Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 15
April 10, 2008

SANS Newsletters Home

Problems with Microsoft Windows, Internet Explorer and Adobe Flash will catch your attention in this week's @RISK, but there are also critical vulnerabilities in the Autonomy KeyView SDK, a library used by a large number of applications, including Symantec Mail Security, Lotus Notes, and activePDF. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 4 (#1, #7, #9)
    • Other Microsoft Products
    • 7 (#2, #5, #6, #10)
    • Third Party Windows Apps
    • 16
    • Linux
    • 3
    • Solaris
    • 1
    • Unix
    • 2
    • Novell
    • 1
    • Cross Plat
    • 11 (#3, #4, #8)
    • Web Application - Cross Site Scripting
    • 19
    • Web Application - SQL Injection
    • 28
    • Web Application
    • 25
    • Network Device

************************* Sponsored By SANS ***************************

Come to the Penetration Testing and Ethical Hacking Summit: an interactive User-to-User conference. Hear the hot issues your peers have faced and how they resolved them. Learn from these lessons in large and medium size environments. Las Vegas June 2-3. http://www.sans.org/info/27638

***********************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Link ***************************

1) Beyond Traditional Security: Blend Proactive and Reactive Security to Protect the Enterprise - Learn More http://www.sans.org/info/27643

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Internet Explorer Script Decoding Vulnerability (MS08-022)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: Microsoft Internet Explorer allows websites to encode scripts embedded in web pages, to help prevent copying and modification of such scripts. A flaw in the decoding process leads to a remote code execution vulnerability. A specially crafted web page could trigger this flaw, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that such scripts would be executed automatically upon viewing a malicious web page, and may not be visible to the user. Note that a vulnerability is available to members of Immunity Security's early update program.

  • Status: Microsoft confirmed, updates available. Systems using Microsoft Internet Explorer version 7 are not vulnerable.

  • References:
  • (4) CRITICAL: Autonomy KeyView SDK Multiple Buffer Overflows
  • Affected:
    • Autonomy KeyView SDK versions 10.x
    • Verity KeyView SDK versions 9.x and prior
    • Multiple applications using these APIs, including:
    • IBM Lotus Notes versions 8.x and prior
    • activePDF DocConverter
    • Symantec Mail Security

  • Description: The Autonomy and Verity KeyView Software Developer Kits (SDKs) are used by a variety of applications to automatically parse and display various types of media. These SDKs contain multiple buffer overflows in their handling of a variety of media types. A specially crafted HTML, graphics, folio, or email file could trigger one of these buffer overflows and execute arbitrary code with the privileges of the vulnerable process. Numerous applications use the affected SDKs, including applications such as IBM Lotus Notes, activePDF DocConverter, and Symantec Mail Security. Technical details are publicly available for several of these vulnerabilities. In the case of several vulnerable products, no user interaction is required to exploit these vulnerabilities; an email message transiting a vulnerable server is sufficient for exploitation.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) HIGH: Microsoft Internet Explorer Data Stream Processing Vulnerability (MS08-024)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: Microsoft Internet Explorer contains a flaw in its handling of data streams. A specially crafted web page that is designed to exploit this vulnerability could trigger this flaw, allowing an attacker to execute arbitrary code with the privileges of the current user. It is believed that the method of exploitation would not first prompt the user before triggering the vulnerability. Few technical details are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (6) HIGH: Microsoft Project Remote Code Execution Vulnerability (MS08-18)
  • Affected:
    • Microsoft Project 2000
    • Microsoft Project 2002
    • Microsoft Project 2003

  • Description: Microsoft Project is a popular project management application. It contains a flaw in its handling of Project files. A specially crafted Project file could trigger this flaw, leading to a memory corruption vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Project, Project files are not opened without first prompting the user by default.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (7) HIGH: Microsoft 'hxvz.dll' ActiveX Control Memory Corruption (MS08-023)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: Microsoft Windows contains an ActiveX control known as 'hxvz.dll'. When this control is instantiated by Microsoft Internet Explorer, it can cause a memory corruption vulnerability. A malicious web page that instantiates this control could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that this update also disables some third-party ActiveX controls that are known to contain vulnerabilities.

  • Status: Microsoft confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSIDs "314111b8-a502-11d2-bbca-00c04f8ec294" and "314111c6-a502-11d2-bbca-00c04f8ec294".

  • References:
  • (8) HIGH: TIBCO Enterprise Message Server and Rendezvous Multiple Vulnerabilities
  • Affected:
    • TIBCO Enterprise Message Service versions 4.x
    • TIBCO iProcess Suite

  • Description: The TIBCO Enterprise Message Service is an enterprise inter-application message-passing service. TIBCO Rendezvous is an enterprise process coordination system. These products contain multiple vulnerabilities in their handling of a variety of messages. A specially crafted message sent to or via these services could trigger one of these vulnerabilities, potentially allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. On some installations of these applications, this could result in arbitrary code execution with SYSTEM or root privileges.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) MODERATE: Microsoft Windows DNS Predictable Transaction IDs (MS08-020)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista

  • Description: The Domain Name System (DNS) is the system by which human-readable domain names are resolved into IP addresses. DNS requests are paired with responses by using a unique "transaction ID" per request-response pair. Microsoft Windows fails to create truly random transaction IDs for DNS requests and responses. An attacker who could observe several requests from a Microsoft Windows system could predict subsequent transaction IDs. This would allow an attacker to spoof responses from a DNS server, possibly redirecting vulnerable machines to arbitrary sites or otherwise disrupting normal DNS resolution. Some technical details are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (10) MODERATE: Microsoft Visio Multiple Vulnerabilities (MS08-019)
  • Affected:
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office 2007

  • Description: Microsoft Visio contains flaws in its handling of various file formats. A specially crafted Viso or DXF file could trigger one of these flaws, leading to various memory corruption vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Note that some user interaction is required to exploit these vulnerabilities. In the case of DXF files, Visio must be explicitly instructed to open the file; it will not be opened by Visio automatically in its default configuration.

  • Status: Microsoft confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.15.1 - CVE: CVE-2008-1084
  • Platform: Windows
  • Title: Microsoft Windows Kernel Usermode Callback Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue. The flaw stems from insufficient validation of data from usermode callbacks to the Kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-025.mspx
  • 08.15.2 - CVE: CVE-2008-1087
  • Platform: Windows
  • Title: Microsoft Windows GDI Stack Overflow
  • Description: Microsoft Windows is exposed to a stack-based overflow issue that resides in the GDI graphics library and can be triggered by a malformed EMF image file. Specifically, this issue is caused by an error in processing of filename parameters in EMF image files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx
  • 08.15.3 - CVE: CVE-2008-1083
  • Platform: Windows
  • Title: Microsoft Windows GDI "CreateDIBPatternBrushPt" Function Heap Overflow
  • Description: Microsoft Windows is exposed to a heap-based overflow issue that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file. Specifically, the cause of the issue is an error in performing integer calculations based on data supplied within EMF/WMF image files.
  • Ref: http://www.securityfocus.com/archive/1/490584
  • 08.15.4 - CVE: CVE-2008-0087
  • Platform: Windows
  • Title: Microsoft Windows DNS Client Service Response Spoofing
  • Description: Microsoft Windows operating systems are exposed to an issue that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
  • 08.15.5 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service
  • Description: Microsoft Internet Explorer is a browser available for Microsoft Windows. Internet Explorer is exposed to a denial of service issue that occurs when handling the XDR (XDomainRequest) object. Microsoft Internet Explorer version 8 Beta 1 is affected.
  • Ref: http://www.0x000000.com/?i=543
  • 08.15.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "ieframe.dll" Script Injection
  • Description: Microsoft Internet Explorer is a web browser application for the Windows operating system. The application is exposed to a script injection issue when handling specially-crafted requests to "acr_error.htm" via the "res://" protocol. Internet Explorer version 8 is affected.
  • Ref: http://www.0x000000.com/?i=544
  • 08.15.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 8, 2008. The highest severity rating for these issues is "Critical".
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
  • 08.15.8 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Header Handling "res://" Information Disclosure
  • Description: Microsoft Internet Explorer is a browser application for the Windows operating system. The application is exposed to an information disclosure issue when handling specially crafted "res://" protocol handlers in a "header()" forward of a malicious web page. Internet Explorer 7 is affected.
  • Ref: http://www.0x000000.com/?i=547
  • 08.15.9 - CVE: CVE-2008-1089
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Object Header Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. The application is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. Specifically, this issue occurs when the application opens Visio files that contain specially crafted object header data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
  • 08.15.10 - CVE: CVE-2008-1090
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Memory Validation Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. The application is exposed to a remote code execution issue because it fails to adequately handle user-supplied data. The software fails to properly allocate memory when specially crafted Visio files are loaded into memory from disk.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
  • 08.15.11 - CVE: CVE-2008-1085
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Data Stream Handling Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for Windows operating systems. The application is exposed to a remote code execution issue because it fails to adequately handle specially crafted data streams.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx
  • 08.15.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP OpenView Network Node Manager "OVAS.EXE" Buffer Overflow
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. The application is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data. Network Node Manager version 7.51 running on Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/bid/28569
  • 08.15.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: McAfee ePolicy Orchestrator "FrameworkService.exe" Remote Denial of Service
  • Description: McAfee ePolicy Orchestrator is a suite of applications that provides antivirus, antispyware, system firewalls, host IPS, content filtering, and patch management. The application is exposed to a remote denial of service issue in its "FrameworkService.exe" executable. McAfee ePolicy Orchestrator version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28573
  • 08.15.14 - CVE: CVE-2008-0312
  • Platform: Third Party Windows Apps
  • Title: Symantec AutoFix Support Tool "SYMADATA.DLL" ActiveX Control Remote Buffer Overflow
  • Description: Symantec AutoFix Support Tool is an application used for detecting and fixing support issues online. The "SYMADATA.DLL" ActiveX control is a component of the application. The ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
  • 08.15.15 - CVE: CVE-2008-0313
  • Platform: Third Party Windows Apps
  • Title: Symantec AutoFix Tool ActiveX Control Remote Share "launchProcess()" Insecure Method
  • Description: The Symantec AutoFix Tool is a technical support application that scans a user's computer for possible errors affecting Norton products and provides the user with options for addressing any errors that are discovered. The application's "SYMADATA.DLL" ActiveX control library is exposed to an issue due to an error in the "launchProcess()" method. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
  • 08.15.16 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LANDesk Management Suite 8.80.1.1 PXE TFTP Service Directory Traversal
  • Description: LANDesk Management Suite is used to manage hardware and software across a network. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. LANDesk Management Suite version 8.80.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490390
  • 08.15.17 - CVE: CVE-2008-1328, CVE-2008-1329
  • Platform: Third Party Windows Apps
  • Title: Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
  • Description: Computer Associates ARCserve Backup for Laptops and Desktops is an automated backup solution that runs on Microsoft Windows operating systems. The application is exposed to multiple remote issues. Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105
  • 08.15.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Interwoven Worksite Web "iManFile.cab" TransferCtrl Class ActiveX Control Double Free
  • Description: Interwoven Worksite Web is a project and document management application. The Worksite Web TransferCtrl Class ActiveX control is exposed to a double free issue that occurs when the TransferCtrl Class "server()" method uses a JavaScript variable that can be freed by the JavaScript engine while the control continues to maintain a reference to the memory location. WorkSite Web versions prior to 8.2 SP1 P2 are affected. Ref: http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
  • 08.15.19 - CVE: CVE-2008-1602
  • Platform: Third Party Windows Apps
  • Title: Orbit Downloader "Download Failed" Remote Buffer Overflow
  • Description: Orbit Downloader is a peer-to-peer file download application for Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Orbit Downloader versions prior to 2.6.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/490458
  • 08.15.20 - CVE: CVE-2008-0311
  • Platform: Third Party Windows Apps
  • Title: Borland StarTeam Multicast Service "GMWebHandler::parse_request()" Buffer Overflow
  • Description: Borland CaliberRM is an enterprise software requirements management system available for Microsoft Windows. The application is exposed to a remote stack-based buffer overflow issue that occurs because the application fails to perform adequate boundary checks on user-supplied data. Borland StarTeam Multicast Service version 6.4 included in Borland CaliberRM 2006, 2007 and 2008 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675
  • 08.15.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SmarterTools SmarterMail HTTP Request Handling Denial of Service
  • Description: SmarterTools SmarterMail is a Windows mail server intended as an alternative to Microsoft Exchange. The application is exposed to a denial of service issue when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. SmarterMail version 5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28610
  • 08.15.22 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Tumbleweed SecureTransport "vcst_eu.dll" ActiveX Control Remote Buffer Overflow
  • Description: Tumbleweed SecureTransport is a secure file transfer application available for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/490536
  • 08.15.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CDNetworks Nefficient Download "NeffyLauncher.dll" ActiveX Control Multiple Vulnerabilities
  • Description: CDNetworks Nefficient Download is an ActiveX control used for downloading and upgrading game files. The application is exposed to an arbitrary file upload issue and an authentication bypass issue that affect the "NeffyLauncher.dll" ActiveX control library. NeffyLauncher.dll version 1.0.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490535
  • 08.15.24 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP OpenView Network Node Manager "ovalarmsrv.exe" Multiple Remote Vulnerabilities
  • Description: HP OpenView Network Node Manager (NNM) is an automated network topology application used to assist network administration and analysis. The application is exposed to multiple issues affecting the "ovalarmsrv.exe" process. HP OpenView Network Node Manager version 7.53 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490541
  • 08.15.25 - CVE: CVE-2008-0083
  • Platform: Third Party Windows Apps
  • Title: Microsoft VBScript and JScript Scripting Engines Remote Code Execution
  • Description: VBScript and JScript are scripting engines for Microsoft Windows. The applications are exposed to a remote code execution issue because they fail to adequately decode user-supplied script code when processing web documents. These versions are affected: VBScript versions 5.6 and earlier; JScript versions 5.6 and earlier.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
  • 08.15.26 - CVE: CVE-2008-1086
  • Platform: Third Party Windows Apps
  • Title: Microsoft "hxvz.dll" ActiveX Control Memory Corruption
  • Description: Microsoft "hxvz.dll" ActiveX control is exposed to a remote memory corruption issue. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680
  • 08.15.27 - CVE: CVE-2008-1088
  • Platform: Third Party Windows Apps
  • Title: Microsoft Project Resource Memory Allocation Remote Code Execution
  • Description: Microsoft Project is a project management application for the Microsoft Windows operating system. Project is exposed to a remote code-execution issue when allocating memory resources while opening Project files.
  • Ref: http://www.kb.cert.org/vuls/id/155563
  • 08.15.28 - CVE: CVE-2008-0887
  • Platform: Linux
  • Title: Gnome Desktop Screensaver NIS Authentication Local Unauthorized Access
  • Description: Gnome Desktop is exposed to a local unauthorized access issue that occurs when the screensaver is activated and the application uses NIS authentication. Specifically, the application allows attackers to unlock the desktop with no password if there is no network connection to the NIS.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0197.html
  • 08.15.29 - CVE: Not Available
  • Platform: Linux
  • Title: openMosix "libmosix.c" Remote Stack-Based Buffer Overflow
  • Description: openMosix is a Linux kernel extension for clustering. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. openMosix version 2.4.20-3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490534
  • 08.15.30 - CVE: Not Available
  • Platform: Linux
  • Title: LICQ File Descriptor Remote Denial of Service
  • Description: LICQ is a Linux qt-based messaging application. The application is exposed to a denial of service issue because it fails to handle exceptional conditions.
  • Ref: http://www.securityfocus.com/archive/1/490563
  • 08.15.31 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "inetd(1M)" Daemon Insecure Temporary File Creation
  • Description: Sun Solaris is an enterprise-grade Unix distribution. Sun Solaris "inetd(1M)" creates temporary files in an insecure manner. This issue arises when "Debug Logging" has been enabled. Sun Solaris version 10 for SPARC and x86 platforms is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233284-1
  • 08.15.32 - CVE: Not Available
  • Platform: Unix
  • Title: SCO UnixWare Reliant HA "RELIANT_PATH" Local Input Validation
  • Description: Reliant HA is an optional, high availability clustering add-on for SCO Unixware 7 systems. The application is exposed to a local input validation issue because it fails to adequately sanitize user-supplied input to the "RELIANT_PATH" parameter. Reliant HA version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28624
  • 08.15.33 - CVE: Not Available
  • Platform: Unix
  • Title: SCO UnixWare Merge mcd "HISTFILE" Local Input Validation
  • Description: UnixWare is a Unix operating system maintained by SCO Group. The application is exposed to a local input validation issue because it fails to adequately sanitize user supplied input to the "HISTFILE" environment variable.
  • Ref: http://www.securityfocus.com/bid/28625
  • 08.15.34 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory HTTP HEAD Request Handling Denial of Service
  • Description: Novell eDirectory is a directory service application used to centrally manage computer resources on a network. The application is exposed to a denial of service issue when handling specially-crafted HTTP HEAD requests. eDirectory version 8.8.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28572
  • 08.15.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Content Manager Unspecified Security
  • Description: IBM DB2 is a database server designed to run on various platforms, including Linux, AIX, Solaris, and Microsoft Windows. DB2 Content Manager is exposed to an unspecified security issue affecting the "AllowedTrustedLogin" privilege. IBM DB2 versions prior to 8.3 Fix Pack 8 are affected.
  • Ref: http://www.securityfocus.com/bid/28567
  • 08.15.36 - CVE: CVE-2008-0555
  • Platform: Cross Platform
  • Title: Apache-SSL Environment Variable Information Disclosure and Privilege Escalation
  • Description: Apache-SSL is a secure web server based on Apache and SSLeay/OpenSSL. The application is exposed to a remote information disclosure and privilege escalation issue because it fails to adequately validate user-supplied input. Apache-SSL version apache_1.3.34+ssl_1.57 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490386
  • 08.15.37 - CVE: CVE-2008-0069
  • Platform: Cross Platform
  • Title: XnView FontName Buffer Overflow
  • Description: XnView is a photo viewer available for multiple platforms. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. XnView version 1.92.1 is affected.
  • Ref: http://secunia.com/secunia_research/2008-6/advisory
  • 08.15.38 - CVE: CVE-2008-1618
  • Platform: Cross Platform
  • Title: WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness
  • Description: WatchGuard Firebox is the firewall solution designed and distributed by WatchGuard. Firebox is designed as an enterprise level firewall with security features and filtering customizations. The application is exposed to a user enumeration weakness. This issue occurs in the "MS-CHAPv2" authentication handshake protocol. WatchGuard Firebox version prior to 10 is affected.
  • Ref: http://www.mwrinfosecurity.com/content/publications.php
  • 08.15.39 - CVE: CVE-2008-1013, CVE-2008-1014, CVE-2008-1015,CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1019,CVE-2008-1020, CVE-2008-1021, CVE-2008-1022, CVE-2008-1023
  • Platform: Cross Platform
  • Title: Apple QuickTime Multiple Remote Vulnerabilities
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to multiple remote issues that may allow remote attackers to disclose sensitive information, execute arbitrary code, and carry out denial-of-service attacks.
  • Ref: http://www.securityfocus.com/bid/28583
  • 08.15.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser 9.26 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to multiple security issues. Opera versions prior to 9.27 are affected.
  • Ref: http://www.opera.com/support/search/view/882/
  • 08.15.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: iMatix Xitami Multiple Format String Vulnerabilities
  • Description: Xitami is a freely available webserver package distributed by iMatix. It is available for Unix, Linux, and Microsoft platforms. The application is exposed to multiple format string issues because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted printing function. Xitami version 2.5c2 is affected.
  • Ref: http://www.bratax.be/advisories/b013.html
  • 08.15.42 - CVE: CVE-2007-4620
  • Platform: Cross Platform
  • Title: Computer Associates Alert Notification Server Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Computer Associates Alert Notification Server provides alerting capabilities to multiple CA products. The application is exposed to multiple remote buffer overflow issues because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.securityfocus.com/archive/1/490474
  • 08.15.43 - CVE: CVE-2008-1515
  • Platform: Cross Platform
  • Title: OTRS SOAP Interface Security Bypass
  • Description: OTRS is a ticket request system implemented in PERL. The application is exposed to a security bypass issue because it fails to properly validate user credentials before performing certain actions. OTRS versions 2.1.x prior to 2.1.8, and 2.2.x prior to 2.2.6 are affected.
  • Ref: http://otrs.org/advisory/OSA-2008-01-en/
  • 08.15.44 - CVE: CVE-2008-1686
  • Platform: Cross Platform
  • Title: FishSound Library Remote Speex Decoding Code Execution
  • Description: FishSound is a library that provides a programming interface for encoding and decoding audio data using the Xiph.org protocols. The FishSound "libfishsound" library is exposed to a remote code execution issue due to a failure of the application to properly bounds check user-supplied data. FishSound versions prior to 0.9.1 are affected.
  • Ref: http://www.ocert.org/advisories/ocert-2008-2.html
  • 08.15.45 - CVE: CVE-2008-0711
  • Platform: Cross Platform
  • Title: HP Integrity Servers iLO-2 Management Processors Denial of Service
  • Description: HP Integrity Servers running iLO-2 Management Processors (iLO-2 MP) are exposed to a denial of service issue that exists due to an unspecified error in the embedded management console. HP Integrity Server model numbers rx2660, rx3600, rx6600 with iLO-2 MP firmware versions F.01.58 and earlier, and HP Integrity Blade Server model bl860c with iLO-2 MP firmware versions T.01.22 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28673
  • 08.15.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DivXDB 2002 Multiple Cross-Site Scripting Vulnerabilities
  • Description: DivXDB 2002 is a PHP-based application for managing DivX related website content. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. DivXDB 2002 version 0.94b is affected.
  • Ref: http://www.securityfocus.com/bid/28566
  • 08.15.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tiny Portal "shouts" Cross-Site Scripting
  • Description: Tiny Portal is a web portal application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "shout" parameter of the "index.php" script. Tiny Portal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28630
  • 08.15.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: mcGallery "lang" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: mcGallery is photo gallery application implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "lang" parameter. mcGallery version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28587
  • 08.15.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Parallels Virtuozzo Containers VZPP Interface File Manger Cross-Site Request Forgery
  • Description: Parallels Virtuozzo Containers is a operating system virtualization application that includes a web-based control interface called VZPP. The application is exposed to a cross-site request forgery issue affecting VZPP's file management utilities in "/vz/cp/vzdir/infrman/envs/files/". Virtuozzo Containers versions 3.0.0-25.4.swsoft, and 4.0.0-365.6.swsoft are affected.
  • Ref: http://www.securityfocus.com/archive/1/490409
  • 08.15.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Parallels Virtuozzo Containers VZPP Interface Change Password Cross-Site Request Forgery
  • Description: Parallels Virtuozzo Containers is a operating-system virtualization application that includes a web-based control interface called VZPP. The application is exposed to a cross-site request forgery issue affecting VZPP's password changing utility in "/vz/cp/pwd". Virtuozzo Containers version 3.0.0-25.4.swsoft is affected.
  • Ref: http://www.securityfocus.com/archive/1/490409
  • 08.15.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Flickr Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. The Flickr module allows Drupal users to access the Flickr API. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to unspecified parameters. Flickr module 5.x versions prior to 5.x-1.3, and 6.x versions prior to 6.x-1.0-alpha1 are affected.
  • Ref: http://drupal.org/node/241939
  • 08.15.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Smart Classified ADS and Smart Photo ADS "view.cgi" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Smart Classified ADS is a web-based classifieds application and Smart Photo ADS is web-based photo gallery application. The applications are implemented in Perl. The application is exposed to multiple cross-site scripting issues because the application fails to sufficiently sanitize user-supplied input to the "AdNum" and "Department" parameters of the "view.cgi" script.
  • Ref: http://www.securityfocus.com/bid/28595
  • 08.15.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Simple Gallery "album" Parameter Cross-Site Scripting
  • Description: Simple Gallery is a PHP-based image gallery application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "album" parameter of the "index.php" script. Simple Gallery version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28596
  • 08.15.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ManageEngine Firewall Analyzer "mindex.do" Cross-Site Scripting
  • Description: ManageEngine Firewall Analyzer is an enterprise tool for monitoring and managing firewall logs. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "displayName" parameter in the "mindex.do" script. ManageEngine Firewall Analyzer version 4.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/28604
  • 08.15.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Poplar Gedcom Viewer Search Page Multiple Cross-Site Scripting Vulnerabilities
  • Description: Poplar Gedcom Viewer is a PHP-based web application designed for dynamic viewing and editing of genealogy. The application supports GEDCOM and GENDEX file formats. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. This issue affects the "text" and "ul" parameters that are used by the "search" page via the "index.php" script. Poplar Gedcom Viewer version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28608/info
  • 08.15.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Glossaire "glossaire.php" Cross-Site Scripting
  • Description: Glossaire is a web-based application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "letter" parameter of the "glossaire.php" script. Glossaire version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28609
  • 08.15.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: KwsPHP ConcoursPhoto Module "VIEW" Parameter Cross-Site Scripting
  • Description: KwsPHP is a content management system implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "VIEW" parameter of the "ConcoursPhoto" module.
  • Ref: http://www.securityfocus.com/bid/28612
  • 08.15.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: e-Classifieds "hsx/classifieds.hsx" Cross-Site Scripting
  • Description: e-Classifieds is a web-based classifieds application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "db" parameter of the "hsx/classifieds.hsx" script. e-Classifieds Corporate edition is affected.
  • Ref: http://www.securityfocus.com/bid/28613
  • 08.15.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Alkacon OpenCms "sessions.jsp" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Alkacon OpenCms is a web-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "searchfilter" and "listSearchFilter" parameters of the "system/workplace/admin/workplace/sessions.jsp" script. OpenCms version 7.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490498
  • 08.15.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHPizabi Multiple Cross-Site Scripting Vulnerabilities
  • Description: PHPizabi is a social networking platform implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. PHPizabi version 0.848b C1 is affected.
  • Ref: http://www.securityfocus.com/bid/28648
  • 08.15.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Messenger Express "sid" Cross-Site Scripting
  • Description: Sun Java System Messenger Express is a webmail application. Sun Java System Messenger Express is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "sid" parameter of the "mail.html" script. Sun Java System Messenger Express version 6.1-13-15 is affected.
  • Ref: http://www.securityfocus.com/bid/28649
  • 08.15.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: URLStreet "seeurl.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: URLStreet is an application for managing favorite links on a web site. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "language" "order" and "filter" parameters of the "seeurl.php" script. URLStreet version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28650
  • 08.15.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Woltlab Burning Board WCF Cross-site Scripting and Information Disclosure Vulnerabilities
  • Description: WoltLab Community Framework (WCF) included in Woltlab Burning Board is prone to multiple security issues. Multiple information disclosure issues exist because the application includes the stack trace in the HTML comments returned to the user when it fails to load and instantiate classes based on user-supplied input. WCF version 1.0.6 included in WoltLab Burning Board version 3.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28678
  • 08.15.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Swiki HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: Swiki is a wiki application for the Comanche web server and Squeak programming language/environment. Squeak is an open-source implementation of Smalltalk. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. Swiki version 1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490561
  • 08.15.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Writer's Block "permalink.php" SQL Injection
  • Description: Writer's Block is a content management application implemented in PHP. The application is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PostID" parameter of the "permalink.php" script before using it in an SQL query. Writer's Block version 3.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490376
  • 08.15.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo actualite Component "id" Parameter SQL Injection
  • Description: actualite is a plugin for the Joomla! and Mambo content managers. The component is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_actualite" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28565
  • 08.15.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Nuked-Klan HTTP Referer Header SQL Injection
  • Description: Nuked-Klan is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the HTTP Referer header before using it in an SQL query. Nuked-Klan version 1.7.6 is affected.
  • Ref: http://www.securityfocus.com/bid/28578
  • 08.15.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Xpose PRO "mail.html" SQL Injection
  • Description: Xpose PRO is a web-based picture gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the 'reed' parameter of the 'mail.html' script before using it in an SQL query. Xpose PRO version 3.05 is affected.
  • Ref: http://www.securityfocus.com/bid/28618
  • 08.15.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Software Zone "view_product.php" SQL Injection
  • Description: Software Zone is a web-based application for selling software online. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "view_product.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28620
  • 08.15.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Comdev News Publisher "index.php" SQL Injection
  • Description: News Publisher is a web-based news publishing application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "arcmonth" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28622
  • 08.15.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Joomlearn LMS Component "cat" Parameter SQL Injection
  • Description: Joomlearn LMS is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "com_lms" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/490410
  • 08.15.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Terong PHP Photo Gallery "index.php" SQL Injection
  • Description: Terong PHP Photo Gallery is a photo gallery application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "photo_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28626
  • 08.15.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KwsPHP Galerie Module "id_gal" Parameter SQL Injection
  • Description: KwsPHP is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_gal" parameter of the "galerie" module before using it in an SQL query. KwsPHP version 1.3.456 is affected.
  • Ref: http://www.securityfocus.com/bid/28590
  • 08.15.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KwsPHP Archives Module "id" Parameter SQL Injection
  • Description: KwsPHP is a content manager implemented in PHP. The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "archives" module before using it in an SQL query. KwsPHP version 1.3.456 is affected.
  • Ref: http://www.securityfocus.com/bid/28592
  • 08.15.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Module jeuxflash for KwsPHP "cat" Parameter SQL Injection
  • Description: KwsPHP is a content manager; Module jeuxflash is a module for Kwsphp. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28601
  • 08.15.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PIGMy-SQL "getdata.php" SQL Injection
  • Description: PIGMy-SQL is a photo gallery application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "getdata.php" script before using it in an SQL query. PIGMy-SQL version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28634
  • 08.15.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blogator-script "sond_result.php" SQL Injection
  • Description: Blogator-script is a blog application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_art" parameter of the "sond_result.php" script before using it in an SQL query. Blogator-script version 0.95 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490500
  • 08.15.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Blogator-script "init_pass2.php" SQL Injection
  • Description: Blogator-script is a blog application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "init_pass2.php" script before using it in an SQL query. Blogator-script version 0.95 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490501
  • 08.15.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Cheats SQL Injection
  • Description: Prozilla Cheats is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view_reviews.php" script before using it in an SQL query. Prozilla Cheats version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28640
  • 08.15.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Forum SQL Injection
  • Description: Prozilla Forum is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum" parameter of the "forum.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28643
  • 08.15.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site Sift Listings SQL Injection
  • Description: Site Sift Listings is a web directory implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28644
  • 08.15.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pixel Motion Blog SQL Injection
  • Description: Pixel Motion Blog is a web-log application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categorie" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28644
  • 08.15.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Oxygen Bulletin Board "member.php" SQL Injection
  • Description: Oxygen Bulletin Board is a bulletin board application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "member" parameter of the "member.php" script before using it in an SQL query. Oxygen Bulletin Board version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/28651
  • 08.15.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBulletinBoard Custom Pages Module "pages" Parameter SQL Injection
  • Description: MyBulletinBoard Custom Pages is a web page design module for MyBulletinBoard. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "page.php" script before using it in an SQL query. Custom Pages module version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28652
  • 08.15.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ProZilla Freelancers "project.php" SQL Injection
  • Description: ProZilla Freelancers is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "project" parameter of the "project.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28653
  • 08.15.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Links Directory "links.php" SQL Injection
  • Description: Links Directory is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "links.php" script before using it in an SQL query. Links Directory version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28655
  • 08.15.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drake CMS HTTP "Via" Header SQL Injection
  • Description: Drake CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the HTTP "Via" header before using it in an SQL query. This issue occurs in the "/components/guestbook/guestbook.php" source file. Drake CMS version 0.4.11 is affected.
  • Ref: http://www.securityfocus.com/bid/28656
  • 08.15.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iScripts SocialWare "events.php" SQL Injection
  • Description: iScripts SocialWare is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to properly sanitize the "id" parameter of the "events.php" script.
  • Ref: http://www.securityfocus.com/bid/28669
  • 08.15.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: My Gaming Ladder SQL Injection
  • Description: My Gaming Ladder is a set of scripts for managing ladders and tournaments; it is implemented in PHP. The application is exposed to an SQL injection issue because it fails to properly sanitize the "ladderid" parameter of the "ladder.php" script. My Gaming Ladder versions 7.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28671
  • 08.15.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 724CMS SQL Injection
  • Description: 724Networks Content Management Server (724CMS) is a web-based content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to properly sanitize the "ID" parameter of the "index.php" script. 724CMS versions 4.01 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28672
  • 08.15.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Gaming Directory SQL Injection
  • Description: Prozilla Gaming Directory is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "directory.php" script before using it in an SQL query. Prozilla Gaming Directory version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28676
  • 08.15.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Software Index SQL Injection
  • Description: Prozilla Software Index is a web application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script before using it in an SQL query. Prozilla Software Index version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28677
  • 08.15.93 - CVE: Not Available
  • Platform: Web Application
  • Title: EasySite "EASYSITE_BASE" Parameter Multiple Remote File Include Vulnerabilities
  • Description: EasySite is a PHP-based application used to create portal web sites. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "EASYSITE_BASE" parameter. EasySite version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28563
  • 08.15.94 - CVE: Not Available
  • Platform: Web Application
  • Title: suPHP Multiple Local Privilege Escalation Vulnerabilities
  • Description: suPHP is a utility used to execute PHP scripts with the permissions of their owners. The application is expsoed to multiple local privilege escalation issues due to various race conditions that occur in the application. suPHP versions prior to 0.6.3 are affected.
  • Ref: http://article.gmane.org/gmane.comp.php.suphp.general/348
  • 08.15.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Online FlashQuiz Joomla! Component "db_config.inc.php" Remote File Include
  • Description: The Elearningforce Online FlashQuiz component (com_onlineflashquiz) for Joomla! is a PHP-based quizzing application. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "base_dir" parameter of the "component/com_onlineflashquiz/quiz/common/db_config.inc.php" script. Online FlashQuiz version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28574
  • 08.15.96 - CVE: Not Available
  • Platform: Web Application
  • Title: DaZPHP "makepost.php" Local File Include
  • Description: DaZPHP is a news script application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "prefixdir" parameter of the "makepost.php" script. DaZPHP version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28582
  • 08.15.97 - CVE: Not Available
  • Platform: Web Application
  • Title: sabros.us "thumbnails.php" Local File Include
  • Description: sabros.us is a web-based content management system implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "img" parameter of the "thumbnails.php" script. sabros.us version 1.75 is affected.
  • Ref: http://www.securityfocus.com/bid/28623
  • 08.15.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Blogator-script "incl_page" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Blogator-script is a web-based application implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "incl_page" parameter. Blogator-script version 0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/28627
  • 08.15.99 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpBlock "basicfogfactory.class.php" Remote File Include
  • Description: PhpBlock is a map engine implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "PATH_TO_CODE" parameter of the "basicfogfactory.class.php" script. PhpBlock version A8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/28588
  • 08.15.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Webform Module Multiple Unspecified HTML Injection Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. The Webform module is used to create questionnaires, contact forms, surveys, and other forms. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Webform 5.x versions prior to 5.x-1.10 and 5.x-2.0-beta3, as well as, 6.x versions prior to 6.x-1.0-beta3 are affected.
  • Ref: http://drupal.org/node/242053
  • 08.15.101 - CVE: Not Available
  • Platform: Web Application
  • Title: kses Multiple Input Validation Vulnerabilities
  • Description: The kses application is a PHP-based script designed to filter HTML and XHTML input to eliminate cross-site scripting attacks. The script is exposed to multiple input-validation issues due to flaws in the "kses_bad_protocol_once()" function. Ref: http://sourceforge.net/project/shownotes.php?group_id=78745&release_id=585464
  • 08.15.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Secure Computing WebWasher Malformed URL Remote Denial of Service
  • Description: WebWasher is a web-based security solution available for various operating systems. The application is exposed to a remote denial of service issue that occurs when handling malformed URL's. WebWasher 6.3.0 prior to build 3150 and WebWasher 5.3.0 prior to build 3159
  • Ref: http://www.securityfocus.com/archive/1/490406
  • 08.15.103 - CVE: Not Available
  • Platform: Web Application
  • Title: NukeET "mensaje" Parameter HTML Injection
  • Description: NukeET is a PHP-based content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. NukeET version 3.4 is affected.
  • Ref: http://www.mrzayas.es/2008/04/04/xploitnukeet3/
  • 08.15.104 - CVE: Not Available
  • Platform: Web Application
  • Title: RobotStats "DOCUMENT_ROOT" Parameter Multiple Remote File Include Vulnerabilities
  • Description: RobotStats is a PHP-based application that monitors and analyzes web robots that visit a web site. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT" parameter in the following scripts: "graph.php" and "robotstats.inc.php". RobotStats version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28615
  • 08.15.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Server Creator "langfile" Parameter Remote File Include
  • Description: Web Server Creator is a web-based portal creation application. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "langfile" parameter of the "/news/include/createdb.php" script. Web Server Creator version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28631
  • 08.15.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Dragoon "calendrier.php" Local File Include
  • Description: Dragoon is a content management system implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "cal[lng]" parameter of the "calendrier.php" script. Dragoon version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28638
  • 08.15.107 - CVE: Not Available
  • Platform: Web Application
  • Title: F5 BIG-IP Web Management Interface "NEW_VALUE" Parameter Remote Code Injection
  • Description: F5 BIG-IP is a scalable application server device. The application is exposed to a remote code injection issue because the application fails to sufficiently sanitize user-supplied data to the "NEW_VALUE" parameter. F5 BIG-IP version 9.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490496
  • 08.15.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Prozilla Top Sites Multiple Security Bypass Vulnerabilities
  • Description: Prozilla Top Sites is a web-based application implemented in PHP. The application is exposed to multiple security bypass issues because it fails to properly validate user credentials before performing certain actions. Prozilla Top Sites version 1.0 is vulnerable; other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/28641
  • 08.15.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Prozilla Reviews Security Bypass
  • Description: Prozilla Reviews is a web-based application implemented in PHP. The application is exposed to a security-bypass issue because it fails to properly validate user credentials before performing certain actions. Prozilla Reviews version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28642
  • 08.15.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Pixel Motion Blog Arbitrary File Upload
  • Description: Pixel Motion Blog is a web-log application implemented in PHP. The application is exposed to an issue that lets an attacker upload and execute arbitrary script code in the context of the affected web server process. The issue occurs because the application fails to sufficiently sanitize user-supplied input when uploading templates in the "admin/modif_config.php" script.
  • Ref: http://www.securityfocus.com/bid/28646
  • 08.15.111 - CVE: Not Available
  • Platform: Web Application
  • Title: LinPHA Maps Plugin "db_handler.php" Local File Include
  • Description: LinPHA is a web-based image gallery application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input. LinPHA version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28654
  • 08.15.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Mole "viewsource.php" Multiple Local File Include Vulnerabilities
  • Description: Mole (Make Our Life Easy) is a PHP code generator application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "dirn" and "fname" parameters of the "viewsource.php" script. Mole version 2.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28659
  • 08.15.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Dragoon "header.inc.php" Remote File Include
  • Description: Dragoon is a PHP-based content manager. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "root" parameter of the "/includes/header.inc.php" script. Dragoon version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28660
  • 08.15.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Wikipage Opus "index.php" Multiple Directory Traversal Vulnerabilities
  • Description: Wikepage Opus is a PHP-based blog application. The application is exposed to multiple directory traversal issues because the application fails to sufficiently sanitize user-supplied input to the following parameters of the "index.php" script: "template", "Admin" and "Recent_changes". Wikepage Opus version 13 2007.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490538
  • 08.15.115 - CVE: Not Available
  • Platform: Web Application
  • Title: iScripts SocialWare Arbitrary File Upload
  • Description: iScripts SocialWare is a web-based application implemented in PHP. The application is exposed to an issue that lets an attacker upload and execute arbitrary script code in the context of the affected web server process. The issue occurs because the application fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/28669
  • 08.15.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Advanced Software Engineering ChartDirector For PHP Information Disclosure
  • Description: Advanced Software Engineering ChartDirector is a chart component for Windows and web applications. The application is exposed to an information disclosure issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "phpdemo/viewsource.php" script. ChartDirector for PHP version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28674
  • 08.15.117 - CVE: CVE-2007-5399, CVE-2007-5405, CVE-2007-5406,CVE-2007-6020, CVE-2008-0066, CVE-2008-1101
  • Platform: Web Application
  • Title: Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
  • Description: Autonomy KeyView is a component used in multiple applications. It adds high-speed filtering, the ability to export documents to web-ready HTML and valid XML, and high-fidelity viewing capabilities. The application is exposed to multiple stack and heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. Multiple products using the KeyView module are affected.
  • Ref: http://secunia.com/secunia_research/2007-95/advisory/
  • 08.15.118 - CVE: CVE-2008-1154
  • Platform: Network Device
  • Title: Cisco Unified Communication Disaster Recovery Framework Remote Command Execution
  • Description: The Disaster Recover Framework allows administrators to backup system configurations onto a backup device such as a local tape drive or a remote server. Multiple Cisco Unified Communication products are exposed to a remote command execution issue that occurs in the Disaster Recovery Framework.
  • Ref: http://www.securityfocus.com/archive/1/490420

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course will provide a wealth of information to advance my career in the IT field.
-Doreen Lawrence, Los Alamos National Lab

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU