@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

• (1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
• (2) CRITICAL: HP OpenView Buffer Overflow
• (3) HIGH: Macrovision InstallShield "One-Click Install" Remote Code Execution
• (4) MODERATE: Opera Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 08.14.1 - Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure
• 08.14.2 - Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing

Third Party Windows Apps

• 08.14.3 - File Transfer Request File Directory Traversal
• 08.14.4 - Chilkat Http "ChilkatHttp.dll" ActiveX Control Insecure Method Vulnerabilities
• 08.14.5 - Quick TFTP Server Pro "mode" Remote Buffer Overflow
• 08.14.6 - NoticeWare Corporation NoticeWare Email Server Denial of Service
• 08.14.7 - avast! Home/Professional Local Privilege Escalation
• 08.14.8 - 2X ThinClientServer TFTP service Directory Traversal
• 08.14.9 - SLMail Pro Multiple Remote Denial of Service and Memory Corruption Vulnerabilities
• 08.14.10 - Macrovision InstallShield InstallScript OCI Untrusted Library Remote Code Execution

Linux

• 08.14.11 - Red Hat "capp-lspp-config" Local Privilege Escalation
• 08.14.12 - policyd-weight Insecure Temporary File Creation
• 08.14.13 - Perlbal Buffered Upload Remote Denial of Service
• 08.14.14 - Multiple Applications Missing X11 DISPLAY Variable Local Arbitrary Command Execution

• 08.14.15 - CDS Software Consortium Invenio Email Notification Alerts Deletion
• 08.14.16 - Mondo Rescue Prior to 2.2.5 Unspecified
• 08.14.17 - Linux Audit Daemon "audit_log_user_command()" Local Buffer Overflow
• 08.14.18 - xine-lib Matroska Demuxer Remote Buffer Overflow

BSD

• 08.14.19 - Multiple BSD Platforms "strfmon()" Function Integer Overflow Weakness

Aix

• 08.14.20 - IBM AIX Kernel Security Advisory 2008.03.26 Multiple Vulnerabilities

Unix

• 08.14.21 - CUPS "gif_read_lzw()" GIF File Buffer Overflow

Novell

• 08.14.22 - Novell NetWare iPrint Request Handling Denial of Service

Cross Platform

• 08.14.23 - Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure
• 08.14.24 - Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
• 08.14.25 - HP TCP/IP Services for OpenVMS SSH Unspecified Remote Unauthorized Access
• 08.14.26 - GnuPG Duplicated Key Import Memory Corruption
• 08.14.27 - Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote Vulnerabilities
• 08.14.28 - Cisco IOS Virtual Private Dial-up Network Multiple Denial of Service Vulnerabilities
• 08.14.29 - TFTP Server Packet Handling Remote Buffer Overflow
• 08.14.30 - HP Select Identity Local Unauthorized Access
• 08.14.31 - Cisco IOS Multiple DLSw Denial of Service Vulnerabilities
• 08.14.32 - IBM solidDB Format String Vulnerability and Multiple Denial of Service Vulnerabilities
• 08.14.33 - Sun SPARC Enterprise T5120 and T5220 Servers Insecure Default Configuration
• 08.14.34 - Firebird Relational Database 2.0.0 Remote Denial of Service
• 08.14.35 - Firebird Relational Database Multiple Remote Vulnerabilities
• 08.14.36 - Firebird Relational Database Multiple Buffer Overflow Vulnerabilities
• 08.14.37 - Apache Tomcat AJP Connector Information Disclosure
• 08.14.38 - Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure
• 08.14.39 - Apache Tomcat "allowLinking" Accepts NULL Byte in URI Information Disclosure
• 08.14.40 - lighttpd SSL Error Denial of Service
• 08.14.41 - Apple Safari Webkit "calculateCompiledPatternLength()" Remote Code Execution
• 08.14.42 - InspIRCd Prior to 1.1.18 Unspecified
• 08.14.43 - PowerDNS Remote Cache Poisoning
• 08.14.44 - OpenSSH ForceCommand Command Execution Weakness
• 08.14.45 - LANDesk Management Suite TFTP service Directory Traversal
• 08.14.46 - Sympa "Content-Type" Header Remote Denial of Service

Web Application - Cross Site Scripting

• 08.14.47 - ManageEngine Applications Manager "Search.do" Cross-Site Scripting
• 08.14.48 - CubeCart Cross-Site Scripting Vulnerabilities
• 08.14.49 - Blackboard Academic Suite Multiple Cross-Site Scripting Vulnerabilities
• 08.14.50 - GNB DesignForm Cross-Site Scripting
• 08.14.51 - PerlMailer Cross-Site Scripting
• 08.14.52 - DigiDomain Multiple Cross-Site Scripting Vulnerabilities
• 08.14.53 - Apache Tomcat Cross-Site Scripting
• 08.14.54 - JV2 Folder Gallery "index.php" Cross-Site Scripting
• 08.14.55 - JV2 Quick Gallery "index.php" Cross-Site Scripting
• 08.14.56 - PHPkrm Unspecified Cross-Site Scripting
• 08.14.57 - Jack (tR) Jax LinkLists "jax_linklists.php" Cross-Site Scripting
• 08.14.58 - @lex Guestbook Multiple Cross-Site Scripting Vulnerabilities
• 08.14.59 - @lex Poll "setup.php" Cross-Site Scripting
• 08.14.60 - PHP Classifieds Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities
• 08.14.61 - Jax Guestbook "jax_guestbook.php" Cross-Site Scripting
• 08.14.62 - Nuked-Klan "nuked_nude" Parameter Cross-Site Scripting

Web Application - SQL Injection

• 08.14.63 - Joomla! and Mambo Ahsshop Component "vara" Parameter SQL Injection
• 08.14.64 - phpAddressBook "index.php" SQL Injection
• 08.14.65 - Joomla! and Mambo MyAlbum Component "album" Parameter SQL Injection
• 08.14.66 - eggBlog Unspecifed Cookie SQL Injection
• 08.14.67 - Smoothflash "admin_view_image.php" SQL Injection
• 08.14.68 - WordPress "wp-download" Plugin "dl_id" Parameter SQL Injection
• 08.14.69 - JGS-Treffen "jgs_treffen.php" SQL Injection
• 08.14.70 - EfesTECH Video "catID" Parameter SQL Injection
• 08.14.71 - Neat weblog "articleId" Parameter SQL Injection
• 08.14.72 - Sava's Place Sava's Link Manager "category" Parameter SQL Injection
• 08.14.73 - Phorum Multiple Unspecified SQL Injection Vulnerabilities
• 08.14.74 - FaScript FaPhoto "show.php" SQL Injection

Web Application

• 08.14.75 - TopperMod "mod.php" Local File Include Vulnerability
• 08.14.76 - Comix "filename" Remote Command Execution
• 08.14.77 - PECL Alternative PHP Cache Extension "apc_search_paths()" Buffer Overflow
• 08.14.78 - Terracotta "index.php" Local File Include
• 08.14.79 - phpMyAdmin Local Information Disclosure
• 08.14.80 - Invision Power Board "Signature" iFrame Security
• 08.14.81 - GeeCarts Multiple Input Validation Vulnerabilities
• 08.14.82 - JAF CMS "website" and "main_dir" Parameters Multiple Remote File Include Vulnerabilities
• 08.14.83 - Simple Machines Forum Multiple Remote File Include Vulnerabilities
• 08.14.84 - auraCMS "user.php" Access Validation
• 08.14.85 - CuteFlow Bin SQL Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
• 08.14.86 - JShop Server "page.php" Local File Include
• 08.14.87 - KISGB "view_private.php" Local File Include
• 08.14.88 - mx_blogs Weblogs Module for mxBB "mx_root_path" Parameter Remote File Include
• 08.14.89 - SudBox Boutique Multiple Administrative Scripts Authentication Bypass Vulnerabilities
• 08.14.90 - PhpGKit "connexion.php" Remote File Include
• 08.14.91 - PHP Spam Manager "body.php" Local File Include
• 08.14.92 - Sava's Place Sava's GuestBook "index.php" Local File Include
• 08.14.93 - Sava's Place Sava's Link Manager "index.php" Local File Include
• 08.14.94 - EasyNews Multiple Input Validation Vulnerabilities

Network Device

• 08.14.95 - Aztech ADSL2/2+ 4 Port Router Remote Command Injection
• 08.14.96 - Cisco IOS Dual-stack Router IPv6 Denial of Service
• 08.14.97 - Cisco IOS With OSPF, MPLS VPN, Sup32, Sup720 or RSP720 Denial of Service
• 08.14.98 - Cisco IOS Multicast Virtual Private Network MDT Data Join Handling
• 08.14.99 - Siemens SpeedStream 6520 HTTP Request Remote Denial of Service
• 08.14.100 - HP Compaq Business Notebook PC BIOS Local Denial of Service
• 08.14.101 - HP Compaq Notebook PC BIOS Local Unauthorized Access

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 14, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 08.14.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure
• Description: Microsoft operating systems provide a Crypto API library for applications. The application is exposed to an information disclosure issue because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Microsoft Outlook 2007, Microsoft Windows Live Mail 2008 and Microsoft Office 2007 are affected.
• Ref: https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt

• 08.14.2 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing
• Description: Internet Explorer is a browser for the Windows operating system. The application is affected by a URI-spoofing issue on pop-up windows generated by JavaScript code. Internet Explorer version 7 is affected.
• Ref: http://www.securityfocus.com/archive/1/490286

• 08.14.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: File Transfer Request File Directory Traversal
• Description: File Transfer is an application that allows users to transfer files between computers. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. File Transfer versions prior to 1.2f are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1829601&group_id=178021&atid=883559

• 08.14.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Chilkat Http "ChilkatHttp.dll" ActiveX Control Insecure Method Vulnerabilities
• Description: Chilkat Http ActiveX control is a client component for communicating with HTTP servers. The application is exposed to multiple issues that allow attackers to overwrite arbitrary files. Chilkat Http ActiveX control version 2.3 is affected.
• Ref: http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Se curity&argument=Remote_performed_exploits&topic=1207033569.ff.php

• 08.14.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Quick TFTP Server Pro "mode" Remote Buffer Overflow
• Description: Quick TFTP Server Pro is a Trivial FTP server for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before storing it in a finite-sized memory buffer.
• Ref: http://www.securityfocus.com/bid/28459

• 08.14.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: NoticeWare Corporation NoticeWare Email Server Denial of Service
• Description: NoticeWare Email Server is an email server for Microsoft Windows platforms. The application is exposed to a denial of service issue due to an unspecified error. NoticeWare Email Server version 4.6.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/28559

• 08.14.7 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: avast! Home/Professional Local Privilege Escalation
• Description: avast! is an antivirus application for Microsoft Windows. The application is exposed to a local privilege escalation issue because it fails to perform adequate sanitization of user-supplied data. avast! Home/Professional versions prior to 4.8.1169 are affected.
• Ref: http://www.securityfocus.com/archive/1/490321

• 08.14.8 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: 2X ThinClientServer TFTP service Directory Traversal
• Description: 2X ThinClientServer is used to deploy and manage thin clients. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. 2X ThinClientServer 5.0 sp1-r3497 with TFTPd.exe version 3.2.0.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/490324

• 08.14.9 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: SLMail Pro Multiple Remote Denial of Service and Memory Corruption Vulnerabilities
• Description: SLMail Pro is an email server application available for Microsoft Windows. The application is exposed to multiple remote issues. SLMailPro version 6.3.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/28505

• 08.14.10 - CVE: CVE-2007-5661
• Platform: Third Party Windows Apps
• Title: Macrovision InstallShield InstallScript OCI Untrusted Library Remote Code Execution
• Description: Macrovision InstallShield InstallScript OCI (One-Click Install) is a web-based installer application. The application is exposed to a remote code execution issue because the ActiveX control downloads and loads several unsafe DLL files from a website.
• Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php ?id=649

• 08.14.11 - CVE: CVE-2008-0884
• Platform: Linux
• Title: Red Hat "capp-lspp-config" Local Privilege Escalation
• Description: The "capp-lspp-config" script is a component of the "lspp-eal4-config-ibm" and "capp-lspp-eal4-config-hp" packages. The "app-lspp-config" script can generate a privilege escalation issue because it results in the "/etc/pam.d/system-auth-ac" file being world-writable. "lspp-eal4-config-ibm" and "capp-lspp-eal4-config-hp" packages are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2008-0193.html

• 08.14.12 - CVE: Not Available
• Platform: Linux
• Title: policyd-weight Insecure Temporary File Creation
• Description: The "policyd-weight" daemon is a Perl policy daemon for the Postfix mail transfer agent. The application is exposed to a security issue that allows attackers to create temporary files in an insecure manner.
• Ref: http://www.securityfocus.com/bid/28480

• 08.14.13 - CVE: CVE-2008-1532
• Platform: Linux
• Title: Perlbal Buffered Upload Remote Denial of Service
• Description: Perlbal is a Perl-based web server with a reverse proxy and a load balancer. The application is exposed to a remote denial of service issue because it fails to handle specially crafted requests. Perlbal versions prior to 1.70 are affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=439054

• 08.14.14 - CVE: CVE-2008-1142
• Platform: Linux
• Title: Multiple Applications Missing X11 DISPLAY Variable Local Arbitrary Command Execution
• Description: X11 is a windowing and bitmap display protocol used by multiple applications to build and provide a GUI (Graphical User Interface). Multiple applications that use X11 are exposed to an issue that can allow local attackers to execute arbitrary commands. The issue occurs because the applications use ":0" as the X11 display if there is no "DISPLAY" environment variable. rxvt version 2.6.4 and Eterm version 0.9.4 are affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127

• 08.14.15 - CVE: Not Available Platform: Linux
• Title: CDS Software Consortium Invenio Email Notification Alerts Deletion
• Description: Invenio is a digital library system. The application is exposed to an issue that allows attackers to delete another user's email notifications. The vulnerability occurs in the email alert facility. Invenio version 0.92.1 is affected. Ref: http://cdsware.cern.ch/lists/project-cdsware-announce/archive/msg00021.shtml

• 08.14.16 - CVE: Not Available
• Platform: Linux
• Title: Mondo Rescue Prior to 2.2.5 Unspecified
• Description: Mondo Rescue is a tape backup application for GNU/Linux platforms. The application is exposed to an unspecified issue affecting the usage of "/tmp" or MINDI_CACHE instead of "bkpinfo->tmpdir". Mondo Rescue versions prior to 2.2.5 are affected.
• Ref: http://www.securityfocus.com/bid/28522

• 08.14.17 - CVE: Not Available
• Platform: Linux
• Title: Linux Audit Daemon "audit_log_user_command()" Local Buffer Overflow
• Description: Linux Audit is a package designed to facilitate the auditing of actions performed on Linux operating systems. It contains a daemon that is responsible for receiving and logging audit events. The application is exposed to a local buffer overflow issue due to a failure of the software to properly bounds check user-supplied input. Linux Audit versions prior to 1.7 are affected.
• Ref: http://people.redhat.com/sgrubb/audit/ChangeLog

• 08.14.18 - CVE: CVE-2008-1161
• Platform: Linux
• Title: xine-lib Matroska Demuxer Remote Buffer Overflow
• Description: The "xine" application is a media player. xine-lib is the core library for applications that use xine. The library is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. xine-lib versions prior to 1.1.10.1 are affected. Ref: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb

• 08.14.19 - CVE: CVE-2008-1391
• Platform: BSD
• Title: Multiple BSD Platforms "strfmon()" Function Integer Overflow Weakness
• Description: Multiple BSD platforms are exposed to an integer overflow weakness because the application fails to ensure that integer values are not overrun. The weakness occurs in the "strfmon()" function located in the "libc" library. FreeBSD version 6, 7 and NetBSD version 4 are affected.
• Ref: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c

• 08.14.20 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX Kernel Security Advisory 2008.03.26 Multiple Vulnerabilities
• Description: IBM AIX is exposed to multiple issues. An unspecified 64-bit process can be restarted via the checkpoint in a manner that will grant the attacker read and write access to certain areas of kernel memory and a denial of service issue occurs when a single remote node reduces the size of a JFS2 filesystem residing on a concurrent volume group.
• Ref: http://www.securityfocus.com/bid/28467

• 08.14.21 - CVE: CVE-2008-1373
• Platform: Unix
• Title: CUPS "gif_read_lzw()" GIF File Buffer Overflow
• Description: CUPS, Common UNIX Printing System, is a widely used set of printing utilities for UNIX-based systems. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer. CUPS version 1.3.6 is affected.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=438303

• 08.14.22 - CVE: Not Available842033_f.SAL_Public.html
• Platform: Novell
• Title: Novell NetWare iPrint Request Handling Denial of Service
• Description: Novell NetWare is a network operating system. The application is exposed to a denial of service issue due to an unspecified error. Novell NetWare version 6.5 is affected.
• Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/667/3

• 08.14.23 - CVE: CVE-2005-4703
• Platform: Cross Platform
• Title: Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure
• Description: Apache Tomcat is a popular webserver application for multiple platforms. The application is exposed to an information disclosure issue when handling requests that contain MS-DOS device names. Tomcat version 4.0.3 running on Windows is affected.
• Ref: http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt

• 08.14.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. The application is exposed to multiple denial of service issues when handling certain types of packets and protocols in varying conditions. Wireshark versions 0.99.2 up to and including 0.99.8 are affected.
• Ref: http://www.wireshark.org/security/wnpa-sec-2008-02.html

• 08.14.25 - CVE: CVE-2008-0214
• Platform: Cross Platform
• Title: HP TCP/IP Services for OpenVMS SSH Unspecified Remote Unauthorized Access
• Description: OpenVMS is a mainframe-like operating system originally developed by Digital. It is maintained and distributed by HP. HP OpenVMS SSH using TCP/IP Services for OpenVMS is exposed to an unauthorized access issue.
• Ref: http://www.securityfocus.com/bid/28486

• 08.14.26 - CVE: CVE-2008-1530
• Platform: Cross Platform
• Title: GnuPG Duplicated Key Import Memory Corruption
• Description: GNU Privacy Guard (GnuPG) is an open-source encryption application available for numerous platforms. The application is exposed to a memory corruption issue while importing certain keys with duplicate IDs from a public keyserver using the "--refresh-keys" or "--import" options. GnuPG versions 1.4.8 and 2.0.8 are affected.
• Ref: https://bugs.gentoo.org/show_bug.cgi?id=214990

• 08.14.27 - CVE: CVE-2008-1241, CVE-2008-1240, CVE-2007-4879,CVE-2008-1238, CVE-2008-1236, CVE-2008-1237, CVE-2008-1233,CVE-2008-1234, CVE-2008-1235
• Platform: Cross Platform
• Title: Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote Vulnerabilities
• Description: The Mozilla Foundation has released multiple advisories regarding security issues in Firefox versions 2.0.0.12 and earlier.
• Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

• 08.14.28 - CVE: CVE-2008-1151, CVE-2008-1150
• Platform: Cross Platform
• Title: Cisco IOS Virtual Private Dial-up Network Multiple Denial of Service Vulnerabilities
• Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. VPDNs (Virtual Private Dial-up Networks) transmit private data over a public network such as the Internet. Cisco IOS is expsoed to multiple denial of service issues that occur in the VPDN when the Point-to-Point Tunneling Protocol (PPTP) is enabled.
• Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml

• 08.14.29 - CVE: Not Available
• Platform: Cross Platform
• Title: TFTP Server Packet Handling Remote Buffer Overflow
• Description: TFTP Server is a multithreaded (Trivial FTP) server. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before storing it in a finite-sized memory buffer. TFTP Server version 1.4 running on Windows is affected.
• Ref: http://www.securityfocus.com/bid/28462

• 08.14.30 - CVE: CVE-2008-0709
• Platform: Cross Platform
• Title: HP Select Identity Local Unauthorized Access
• Description: HP Select Identity is an application used to manage user identities and access rights. The application is exposed to a local unauthorized access issue. A local authenticated attacker can exploit this issue to gain unauthorized access to other users' accounts on the affected computer.
• Ref: http://www.securityfocus.com/bid/28558

• 08.14.31 - CVE: CVE-2008-1152
• Platform: Cross Platform
• Title: Cisco IOS Multiple DLSw Denial of Service Vulnerabilities
• Description: Cisco IOS contains support for the DLSw (Data-link Switching) protocol, which is used to send SNA and NetBIOS traffic over IP. The application is exposed to multiple remote denial of service issues because the software fails to properly handle malformed network datagrams.
• Ref: http://www.securityfocus.com/archive/1/490107

• 08.14.32 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM solidDB Format String Vulnerability and Multiple Denial of Service Vulnerabilities
• Description: IBM solidDB is a relational SQL database. The application is exposed to multiple issues. solidDB version 06.00.1018 is affected.
• Ref: http://www.securityfocus.com/archive/1/490129

• 08.14.33 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun SPARC Enterprise T5120 and T5220 Servers Insecure Default Configuration
• Description: Some Sun SPARC Enterprise T5120 and T5220 Servers are shipped with an insecure default configuration for SSHD. This issue is due to the improper configuration of the operating system. Only Sun SPARC Enterprise T5120 and T5220 Servers running the factory-installed Solaris 10 OS image dated prior to BEL0748000 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1

• 08.14.34 - CVE: CVE-2007-3527
• Platform: Cross Platform
• Title: Firebird Relational Database 2.0.0 Remote Denial of Service
• Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. The application is exposed to a remote denial of service issue that arises due to an integer overflow condition. Firebird versions prior to 2.0.1 are affected.
• Ref: http://tracker.firebirdsql.org/browse/CORE-1063

• 08.14.35 - CVE: CVE-2006-7211, CVE-2006-7212, CVE-2006-7213,CVE-2006-7214
• Platform: Cross Platform
• Title: Firebird Relational Database Multiple Remote Vulnerabilities
• Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. The application is exposed to multiple security issues. Firebird version 1.5 is affected.
• Ref: http://www.securityfocus.com/bid/28474

• 08.14.36 - CVE: CVE-2007-2606
• Platform: Cross Platform
• Title: Firebird Relational Database Multiple Buffer Overflow Vulnerabilities
• Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. The application is exposed to multiple unspecified buffer overflow issues affecting the following source files: "configConfigFile.cpp" and "msgscheck_msgs.epp". Firebird version 1.5 is affected.
• Ref: http://www.securityfocus.com/archive/1/468070

• 08.14.37 - CVE: CVE-2006-7197
• Platform: Cross Platform
• Title: Apache Tomcat AJP Connector Information Disclosure
• Description: Apache Tomcat is a popular webserver application for multiple platforms. The application is exposed to an information disclosure issue because of an error in the AJP connector that causes inaccurate chunk lengths to be delivered by "send_body_chunks" AJP messages. Tomcat version 5.5.15 is affected.
• Ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=38859

• 08.14.38 - CVE: CVE-2007-1858
• Platform: Cross Platform
• Title: Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure
• Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a remote information disclosure issue because it uses an insecure cipher to encrypt sensitive data. Specifically, the application encrypts data with the anonymous cipher.
• Ref: http://tomcat.apache.org/security-5.html

• 08.14.39 - CVE: CVE-2005-4836
• Platform: Cross Platform
• Title: Apache Tomcat "allowLinking" Accepts NULL Byte in URI Information Disclosure
• Description: Apache Tomcat is a Java-based webserver for multiple operating systems. The application is exposed to a remote information disclosure issue because the HTTP/1.0 connector fails to properly handle a NULL byte in URIs when "allowLinking" is configured. Tomcat versions 4.1.15 and later are affected.
• Ref: http://tomcat.apache.org/security-4.html

• 08.14.40 - CVE: CVE-2008-1531
• Platform: Cross Platform
• Title: lighttpd SSL Error Denial of Service
• Description: The "lighttpd" program is a freely available webserver application. The application is exposed to a remote denial of service issue. Specifically, triggering an SSL error in one SSL session will cause all active SSL sessions on the server to terminate. lighttpd versions 1.4.19 and earlier are affected.
• Ref: http://trac.lighttpd.net/trac/ticket/285#comment:18

• 08.14.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Apple Safari Webkit "calculateCompiledPatternLength()" Remote Code Execution
• Description: Webkit is a web browser framework used in the Apple Safari browser and other applications. The application is exposed to a remote code execution issue because it fails to adequately handle regular expressions with large, nested repetition counts.
• Ref: http://trac.webkit.org/projects/webkit/changeset/31388

• 08.14.42 - CVE: Not Available
• Platform: Cross Platform
• Title: InspIRCd Prior to 1.1.18 Unspecified
• Description: InspIRCd is a modular IRC (Internet Relay Chat) daemon for multiple operating platforms. The application is exposed to an unspecified issue. InspIRCd versions prior to 1.1.18 are affected.
• Ref: http://www.inspircd.org/forum/showthread.php?t=2945

• 08.14.43 - CVE: Not Available
• Platform: Cross Platform
• Title: PowerDNS Remote Cache Poisoning
• Description: A remote DNS cache-poisoning issue affects PowerDNS because it fails to use a secure random number generator when creating transaction IDs and UDP source ports. PowerDNS versions prior to 3.1.5 are affected.
• Ref: http://doc.powerdns.com/powerdns-advisory-2008-01.html

• 08.14.44 - CVE: Not Available
• Platform: Cross Platform
• Title: OpenSSH ForceCommand Command Execution Weakness
• Description: OpenSSH is a free implementation of the Secure Shell protocol suite. It is available for various operating systems. The application is exposed to a weakness that may allow attackers to execute arbitrary commands. OpenSSH versions prior to 4.9 are affected.
• Ref: http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2

• 08.14.45 - CVE: Not Available
• Platform: Cross Platform
• Title: LANDesk Management Suite TFTP service Directory Traversal
• Description: LANDesk Management Suite is used to manage hardware and software across a network. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. LANDesk Management Suite version 8.8 as well as 8.7 SP5 and prior service packs are affected.
• Ref: http://community.landesk.com/support/docs/DOC-2659

• 08.14.46 - CVE: Not Available
• Platform: Cross Platform
• Title: Sympa "Content-Type" Header Remote Denial of Service
• Description: Sympa is a mailing list manager written in Perl. It is supported on numerous Unix, and Unix-like platforms including Linux, BSD, Solaris, and others. The application is exposed to a remote denial of service issue because it fails to handle specially-crafted "Content-Type" headers. Sympa versions prior to 5.4 are affected. Ref: https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=3702&atid=167

• 08.14.47 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ManageEngine Applications Manager "Search.do" Cross-Site Scripting
• Description: ManageEngine Applications Manager is an enterprise tool for monitoring and managing application servers. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "query" parameter in the "Search.do" script.
• Ref: http://www.securityfocus.com/bid/28488

• 08.14.48 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: CubeCart Cross-Site Scripting Vulnerabilities
• Description: CubeCart is a web-based shopping application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "_a" and "Submit" parameters of the "index.php" script. CubeCart version 4.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/28452

• 08.14.49 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Blackboard Academic Suite Multiple Cross-Site Scripting Vulnerabilities
• Description: Blackboard Academic Suite is an online teaching application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the following scripts and parameters: "webapps/blackboard/execute/viewCatalog: searchText" and "bin/common/announcement.pl: context (requires instructor access)". Blackboard Academic Suite version 7 is affected.
• Ref: http://www.securityfocus.com/archive/1/490096

• 08.14.50 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: GNB DesignForm Cross-Site Scripting
• Description: DesignForm is a web-based CGI script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input supplied through the email form. DesignForm versions prior to 3.9 are affected.
• Ref: http://www.securityfocus.com/bid/28471

• 08.14.51 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PerlMailer Cross-Site Scripting
• Description: PerlMailer is a web-based CGI script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input supplied to the CGI email form. PerlMailer versions prior to 3.02 are affected.
• Ref: http://www.securityfocus.com/bid/28472

• 08.14.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: DigiDomain Multiple Cross-Site Scripting Vulnerabilities
• Description: DigiDomain is an ASP-based domain lookup application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "domain" parameter of the "lookup/lookup_result.asp" script and the "word1" and "word2" parameters of the "lookup/suggest_result.asp" script. DigiDomain version 2.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/490157

• 08.14.53 - CVE: CVE-2006-7195
• Platform: Web Application - Cross Site Scripting
• Title: Apache Tomcat Cross-Site Scripting
• Description: Apache Tomcat is a web server application available for multiple platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to certain headers of the "implicit-objects.jsp" script.
• Ref: http://www.securityfocus.com/bid/28481

• 08.14.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JV2 Folder Gallery "index.php" Cross-Site Scripting
• Description: JV2 Folder Gallery is a PHP-based application for managing image folders. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "image" parameter of the "index.php" script. JV2 Folder Gallery version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/28508

• 08.14.55 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: JV2 Quick Gallery "index.php" Cross-Site Scripting
• Description: JV2 Quick Gallery is a photo gallery application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "f" parameter of the "index.php" script. JV2 Quick Gallery version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/28511

• 08.14.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHPkrm Unspecified Cross-Site Scripting
• Description: PHPkrm is a web-based GnuPG keyring manager. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. PHPkrm version 1.4.2 is affected.
• Ref: http://www.securityfocus.com/bid/28510

• 08.14.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Jack (tR) Jax LinkLists "jax_linklists.php" Cross-Site Scripting
• Description: Jax LinkLists is an PHP-based application that handles and manages hyperlink lists. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "cat" parameter of the "jax_linklists.php" script. Jax LinkLists version 1.00 is affected.
• Ref: http://www.securityfocus.com/bid/28518

• 08.14.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: @lex Guestbook Multiple Cross-Site Scripting Vulnerabilities
• Description: @lex Guestbook is a guestbook application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the following scripts and parameters: "setup.php: language_setup" and "index.php : test". @lex Guestbook version 4.0.5 is affected.
• Ref: http://www.securityfocus.com/bid/28519

• 08.14.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: @lex Poll "setup.php" Cross-Site Scripting
• Description: @lex Poll is a polling application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "language_setup" parameter of the "setup.php" script. @lex Poll version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/28520

• 08.14.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHP Classifieds Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities
• Description: PHP Classifieds is a web-based classifieds application implemented in PHP. The application is exposed to multiple remote issues. PHP Classifieds version 6.20 is affected.
• Ref: http://www.securityfocus.com/bid/28521

• 08.14.61 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Jax Guestbook "jax_guestbook.php" Cross-Site Scripting
• Description: Jax Guestbook is a guest book application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "language" parameter of the "guestbook/jax_guestbook.php" script.
• Ref: http://www.securityfocus.com/bid/28522

• 08.14.62 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Nuked-Klan "nuked_nude" Parameter Cross-Site Scripting
• Description: Nuked-Klan is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "nuked_nude" parameter of the "index.php" script when the "file" parameter is set to "XForum". Nuked-Klan version 1.3 is affected.
• Ref: http://www.securityfocus.com/bid/28527

• 08.14.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo Ahsshop Component "vara" Parameter SQL Injection
• Description: Ahsshop is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "vara" parameter of the "com_ahsshop" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/28549

• 08.14.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpAddressBook "index.php" SQL Injection
• Description: phpAddressBook is an address book application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "index.php" script. phpAddressBook version 2.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/490097

• 08.14.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo MyAlbum Component "album" Parameter SQL Injection
• Description: MyAlbum is a photo gallery plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "album" parameter of the "com_album" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/28496

• 08.14.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: eggBlog Unspecifed Cookie SQL Injection
• Description: eggBlog is a web-log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The issue occurs when handling unspecified cookie data. eggBlog version 4.0 is affected.
• Ref: http://eggblog.net/news.php?id=39

• 08.14.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Smoothflash "admin_view_image.php" SQL Injection
• Description: Smoothflash is an online gallery implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "admin_view_image.php" script.
• Ref: http://www.securityfocus.com/bid/28503

• 08.14.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WordPress "wp-download" Plugin "dl_id" Parameter SQL Injection
• Description: The "wp-download" program is a plugin for the WordPress web-based publishing application. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "dl_id" parameter of the "wp-download.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/28516

• 08.14.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JGS-Treffen "jgs_treffen.php" SQL Injection
• Description: Woltlab Burning Board is a free web-based bulletin board package based on PHP and MySQL. JGS-Treffen is an add-on for the platform. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "view_id" parameter of the "jgs_treffen.php" script. JGS-Treffen versions 2.0.2 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/28530

• 08.14.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: EfesTECH Video "catID" Parameter SQL Injection
• Description: EfesTECH Video is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catID" parameter of the "default.asp" script before using it in an SQL query. EfesTECH Video version 5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/490309

• 08.14.71 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Neat weblog "articleId" Parameter SQL Injection
• Description: Neat weblog is a blogging application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleId" parameter of the "index.php" script before using it in an SQL query. Neat weblog version 0.2 is affected.
• Ref: http://www.securityfocus.com/bid/28534

• 08.14.72 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Sava's Place Sava's Link Manager "category" Parameter SQL Injection
• Description: Sava's Link Manager is used to track and manage links to a site. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "viewlinks.php" script before using it in an SQL query. Sava's Link Manager version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/28538

• 08.14.73 - CVE: CVE-2008-1486
• Platform: Web Application - SQL Injection
• Title: Phorum Multiple Unspecified SQL Injection Vulnerabilities
• Description: Phorum is a web-based forum application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries. The Phorum versions prior to 5.2.6 are affected.
• Ref: http://www.phorum.org/phorum5/read.php?64,126815

• 08.14.74 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FaScript FaPhoto "show.php" SQL Injection
• Description: FaScript FaPhoto is a photo-gallery application. The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "show.php" script before using it in an SQL query. FaScript FaPhoto version 1 is affected.
• Ref: http://www.securityfocus.com/bid/28545

• 08.14.75 - CVE: Not Available
• Platform: Web Application
• Title: TopperMod "mod.php" Local File Include Vulnerability
• Description: TopperMod is a web-based application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "to" parameter of the "mod.php" script. TopperMod version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/28449

• 08.14.76 - CVE: CVE-2008-1568
• Platform: Web Application
• Title: Comix "filename" Remote Command Execution
• Description: Comix is an photo gallery application specifically used for viewing comics. The application is exposed to a remote shell command execution issue because the application fails to sufficiently sanitize user-supplied data. The vulnerability occurs when handling filenames while running the "rar", "unrar" or "jpegtran" programs. Comix version 3.6.4 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840

• 08.14.77 - CVE: CVE-2008-1488
• Platform: Web Application
• Title: PECL Alternative PHP Cache Extension "apc_search_paths()" Buffer Overflow
• Description: PECL Alternative PHP Cache (APC) is a framework for PHP code caching and optimization. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. APC versions prior to 3.0.17 are affected.
• Ref: http://pecl.php.net/bugs/bug.php?id=13415

• 08.14.78 - CVE: Not Available
• Platform: Web Application
• Title: Terracotta "index.php" Local File Include
• Description: Terracotta is a content management system implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "CurrentDirectory" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/archive/1/490341

• 08.14.79 - CVE: CVE-2008-1567
• Platform: Web Application
• Title: phpMyAdmin Local Information Disclosure
• Description: phpMyAdmin is a web-based administration interface for mySQL databases. The application is exposed to a local information disclosure issue because it fails to securely protect login credentials and secret keys. phpMyAdmin versions prior to 2.11.5.1 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2

• 08.14.80 - CVE: Not Available
• Platform: Web Application
• Title: Invision Power Board "Signature" iFrame Security
• Description: Invision Power Board (IP.Board) is a content manager implemented in PHP. The application is exposed to a security issue that can aid attackers in social engineering attacks. This issue permits a registered forum user to insert malicious HTML code containing iFrame tags into their "Signature" via the application's user control panel. Invision Power Board version 2.3.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/490115

• 08.14.81 - CVE: Not Available
• Platform: Web Application
• Title: GeeCarts Multiple Input Validation Vulnerabilities
• Description: GeeCarts is a web application implemented in PHP. The application is exposed to multiple remote file include and cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "id" parameter. All versions of GeeCarts are affected.
• Ref: http://www.securityfocus.com/bid/28470

• 08.14.82 - CVE: Not Available
• Platform: Web Application
• Title: JAF CMS "website" and "main_dir" Parameters Multiple Remote File Include Vulnerabilities
• Description: JAF CMS is a content manager implemented in PHP. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. JAF CMS version 4.0.0 RC2 is affected.
• Ref: http://www.securityfocus.com/archive/1/490162

• 08.14.83 - CVE: Not Available
• Platform: Web Application
• Title: Simple Machines Forum Multiple Remote File Include Vulnerabilities
• Description: Simple Machines Forum is a web forum implemented in PHP. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input to the following scripts and parameters: "/Sources/Subs-Graphics.php: settings[default_theme_dir]" and "/Sources/Themes.php: settings[theme_dir]". Simple Machines Forum version 1.1.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/490264

• 08.14.84 - CVE: Not Available
• Platform: Web Application
• Title: auraCMS "user.php" Access Validation
• Description: auraCMS is a PHP-based content manager. The application is exposed to an access validation issue that attackers can leverage to create unauthorized administrative user accounts. This issue affects the "user.php" script. auraCMS version 2.2.1 is affected.
• Ref: http://www.securityfocus.com/bid/28499

• 08.14.85 - CVE: Not Available
• Platform: Web Application
• Title: CuteFlow Bin SQL Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
• Description: CuteFlow Bin is a web-based tool for circulating documents. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. CuteFlow Bin version 1.5.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/490305

• 08.14.86 - CVE: Not Available
• Platform: Web Application
• Title: JShop Server "page.php" Local File Include
• Description: JShop Server is a web-based, ecommerce application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "xPage" parameter of the "page.php" script. JShop Server versions 1.x and 2.x are affected.
• Ref: http://www.securityfocus.com/bid/28501

• 08.14.87 - CVE: Not Available
• Platform: Web Application
• Title: KISGB "view_private.php" Local File Include
• Description: KISGB (Keep It Simple Guest Book) is a guestbook application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "tmp_theme" parameter of the "view_private.php" script. KISGB version 5.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/28513

• 08.14.88 - CVE: Not Available
• Platform: Web Application
• Title: mx_blogs Weblogs Module for mxBB "mx_root_path" Parameter Remote File Include
• Description: The mx_blogs module is a blogging module for the mxBB bulletin board application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mx_root_path" parameter of the "/includes/functions_weblog.php" script. mx_blogs version 2.0.0-beta is affected.
• Ref: http://www.securityfocus.com/bid/28515

• 08.14.89 - CVE: Not Available
• Platform: Web Application
• Title: SudBox Boutique Multiple Administrative Scripts Authentication Bypass Vulnerabilities
• Description: SudBox Boutique is a PHP-based ecommerce application. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks. SudBox Boutique version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/28525

• 08.14.90 - CVE: Not Available
• Platform: Web Application
• Title: PhpGKit "connexion.php" Remote File Include
• Description: PhpGKit is a framework that allows users to develop web sites. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "DOCUMENT_ROOT" parameter of the "connexion.php" script. PhpGKit version 0.9 is affected.
• Ref: http://www.securityfocus.com/bid/28526

• 08.14.91 - CVE: Not Available
• Platform: Web Application
• Title: PHP Spam Manager "body.php" Local File Include
• Description: PHP Spam Manager is a PHP-based application for managing spam quarantines. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "body.php" script. PHP Spam Manager version 0.53 beta is affected.
• Ref: http://www.securityfocus.com/bid/28529

• 08.14.92 - CVE: Not Available
• Platform: Web Application
• Title: Sava's Place Sava's GuestBook "index.php" Local File Include
• Description: Sava's GuestBook is a web-based guest book script. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "action" parameter of the "index.php" script. Sava's GuestBook version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/28536

• 08.14.93 - CVE: Not Available
• Platform: Web Application
• Title: Sava's Place Sava's Link Manager "index.php" Local File Include
• Description: Sava's Link Manager is used to track and manage links to a site. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "index.php" script. Sava's Link Manager version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/28537

• 08.14.94 - CVE: Not Available
• Platform: Web Application
• Title: EasyNews Multiple Input Validation Vulnerabilities
• Description: EasyNews is a web-based news aggregator application. The application is exposed to multiple input validation issues. EasyNews version 4.0tr is affected.
• Ref: http://www.securityfocus.com/archive/1/490338

• 08.14.95 - CVE: Not Available
• Platform: Network Device
• Title: Aztech ADSL2/2+ 4 Port Router Remote Command Injection
• Description: Aztech ADSL2/2+ 4 Port Router is a managed router device. The device is exposed to a remote command injection issue via its web interface because it fails to adequately sanitize user-supplied input data. Aztech ADSL2/2+ 4 Port Router with firmware version 3.7.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/490100

• 08.14.96 - CVE: CVE-2008-1153
• Platform: Network Device
• Title: Cisco IOS Dual-stack Router IPv6 Denial of Service
• Description: Cisco IOS-based, dual-stack routers are exposed to a denial of service issue. This issue can occur when a specially crafted IPv6 packet is sent to the device. However, for an exploit to succeed the device must have certain IPv4 UDP services enabled.
• Ref: http://www.securityfocus.com/archive/1/490110

• 08.14.97 - CVE: CVE-2008-0537
• Platform: Network Device
• Title: Cisco IOS With OSPF, MPLS VPN, Sup32, Sup720 or RSP720 Denial of Service
• Description: Multiple Cisco products running Cisco IOS (Internetwork Operating System) with OSPF (Open Shortest Path First) or MPLS VPN (Multi Protocol Label Switching Virtual Private Networking) are exposed to a denial of service issue caused by a blocked queue, a memory leak, or a restart of the device.
• Ref: http://www.securityfocus.com/archive/1/490111

• 08.14.98 - CVE: CVE-2008-1156
• Platform: Network Device
• Title: Cisco IOS Multicast Virtual Private Network MDT Data Join Handling
• Description: Cisco IOS Multicast Virtual Private Network (MVPN) is an architecture that includes protocols and procedures for supporting Multiprotocol Label Switching (MPLS) VPN multicast traffic. The application is exposed to an issue that occurs when handling specially crafted Multicast Distribution Tree (MDT) Data Join messages.
• Ref: http://www.securityfocus.com/archive/1/490108

• 08.14.99 - CVE: CVE-2008-1267
• Platform: Network Device
• Title: Siemens SpeedStream 6520 HTTP Request Remote Denial of Service
• Description: Siemens SpeedStream 6520 is a wireless router. The device is exposed to a remote denial of service issue that affects its web interface because it fails to handle specially crafted HTTP requests.
• Ref: http://www.gnucitizen.org/projects/router-hacking-challenge/

• 08.14.100 - CVE: CVE-2008-0211
• Platform: Network Device
• Title: HP Compaq Business Notebook PC BIOS Local Denial of Service
• Description: HP Compaq Business Notebooks are exposed to a local denial of service issue. Attackers can exploit this issue to disrupt service for legitimate users.
• Ref: http://www.securityfocus.com/archive/1/490260

• 08.14.101 - CVE: CVE-2008-0706
• Platform: Network Device
• Title: HP Compaq Notebook PC BIOS Local Unauthorized Access
• Description: HP Compaq Notebook PC BIOS is exposed to a local unauthorized access issue. A local attacker can exploit this issue to gain unauthorized access to the affected computer.
• Ref: http://www.securityfocus.com/archive/1/490261

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.