Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 13
March 27, 2008

SANS Newsletters Home

Malicious Word and Excel documents are being used to penetrate sensitive government and commercial sites. This week's critical Word vulnerability is another attack vector. In addition Novell's eDirectory has a critical vulnerability that could lead to disclosure of user data enabling further attacks, and Firefox and Thunderbird and other Mozilla products also have newly discovered critically flaws this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1
    • Microsoft Office
    • 1 (#2)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 4 (#7)
    • Mac Os
    • 25 (#4)
    • Linux
    • 1
    • Solaris
    • 1
    • Aix
    • 1
    • Unix
    • 1
    • Novell
    • 1 (#1)
    • Cross Platform
    • 24 (#3, #5, #6)
    • Web Application - Cross Site Scripting
    • 16
    • Web Application - SQL Injection
    • 23
    • Web Application
    • 26
    • Network Device
    • 8

*************************** Sponsored By SANS ***************************

What application security tools work best? How can we ensure our programmers know common security flaws and consistently eliminate them from code we are deploying? Attend the Application Security Summit June 2-3 and learn the answers to these and other key application security questions. As a bonus, register for the GIAC Certified Secure Programmer exam on May 30. http://www.sans.org/info/26494

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Aix
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Word Document Handling Vulnerability
  • Affected:
    • Microsoft Word 2000
    • Microsoft Word 2002
    • Microsoft Word 2003
    • Microsoft Word 2007

  • Description: The Microsoft Jet database engine is used to provide database access and functionality to a variety of applications, including Microsoft Word. A buffer overflow vulnerability is present in the database engine, and this overflow can be exploited via a specially crafted Word document. By exploiting this vulnerability, an attacker could execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Word, documents are not opened upon receipt without further user interaction. Reports indicate that this vulnerability is being actively exploited in the wild. It is currently unknown whether other applications using the Jet datbase engine are vulnerable. This vulnerability is believed to be related to a publicly disclosed vulnerability in the Microsoft Jet database engine, for which full technical details and a proof-of-concept are publicly available. If this is the case, then this advisory indicates a new exploitation vector for that vulnerability.

  • Status: Microsoft confirmed, no updates available. Note that users of Microsoft Windows Vista and Microsoft Windows Server 2003 Service Pack 2 are not vulnerable.

  • References:
  • (3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
  • Affected:
    • Mozilla Firefox versions 2.0.0.12 and prior
    • Mozilla SeaMonkey versions 1.1.8 and prior
    • Mozilla Thunderbird versions 2.0.0.12 and prior.

  • Description: Several products from the Mozilla Foundation, including its popular Firefox web browser, internet suite SeaMonkey, and email client Thunderbird, contain multiple vulnerabilities. These vulnerabilities stem from various input validation vulnerabilities, and the consequences range from arbitrary remote code execution with the privileges of the current user to cross-site-scripting and denial-of-service. Full technical details are available for these vulnerabilities via source code analysis. Note that Thunderbird is not vulnerable to the remote code execution vulnerabilities in its default configuration.

  • Status: Mozilla confirmed, updates available.

  • References:
  • (4) HIGH: Apple Aperture and iLife DNG Handling Buffer Overflow
  • Affected:
    • Apple Aperture versions 2.x
    • Apple iLife iPhoto versions 7.x

  • Description: DNG or "Digital Negative" is an open image format created by Adobe. Apple's Aperture and iPhoto applications fail to properly handle certain malformed DNG files. A specially crafted DNG file could trigger a stack-based buffer overflow in these applications. Successfully exploiting this overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Note that user interaction may be required to exploit this vulnerability, in that the user must manually load the malicious file into a vulnerable application.

  • Status: Apple confirmed, updates available.

  • References:
  • (5) HIGH: SurgeMail LSUB Command Handling Buffer Overflow
  • Affected:
    • SurgeMail versions 38k4-4 and prior

  • Description: SurgeMail is a popular multiplatform mail suite for enterprises. Its Internet Message Access Protocol (IMAP) component fails to properly handle the 'LSUB' command. An overlong LSUB command could trigger a stack-based buffer overflow. Exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. A proof-of-concept is publicly available for this vulnerability. Note that an attacker requires authentication to exploit this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Other Software
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 13, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.13.1 - CVE: CVE-2008-0951
  • Platform: Windows
  • Title: Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution
  • Description: Microsoft Windows Vista is exposed to an issue that may result in the automatic execution of a file due to a failure to handle the "NoDriveTypeAutoRun" registry value.
  • Ref: http://www.kb.cert.org/vuls/id/889747
  • 08.13.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Jet Database Engine MDB File Parsing Unspecified Remote Code Execution
  • Description: Microsoft Jet Database Engine (Jet) provides data access to various applications such as Microsoft Access, Microsoft Visual Basic, and third-party applications. The application is exposed to a remote code execution issue when handling malicious MDB files. Several Microsoft Word versions are affected. See the Reference link for details.
  • Ref: http://www.securityfocus.com/bid/28398
  • 08.13.3 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer 7 "setRequestHeader()" Multiple Vulnerabilities
  • Description: Microsoft Internet Explorer 7 is exposed to multiple issues that allow for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling attacks through a user's browser. Microsoft Internet Explorer 7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489960
  • 08.13.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Piczo Fast Picture Uploader "ImageUploader4.ocx" ActiveX Control Buffer Overflow
  • Description: Piczo Fast Picture Uploader ActiveX Control lets users upload images to a server. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. ImageUploader4.ocx version 4.1.36.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489887
  • 08.13.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ASUS Remote Console DPC Proxy Buffer Overflow
  • Description: ASUS Remote Console is an application that allows users to control and monitor a remote host. The application is exposed to a buffer overflow issue in the DPC Proxy. ASUS Remote Console version 2.0.0.19 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489966
  • 08.13.6 - CVE: CVE-2008-0070
  • Platform: Third Party Windows Apps
  • Title: Orb Networks Orb RPC Request Remote Integer Overflow
  • Description: Orb is an application that allows users to access media stored on remote computers. The software is exposed to an integer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Orb version 2.00.1014 is affected.
  • Ref: http://secunia.com/secunia_research/2008-5/advisory/
  • 08.13.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LEADTOOLS Multimedia "LTMM15.DLL" ActiveX Control Arbitrary File Overwrite Vulnerabilities
  • Description: LEADTOOLS Multimedia is a Software Development Kit (SDK) for creating multimedia applications. The application is exposed to multiple issues that allow attackers to overwrite arbitrary files. LEADTOOLS Multimedia version 15 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.13.8 - CVE: CVE-2008-0996
  • Platform: Mac Os
  • Title: Apple Mac OS X Authenticated Print Queue Information Disclosure
  • Description: Apple Mac OS X is exposed to a local information disclosure issue. This issue occurs when printing to authenticated print queues. When a print job is started, the authentication credentials may be saved to disk.
  • Ref: http://www.securityfocus.com/bid/28344
  • 08.13.9 - CVE: CVE-2008-0990
  • Platform: Mac Os
  • Title: Apple Mac OS X "notifyd" Local Denial of Service
  • Description: Apple Mac OS X is exposed to a local denial of service issue because "notifyd" fails to verify that Mach port death notifications originated from the kernel.
  • Ref: http://www.securityfocus.com/bid/28345
  • 08.13.10 - CVE: CVE-2008-0055
  • Platform: Mac Os
  • Title: Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation
  • Description: Apple Mac OS X Foundation is exposed to a local privilege escalation issue. This issue affects the "NSFileManager" when it performs recursive file-copying operations.
  • Ref: http://www.securityfocus.com/bid/28343
  • 08.13.11 - CVE: CVE-2008-0044
  • Platform: Mac Os
  • Title: Apple Mac OS X AFP Client "afp://" URI Remote Code Execution
  • Description: AFP client is an application that allows users to connect to AFP servers. Apple Filing Protocol (AFP) is a protocol for file services for Mac OS X. The application is exposed to remote code execution issue that affects the AFP Client when handling specially crafted "afp://" URI.
  • Ref: http://www.securityfocus.com/bid/28320
  • 08.13.12 - CVE: CVE-2008-0045
  • Platform: Mac Os
  • Title: Apple Mac OS X AFP Server Cross-Realm Authentication Bypass
  • Description: AFP Server is an application that provides file services including uploading and downloading files onto a user's computer. The application is exposed to an authentication bypass issue that occurs in the AFP Server because AFP Server's fail to validate the Kerberos principal realm names.
  • Ref: http://www.securityfocus.com/bid/28323
  • 08.13.13 - CVE: CVE-2008-0989
  • Platform: Mac Os
  • Title: Apple Mac OS X mDNSResponderHelper Local Format String
  • Description: Apple Mac OS X is exposed to a local format string issue because mDNSResponderHelper fails to adequately sanitize user-supplied data in the local "hostname" before passing it to a formatted-printing function.
  • Ref: http://www.securityfocus.com/bid/28339
  • 08.13.14 - CVE: CVE-2008-0049
  • Platform: Mac Os
  • Title: Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation
  • Description: Apple Mac OS X is exposed to a local privilege escalation issue that affects Appkit. Specifically, a mach port in NSApplication is unintentionally available for inter-process communication.
  • Ref: http://www.securityfocus.com/bid/28340
  • 08.13.15 - CVE: CVE-2008-0054
  • Platform: Mac Os
  • Title: Apple Mac OS X Foundation "NSSelectorFromString" Input Validation
  • Description: Apple Mac OS X Foundation is exposed to an input validation issue. This issue affects the "NSSelectorFromString" API. Specifically, an unexpected selector may be returned when passing a malformed selector name.
  • Ref: http://www.securityfocus.com/bid/28341
  • 08.13.16 - CVE: CVE-2008-0056
  • Platform: Mac Os
  • Title: Apple Mac OS X Foundation "NSFileManager" Stack-Based Buffer Overflow
  • Description: Apple Mac OS X Foundation is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/28357
  • 08.13.17 - CVE: CVE-2008-0057
  • Platform: Mac Os
  • Title: Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities
  • Description: Apple Mac OS X AppKit is exposed to multiple integer overflow issues when parsing a legacy serialization format.
  • Ref: http://www.securityfocus.com/bid/28358
  • 08.13.18 - CVE: CVE-2008-0058
  • Platform: Mac Os
  • Title: Apple Mac OS X Foundation "NSURLConnection" Cache Management Race Condition Security
  • Description: Apple Mac OS X Foundation is exposed to a race condition security issue that affects the "NSURLConnection" API cache management, which can cause a deallocated object to receive messages.
  • Ref: http://www.securityfocus.com/bid/28359
  • 08.13.19 - CVE: CVE-2008-0987
  • Platform: Mac Os
  • Title: Apple Mac OS X Image RAW Stack-Based Buffer Overflow
  • Description: Apple Mac OS X Image RAW is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. This issue affects the handling of Adobe Digital Negative (DNG) image files.
  • Ref: http://www.securityfocus.com/bid/28363
  • 08.13.20 - CVE: CVE-2008-0997
  • Platform: Mac Os
  • Title: Apple Mac OS X AppKit PPD File Stack Buffer Overflow
  • Description: Apple Mac OS X is exposed to a stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs in AppKit when querying a network printer.
  • Ref: http://www.securityfocus.com/bid/28364
  • 08.13.21 - CVE: CVE-2008-0992
  • Platform: Mac Os
  • Title: Apple Mac OS X pax Archive Utility Remote Code Execution
  • Description: Apple Mac OS X is exposed to a remote code execution issue because the application fails to adequately validate user-supplied data. This issue occurs because the pax command line utility fails to check an unspecified length value in a specially-crafted archive before using it as an array index.
  • Ref: http://www.securityfocus.com/bid/28365
  • 08.13.22 - CVE: CVE-2008-0059
  • Platform: Mac Os
  • Title: Apple Mac OS X Foundation "NSXML" XML File Processing Race Condition Security
  • Description: Apple Mac OS X Foundation is exposed to a race condition security issue. This issue affects the error-handling logic of the "NSXML" API.
  • Ref: http://www.securityfocus.com/bid/28367
  • 08.13.23 - CVE: CVE-2008-0046
  • Platform: Mac Os
  • Title: Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness
  • Description: Apple Mac OS X is exposed to a security weakness that may result in unsafe firewall configurations. This issue occurs because the "Set access for specific services and applications" radio button of the application firewall preference pane is translated into German incorrectly.
  • Ref: http://www.securityfocus.com/bid/28368
  • 08.13.24 - CVE: CVE-2008-0060
  • Platform: Mac Os
  • Title: Apple Mac OS X Help Viewer Remote Applescript Code Execution
  • Description: Apple Mac OS X Help Viewer is exposed to a remote arbitrary Applescript code execution issue due to insufficient sanitizing of HTML statements on data used in help topic lists.
  • Ref: http://www.securityfocus.com/bid/28371
  • 08.13.25 - CVE: CVE-2008-0993
  • Platform: Mac Os
  • Title: Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure
  • Description: Apple Mac OS X is exposed to a local information disclosure issue because the Podcast Capture application, of Podcast Producer, supplies password data to a subtask via an unspecified argument.
  • Ref: http://www.securityfocus.com/bid/28372
  • 08.13.26 - CVE: CVE-2008-0988
  • Platform: Mac Os
  • Title: Apple Mac OS X libc "strnstr(3)" Off-By-One Denial of Service
  • Description: Apple Mac OS X libc is exposed to an off-by-one denial of service issue because it fails to adequately bounds check input data. This issue affects the Libsystem implementation of "strnstr(3)".
  • Ref: http://www.securityfocus.com/bid/28374
  • 08.13.27 - CVE: CVE-2008-0051
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation
  • Description: Apple Mac OS X is exposed to a local privilege escalation issue due to an integer overflow that occurs in CoreFoundation. Specifically, the vulnerability exists due to the handling of malformed time zone data.
  • Ref: http://www.securityfocus.com/bid/28375
  • 08.13.28 - CVE: CVE-2008-0052
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreServices ".ief" Files Security Policy Violation Weakness
  • Description: Apple Mac OS X is exposed to a weakness that may allow certain security policies to be violated. The issue occurs in the CoreServices. Specifically, files ending with the ".ief" can automatically be opened provided that Safari's "Open Safe file" preference is enabled.
  • Ref: http://www.securityfocus.com/bid/28384
  • 08.13.29 - CVE: CVE-2008-0998
  • Platform: Mac Os
  • Title: Apple Mac OS X NetCfgTool Local Privilege Escalation
  • Description: Apple Mac OS X is exposed to a local privilege escalation issue because "NetCfgTool" uses distributed objects to communicate with untrusted local programs when handling specially crafted messages.
  • Ref: http://www.securityfocus.com/bid/28385
  • 08.13.30 - CVE: CVE-2008-0994
  • Platform: Mac Os
  • Title: Apple Mac OS X Preview PDF Insecure Encryption Weakness
  • Description: Apple Mac OS X is exposed to a weakness due to the use of the insecure 40-bit RC4 encryption algorithm. This occurs when saving data to encrypted PDF format from Preview.
  • Ref: http://www.securityfocus.com/bid/28386
  • 08.13.31 - CVE: CVE-2008-0995
  • Platform: Mac Os
  • Title: Apple Mac OS X Printing To PDF Insecure Encryption Weakness
  • Description: Apple Mac OS X is exposed to a weakness due to the use of the insecure 40-bit RC4 encryption algorithm. This occurs when printing to encrypted PDF.
  • Ref: http://www.securityfocus.com/bid/28387
  • 08.13.32 - CVE: CVE-2008-0048
  • Platform: Mac Os
  • Title: Apple Mac OS X AppKit NSDocument API's Stack-Based Buffer Overflow
  • Description: Apple Mac OS X is exposed to a stack-based buffer overflow issue that occurs in AppKit. This issue occurs because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/bid/28388
  • 08.13.33 - CVE: CVE-2008-1383
  • Platform: Linux
  • Title: Gentoo "ssl-cert" eclass Information Disclosure
  • Description: The "ssl-cert" eclass is a module used by Gebtoo Linux to generate SSL certificates. Gentoo is exposed to an information disclosure issue. The issue stems from an incorrect use of the "ssl-cert" eclass. Multiple ebuilds included in Gentoo Linux are affected.
  • Ref: http://www.securityfocus.com/bid/28350
  • 08.13.34 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "rpc.ypupdated" Arbitrary Command Execution Vulnerability Description: Sun Solaris is an enterprise-grade UNIX distribution. Solaris is prone to an arbitrary command execution vulnerability because it fails to adequa
  • Ref: http://www.securityfocus.com/bid/28385
  • 08.13.35 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "usr/sbin/chnfsmnt" Unspecified Vulnerability
  • Description: IBM AIX is prone to an unspecified vulnerability. This issue arises because the "usr/sbin/chnfsmnt" command does not use the full file path to properly call binaries.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ18296
  • 08.13.36 - CVE: CVE-2008-0053
  • Platform: Unix
  • Title: CUPS Multiple Unspecified Input Validation Vulnerabilities
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. The application is exposed to multiple unspecified input validation issues.
  • Ref: http://www.securityfocus.com/bid/28334
  • 08.13.37 - CVE: CVE-2008-0926
  • Platform: Novell
  • Title: Novell eDirectory eMBox Utility "edirutil" Command Unspecified Vulnerability
  • Description: Novell eDirectory is a directory service application used to centrally manage computer resources on a network. The application is exposed to an unspecified issue due to an error in the "edirutil" command of the eMBox utility. eDirectory versions 8.8 and earlier, and 8.7.3.9 and earlier are affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html
  • 08.13.38 - CVE: CVE-2008-1201
  • Platform: Cross Platform
  • Title: Adobe Flash FLA File Processing Remote Code Execution
  • Description: Flash CS3 Professional, Flash Professional, and Flash Basic are multimedia applications available for Microsoft Windows and Apple Mac OS X. The applications are exposed to a remote code execution issue during the processing of malicious FLA files. Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Microsoft Windows are affected.
  • Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-07.html
  • 08.13.39 - CVE: CVE-2006-7232
  • Platform: Cross Platform
  • Title: MySQL INFORMATION_SCHEMA Remote Denial Of Service
  • Description: MySQL is an open-source SQL database manager available for multiple operating systems. The application is exposed to a remote denial of service issue because it fails to handle certain specially crafted queries. MySQL versions prior to 5.0.32 and 5.1.14 are affected.
  • Ref: http://bugs.mysql.com/bug.php?id=22413
  • 10.5.2, - CVE: CVE-2008-100410.4.1 and Microsoft Windows XP, and Windows Vista areaffected.
  • Platform: Cross Platform
  • Title: Apple Safari Web Inspector Remote Code Injection
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a remote code injection issue. Specifically, when Web Inspector is used on a malicious page, script code from that page will execute in the context of other domains, and be able to access the vulnerable computer's file system. Apple Safari versions prior to 3.1 running on Apple Mac OS X
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.41 - CVE: CVE-2008-0707
  • Platform: Cross Platform
  • Title: HP StorageWorks Library and Tape Tools Unspecified Local Security Bypass
  • Description: HP StorageWorks Library and Tape Tools (LTT) diagnostic tool for tape mechanisms, tape automation and magneto-optical products. The application is exposed to a local security bypass issue.
  • Ref: http://www.securityfocus.com/bid/28314
  • 08.13.42 - CVE: CVE-2008-1390
  • Platform: Cross Platform
  • Title: Asterisk Predictable HTTP Manager Session ID Security Bypass
  • Description: Asterisk is an open-source PBX application available for multiple operating platforms. The application is exposed to an issue that can allow an attacker to predict the "manager" session ID in the AsteriskGUI HTTP server. This issue is caused by the method that Asterisk uses to generate session IDs.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-005.html
  • 08.13.43 - CVE: CVE-2008-1005
  • Platform: Cross Platform
  • Title: Apple Safari WebCore "Kotoeri" Password Field Information Disclosure
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to an information disclosure issue that affects the "WebCore" component, and allows an attacker to use "Kotoeri" reverse conversion to display a hidden password field. Apple Safari versions prior to 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.44 - CVE: CVE-2008-0889
  • Platform: Cross Platform
  • Title: Red Hat "redhat-idm-console" Insecure Startup Script Local Privilege Escalation
  • Description: The "redhat-idm-console" application is a Java-based remote management console used for managing Red Hat Administration Server and Red Hat Directory Server. The application is exposed to a local privilege escalation issue because of insecure permissions on its startup script. "redhat-idm-console" application version 1.0.0 used with Red Hat Directory Server 8 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0191.html
  • 08.13.45 - CVE: CVE-2008-101010.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Platform: Cross Platform
  • Title: Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied input before using it in an insufficiently sized buffer. Specifically, WebKit fails to properly handle JavaScript regular expressions. Apple Safari versions prior to 3.1 running on Apple Mac OS X 10.4.1 and
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.46 - CVE: CVE-2008-0050
  • Platform: Cross Platform
  • Title: Apple Safari CFNetwork Arbitrary Secure Website Spoofing
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to an issue that could allow a malicious HTTPS proxy server to spoof a secure website. The problem occurs when handling arbitrary data to CFNetwork in a 502 Bad Gateway error.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CenterIM URI Hanlding Remote Arbitrary Command Execution
  • Description: CenterIM is an instant messaging application based on CenterICQ. The application is exposed to a remote shell command execution issue because it fails to sufficiently sanitize user-supplied data. Specifically, this occurs when handling URIs supplied via instant messages. CenterIM version 4.22.3 is affected.
  • Ref: http://www.centerim.org/index.php/Main_Page
  • 08.13.48 - CVE: CVE-2008-0931
  • Platform: Cross Platform
  • Title: XWine WINE Configuration File Local Arbitrary Command Execution
  • Description: XWine is a graphical user interface for WINE. The application is exposed to an issue that can allow local attackers to execute arbitrary commands. This issue is due to the "w_export.c" source file, which sets the permissions of the WINE configuration file "/etc/wine/config/" to be world-writable. XWine version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28369
  • 08.13.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
  • Description: xine is a media player application. xine-lib is the core library for applications that use the xine. The application is exposed to multiple heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. xine-lib version 1.1.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489894
  • 08.13.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail IMAP LSUB Command Remote Stack Buffer Overflow
  • Description: SurgeMail is a commercial email application that contains an IMAP server; it runs on multiple platforms. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds-check user-supplied input. SurgeMail version 3.8k4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489959
  • 08.13.51 - CVE: CVE-2008-1384
  • Platform: Cross Platform
  • Title: PHP 5 "php_sprintf_appendstring()" Remote Integer Overflow
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to an integer overflow issue because it fails to properly ensure that integer values are not overrun. PHP versions 5.2.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/489962
  • 08.13.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari File Download Remote Denial of Service
  • Description: Apple Safari is a web browser available for multiple operating systems. Safari is exposed to a remote denial of service issue that occurs when handling files with large names during a download operation. Safari version 3.1 running on Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/archive/1/489965
  • 08.13.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Window.setTimeout Variant Content Spoofing
  • Description: Apple Safari is a web browser for multiple operating platforms. It is produced by Apple and is currently in Beta for the Windows platform. The application is exposed to a content-spoofing issue that allows attackers to populate a vulnerable Safari browser window with arbitrary malicious content. Safari version 3.1 running on Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/archive/1/489972
  • 08.13.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: snircd And ircu "set_user_mode" Remote Denial of Service
  • Description: snircd is an IRC daemon based on ircu. The application is exposed to a denial of service issue because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the "set_user_mode()" function of the "s_user.c" source file. snircd versions up to and including 1.3.4, and ircu versions up to and including 2.10.12.12 are affected.
  • Ref: http://www.securityfocus.com/archive/1/489990
  • 08.13.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hamachi VPN Local Login Credentials Information Disclosure
  • Description: Hamchi is a freely-available VPN (Virtual Private Network) application used to securely connect remote computers to networks. The application is exposed to a local information disclosure issue because it fails to protect user login credentials. Hamachi version 1.0.2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490012
  • 08.13.56 - CVE: CVE-2008-1489
  • Platform: Cross Platform
  • Title: VLC Media Player "MP4_ReadBox_rdrf()" Buffer Overflow
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue stems from an integer overflow within the "MP4_ReadBox_rdrf()" function in the "modules/demux/mp4/libmp4.c" file. VLC media player version 0.8.6e is affected. Ref: http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
  • 08.13.57 - CVE: CVE-2008-0924
  • Platform: Cross Platform
  • Title: Novell eDirectory LDAP Extended Request Message Buffer Overflow
  • Description: Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server that also implements NCP (NetWare Core Protocol). The application is exposed to a buffer overflow issue when excessive data as part of an LDAP Extended Request message is copied into a finite-sized stack buffer without performing adequate boundary checks. eDirectory versions 8.8.1 and earlier, and 8.7.3.9 and earlier for Linux, Solaris, and Windows platforms are affected. Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html
  • 08.13.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DotNetNuke Prior to 4.8.2 Multiple Remote Vulnerabilities
  • Description: DotNetNuke is an open-source Web Application Framework used to create and deploy websites. The application is exposed to multiple issues. DotNetNuke versions prior to 4.8.2 are affected. Ref: http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspx
  • 08.13.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SILC Client and Server Key Negotiation Protocol Remote Buffer Overflow
  • Description: SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services over the Internet. The application is exposed to a buffer overflow issue that occurs in the "slic_pcks1'_decode" function of the "slicpkcs1.c" source file. SILC Client versions prior to 1.1.4, and SILC Server versions prior to 1.1.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/490069
  • 08.13.60 - CVE: CVE-2008-1483
  • Platform: Cross Platform
  • Title: OpenSSH X connections Session Hijacking
  • Description: OpenSSH is a free implementation of the Secure Shell protocol suite. It is available for various operating systems. The application is exposed to an issue that allows attackers to hijack forwarded X connections. This issue occurs because the application fails to properly ensure that TCP ports are not already in use when assigning the X DISPLAY variable for forwarded X connections. OpenSSH version 4.3p2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
  • 08.13.61 - CVE: CVE-2008-1429
  • Platform: Cross Platform
  • Title: SILC Server "NEW_CLIENT" Remote Denial of Service
  • Description: SILC (Secure Internet Live Conferencing) is a protocol that provides secure conferencing services over the Internet. SILC Server implements a server supporting the SILC protocol. The application is exposed to a denial of service issue because it fails to properly handle exceptional conditions. SILC versions prior to 1.1.1 are affected.
  • Ref: http://silcnet.org/docs/release/SILC%20Server%201.1.1
  • 08.13.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: News-Template "print.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: News-Template is a PHP-based news application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the following parameters of the "print.php" script: "ide" and "file_name".
  • Ref: http://www.securityfocus.com/bid/28353
  • 08.13.63 - CVE: CVE-2007-1011
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari WebKit Frame Method Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, a frame on one site may be able to access methods of a frame on another site. Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.64 - CVE: CVE-2008-1001
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari Error Page Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the application's error page displays content from a followed URI. Apple Safari versions prior to 3.1 running on Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.65 - CVE: CVE-2007-4592
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Rational ClearQuest Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities
  • Description: IBM Rational ClearQuest is an application for managing software projects. The application is exposed to multiple cross-site scripting issues because it fails to adequately sanitize user-supplied input. Ration ClearQuest versions 2003.06.16, 7.0.0.1, 7.0.0.2, 7.0.1.0, and 7.0.1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/489861
  • 08.13.66 - CVE: CVE-2008-1002
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari Javascript URL Parsing Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, malicious JavaScript URLs from a visited page may be able to access properties of another web page. Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://www.kb.cert.org/vuls/id/766019
  • 08.13.67 - CVE: CVE-2008-100310.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari WebCore "document.domain" Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the "WebCore" component of the browser fails to properly handle sites that have specifically set the "document.domain" property, or HTTP and HTTPS sites with the same "document.domain". Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11, and
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.68 - CVE: CVE-2008-1006
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari WebCore "window.open()" Function Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the "window.open()" function of "WebCore" can be utilized by a malicious web page to change the security context to that of the victim. Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11 and 10.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CS-Cart "index.php" Cross-Site Scripting
  • Description: CS-Cart is a PHP-based shopping cart application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "index.php" script. CS-Cart version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489857
  • 08.13.70 - CVE: CVE-2008-1007
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the frame navigation page for Java applets is not properly enforced. Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11 and 10.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.71 - CVE: CVE-2008-100810.5.2, Microsoft Windows XP, and Windows Vista are affected.
  • Platform: Web Application - Cross Site Scripting
  • Title: Apple Safari WebCore "document.domain" Variant Cross-Site Scripting
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the "WebCore" component of the browser fails to properly handle the "document.domain" property of malicious web sites. Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11 and
  • Ref: http://docs.info.apple.com/article.html?artnum=307563
  • 08.13.73 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Namazu "namazu.cgi" Cross-Site Scripting
  • Description: Namazu is a web-based searching and indexing system. It is designed to be easy to use for small and medium scale web indexing and searching, and for personal use. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied UTF-7 encoded input to the "namazu.cgi" script. Namazu versions prior to 2.0.18 are vulnerable.
  • Ref: http://namazu.org/security.html
  • 08.13.74 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TinyPortal "index.php" Cross-Site Scripting
  • Description: TinyPortal is a web-based portal application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "PHPSESSID" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/28402
  • 08.13.75 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel "manpage.html" Cross-Site Scripting
  • Description: cPanel is a web-hosting control panel. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "/frontend/x/manpage.html" script.
  • Ref: http://www.securityfocus.com/archive/1/489963
  • 08.13.76 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Alkacon OpenCms "users_list.jsp" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Alkacon OpenCms is a web-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "searchfilter" and "listSearchFilter" parameters of the "opencms/system/workplace/admin/accounts/users_list.jsp" script. OpenCms version 7.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489984
  • 08.13.77 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PICTURESPRO Photo Cart Cross-Site Scripting
  • Description: Photo Cart is a web-based shopping cart application implemented in PHP. It is specifically designed for photographers. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "amessage" parameter of the "index.php" script. Photo Cart version 4.1 is affected. Ref: http://www.picturespro.com/community/forums/photo_cart/index.php?see=viewTopic&topic=296795080324075103
  • 08.13.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PEEL Multiple SQL Injection Vulnerabilities and Arbitrary File Upload
  • Description: PEEL is a PHP-based content manager. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/28346
  • 08.13.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBlog SQL Injection and Remote File Include Vulnerabilities
  • Description: MyBlog is a blog application implemented in PHP. The application is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/28313
  • 08.13.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Iatek PortalApp "links.asp" SQL Injection
  • Description: PortalApp (also known as ASPApp) is a web-based content management system. It is implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CatId" parameter of the "links.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28315
  • 08.13.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo joovideo Component "id" Parameter SQL Injection
  • Description: joovideo is a video component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_joovideo" component before using it in an SQL query. joovideo version 1.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28318
  • 08.13.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Comp Restaurante Component "id" Parameter SQL Injection
  • Description: Comp Restaurante is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_restaurante" component before using it in an SQL query. Comp Restaurante version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28324
  • 08.13.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Accombo Component "id" Parameter SQL Injection
  • Description: Accombo is a component for the Joomla! and Mambo content managers used for advertising accommodations. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_accombo" component before using it in an SQL query. Accombo version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28325/references
  • 08.13.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easy-Clanpage User "id" Parameter SQL Injection
  • Description: Easy-Clanpage is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when the "section" parameter is set to "user" before using it in an SQL query. Easy-Clanpage version 2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489888
  • 08.13.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Alberghi Component "id" Parameter SQL Injection
  • Description: The Alberghi component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_alberghi" component before using it in an SQL query. Alberghi version 2.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/28331
  • 08.13.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Datsogallery Component "id" Parameter SQL Injection
  • Description: The Datsogallery is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_datsogallery" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28361
  • 08.13.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TopperMod "localita" Parameter SQL Injection
  • Description: TopperMod is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "localita" POST parameter of the "mod.php" script before using it in an SQL query. TopperMod version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28447
  • 08.13.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Iatek Knowledge Base "content_by_cat.asp" SQL Injection
  • Description: Iatek Knowledge Base is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "content_by_cat.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28376
  • 08.13.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS "sections" Module "artid" Parameter SQL Injection
  • Description: The "sections" module is one of the core modules of the RunCMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "sections" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28378
  • 08.13.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS "photo" Module "cid" Parameter SQL Injection
  • Description: The "photo" module is one of the core modules of the RunCMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "photo" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28395
  • 08.13.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: D.E. Classifieds "showCat.php" SQL Injection
  • Description: D.E. Classifieds is a web-based classifieds application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "showCat.php" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28396
  • 08.13.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PostNuke "pnVarPrepForStore()" SQL Injection
  • Description: PostNuke is a content management system (CMS). The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data. The "pnVarPrepForStore()" function is responsible for sanitizing user-supplied input. PostNuke version 0.764 is affected.
  • Ref: http://www.securityfocus.com/bid/28407/references
  • 08.13.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XLPortal "index.php" SQL Injection
  • Description: XLPortal is a web-based portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "query" parameter of the "index.php" script before using it in an SQL query. XLPortal version 2.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28408
  • 08.13.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Platinum "dynamic_titles.php" SQL Injection
  • Description: PHP-Nuke Platinum is a web content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "includes/dynamic_titles.php" script. PHP-Nuke Platinum version 7.6.b.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28410
  • 08.13.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Efestech E-Kontor "id" Parameter SQL Injection
  • Description: Efestech E-Kontor is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28412
  • 08.13.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Rekry Component "op_id" Parameter SQL Injection
  • Description: Rekry is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "op_id" parameter of the "com_rekry" component before using it in an SQL query. Rekry version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28422
  • 08.13.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Cinema Component "id" Parameter SQL Injection
  • Description: Cinema is a component for the Joomla! and Mambo content managers. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_cinema" component before using it in an SQL query. Cinema version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28427
  • 08.13.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Download3000 Component "id" Parameter SQL Injection
  • Description: Download3000 is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_d3000" component before using it in an SQL query. Download3000 version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28428
  • 08.13.99 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bomba Haber "haberoku.php" SQL Injection
  • Description: Bomba Haber is a news script implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "haber" parameter of the "haberoku.php" script before using it in an SQL query. Bomba Haber version 2.0 is affected.
  • Ref: http://php.arsivimiz.com/goster/461
  • 08.13.100 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Clever Copy "postview.php" SQL Injection
  • Description: Clever Copy is a scalable website portal and news-posting system written in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "postview.php" script before using it in an SQL query. Clever Copy version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28437
  • 08.13.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Elastic Path Multiple Input Validation Vulnerabilities
  • Description: Elastic Path is a web-based ecommerce application. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. Elastic Path versions 4.1 and 4.1.1 are affected.
  • Ref: http://weblog.nomejortu.com/?p=37
  • 08.13.102 - CVE: Not Available
  • Platform: Web Application
  • Title: yehe "envoyer" Arbitrary File Upload
  • Description: yehe is an online editor application. The application is exposed to an arbitrary file upload issue that lets an attacker upload and execute arbitrary code in the context of the affected web server process. This issue occurs because the application fails to sufficiently sanitize user-supplied data via the "envoyer" functionality. yehe version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28355
  • 08.13.103 - CVE: Not Available
  • Platform: Web Application
  • Title: w-Agora "bn_dir_default" Parameter Multiple Remote File Include Vulnerabilities
  • Description: w-Agora is a web publishing and forum application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "bn_dir_default" parameter. w-Agora version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28366
  • 08.13.104 - CVE: Not Available
  • Platform: Web Application
  • Title: BolinOS Local File Include Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
  • Description: BolinOS is a PHP-based content manager. The application is exposed to multiple issues because it fails to adequately sanitize user-supplied input. BolinOS version 4.6.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490058
  • 08.13.105 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB PJIRC Module "irc.php" Local File Include
  • Description: PJIRC is an IRC module for phpBB. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "phpEx" parameter of the "irc/irc.php" script.
  • Ref: http://www.securityfocus.com/archive/1/490070
  • 08.13.106 - CVE: Not Available
  • Platform: Web Application
  • Title: DotNetNuke Default "ValidationKey" and "DecriptionKey" Weak Encryption
  • Description: DotNetNuke is an open-source Web Application Framework used to create and deploy web sites. The application is exposed to a weak encryption issue due to a design flaw in the affected application. DotNetNuke version 4.8.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489957
  • 08.13.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Webutil "webutil.pl" Multiple Remote Command Execution Vulnerabilities
  • Description: Webutil is a collection of networking tools implemented in Perl. The application is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/489961
  • 08.13.108 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAddressBook "index.php" Local File Include
  • Description: phpAddressBook is a PHP-based contacts application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "skin" parameter of the "index.php" script. phpAddressBook version 2.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489971
  • 08.13.109 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyChat "setup.php3" Cross-Site Scripting
  • Description: phpMyChat is a web-based chat application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "Lang" parameter of the "setup.php3" script. phpMyChat version 0.14.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28399
  • 08.13.110 - CVE: Not Available
  • Platform: Web Application
  • Title: My Web Doc Administration Pages Multiple Authentication Bypass Vulnerabilities
  • Description: My Web Doc is a web-based, database-driven document handling application. The application is exposed to multiple authentication bypass issues. My Web Doc 2000 Final is affected.
  • Ref: http://www.securityfocus.com/bid/28400
  • 08.13.111 - CVE: Not Available
  • Platform: Web Application
  • Title: ooComments "PathToComment" Parameter Multiple Remote File Include Vulnerabilities
  • Description: ooComments is a web-based comment portal application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "PathToComment" parameter of the following scripts: "class_admin.php" and "class_comments.php". ooComments version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28401
  • 08.13.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Custompages Component "cpage" Parameter Remote File Include
  • Description: The Joomla! Custompages component is a PHP-based module for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "cpage" parameter of the "index.php" script. Custompages version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28409
  • 08.13.113 - CVE: Not Available
  • Platform: Web Application
  • Title: F5 Big-IP Web Management Audit Log HTML Injection
  • Description: F5 Big-IP is a security and networking device that provides web access control, application level security and network performance optimization. The application is exposed to an HTML injection issue in the web management interface. The application fails to sufficiently sanitize user-supplied input when creating audit log entries. F5 Big-IP version 9.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489991
  • 08.13.114 - CVE: Not Available
  • Platform: Web Application
  • Title: SLAED CMS "settings[]" Parameter Multiple Local File Include Vulnerabilities
  • Description: PowerPHPBoard is a PHP-based bulletin board application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "settings[footer]" parameter of the "footer.inc.php" script and the "settings[header]" parameter of the "header.inc.php" script. PowerPHPBoard version 1.00b is affected.
  • Ref: http://www.securityfocus.com/archive/1/490011
  • 08.13.115 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerBook "page" Parameter Remote File Include
  • Description: PowerBook is a PHP-based guestbook application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "pb_inc/admincenter/index.php" script. PowerBook version 1.21 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490008
  • 08.13.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Cuteflow Bin "login.php" Local File Include
  • Description: Cuteflow Bin web-based document circulation tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "login.php" script. Cuteflow Bin version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28419
  • 08.13.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Le Forum "Fichier_Acceuil" Parameter Remote File Include Vulnerability
  • Description: Le Forum is a PHP-based forum application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "Fichier_Acceuil" parameter of the "fora-acc.php3" script.
  • Ref: http://www.securityfocus.com/bid/28423
  • 08.13.118 - CVE: Not Available
  • Platform: Web Application
  • Title: eGroupWare "_bad_protocol_once()" HTML Security Bypass
  • Description: eGroupWare is a PHP-based groupware application for managing and distributing business related data. The application is exposed to an issue that allows arbitrary code to bypass HTML filtering policies. The issue occurs due to an error in the "_bad_protocol_once()" function of the "phpgwapi/inc/class.kses.inc.php" script. eGroupWare versions prior to 1.4.003 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=78745&release_id=585464
  • 08.13.119 - CVE: Not Available
  • Platform: Web Application
  • Title: HIS WebShop "his-webshop.pl" Directory Traversal
  • Description: HIS WebShop is an ecommerce shopping application implemented in Perl. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "t" parameter of the "cgi-bin/his-webshop.pl" script. HIS WebShop version 2.50 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490016
  • 08.13.120 - CVE: Not Available
  • Platform: Web Application
  • Title: Destar Add User Unauthorized Access
  • Description: Destar is a web-based interface for managing the Asterisk PBX. The application is exposed to an unauthorized access issue that occurs because the application allows unprivileged attackers to add new users. Destar version 0.2.2-5 is affected.
  • Ref: http://www.securityfocus.com/bid/28426
  • 08.13.121 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB eXtreme Styles Module "admin_xs.php" Local File Include
  • Description: eXtreme Styles is a module for phpBB. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "phpEx" parameter of the "admin/admin_xs.php" script. eXtreme Styles version 2.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28432
  • 08.13.122 - CVE: Not Available
  • Platform: Web Application
  • Title: Aeries Browser Interface Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Aeries Browser Interface is a web portal for student information. It is an ASP-based component of the Aeries Student Information System. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied input. Aeries Browser Interface version 3.8.3.14 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490033
  • 08.13.123 - CVE: CVE-2008-1266, CVE-2008-1253, CVE-2008-1258
  • Platform: Web Application
  • Title: Multiple D-Link Products Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
  • Description: Multiple D-Link products are exposed to multiple cross-site scripting issues because they fail to properly handle user-supplied input.
  • Ref: http://www.securityfocus.com/bid/28439
  • 08.13.124 - CVE: Not Available
  • Platform: Web Application
  • Title: e107 My_Gallery Plugin "dload.php" Arbitrary File Download
  • Description: The e107 My_Gallery plugin is a photo gallery module for the e107 content manager. The application is exposed to an issue that lets attackers download arbitrary files because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "dload.php" script. My_Gallery version 2.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490041
  • 08.13.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo Alphacontent Component "id" Parameter SQL Injection
  • Description: Alphacontent is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_alphacontent" component before using it in an SQL query. Alphacontent version 2.5.8 is affected.
  • Ref: http://www.securityfocus.com/bid/28443
  • 08.13.126 - CVE: Not Available
  • Platform: Web Application
  • Title: TopperMod "mod.php" Local File Include
  • Description: TopperMod is a web-based application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "to" parameter of the "mod.php" script. TopperMod version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28449
  • 08.13.127 - CVE: CVE-2008-1012
  • Platform: Network Device
  • Title: Apple AirPort Extreme Base Station AFP Request Denial of Service
  • Description: Apple Airport Extreme is a wireless network device for sharing network resources. The device is exposed to a remote denial of service issue because it fails to properly handle malformed AFP requests. AirPort Extreme running firmware versions prior to 7.3.1 are affected.
  • Ref: http://support.apple.com/kb/HT1226
  • 08.13.128 - CVE: CVE-2008-1242
  • Platform: Network Device
  • Title: Belkin F5D7230-4 Wireless G Router IP-Based Authentication State Authentication Bypass
  • Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi networking router. The device is exposed to an authentication bypass issue due to the way it maintains authentication states. This issue occurs because authentication states are maintained based on the IP address of users. Belkin F5D7230-4 running firmware version 9.01.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489009
  • 08.13.129 - CVE: CVE-2008-1244
  • Platform: Network Device
  • Title: Belkin F5D7230-4 Wireless G Router "setup_dns.exe" Authentication
  • Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi networking router. The device is exposed to an issue due to a lack of authentication when users access "cgi-bin/setup_dns.exe". Belkin F5D7230-4 running firmware version 9.01.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489009
  • 08.13.130 - CVE: CVE-2008-1245
  • Platform: Network Device
  • Title: Belkin F5D7230-4 Wireless G Router "setup_virtualserver.exe" Denial of Service
  • Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi networking router. The application is exposed to a denial of service issue when "cgi-bin/setup_virtualserver.exe" handles an HTTP POST request containing invalid data and a "Connection: Keep-Alive" header. Belkin F5D7230-4 running firmware version 9.01.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489009
  • 08.13.131 - CVE: CVE-2008-1247
  • Platform: Network Device
  • Title: Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
  • Description: Linksys WRT54G Wireless-G Router is exposed to multiple authentication bypass issues because the device fails to properly check authorization before it allows users to perform certain administration actions. Firmware version v1.00.9 is affected.
  • Ref: http://www.securityfocus.com/bid/28381
  • 08.13.132 - CVE: CVE-2008-1252
  • Platform: Network Device
  • Title: Speedport W500 "b_banner.stm" Password Information Disclosure
  • Description: Speedport W500 is a wireless router. The application is exposed to an information disclosure issue because the "b_banner.stm" login page contains the router password in plain text.
  • Ref: http://www.securityfocus.com/bid/28382
  • 08.13.133 - CVE: Not Available
  • Platform: Network Device
  • Title: Mitsubishi Electric GB-50A Multiple Remote Authentication Bypass Vulnerabilities
  • Description: The Mitsubishi GB-50A is a network-enabled air conditioning control device. The device has a web interface for administrative and user access. The issue occurs because the device uses a set of Java applets to control functionality.
  • Ref: http://www.securityfocus.com/archive/1/489970
  • 08.13.134 - CVE: Not Available
  • Platform: Network Device
  • Title: Linksys SPA-2102 Phone Adapter Packet Handling Denial of Service
  • Description: Linksys SPA-2102 Phone Adapter is a device that allows analog telephony devices to connect to Voice-over-IP (VoIP) data networks. The device is exposed to a denial of service issue that occurs when handling an excessive number of packets in quick succession. Linksys SPA-2102 Phone Adapter running firmware version 3.3.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/489995

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course opened my eyes and gave new perspectives of web app penetration testing.
-Ji Lee, Seamless Web

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU