php" script before using it in an SQL query. All versions of Filebase are affected.
  • Ref: http://www.securityfocus.com/bid/28194
  • 08.11.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "ensenanzas" Component "id" Parameter SQL Injection
  • Description: "ensenanzas" is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_ensenanzas" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/489390
  • 08.11.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke NukeC30 Module "id_catg" Parameter SQL Injection
  • Description: NukeC30 is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_catg" parameter. The NukeC30 module version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489387
  • 08.11.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Batchelor Media BM Classifieds Multiple SQL Injection Vulnerabilities
  • Description: BM Classifieds is a PHP-based classifieds manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "showad.php" script and "ad" parameter of the "pfriendly.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28159
  • 08.11.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke 4nAlbum Module "pid" Parameter SQL Injection
  • Description: 4nAlbum is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter when used in conjunction with the "showpic" action.
  • Ref: http://www.securityfocus.com/bid/28162
  • 08.11.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Hadith Module "cat" Parameter SQL Injection
  • Description: Hadith is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter.
  • Ref: http://www.securityfocus.com/archive/1/489323
  • 08.11.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "Candle" Component "cID" Parameter SQL Injection
  • Description: Candle is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cID" parameter of the "com_candle" component before using it in an SQL query. Candle version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28174
  • 08.11.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuickTicket "qti_usr.php" SQL Injection
  • Description: QuickTicket is a trouble-ticket manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "qti_usr.php" script. QuickTicket versions 1.4 and 1.5.0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/28176
  • 08.11.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_ewriting" Component "Itemid" Parameter SQL Injection
  • Description: The "com_ewriting" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter of the "com_ewriting" component. eWriting version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28179
  • 08.11.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpMyNewsLetter "archives.php" SQL Injection
  • Description: phpMyNewsLetter is a newsletter-management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "msg_id" parameter of the "archives.php" script. phpMyNewsLetter version 0.8 beta 5 is affected.
  • Ref: http://www.securityfocus.com/bid/28189
  • 08.11.82 - CVE: CVE-2008-0301
  • Platform: Web Application - SQL Injection
  • Title: Mapbender "mod_gazetteer_edit.php" SQL Injection
  • Description: Mapbender is a geospatial portal site management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gaz" parameter of the "mod_gazetteer_edit.php" script. Mapbender versions prior to 2.4.5 rc1 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php
  • 08.11.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "ProductShowcase" Component "id" Parameter SQL Injection
  • Description: ProductShowcase is a photo gallery component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_productshowcase" component before using it in an SQL query. ProductShowcase version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28202
  • 08.11.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bloo index.php Multiple SQL Injection Vulnerabilities
  • Description: Bloo is an object-oriented web log application based on the Phoo Phramework. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Bloo version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28203
  • 08.11.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuickTalk forum "qtf_ind_search_ov.php" SQL Injection
  • Description: QuickTalk forum is a forum manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "qtf_ind_search_ov.php" script. QuickTalk forum versions 1.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28215
  • 08.11.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Numara FootPrints HTML Injection and Remote Command Execution Vulnerabilities
  • Description: Numara FootPrints is software for service-desk management; it is available for multiple platforms. The application is exposed to multiple input validation issues. Numara FootPrints version 8.1 for Linux is affected.
  • Ref: http://www.securityfocus.com/bid/28103
  • 08.11.87 - CVE: CVE-2007-6642, CVE-2007-6643, CVE-2007-6644,CVE-2007-6645
  • Platform: Web Application
  • Title: Joomla! Prior to 1.0.15 RC4 Multiple Remote Vulnerabilities
  • Description: Joomla! is a content management system implemented in PHP. The application is exposed to multiple remote issues. Joomla versions prior to 1.0.15 RC4 are affected.
  • Ref: http://www.joomla.org/content/view/4335/116/
  • 08.11.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Yap Blog "index.php" Remote File Include
  • Description: Yap Blog is a web-log application implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/28120
  • 08.11.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Zimbra Collaboration Suite HTML Injection
  • Description: Zimbra Collaboration Suite is an Ajax-based messaging and collaboration application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input when handling email attachments. Zimbra Collaboration versions 4.0.3 and 4.5.6 are affected.
  • Ref: http://www.securityfocus.com/bid/28134
  • 08.11.90 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "users.php" and "invite.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: WordPress is a web-based publishing application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. This issue affects the following scripts and parameters: "invites.php: to" and "user.php: invitemail". WordPress version 2.3.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489241
  • 08.11.91 - CVE: Not Available
  • Platform: Web Application
  • Title: SID "dir" Parameter Multiple Remote File Include Vulnerabilities
  • Description: SID (Specimen Image Database) is a database application that stores high resoultion images. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the following scripts: "client.php" and "taxonservice.php".
  • Ref: http://www.securityfocus.com/bid/28142
  • 08.11.92 - CVE: Not Available
  • Platform: Web Application
  • Title: osTicket Malformed Ticket Remote Denial of Service
  • Description: osTicket is a PHP-based support ticket application. The application is exposed to a denial of service issue because it fails to sufficiently sanitize user-supplied input. This issue occurs when the application handles malformed tickets. osTicket version 1.6 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-osticket.html
  • 08.11.93 - CVE: Not Available
  • Platform: Web Application
  • Title: zKup Authentication Bypass
  • Description: zKup is a content management system. The application is exposed to an issue that allows attackers to bypass authentication. This issue occurs because the application fails to authenticate administrative users.
  • Ref: http://www.milw0rm.com/exploits/5220
  • 08.11.94 - CVE: Not Available
  • Platform: Web Application
  • Title: F5 BIG-IP Web Management Interface Console HTML Injection
  • Description: F5 BIG-IP is a scalable application-server device. The web management interface is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the console feature. F5 BIG-IP version 9.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489290
  • 08.11.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Alkacon OpenCms Multiple Input Validation Vulnerabilities
  • Description: Alkacon OpenCms is content management system software. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Alkacon OpenCms version 7.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489291
  • 08.11.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Framework Theme File Include
  • Description: Horde Framework is an application framework used with other Horde Project products. The application is exposed to a file include issue because it fails to sufficiently sanitize user-supplied input to the "theme" parameter in "Registry.php". Horde version 3.1.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489239
  • 08.11.97 - CVE: CVE-2008-0300
  • Platform: Web Application
  • Title: Mapbender "factor" Parameter Remote Code Injection
  • Description: Mapbender is a geographic data management application. The application is exposed to a remote code injection issue because it fails to sufficiently sanitize user-supplied input to the "factor" parameter before using it as the filename for a subsequently generated file. Mapbender versions 2.4 to 2.4.4 are affected.
  • Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php
  • 08.11.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Java Web Console Information Disclosure Weakness
  • Description: Sun Java Web Console provides a common location for users to access web-based Sun system management applications. The application is exposed to an information disclosure to an unspecified error. Sun Java Web Console version 3.0.2 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231526-1
  • 08.11.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Argon Technology Client Management Services TFTP Server Directory Traversal
  • Description: Argon Technology Client Management Services (CMS) is a suite of applications that are used to setup an open network boot environment. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. Argon Technology Client Management Services versions 1.31 and earlier are affected.
  • Ref: http://aluigi.altervista.org/adv/argonauti-adv.txt
  • 08.11.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Drake CMS "d_root" Parameter Local File Include
  • Description: Drake CMS is a content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "d_root" parameter of the "install/index.php" script. Drake CMS version 0.4.11_RC8 is affected.
  • Ref: http://www.securityfocus.com/bid/28165
  • 08.11.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallarific Cross-Site Scripting and Authentication Bypass Vulnerabilities
  • Description: Gallarific is a web-gallery application. The application is exposed to multiple remote issues. Gallarific paid and free versions are affected.
  • Ref: http://www.securityfocus.com/bid/28163
  • 08.11.102 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Nuke ZClassifieds Module "cat" Parameter SQL Injection
  • Description: ZClassifieds is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter.
  • Ref: http://www.securityfocus.com/archive/1/489416
  • 08.11.103 - CVE: Not Available
  • Platform: Network Device
  • Title: Airspan ProST WiMAX Device Web Interface Authentication Bypass
  • Description: Airspan ProST WiMAX device is a customer premise device that converts WiMAX (Worldwide Interoperability for Microwave Access) to Ethernet. The device's web interface is exposed to an authentication bypass issue because it fails to perform adequate authentication checks.
  • Ref: http://www.kb.cert.org/vuls/id/248372
  • 08.11.104 - CVE: CVE-2008-1160
  • Platform: Network Device
  • Title: ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password
  • Description: ZyXEL ZyWALL 1050 is an internet security appliance that uses Quagga and Zebra daemon software. The issue occurs because the device fails to change the default password when a legitimate user sets a new password. ZyWALL version 1050 is affected.
  • Ref: http://www.securityfocus.com/bid/28184

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This instructor had an impressive, solid background and does an excellent job presenting the material in a way that geek wannabes can understand
-Julie Stroud, U.S. Department of Energy

AMEX gift card with Mentor class

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc