Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 16
April 17, 2008

SANS Newsletters Home

Apple Safari users should ensure their browsers have the latest updates as multiple critical vulnerabilities were fixed in the latest update, and companies that rely on EMC's DiskXtender for enterprise backup should get patched right away. Attackers swarm over back-up vulnerabilities like the ones reported this week in DiskXtender. In fact, back-up products are among the least frequently updated by users. "It ain't broke; don't touch it" seems to be the mindset, but @RISK has shown over and over that backup products have an unending series of security flaws. A good reminder to make sure your software configuration management plans include patching of backup software. ClamAV users and Borland InterBase users also have critical flaws to fix. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 6 (#3, #5)
    • Linux
    • 2
    • Solaris
    • 4
    • Unix
    • 3 (#6)
    • Cross Platform
    • 25 (#1, #2, #4, #7, #8)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 28
    • Web Application
    • 25
    • Network Device
    • 2

******************** Sponsored By Sourcefire, Inc. *********************

Learn more about the industry's first 10Gbps IPS _ Sourcefire 3D 9800. It supports copper or fiber networks. Now you can monitor multiple networks from one core. Get high port density and a highly redundant, scalable architecture to handle your high-traffic environment. Call 1.800.917.4134 for more information. http://www.sans.org/info/27858

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, both new Pen Testing courses, CISSP, and SANS' other top-rated courses plus evening sessions with Internet Storm Center handlers. - - SANSFire 2008 in Washington DC (7/22-7/31) SANS' biggest summer program with many bonus sessions and a big exhibition of security products: http://www.sans.org/info/26774 - - London (6/2-6/7) and Amsterdam (6/16-6/21) http://www.sans.org/secureeurope08 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** Sponsored Links: ***************************

1) Join some of the most advanced application security managers and many people who are just getting their application security program started to learn about the most critical issues and to find the best tools to use resolve them - all at the Application Security Summit June 2-3. http://www.sans.org/info/27863

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari versions prior to 3.1.1

  • Description: Safari is Apple's web browser for its Mac OS X and Microsoft Windows operating systems. It contains multiple vulnerabilities ranging in severity from remote code execution to cross site scripting and address bar spoofing. Flaws in its handling of regular expressions and downloaded files can lead to arbitrary code execution with the privileges of the current user. Note that some of these vulnerabilities are present in portions of Safari that are open source, therefore full technical details may be obtained for these vulnerabilities via source code analysis.

  • Status: Apple confirmed, updates available.

  • References:
  • (4) CRITICAL: Borland InterBase Buffer Overflow
  • Affected:
    • Borland InterBase 2007 Service Pack 2

  • Description: InterBase is a popular database server from Borland. It contains a buffer overflow in its handling of certain user requests. A specially crafted request from a user could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 3050 at the network perimeter, if possible.

  • References:
  • (5) HIGH: ICQ Message Handling Buffer Overflow
  • Affected:
    • ICQ versions 6.0 and prior

  • Description: ICQ is a popular instant messaging application. It contains a flaw in its handling of remote "user status messages". These messages are used to indicate the status of another user, such as "available" or "away". These messages will be rendered by a remote client when querying the user's status. There is a flaw in the handling of these messages. A specially crafted message could trigger a buffer overflow when rendered by a victim's client, allowing an attacker to execute arbitrary code with the privileges of the current user. A user would have to be monitoring the status of an attacker to be vulnerable to this issue. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) MODERATE: CUPS Multiple Image Handling Integer Overflows
  • Affected:
    • CUPS versions prior to current-2008-04-08

  • Description: CUPS is the Common Unix Printing System, and is the standard printing system on a variety of Unix, Unix-like, and Linux operating systems. It contains a flaw in its handling of Portable Network Graphics (PNG) images. A specially crafted PNG image could trigger one of several integer overflow vulnerabilities. It has been confirmed that successfully exploiting one of these vulnerabilities would allow an attacker to create a denial-of-service condition. It is also believed, but not confirmed, that remote code execution is possible. In most common configurations, attackers would either require authentication or local network access to exploit these vulnerabilities. Full technical details are publicly available on these vulnerabilities, via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: Rsync Extended Attributes Integer Overflow
  • Affected:
    • Rsync versions 2.6.9 through 3.0.1

  • Description: Rsync is a popular open source file and directory synchronization tool. On certain operating systems, it supports the concept of "extended attributes". These are data associated with files but distinct from the file's content. Rsync fails to properly handle certain extended attribute operations. A specially crafted request involving extended attributes could result in an integer overflow, and potentially allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that the extended attribute functionality is not supported on all platforms, and may be disabled entirely via configuration.

  • Status: Rsync confirmed, updates available.

  • References:
  • (8) LOW: Mozilla Web Browsers Garbage Collection Possible Remote Code Execution
  • Affected:
    • Mozilla Firefox versions prior to 2.0.0.14
    • Mozilla Thunderbird versions prior to 2.0.0.14
    • Mozilla SeaMonkey versions prior to 1.1.10

  • Description: Web browsers that are based on the Mozilla codebase, including the popular Firefox web browser, contain a flaw in their handling of certain JavaScript constructs. The JavaScript engine in these browsers has a flaw in its implementation of garbage collection (a method of automatic memory management). A specially crafted JavaScript script embedded in a web page could exploit this vulnerability and lead to a crash. It is not currently believed that this crash could be leveraged to execute arbitrary code, but similar bugs in the past have lead to remote code execution. Full technical details are available for this vulnerability via source code analysis.

  • Status: Mozilla confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.16.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IBiz E-Banking Integrator ActiveX Control "WriteOFXDataFile()" Insecure Method
  • Description: IBiz E-Banking Integrator is an application used for retrieving financial data from financial institutions. The application is exposed to an issue that allows attackers to create or overwrite arbitrary data with the privileges of the application using it (typically Internet Explorer). IBiz E-Banking Integrator version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28703
  • 08.16.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Deployment Solution AClient Password Disclosure
  • Description: Symantec Altiris Deployment Solution is software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location. The application's AClient binary is exposed to a local password disclosure issue that arises because of a design error. Altiris Deployment Solution versions prior to 6.9.164 are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.04.10.html
  • 08.16.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinWebMail IMAP Login Data Handling Denial of Service
  • Description: WinWebMail is a web server for Windows that supports multiple protocols. The application is exposed to a denial of service issue because it fails to perform adequate boundary checks on user-supplied input. WinWebMail version 3.7.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28721
  • 08.16.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trillian DTD File XML Parser Buffer Overflow
  • Description: Cerulean Studios Trillian is an instant messaging application. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Trillian version 3.1.9.0 Basic is affected.
  • Ref: http://www.securityfocus.com/archive/1/490772
  • 08.16.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nero MediaHome NMMediaServer.EXE Remote Denial of Service
  • Description: Nero MediaHome is an application that allows users to stream videos, TV programs, and music. It is available for Microsoft Windows. The application is exposed to a denial of service issue because it fails to handle exceptional conditions. Nero MediaHome version 3.3.3.0 is affected.
  • Ref: http://aluigi.altervista.org/adv/neromedia-adv.txt
  • 08.16.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ICQ "Personal Status Manager" Remote Buffer Overflow
  • Description: ICQ is an instant-messaging client application for Microsoft Windows. The application is exposed to a remote buffer overflow issue because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. ICQ version 6 build 6043 is affected.
  • Ref: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08
  • 08.16.7 - CVE: CVE-2008-1687, CVE-2008-1688
  • Platform: Linux
  • Title: GNU m4 Format String and Filename Quoting Vulnerabilities
  • Description: GNU m4 is a freely available macro-processing utility. The application is exposed to format string and filename quoting issues. GNU m4 versions prior to 1.4.11 are affected. Ref: http://git.sv.gnu.org/gitweb/?p=m4.git;a=commitdiff;h=5345bb49077bfda9fabd048e563f9e7077fe335d;hp=edae0cd4696a9e6eb42eba98fbaae16f31268cba
  • 08.16.8 - CVE: CVE-2008-0892, CVE-2008-0893
  • Platform: Linux
  • Title: Red Hat "redhat-ds-admin" Shell Command Injection and Security Bypass Vulnerabilities
  • Description: Red Hat Administration Server is an HTTP agent used for remote management of the Red Hat Directory Server. The "redhat-ds-admin" application is exposed to multiple issues. "redhat-ds-admin" used with Red Hat Directory Server 8 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0201.html
  • 08.16.9 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun N1 Grid Engine "Qmaster" Daemon Local Denial of Service
  • Description: Sun N1 Grid Engine is an application that provides policy based workload management and dynamic provisioning of application workloads. The application is exposed to a denial of service issue that affects "Qmaster" daemon. Sun N1 Grid Engine version 6.1 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-234822-1
  • 08.16.10 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Self Encapsulated IP Packets Remote Denial of Service
  • Description: Sun Solaris is an enterprise grade UNIX distribution. The application is exposed to a denial of service issue because it fails to handle specially crafted network data. Specifically, the issue arises when the kernel tries to process self encapsulated IP packets. Solaris versions 8, 9 and 10 for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235901-1
  • 08.16.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Floating Point Context Switch Implementation Unspecified Security
  • Description: Sun Solaris is an enterprise grade UNIX distribution. The application is exposed to an unspecified issue that affects the floating point context switch implementation. Solaris 9 and 10 for x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233921-1
  • 08.16.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Trusted Extensions Labeled Networking Security Bypass
  • Description: Sun Solaris is an enterprise grade UNIX distribution. The application is exposed to a security bypass issue that affects the Trusted Extensions labeled networking. Solaris 10 for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235421-1
  • 08.16.13 - CVE: CVE-2008-1720
  • Platform: Unix
  • Title: Rsync "xattr" Support Integer Overflow
  • Description: The rsync utility is used to synchronize files and directory structures across a network. It is commonly used to maintain mirrors of FTP sites, often through anonymous access to the rsync server. The application is exposed to a remote integer overflow issue in "util.c" when extended attribute support ("xattr") is enabled. The application fails to properly ensure that user-supplied input doesn't overflow integer values. rsync versions between 2.6.9 and 3.0.1 that have "xattr" support enabled are affected.
  • Ref: http://samba.anu.edu.au/rsync/security.html#s3_0_2
  • 08.16.14 - CVE: Not Available
  • Platform: Unix
  • Title: MirBSD Korn Shell Local Privilege Escalation
  • Description: MirBSD Korn Shell (mksh) is a freely available successor to the pdksh Unix shell. The application is exposed to a local privilege escalation issue due to a failure of the application to properly ensure that the origin of terminal input is secure. mksh versions prior to R33d are affected.
  • Ref: http://www.mirbsd.org/mksh.htm#clog
  • 08.16.15 - CVE: CVE-2008-1722
  • Platform: Unix
  • Title: CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to multiple integer overflow issues because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers. CUPS version 1.3.7 is affected.
  • Ref: http://www.cups.org/str.php?L2790
  • 08.16.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager "ovspmd" Buffer Overflow
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. Network Node Manager is exposed to a buffer overflow issue because it fails to properly bounds-check user-supplied data. Network Node Manager version 7.53 running on Microsoft Windows is affected.
  • Ref: http://www.securityfocus.com/bid/28689
  • 08.16.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nortel Networks Communication Server 1000 Multiple Security Vulnerabilities
  • Description: Nortel Networks Communication Server 1000 is a PBX appliance. The application is exposed to multiple security issues. Communications Server 1000 with firmware version 4.5.x is affected. Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,14/_cursor,3/_total,44/tableid,1/
  • 08.16.18 - CVE: CVE-2008-1612
  • Platform: Cross Platform
  • Title: Squid Web Proxy Cache "arrayShrink()" Remote Denial of Service
  • Description: Squid is an open-source proxy server available for a number of platforms. The application is exposed to a remote denial of service issue due to a flaw when processing HTTP headers for cached objects. Squid versions 2.6 prior to 2.6.STABLE18 are affected.
  • Ref: http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
  • 08.16.19 - CVE: CVE-2007-6019
  • Platform: Cross Platform
  • Title: Adobe Flash Player SWF File "DeclareFunction2" ActionScript Tag Remote Code Execution
  • Description: Adobe Flash Player is an application used to play Flash media files. Flash Player is exposed to a remote code execution issue when processing certain embedded ActionScript objects. Adobe Flash Player versions 9.0.115.0 and earlier are affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
  • 08.16.20 - CVE: CVE-2007-0071
  • Platform: Cross Platform
  • Title: Adobe Flash Player Multimedia File Remote Buffer Overflow
  • Description: Adobe Flash Player is an application used to play Flash media files. Flash Player is exposed to a remote buffer overflow issue when processing multimedia files with certain tags. The issue stems from an integer overflow when calculating pointers and can be used by an attacker to write to arbitrary memory locations. Adobe Flash Player versions 9.0.115.0 and earlier are affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
  • 08.16.21 - CVE: CVE-2008-1654
  • Platform: Cross Platform
  • Title: Adobe Flash Player Arbitrary Cross Domain HTTP Request Headers Security
  • Description: Adobe Flash Player is an application used to play Flash media files. The application is exposed to an issue that allows remote attackers to send arbitrary request headers from flash player to remote domains. The issue arises because the application does not perform any cross-domain policy checks before allowing SWF files downloaded from one domain to send headers to another domain. Adobe Flash Player versions 9.0.115.0 and earlier are affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
  • 08.16.22 - CVE: CVE-2008-1655
  • Platform: Cross Platform
  • Title: Adobe Flash Player Unspecified DNS Rebinding
  • Description: Adobe Flash Player is an application used to play Flash media files. The application is exposed to an issue with an unspecified impact which can be exploited by DNS rebinding. Adobe Flash Player versions 9.0.115.0 and earlier are affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
  • 08.16.23 - CVE: CVE-2008-1656
  • Platform: Cross Platform
  • Title: Adobe ColdFusion CFC Method Access Level Security Bypass
  • Description: Adobe ColdFusion is an application server and software development framework used for creating dynamic web-based content. The application is exposed to a security bypass issue because it fails to properly restrict access to CFC methods. ColdFusion versions 8 and 8.0.1 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-12.html
  • 08.16.24 - CVE: CVE-2007-6683
  • Platform: Cross Platform
  • Title: VLC Media Player Browser Plug-in Arbitrary File Overwrite
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to an issue that allows attackers to overwrite arbitrary files because the application fails to adequately sanitize certain arguments when handling ":demuxdump-file" filename options in a playlist or a "EXTVLCOPT" statement in an MP3 file. VLC media player versions prior to 0.8.6d are affected.
  • Ref: http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
  • 08.16.25 - CVE: CVE-2008-1703, CVE-2008-1704
  • Platform: Cross Platform
  • Title: TIBCO Multiple Products Buffer Overflow Vulnerabilities
  • Description: TIBCO Enterprise Message Service and TIBCO Rendezvous are messaging solutions for enterprises. These applications are exposed to multiple buffer overflow issues that occur because they fail to perform adequate boundary checks on user-supplied data. Ref: http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt
  • 08.16.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Drupal Simple Access Module Security Bypass
  • Description: Drupal is an open-source content manager that is available for a number of platforms. Simple Access is a module that allows administrators to make nodes private or editable by defined user roles. The application is exposed to a security bypass issue because it fails to properly maintain privacy information for a node in certain conditions. Simple Access versions prior to 5.x-1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/28720/info
  • 08.16.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Openfire Unspecified Remote Denial of Service
  • Description: Openfire is a freely available instant messaging server available for many platforms. The application is exposed to a remote denial of service issue. Ref: http://www.igniterealtime.org/issues/browse/JM-1289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
  • 08.16.28 - CVE: CVE-2008-0961
  • Platform: Cross Platform
  • Title: EMC DiskXtender Default Credentials Privilege Escalation
  • Description: EMC DiskXtender is a suite of software components used for data backup and migration; it is available for Unix, Linux, and Windows operating systems. The application is exposed to a privilege escalation issue because its main components (System Manager, MediaStor and License Server) contain hard-coded authentication credentials. DiskXtender version 6.20.060 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
  • 08.16.29 - CVE: CVE-2008-0962
  • Platform: Cross Platform
  • Title: EMC DiskXtender File System Manager Stack-Based Buffer Overflow
  • Description: EMC DiskXtender is a suite of software components used for data backup and migration; it is available for Unix, Linux, and Windows operating systems. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. DiskXtender version 6.20.060 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
  • 08.16.30 - CVE: CVE-2008-0963
  • Platform: Cross Platform
  • Title: EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
  • Description: EMC DiskXtender is a suite of software components used for data backup and migration; it is available for Unix, Linux, and Windows operating systems. The application is exposed to a format string issue because it fails to adequately sanitize user-supplied input before passing it to a formatted printing function. DiskXtender version 6.20.060 for Windows is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685
  • 08.16.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Borland InterBase IBServer.EXE Remote Buffer Overflow
  • Description: Borland InterBase is a scalable database application available for multiple operating platforms. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Borland InterBase version 2007 SP2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490752
  • 08.16.32 - CVE: CVE-2008-0068
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Directory Traversal and Multiple Denial of Service Vulnerabilities
  • Description: HP OpenView Network Node Manager (NNM) is an automated network topology application for network administration and analysis. The application is exposed to multiple issues. HP OpenView Network Node Manager version 7.53 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490771
  • 08.16.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Python "stringobject.c" Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Python is an interpreted dynamic object-oriented programming language available for many operating systems. The application is exposed to multiple remote issues because it fails to sufficiently verify user-supplied data. Python version 2.5.2 is affected.
  • Ref: http://bugs.python.org/issue2587
  • 08.16.34 - CVE: CVE-2008-1100
  • Platform: Cross Platform
  • Title: ClamAV "libclamav/pe.c" UPACK File Heap-Based Buffer Overflow
  • Description: ClamAV is a multi-platform antivirus toolkit used to scan email messages for viruses. The application is exposed to a heap-based buffer overflow issue because it fails to properly verify user-supplied data. ClamAV versions 0.92 and 0.92.1 are affected.
  • Ref: http://secunia.com/secunia_research/2008-11/advisory/
  • 08.16.35 - CVE: CVE-2008-0927
  • Platform: Cross Platform
  • Title: Novell eDirectory HTTP "Connection" Header Denial Of Service
  • Description: Novell eDirectory is a directory service that is used to centrally manage computer resources on a network. The application is exposed to a denial of service issue when handling requests with specially crafted HTTP "connection" headers. eDirectory versions prior to 8.8.2 and prior to 8.7.3 sp10 for Windows 2000/2003 systems are affected. Ref: http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
  • 08.16.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XM Easy Personal FTP Server "PORT" and "XCWD" Multiple Remote Denial of Service Vulnerabilities
  • Description: XM Easy Personal FTP Server is an FTP server for various Microsoft Windows platforms. The application is exposed to a remote denial of service issue that occurs in the "XCWD" and "PORT" commands. XM Easy Personal FTP Server version 5.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28759
  • 08.16.37 - CVE: CVE-2008-1387
  • Platform: Cross Platform
  • Title: ClamAV ARJ File Denial of Service
  • Description: ClamAV is a multi-platform toolkit used for scanning email messages for viruses. The application is exposed to a denial of service issue because it fails to handle exceptional conditions. ClamAV versions prior to 0.93 are affected.
  • Ref: http://int21.de/cve/CVE-2008-1387-clamav.html
  • 08.16.38 - CVE: CVE-2008-0314
  • Platform: Cross Platform
  • Title: ClamAV 0.92.1 Multiple Vulnerabilities
  • Description: ClamAV is a multi-platform toolkit used for scanning email messages for viruses. The application is exposed to multiple issues. ClamAV versions prior to 0.93 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
  • 08.16.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BigAnt IM Server HTTP GET Request Remote Buffer Overflow
  • Description: BigAnt IM Server is the server application of BigAnt Messenger, an enterprise IM system for Windows platforms. The server is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. BigAnt IM Server version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28795
  • 08.16.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DivX Player .SRT "subtitle" Remote Buffer Overflow
  • Description: DivX Player is a media player specifically designed to handle DivX media files. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue occurs when the application handles .SRT files that contain overly long subtitle data. DivX Player version 6.7.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490898
  • 08.16.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting
  • Description: SAP NetWeaver is a platform for enterprise applications. The application is exposed to a cross-site scripting issue because the software fails to sufficiently sanitize user-supplied data. Specifically, this issue affects the web interface used to access portal filesystems with "feedbacks" of files.
  • Ref: http://www.securityfocus.com/archive/1/490625
  • 08.16.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WiKID wClient-PHP "sample.php" Cross-Site Scripting
  • Description: WiKID wClient-PHP is a client application for the WiKID Strong Authentication server, a two-factor authentication system. The application is exposed to a cross-site scripting issue because the software fails to sufficiently sanitize user-supplied data. Specifically, this issue affects the "PHP_SELF" parameter of the "sample.php" script. WiKID wClient-PHP version prior to 3.0-3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490768
  • 08.16.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Business Objects Infoview "jsessionid" Parameter Cross-Site Scripting
  • Description: Business Objects is a suite of applications and tools used to administrate, monitor, and network business and project information. Business Objects Infoview is a web portal application used to remotely access Business Objects. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Java versions of Business Objects XI R2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/490822
  • 08.16.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cezanne Software Multiple Cross-Site Scripting Vulnerabilities
  • Description: Cezanne Software is a suite of ASP-based human resources and management applications. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Cezanne versions 6.5.1 and 7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/490846
  • 08.16.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cezanne Software "CFLogon.asp" Cross-Site Scripting
  • Description: Cezanne Software is a suite of ASP-based human resources and management applications. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "SleUserName" POST parameter of the "/CFLogon/CFLogon.asp" script. Cezanne versions 6.5.1 and 7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/490842
  • 08.16.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WORK system e-commerce "main.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: WORK system e-commerce is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "day", "month" and "year" parameters of the "module/main.php" script. WORK system e-commerce version 4.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/28785/references
  • 08.16.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: amfphp Multiple Cross-Site Scripting Vulnerabilities
  • Description: amfphp is a PHP implementation of the Action Messaging format (AMF). The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. amfphp version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/28789
  • 08.16.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pligg "editlink.php" SQL Injection
  • Description: Pligg is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "editlink.php" script before using it in an SQL query. Pligg version 9.9.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28681
  • 08.16.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Avaya SIP Enablement Services and Communications Manager Multiple SQL Injection Vulnerabilities
  • Description: Avaya SIP Enablement Services (SES) is a suite of tools used to provide SIP (Session Initiation Protocol) services within the enterprise. Communications Manager is the IP Telephony Platform that SES runs on. The application's web interface is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries. Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,25/_cursor,10/_total,12/tableid,1/
  • 08.16.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pragmatic Utopia PU Arcade "gid" Parameter SQL Injection
  • Description: PU Arcade is an arcade component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gid" parameter of the "puarcade.class.php" source code file. PU Arcade version 2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490626
  • 08.16.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress "wp-comments-post.php" Multiple SQL Injection Vulnerabilities
  • Description: WordPress is a freely available application for personal publishing. The application is exposed to multiple SQL injection issues because the application fails to sufficiently sanitize user-supplied input before using it in an SQL query. These issues affect the "author" and "url" parameters of the "wp-comments-post.php" script. WordPress version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28703
  • 08.16.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SuperNET Shop Multiple SQL Injection Vulnerabilities
  • Description: SuperNET Shop is an ASP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. SuperNET Shop version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/28709
  • 08.16.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Koobi Pro "galid" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Koobi Pro is a web-based message board implemented in PHP. The application is exposed to two SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "galid" parameter in two gallery modules before using it in SQL queries. Koobi Pro version 6.25 is affected.
  • Ref: http://www.securityfocus.com/bid/28710
  • 08.16.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Koobi "img_id" Parameter SQL Injection
  • Description: Koobi is a web-based message board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "img_id" parameter of the "index.php" script when the "p" parameter is set to "gallery". Koobi versions 4.4 and 5.4 are affected.
  • Ref: http://www.securityfocus.com/bid/28711
  • 08.16.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyKnowledgeQuest KnowledgeQuest Multiple SQL Injection Vulnerabilities
  • Description: MyKnowledgeQuest KnowledgeQuest is a web-based knowledge management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following parameters and scripts before using it in an SQL query: the "kqid" parameter of the "articletext.php" script and the "username" and "password" POST parameters of the "logincheck.php" script. KnowledgeQuest version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/28713
  • 08.16.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyKnowledgeQuest KnowledgeQuest "articletextonly.php" Script SQL Injection
  • Description: MyKnowledgeQuest KnowledgeQuest is a web-based knowledge management application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kqid" parameter of the "articletextonly.php" script before using it in an SQL query. KnowledgeQuest version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/28716
  • 08.16.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LiveCart "id" Parameter SQL Injection
  • Description: LiveCart is a PHP-based shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "category" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28723
  • 08.16.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RS MAXSOFT "popup_img.php" SQL Injection
  • Description: RS MAXSOFT is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fotoID" parameter of the "modules/fotogalerie/popup_img.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28735
  • 08.16.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W2B phpHotResources "cat.php" SQL Injection
  • Description: W2B phpHotResources is a PHP based directory for web programming resources. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kind" parameter of the "cat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/490746
  • 08.16.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KwsPHP ConcoursPhoto Module "C_ID" Parameter SQL Injection
  • Description: KwsPHP is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "C_ID" parameter of the "ConcoursPhoto" module before using it in an SQL query. ConcoursPhoto version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28738
  • 08.16.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPKB "comment.php" SQL Injection
  • Description: PHPKB is a knowledgebase application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "comment.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28739
  • 08.16.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpAddressBook "view.php" SQL Injection
  • Description: phpAddressBook is an address book application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view.php" script. phpAddressBook version 2.11 is affected.
  • Ref: http://www.securityfocus.com/bid/28750
  • 08.16.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: osCommerce Poll Booth Add-On "pollbooth.php" SQL Injection
  • Description: Poll Booth is an add-on to osCommerce that adds a polling booth box. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pollID" parameter of the "pollbooth.php" script. Poll Booth v2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28752
  • 08.16.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mumbo Jumbo Media OP4 "id" Parameter SQL Injection
  • Description: Mumbo Jumbo Media OP4 is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28763
  • 08.16.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery "upload.php" SQL Injection
  • Description: Coppermine Photo Gallery is a web-based photo gallery application. The application is exposed to an SQL injection issue affecting MIME media types from remote HTTP servers when uploading URIs through the "upload.php" script. Coppermine Photo Gallery versions prior to 1.4.17 are affected.
  • Ref: http://forum.coppermine-gallery.net/index.php/topic,51787,0.html
  • 08.16.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery "bridge/coppermine.inc.php" SQL Injection
  • Description: Coppermine Photo Gallery is a web-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unspecified cookie parameter of the "bridge/coppermine.inc.php" script. Coppermine Photo Gallery versions prior to 1.4.18 are affected.
  • Ref: http://forum.coppermine-gallery.net/index.php/topic,51882.0.html
  • 08.16.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BosClassifieds "index.php" SQL Injection
  • Description: BosClassifieds is a classified ad application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "index.php" script before using it in an SQL query. BosClassifieds version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28760
  • 08.16.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmallBiz 4 Seasons "content.php" SQL Injection
  • Description: SmallBiz 4 Seasons is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "content.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28769
  • 08.16.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eShop CMS "index.php" SQL Injection
  • Description: eShop CMS is a content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/28771
  • 08.16.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cezanne Software "FUNID" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Cezanne Software is a suite of ASP-based human resources and management applications. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "FUNID" parameter of the "CFLookup.asp" and "/CznCommon/CznCustomContainer.asp" scripts before using it in an SQL query. Cezanne version 7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490843
  • - - CVE: Not Available Platform: Web Application SQL Injection
  • Title: DevWorx BlogWorx "view.asp" SQL Injection Description: BlogWorx is a weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of
  • 08.16.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BosDev BosNews "index.php" SQL Injection
  • Description: BosNews is a web-news application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "cat" parameter of the "index.php" script before using it in an SQL query. BosNews version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28778
  • 08.16.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Koobi Pro "poll_id" Parameter SQL Injection
  • Description: Koobi Pro is a web-based message board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "poll_id" parameter of the "index.php" script before using it in an SQL query. Koobi Pro version 6.25 is affected.
  • Ref: http://www.securityfocus.com/bid/28779
  • 08.16.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Classifieds Caffe "cat_id" Parameter SQL Injection
  • Description: Classifieds Caffe is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/5450
  • 08.16.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LASERnet CMS "new" Parameter SQL Injection
  • Description: LASERnet CMS is a content management application for web sites and personal web pages. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "new" parameter of the "index.php" script before using it in an SQL query. LASERnet CMS version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/28804
  • 08.16.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Avaya Communication Manager Web Interface Multiple Input Validation Vulnerabilities
  • Description: Avaya Communication Manager is a messaging application. The application is exposed to multiple input validation issues occurring in the web administration interface. These issues occur because the application fails to sufficiently sanitize user-supplied input. Avaya Communication Manager versions 3.1.x and 4.x are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-148.htm
  • 08.16.77 - CVE: Not Available
  • Platform: Web Application
  • Title: phpTournois Avatar Arbitrary File Upload
  • Description: phpTournois is a web-based tournament management application. The application is exposed to an issue that lets an attacker upload and execute arbitrary code in the context of the affected web server process. This issue occurs because the application fails to sufficiently sanitize user-supplied data via the "avatar" functionality. phpTournois version G4 is affected.
  • Ref: http://www.securityfocus.com/bid/28685/info
  • 08.16.78 - CVE: Not Available
  • Platform: Web Application
  • Title: ExBB "exbb[default_lang]" Parameter Local File Include Vulnerability
  • Description: ExBB is a web-based bulletin board application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "exbb[default_lang]" parameter of the "threadstop.php" script. ExBB version 0.22 is affected.
  • Ref: http://www.securityfocus.com/bid/28686
  • 08.16.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Avaya SIP Enablement Services (SES) Server Multiple Input Validation Vulnerabilities
  • Description: Avaya SIP Enablement Services (SES) allows Avaya Communication Manager to utilize the SIP protocol. SES is exposed to multiple input validation issues.
  • Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/ task,viewTableRowDetails/fabrik,1/rowid,23/_cursor,8/_total,12/tableid,1/
  • 08.16.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Microsoft SharePoint Server Picture Source HTML Injection
  • Description: Microsoft SharePoint Server is an integrated server application providing content management and search capabilities. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Microsoft SharePoint Server version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490624
  • 08.16.81 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Fishing Cat Portal Addon "functions_portal.php" Remote File Include
  • Description: Fishing Cat Portal Addon is a plug-in module for phpBB. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "/includes/functions_portal.php" script.
  • Ref: http://www.securityfocus.com/bid/28708
  • 08.16.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Menu System Security Bypass Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. The application is exposed to multiple security bypass issues because the application fails to properly control access to some pages. Drupal 6 versions prior to 6.2 are affected.
  • Ref: http://drupal.org/node/244637
  • 08.16.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Python zlib Module Remote Buffer Overflow
  • Description: Python zlib module is a library that provides support for "zlib" compression. The library is exposed to a remote buffer overflow issue due to an error in the "Modules/zlibmodule.c" file. Python version 2.5.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490690
  • 08.16.84 - CVE: Not Available
  • Platform: Web Application
  • Title: ARWScripts Gallery Script Lite "download.html" File Disclosure
  • Description: ARWScripts Gallery Script Lite is a free web-based photo gallery. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "download.html" script.
  • Ref: http://www.securityfocus.com/bid/28718
  • 08.16.85 - CVE: Not Available
  • Platform: Web Application
  • Title: KSEMAIL "index.php" Multiple Local File Include Vulnerabilities
  • Description: KSEMAIL is an email server for Windows and Unix-like platforms. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "lang" and "language" parameters of the "prog/index.php" script.
  • Ref: http://www.securityfocus.com/bid/28724
  • 08.16.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo joomlaXplorer Component Multiple Input Validation Vulnerabilities
  • Description: joomlaXplorer is a file management component for the Joomla! and Mambo content managers. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. joomlaXplorer version 1.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28746
  • 08.16.87 - CVE: Not Available
  • Platform: Web Application
  • Title: NewsOffice "news_show.php" Remote File Include
  • Description: NewsOffice is an online news application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "newsoffice_directory" parameter of the "news_show.php" script. NewsOffice version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28748
  • 08.16.88 - CVE: Not Available
  • Platform: Web Application
  • Title: CcMail Cookie Security Bypass
  • Description: CcMail is a web-based mailing list manager application. The application is exposed to a security bypass issue because it fails to properly validate user credentials before allowing access to the admin area. CcMail versions 1.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28751
  • 08.16.89 - CVE: Not Available
  • Platform: Web Application
  • Title: cpCommerce Multiple Input Validation Vulnerabilities
  • Description: cpCommerce is a web-based ecommerce application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. cpCommerce version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/28755
  • 08.16.90 - CVE: Not Available
  • Platform: Web Application
  • Title: XT-News Multiple Administrative Scripts Authentication Bypass Vulnerabilities
  • Description: XT-News is a PHP-based news script. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks. XT-News version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28761
  • 08.16.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo eXtplorer Component "dir" Parameter Directory Traversal
  • Description: eXtplorer is a file management component for the Joomla! and Mambo content managers. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the "com_extplorer" component. eXtplorer version 2.0.0 RC2 is affected.
  • Ref: http://www.securityfocus.com/bid/28764
  • 08.16.92 - CVE: CVE-2008-1382
  • Platform: Web Application
  • Title: Libpng Library Unknown Chunk Handler
  • Description: The "libpng" library is a PNG reference library. The application is exposed to an issue due to its inability to properly handle unexpected chunk data in PNG files. This issue occurs when the library is compiled with the PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or PNG_READ_USER_CHUNKS_SUPPORTED options enabled. Libpng versions 1.0.6 through to 1.0.32, 1.2.0 through 1.2.26 and 1.4.0beta01 through 1.4.0beta19 are affected.
  • Ref: http://libpng.sourceforge.net/Advisory-1.2.26.txt
  • 08.16.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Dotclear "ecrire/images.php" Arbitrary File Upload
  • Description: Dotclear is a blog application. The application is exposed to an issue that lets an attacker upload and execute arbitrary script code in the context of the affected web server process because the application fails to sufficiently sanitize user-supplied input. Dotclear version 1.2.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28787
  • 08.16.94 - CVE: Not Available
  • Platform: Web Application
  • Title: KwsPHP Eskuel Module Arbitrary File Upload
  • Description: KwsPHP is a PHP-based content manager. The Eskuel module of KwsPHP is exposed to an issue that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied input to the "action" parameter of the "eskuel/help.php" script. KwsPHP version 1.3.456 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490861
  • 08.16.95 - CVE: CVE-2008-1766
  • Platform: Web Application
  • Title: phpBB Memberlist Search and Private Message Attachment Multiple Security Bypass Vulnerabilities
  • Description: phpBB is a PHP-based content manager and bulletin board application. The application is exposed to two issues that can be leveraged to bypass security restrictions. phpBB version 3.0.0 is affected.
  • Ref: http://www.phpbb.com/community/viewtopic.php?f=14&t=879735
  • 08.16.96 - CVE: Not Available
  • Platform: Web Application
  • Title: BosDev BosNews "/admin/index.php" Authentication Bypass
  • Description: BosDev BosNews is a web-based news application. The application is exposed to an authentication bypass issue because it fails to restrict access to certain scripts. This issue affects the "/admin/index.php" script when handling a certain argument passed via the "action" parameter. BosNews version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/490862
  • 08.16.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallarific Cross-Site Scripting, HTML Injection and Backdoor Vulnerabilities
  • Description: Gallarific is a web-gallery application. The application is exposed to multiple remote issues. Free versions of Gallarific are affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0398.html
  • 08.16.98 - CVE: Not Available
  • Platform: Web Application
  • Title: W2B Online Banking "ilang" Parameter Remote File Include
  • Description: W2B Online Banking is a web-based banking application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "ilang" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/490888
  • 08.16.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Istant-Replay "read.php" Remote File Include
  • Description: Istant-Replay is a web-based application implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "data" parameter of the "read.php" script.
  • Ref: http://www.securityfocus.com/archive/1/490901
  • 08.16.100 - CVE: Not Available
  • Platform: Web Application
  • Title: LightNEasy Multiple Input Validation Vulnerabilities
  • Description: LightNEasy is a web-based content manager application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. LightNEasy versions 1.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/28801
  • 08.16.101 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco Unified Communication Manager Multiple Vulnerabilities
  • Description: Cisco Unified Communications Manager (CUCM) is a software based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. The application is exposed to multiple issues. Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,49/_cursor,36/_total,44/tableid,1/
  • 08.16.102 - CVE: Not Available
  • Platform: Network Device
  • Title: Wayport CyberCenter Express Authentication Bypass
  • Description: Wayport CyberCenter Express devices are public access computers. They are designed to allow pay-per-use Internet access for the public. The application is exposed to an authentication bypass issue.
  • Ref: http://www.securityfocus.com/archive/1/490565

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

NetWars - Cyber Range

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage