Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 12
March 20, 2008

SANS Newsletters Home

A week without critical Microsoft vulnerabilities. Apple and Sun had system level vulnerabilities reported this week but most of the reports of vulnerabilities rated critical and high danger are for applications: CA ArcServe (backup), IBM Informix (database), Business Objects (business intelligence), F-Secure (security). And web application vulnerabilities are continuing to grow out of control. If you buy or build custom applications, try to come to the Web Application Security Summit ( http://www.sans.org/appsec08_summit) and/or the Pen Testing Summit ( http://www.sans.org/pentesting08_summit ) in Las Vegas in late May. You'll find out what actually works in reducing application vulnerabilities.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 9 (#5, #7, #10)
    • Mac Os
    • 2 (#2)
    • Solaris
    • 2
    • Unix
    • 2 (#11)
    • Cross Platform
    • 23 (#1, #3, #4, #6, #8, #9)
    • Web Application - Cross Site Scripting
    • 13
    • Web Application - SQL Injection
    • 18
    • Web Application
    • 18
    • Network Device
    • 2

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (5) HIGH: Alt-N MDaemon IMAP Command Handling Buffer Overflow
  • Affected:
    • Alt-N MDaemon IMAP server versions 9.6.4 and prior

  • Description: MDaemon is a popular mail suite for Microsoft Windows systems. It contains a flaw in its handling of certain Internet Message Access Protocol (IMAP) commands. A specially crafted request could lead to a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). Note that authentication is required to exploit this vulnerability. A proof-of-concept is publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
  • (6) HIGH: MIT Kerberos Multiple Vulnerabilities
  • Affected:
    • MIT Kerberos versions 5.x

  • Description: MIT Kerberos is the reference implementation of the Kerberos authentication protocol, a protocol used for secure authentication across potentially insecure networks. The implementation from MIT contains several flaws in its handling of user requests. A specially crafted request could result in a denial-of-service condition or potential disclosure of user authentication credentials. At least one of the reported vulnerabilities is believed to be exploitable for remote code execution, but this has not been confirmed. Systems running Kerberos generally have copies of numerous users' authentication credentials, meaning that exploitation of a Kerberos server can lead to subsequent exploitation of other systems. Full technical details for these vulnerabilities is publicly available via source code analysis. MIT's implementation of Kerberos is used as the basis of numerous other Kerberos implementations, and is the default Kerberos implementation on most Linux systems.

  • Status: MIT confirmed, updates available.

  • References:
  • (7) HIGH: BusinessObjects Report Viewer ActiveX Control Buffer Overflow
  • Affected:
    • BusinessObjects versions 6.x

  • Description: BusinessObjects provides reporting and business management software to enterprises. It distributes an ActiveX control with some of its software known as "RptViewerAX". This control contains a buffer overflow vulnerability in its handling of user requests. A specially crafted web page that instantiates this control could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: BusinessObjects confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "B20D9D6A-0DEC-4d76-9BEF-175896006B4A".

  • References:
  • (8) HIGH: F-Secure Multiple Archive Handling Vulnerabilities
  • Affected:
    • F-Secure Message Security Gateway
    • F-Secure Anti-Virus
    • F-Secure Internet Gateway
    • F-Secure Internet Security

  • Description: Multiple F-Secure products have been discovered to have vulnerabilities in their handling of archive files. A specially crafted archive file could exploit one of these vulnerabilities to create a denial-of-service condition. It is thought that at least one of these vulnerabilities could lead to remote code execution, but this is unconfirmed. Note that it may be possible to exploit these vulnerabilities simply by having mail or other files transit a vulnerable system, requiring no interaction. Several proof-of-concept archive files are publicly available.

  • Status: F-Secure confirmed, updates available.

  • References:
  • (9) HIGH: CUPS CGI Handling Buffer Overflow
  • Affected:
    • CUPS versions 1.3.5 and prior

  • Description: CUPS is the Common Unix Printing System. It is used to provide printer services on a variety of Unix, Unix-like, and Linux systems and is the default printing system on Mac OS X systems. It contains a flaw in its handling of shared printer management requests. A specially crafted request to the remote management application could trigger a buffer overflow vulnerability, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that this vulnerability is remotely exploitable only on machines sharing printers over the network. Technical details are publicly available via source code analysis.

  • Status: CUPS confirmed, updates available.

  • References:
  • (10) HIGH: CA BrightStor ARCserve Backup ActiveX Control Buffer Overflow
  • Affected:
    • CA BrightStor ARCserve Backup for Laptops and Desktops versions r11.5 and prior

  • Description: CA BrightStor ARCserv Backup is a popular backup application. Part of its functionality in its Desktops and Laptops edition is provided by an ActiveX control. This control contains a buffer overflow vulnerability in its "AddColumn" method. A specially crafted web page that instantiates this control could trigger this buffer overflow vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. A proof-of-concept for this vulnerability is publicly available.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3". Note that this may effect normal application functionality.

  • References:
  • (11) MODERATE: Sun Solaris NIS+ RPC Handling Vulnerability
  • Affected:
    • Sun Solaris versions 10 and prior

  • Description: Solaris is Sun's UNIX-based operating system. NIS+ is the Network Information Service (formerly known as the "Yellow Pages" service), a service providing distributed system details (such as usernames and passwords) across networks. It was commonly used to share configuration information and authenticate users in the past, but is now used mostly in legacy applications. The 'rpc.ypupdated' daemon provides a Remote Procedure Call (RPC) interface to the NIS+ database. When this daemon is started in "insecure" mode, it fails to properly handle certain requests. A specially crafted request can lead to a new user being added to the NIS+ database, including a user with root privileges. This can allow total compromise of any system running this daemon in insecure mode. This daemon is not run by default. This vulnerability was initially discovered in 1999 and found to affect multiple UNIX operating system vendors. It is unknown if this vulnerability was fixed in past versions of Solaris and then reintroduced, or has been present since its initial discovery on other operating systems. Multiple proofs-of-concept are publicly available.

  • Status: Sun has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by running the affected daemon in "secure" mode.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 12, 2008

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities Week 12, 2008 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.12.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer CreateTextRange.text Denial of Service
  • Description: Microsoft Internet Explorer is exposed to a denial of service issue because the application fails to handle certain JavaScript code. The issue occurs when the application processes a malicious page containing a "CreateTextRange" call, and then repeatedly setting the "text" property to large values.
  • Ref: http://www.securityfocus.com/archive/1/489741
  • 08.12.2 - CVE: CVE-2008-0532, CVE-2008-0533
  • Platform: Third Party Windows Apps
  • Title: Cisco User-Changeable Password (UCP) "CSuserCGI.exe" Multiple Remote Vulnerabilities
  • Description: Cisco User-Changeable Password (UCP) is a web-based server application. It provides the ability for users to change their ACS password. The application is exposed to multiple remote issues. These issues affect the "CSuserCGI.exe" binary. UCP versions prior to 4.2 when running on the Microsoft Windows platform are affected.
  • Ref: http://www.securityfocus.com/archive/1/489460
  • 08.12.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: McAfee Framework ePolicy Orchestrator "_naimcomn_Log" Remote Format String Vulnerability
  • Description: McAfee Framework is an application framework used to build McAfee products such as ePolicy Orchestrator. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before passing it as the format-specifier argument during a call to "vsnwprintf()". McAfee Framework version 2.6.0.569 and McAfee ePolicy Orchestrator version 4.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/489476
  • 08.12.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow
  • Description: Alt-N MDaemon is a Microsoft Windows-based mail server product. The application is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data prior to copying it into an insufficiently sized buffer. Alt-N MDaemon version 9.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28245
  • 08.12.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CA BrightStor "AddColumn()" ListCtrl.ocx ActiveX Control Buffer Overflow
  • Description: The Unicenter DSM r11 List Control ATX ActiveX control included with CA BrightStor ARCserve Backup is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Unicenter DSM r11 List Control ATX version 11.2.3.1895 on CA BrightStor ARCserve Backup r11.5 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.12.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Home FTP Server Remote Denial of Service
  • Description: Home FTP Server is an FTP server implementation for computers running Microsoft Windows. The application is exposed to a remote denial of service issue.
  • Ref: http://www.securityfocus.com/archive/1/489706
  • 08.12.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Registry Pro "epRegPro.ocx" ActiveX Control Insecure Method And Buffer Overflow Vulnerabilities
  • Description: Registry Pro "epRegPro.ocx" ActiveX control is exposed to two issues. The first is an insecure method issue that allows attackers to delete arbitrary registry keys from user's machines in the context of the application using the ActiveX control. The second is a buffer overflow issue that occurs because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/28287
  • 08.12.8 - CVE: CVE-2007-6254
  • Platform: Third Party Windows Apps
  • Title: BusinessObjects "RptViewerAX" ActiveX Control Stack-Based Buffer Overflow
  • Description: BusinessObjects is an enterprise-level collaborative productivity and data management system. The application is exposed to a stack-based buffer overflow issue that affects the "RptViewerAX.dll" dynamic-link library.
  • Ref: http://www.kb.cert.org/vuls/id/329673
  • 08.12.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HTTP File Upload ActiveX Control Arbitrary File and Directory Deletion
  • Description: HTTP File Upload is an ActiveX control to allow extra functionality for websites that want users to upload files. The ActiveX control is exposed to an issue that lets attackers delete arbitrary files or directories on affected computers. HTTP File Upload ActiveX Control version 6.0.0.35 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.12.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Check Point VPN-1 IP Address Collision Denial of Service
  • Description: Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is a VPN (Virtual Private Network) application used to securely connect remote computers to enterprise networks. The application is exposed to a denial of service issue that can result in information disclosure because it fails to adequately handle IP address collisions.
  • Ref: http://www.kb.cert.org/vuls/id/992585
  • 08.12.11 - CVE: CVE-2008-0044, CVE-2008-0045, CVE-2008-0048,CVE-2008-0049, CVE-2008-0057, CVE-2008-0097, CVE-2008-0046,CVE-2008-0051, CVE-2008-0052, CVE-2008-0053, CVE-2008-0054,CVE-2008-0055, CVE-2008-0056, CVE-2008-0058, CVE-2008-0059,CVE-2008-0060, CVE-2008-0987,
  • Platform: Mac Os
  • Title: Apple Mac OS X 2008-002 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues. Apple Mac OS X versions 10.4.11, 10.4.11 Server, 10.5.2, 10.5.2 Server and earlier are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307430
  • 08.12.12 - CVE: CVE-2008-1000
  • Platform: Mac Os
  • Title: Apple Mac OS X Server Wiki Server Directory Traversal
  • Description: Mac OS X Server 10.5 (Leopard) provides a Wiki Server used for collaborative website creation. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. Wiki Server from Mac OS X Server version 10.5 is affected.
  • Ref: http://www.coresecurity.com/?action=item&id=2189
  • 08.12.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "rpc.metad" Remote Denial of Service
  • Description: The "rpc.metad" daemon is an RPC (Remote Procedure Call) application used for managing metadevice diskset information. The application is exposed to a denial of service issue because it fails to handle specially-crafted network data. "rpc.metad" on Solaris 10 operating systems is affected.
  • Ref: http://www.securityfocus.com/bid/28261
  • 08.12.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 XScreenSaver(1) Locked Screen Bypass
  • Description: XScreenSaver(1) is a screen saver with desktop-locking functionality. This feature is designed to prevent access to the desktop by users without valid credentials. The application is exposed to an issue that lets local attackers bypass a user's locked screen. Solaris 10 Java Desktop System (JDS) on both Solaris and x86 platforms is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-234661-1
  • 08.12.15 - CVE: Not Available
  • Platform: Unix
  • Title: SCO UnixWare pkgadd Local Privilege Escalation
  • Description: The pkgadd utility transfers and installs software packages and patches from distribution media or directories. SCO UnixWare pkgadd may allow local attackers to gain elevated privileges. This issue arises due to an input validation error. SCO UnixWare version 7.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28236
  • 08.12.16 - CVE: CVE-2008-0047
  • Platform: Unix
  • Title: CUPS CGI Interface Remote Buffer Overflow
  • Description: CUPS, Common UNIX Printing System, is a widely used set of printing utilities for UNIX-based systems. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. CUPS version 1.3.5 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674
  • 08.12.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail IMAP LIST Command Remote Buffer Overflow
  • Description: SurgeMail is a commercial email application that contains an IMAP server; it runs on multiple platforms. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input. SurgeMail version 3.8k4-4 is affected.
  • Ref: http://www.securityfocus.com/bid/28260
  • 08.12.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Rosoft Media Player RML File Stack-Based Buffer Overflow
  • Description: Rosoft Media Player is an application that plays various media supported by ACM Codecs that are installed on the same computer. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Rosoft Media Player version 4.1.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489657
  • 08.12.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XnView Command-Line Arguments Buffer Overflow
  • Description: XnView is a photo viewer available for multiple platforms. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. XnView version 1.92.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489658
  • 08.12.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player Subtitle Parsing Buffer Overflow
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. VLC versions 0.8.6c through 0.8.6e are affected.
  • Ref: http://www.securityfocus.com/bid/28251
  • 08.12.21 - CVE: CVE-2008-1270
  • Platform: Cross Platform
  • Title: Lighttpd mod_userdir Information Disclosure
  • Description: The "lighttpd" program is an open-source webserver application. The application is exposed to an issue that may allow attackers to access sensitive information because the application fails to properly handle exceptional conditions. lighttpd version 1.4.18 is affected.
  • Ref: http://www.lighttpd.net/2008/3/10/1-4-19-made-in-germany
  • 08.12.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere MQ for HP NonStop Security Bypass
  • Description: IBM WebSphere MQ for HP NonStop is a commercially available messaging engine for enterprises. The application is exposed to a security bypass issue because it fails to properly restrict access to certain functionality. IBM WebSphere MQ versions prior to 5.3 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21297035
  • 08.12.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ZABBIX File Checksum Request Denial of Service
  • Description: ZABBIX is an IT monitoring system available for multiple operating platforms. The application is exposed to a denial of service issue while handling specially-crafted file checksum requests. Specifically, the vulnerability occurs when passing a device node such as "/dev/zero" or "/dev/urandom" to the "vifs.file.cksum" request.
  • Ref: http://www.securityfocus.com/archive/1/489506
  • 08.12.24 - CVE: CVE-2008-1157
  • Platform: Cross Platform
  • Title: Cisco CiscoWorks Internetwork Performance Monitor Unspecified Remote Command Execution
  • Description: Internetwork Performance Monitor (IPM) is a trouble shooting component within the CiscoWorks LAN Management Solution (LMS) bundle. The application is exposed to a remote command execution issue because the application contains a process, which allows a command shell to be bounded to a randomly selected TCP port. Internetwork Performance Monitor version 2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489555
  • 08.12.25 - CVE: CVE-2008-1330
  • Platform: Cross Platform
  • Title: Novell GroupWise Windows Client API Shared Folder Email Information Disclosure
  • Description: Novell GroupWise is a cross-platform collaborative software product. The application is exposed to an information disclosure issue and affects the handling of shared folders. Novell GroupWise versions 6.5 and 7 are affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/732/3263374_f.SAL_Public.html
  • 08.12.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MG-SOFT Net Inspector Multiple Remote Vulnerabilities
  • Description: Net Inspector is a fault management application. The application is exposed to multiple remote issues. Net Inspector version 6.5.0.828 is affected.
  • Ref: http://aluigi.altervista.org/adv/netinsp-adv.txt
  • 08.12.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BootManage TFTP Server "filename" Remote Buffer Overflow
  • Description: BootManage TFTP Server is a Trivial FTP server implemented in the BootManage Administrator. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before storing it in a finite-sized memory buffer. BootManage TFTP Server version 1.99 is vulnerable; other versions may also be affected.
  • Ref: http://aluigi.altervista.org/adv/bootixtftpd-adv.txt
  • 08.12.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player "Subtitle" Buffer Overflow
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when copying the "Subtitle" parameter to the "buffer_text2" buffer in ParseSSA. VLC media player version 0.8.6e is affected.
  • Ref: http://www.securityfocus.com/archive/1/489698
  • 08.12.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities
  • Description: VMware Server and Workstation are virtualization applications capable of running virtual machines for a wide variety of operating platforms. The applications are exposed to multiple issues. VMware Server versions prior to 1.0.5 and VMware Workstation versions prior to 6.0.3 are affected.
  • Ref: http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html#603
  • 08.12.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: 7-Zip Unspecified Archive Handling
  • Description: 7-Zip is a freely-available archiving and compression utility by Igor Pavlov. The application is exposed to a remote archive handling issue due to the failure of the application to properly handle malformed archive files. 7-Zip versions prior to 4.57 are affected. Ref: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
  • 08.12.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: bzip2 Unspecified File Handling
  • Description: The bzip2 application is a freely-available compression utility by Julian Seward. The application is exposed to a remote file handling issue due to the failure of the application to properly handle malformed bzip2 files. bzip2 version 1.0.4 is affected. Ref: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
  • 08.12.32 - CVE: CVE-2008-0888
  • Platform: Cross Platform
  • Title: Info-ZIP UnZip "inflate_dynamic()" Remote Code Execution
  • Description: Info-ZIP UnZip is a utility used to decompress ZIP files. It is freely available for many platforms including UNIX and UNIX-like operating systems. The application is exposed to a remote code execution issue when parsing malformed ZIP files. This issue occurs due to a design error. UnZip version 5.52 is affected.
  • Ref: http://www.securityfocus.com/bid/28288
  • 08.12.33 - CVE: CVE-2007-5618, CVE-2008-1364, CVE-2008-1340
  • Platform: Cross Platform
  • Title: VMware Products Multiple Vulnerabilities
  • Description: VMware products are virtualization applications capable of running virtual machines for a wide variety of operating platforms. The applications are exposed to multiple issues.
  • Ref: http://www.securityfocus.com/bid/28289
  • 08.12.34 - CVE: CVE-2008-1011, CVE-2008-1010, CVE-2008-1009,CVE-2008-1008, CVE-2008-1007, CVE-2008-1006, CVE-2008-1005,CVE-2008-1004, CVE-2008-1003, CVE-2008-1002, CVE-2008-1001,CVE-2008-0050
  • Platform: Cross Platform
  • Title: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to multiple security issues.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.12.35 - CVE: CVE-2008-0947, CVE-2008-0948
  • Platform: Cross Platform
  • Title: MIT Kerberos5 kadmind Excessive File Descriptors Multiple Remote Code Execution Vulnerabilities
  • Description: Kerberos is a network-authentication protocol; "kadmind" (Kerberos Administration Daemon) is the administration server for Kerberos networks. The application is exposed to multiple remote code execution issues due to array over-runs in the RPC library "libgssprc".
  • Ref: http://www.securityfocus.com/archive/1/489762
  • 08.12.36 - CVE: CVE-2008-0062, CVE-2008-0063
  • Platform: Cross Platform
  • Title: MIT Kerberos 5 KDC Multiple Memory Corruption Based Information Disclosure Vulnerabilities
  • Description: MIT Kerberos 5 KDC is a suite of applications and libraries designed to implement the Kerberos network-authentication protocol. It is freely available and operates on numerous platforms. The application is exposed to multiple information disclosure issues when configured to support Kerberos 4. The issues occur when processing malformed krb4 messages. MIT Kerberos 5 version 1.6.3 KDC is affected.
  • Ref: http://www.kb.cert.org/vuls/id/895609
  • 08.12.37 - CVE: CVE-2008-1289
  • Platform: Cross Platform
  • Title: Asterisk RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently-sized buffers.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-002.html
  • 08.12.38 - CVE: CVE-2008-1332
  • Platform: Cross Platform
  • Title: Asterisk Call Authentication Security Bypass
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to a security bypass issue because calls with the invalid "FROM" header are sent to the context specified in the general section of the "sip.conf" configuration file.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-003.html
  • 08.12.39 - CVE: CVE-2008-1333
  • Platform: Cross Platform
  • Title: Asterisk Logger and Manager Format String Vulnerabilities
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to multiple format string issues because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Asterisk Open Source versions prior to 1.6.0-beta6 are affected.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-004.html
  • 08.12.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SNewsCMS "search.php" Cross-Site Scripting
  • Description: SNewsCMS is a web-based content manager implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "query" parameter of the "search.php" script. SNewsCMS versions 2.3 and 2.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/489686
  • 08.12.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nagios Prior to 2.11 Unspecified Cross-Site Scripting
  • Description: Nagios is an open-source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. The software is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Nagios versions prior to 2.11 are affected.
  • Ref: http://www.nagios.org/development/changelog.php
  • 08.12.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Download Center Multiple Cross-Site Scripting Vulnerabilities
  • Description: Download Center is a PHP-based application used to manage file downloads. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Download Center version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28219
  • 08.12.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jeebles Directory Multiple Cross-Site Scripting Vulnerabilities
  • Description: Jeebles Directory is a PHP-based file organizer. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/28221
  • 08.12.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: onlinetools.org EasyImageCatalogue Multiple Cross-Site Scripting Vulnerabilities
  • Description: onlinetools.org EasyImageCatalogue is a web-based image gallery application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. EasyImageCatalogue version 1.31 is affected.
  • Ref: http://www.securityfocus.com/bid/28164
  • 08.12.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ClanSphere "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: ClanSphere is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "mod" parameter of the "index.php" and the "debug.php" scripts. ClanSphere version 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/28224
  • 08.12.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eWeather "chart" Parameter Cross-Site Scripting
  • Description: eWeather is a weather module for the PHP-Nuke content manager. The application is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. This issue occurs in the "chart" parameter of the "eWeather" module.
  • Ref: http://www.securityfocus.com/archive/1/489504
  • 08.12.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cfnetgs "index.php" Cross-Site Scripting
  • Description: cfnetgs is a web-based photo gallery application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "directory" parameter of the "index.php" script. cfnetgs version 0.24 is affected.
  • Ref: http://www.securityfocus.com/bid/28267
  • 08.12.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RSA WebID "IISWebAgentIF.dll" Cross-Site Scripting
  • Description: RSA WebID is a web authentication framework. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "postdata" parameter in conjunction with the "IISWebAgentIF.dll" library. RSA WebID version 5.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489691
  • 08.12.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Imperva SecureSphere Cross-Site Scripting
  • Description: Imperva SecureSphere is an application-data security appliance used to monitor and audit application and database activity. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Imperva SecureSphere version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28279
  • 08.12.50 - CVE: CVE-2008-0125
  • Platform: Web Application - Cross Site Scripting
  • Title: phpstats "phpstats.php" Cross-Site Scripting
  • Description: phpstats is a web-based tool for creating statistical information about a file tree. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "baseDir" parameter of the "phpstats.php" script. phpstats version 0.1_alpha is affected.
  • Ref: http://www.securityfocus.com/archive/1/489722
  • 08.12.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: webSPELL "index.php" Cross-Site Scripting
  • Description: webSPELL is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "board" parameter of the "index.php" script. webSPELL version 4.01.02 is affected.
  • Ref: http://www.securityfocus.com/bid/28294
  • 08.12.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eForum "busca.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: eForum is a PHP-based, flat-file web forum. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input to the "busca" and "link" parameters of the "busca.php" script. eForum version 0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489738
  • 08.12.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eXV2 Viso Module "kid" Parameter SQL Injection
  • Description: The Viso module is a component for the eXV2 content manager. The application is exposed to user-supplied data of the "kid" parameter. eXV2 Viso Module version 2.03 is affected.
  • Ref: http://www.securityfocus.com/bid/28255
  • 08.12.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eXV2 CMS WebChat Module "roomid" Parameter SQL Injection
  • Description: WebChat is a PHP-based chat module for the eXV2 content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "roomid" parameter of the "modules/WebChat/index.php" script before using it in an SQL query. WebChat version 1.60 is affected.
  • Ref: http://www.securityfocus.com/bid/28256
  • 08.12.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: auraCMS "HTTP_X_FORWARDED_FOR" SQL Injection
  • Description: auraCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input in the "HTTP_X_FORWARDED_FOR" variable of an HTTP request. This issue occurs in the "online.php" script. AuraCMS versions 2.0, 2.1 and 2.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/28257
  • 08.12.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eXV2 "eBlog" Module "blog_id" Parameter SQL Injection
  • Description: The "eBlog" module is a PHP-based blogging component for the eXV2 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "blog_id" parameter of the "eBlog" module before using it in an SQL query. "eBlog" module version 1.200 is affected.
  • Ref: http://www.securityfocus.com/bid/28223
  • 08.12.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eXV2 MyAnnonces Module "lid" Parameter SQL Injection
  • Description: MyAnnonces is a PHP-based plugin for the eXV2 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lid" parameter of the "MyAnnonces" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28254
  • 08.12.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MAXdev My eGallery Module for XOOPS "gid" Parameter SQL Injection
  • Description: MAXdev My eGallery module is a PHP-based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gid" parameter of the "my_egallery/index.php" module before using it in an SQL query. My eGallery version 3.04 is affected.
  • Ref: http://www.securityfocus.com/bid/28220
  • 08.12.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Fully Modded PHPBB2 "kb.php" SQL Injection
  • Description: Fully Modded PHPBB2 is a modification to PHPBB2 that allows users to store information about their vehicle. PHPBB2 is an open-source forum application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "k" parameter of the "kb.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/489468
  • 08.12.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: bamaGalerie "viewcat.php" SQL Injection
  • Description: bamaGalerie is a photo gallery module for the exV2 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "viewcat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28229
  • 08.12.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS MyTutorials Module "printpage.php" SQL Injection
  • Description: MyTutorials is a PHP-based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tid" parameter of the "printpage.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28230
  • 08.12.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasyGallery "index.php" Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: EasyGallery is a web-based photo album application implemented in PHP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data to the "index.php" script. EasyGallery version 5.0tr is affected.
  • Ref: http://www.securityfocus.com/archive/1/489583
  • 08.12.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LaGarde StoreFront "SearchResults.aspx" SQL Injection
  • Description: StoreFront is an e-commerce shopping cart. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CategoryId" parameter of the "SearchResults.aspx" script. StoreFront 6 versions prior to Service Pack 8 are affected. Ref: http://support.storefront.net/storefront6/kbase/kbview.aspx?kbID=454
  • 08.12.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Virtual Support Office-XP "MyIssuesView.asp" SQL Injection
  • Description: Virtual Support Office-XP is a web-based helpdesk application written in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Issue_ID" parameter of the "MyIssuesView.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/489545
  • 08.12.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_guide" Component "category" Parameter SQL Injection
  • Description: The "guide" component is a plug-in for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "com_guide" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28269
  • 08.12.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBP "id" Parameter SQL Injection
  • Description: phpBP is a web-based content management system implemented in PHP. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "/includes/functions/banners-external.php" script before using it in an SQL query. phpBP version RC3 (2.204) FIX4 is affected.
  • Ref: http://www.securityfocus.com/bid/28272
  • 08.12.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Dictionary Module "print.php" SQL Injection
  • Description: Dictionary is a PHP-based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "print.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28275
  • 08.12.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Acajoom Component "mailingid" Parameter SQL Injection
  • Description: The Acajoom component is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mailingid" parameter of the "com_acajoom" component before using it in an SQL query. Acajoom version 1.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28305
  • 08.12.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KAPhotoservice "album.asp" SQL Injection
  • Description: KAPhotoservice is a web-based application for ordering photograph prints. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "albumid" parameter of the "album.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28306
  • 08.12.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easy-Clanpage "id" Parameter SQL Injection
  • Description: Easy-Clanpage is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query. Easy-Clanpage version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28309
  • 08.12.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple Time Sheets "tab" Parameter Multiple Input Validation Vulnerabilities
  • Description: Multiple Time Sheets (MTS) is a time tracking application implemented in PHP. The application is exposed to multiple input validation issues. Multiple Time Sheets version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489689
  • 08.12.72 - CVE: Not Available
  • Platform: Web Application
  • Title: DB2 Monitoring Console Multiple Unspecified Security Bypass Vulnerabilities
  • Description: DB2 Monitoring Console is an open-source, web-based console application used for developing software projects around IBM's DB2 database. The application is exposed to multiple unspecified issues. DB2 Monitoring Console versions prior to 2.2.25 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=583793&group_id=211760
  • 08.12.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Uberghey CMS "index.php" Multiple Local File Include Vulnerabilities
  • Description: Uberghey CMS is a PHP-based content management application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "page_id" and "language" parameters in the "index.php" script. Uberghey CMS version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489451
  • 08.12.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Travelsized CMS "index.php" Multiple Local File Include Vulnerabilities
  • Description: Travelsized CMS is a content management system implemented in PHP. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Travelsized CMS version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489457
  • 08.12.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Acyhost "index.php" Remote File Include
  • Description: Acyhost is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sayfa" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/28231
  • 08.12.76 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyCalendar SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: EasyCalendar is a web-based calendar application. The application is exposed to multiple input validation issues. EasyCalendar version 4.0tr is affected.
  • Ref: http://www.securityfocus.com/archive/1/489689
  • 08.12.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Polymita Technologies Multiple Products Cross-Site Scripting Vulnerabilities
  • Description: Polymita BPM-Suite is a web-based application suite used to manage business processes. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "_q" and "lucene_index_field_value" parameters when a search operation is carried out. Polymita BPM-Suite and Polymita CollagePortal are affected.
  • Ref: http://www.securityfocus.com/bid/28237
  • 08.12.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Roundup XML-RPC Server Security Bypass
  • Description: Roundup is an issue-tracking system. It is implemented in Python. The application is exposed to a security bypass issue that stems from an access validation error. Roundup version 1.4.4 is affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
  • 08.12.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Roundup Unspecified Security Vulnerabilities
  • Description: Roundup is an issue-tracking system. The application is exposed to multiple unspecified issues. Roundup versions prior to 1.4.4 are affected. Ref: http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?view=markup&content-type=text/vnd.viewcvs-markup&revision=HEAD
  • 08.12.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Edior CMS "search.php" Directory Traversal
  • Description: Edior CMS is a content-management application implemented in PHP. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. Edior CMS version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489498
  • 08.12.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PBSite Multiple Input Validation Vulnerabilities
  • Description: PBSite is a web-based forum application implemented in PHP. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/28269
  • 08.12.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Exero CMS "theme" Parameter Multiple Local File Include Vulnerabilities
  • Description: Exero CMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "theme" parameter. Exero CMS version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28273
  • 08.12.83 - CVE: Not Available
  • Platform: Web Application
  • Title: WEBalbum "photo_add.php" Security Bypass
  • Description: WEBalbum is a web-based photo album implemented in PHP. The application is exposed to a security bypass issue because the application fails to restrict access to the "photo_add.php". WEBalbum version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28280
  • 08.12.84 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPauction "include_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: PHPauction is a web-based auctioning application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "include_path" parameter of the following scripts: "includes/converter.inc.php", "includes/messages.inc.php" and "includes/settings.inc.php". PHPauction version 2.51 is affected.
  • Ref: http://www.securityfocus.com/bid/28284
  • 08.12.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Strawberry "html.php" Remote Code Execution
  • Description: Strawberry is a web-based news application implemented in PHP. It is formerly known as CuteNews. The application is exposed to a remote code execution issue because it fails to properly sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/27160
  • 08.12.86 - CVE: Not Available
  • Platform: Web Application
  • Title: TUTOS "cmd.php" Remote Command Execution
  • Description: TUTOS (The Ultimate Team Organization Software) is a PHP-based application that allows users to manage teams or groups. The application is exposed to a remote command execution issue because it fails to sufficiently sanitize user-supplied data to the "cmd" parameter of the "cmd.php" script. TUTOS version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27169
  • 08.12.87 - CVE: Not Available
  • Platform: Web Application
  • Title: cPanel List Directories and Folders Information Disclosure
  • Description: cPanel is a web-hosting control panel implemented in PHP. The application is exposed to an information disclosure issue because the application fails to sufficiently sanitize user-supplied input to the "showtree" parameter of the "frontend/x/diskusage/index.html" script.
  • Ref: http://www.securityfocus.com/archive/1/489747
  • 08.12.88 - CVE: CVE-2008-0073
  • Platform: Web Application
  • Title: xine-lib "sdpplin_parse()" Remote Buffer Overflow
  • Description: The "xine-lib" library allows various media players to play various media formats. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. xine-lib version 1.1.10.1 is affected.
  • Ref: http://secunia.com/secunia_research/2008-10/advisory/
  • 08.12.89 - CVE: Not Available
  • Platform: Network Device
  • Title: RaidSonic NAS-4220-B Encryption Key Disclosure
  • Description: RaidSonic NAS-4220-B is a Network Attached Storage (NAS) device that can hold up to two SATA hard drives. The device uses a Linux-based operating system. NS-4220-B is exposed to this issue because the key used by the device to encrypt hard drive data is stored insecurely in the configuration partitions of each drive. NAS-4220-B running firmware version 2.6.0-n(2007-10-11) is affected.
  • Ref: http://www.securityfocus.com/archive/1/489690
  • 08.12.90 - CVE: Not Available
  • Platform: Network Device
  • Title: F-Secure Multiple Products Multiple Remote Archive Handling Vulnerabilities
  • Description: Multiple F-Secure products are exposed to multiple remote archive handling issues due to the failure of these applications to properly handle malformed archive files.
  • Ref: http://www.securityfocus.com/archive/1/489706

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

...class was well done, and I genuinely appreciate you "breathing life" into 7799. The anecdotal stories were worth the trip as were the experiences of those in classroom who shared.
-Liam Doyle, Regions Financial Corporation

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc