Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 20
May 15, 2008

SANS Newsletters Home

Microsoft's monthly vulnerability announcement included two that demand immediate action, one in Microsoft Word and one in Microsoft Jet Engine. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1 (#4)
    • Microsoft Office
    • 4 (#1, #2, #3)
    • Other Microsoft Products
    • 5 (#6)
    • Third Party Windows Apps
    • 2 (#7)
    • Linux
    • 12 (#5)
    • HP-UX
    • 2
    • Solaris
    • 2
    • Unix
    • 1
    • Cross Platform
    • 15
    • Web Application - Cross Site Scripting
    • 20
    • Web Application - SQL Injection
    • 42
    • Web Application
    • 21
    • Network Device
    • 1

********************* Sponsored By Sourcefire, Inc. *********************

SC Magazine Names Snort® "Best Network Security." Learn how Snort is the engine powering the Sourcefire 3DT System. This IPS is different from others because it shows you everything running on your network in real time. It also gives you context for your security events. Know more real threats. No more wild goose chases. Call 1.800.917.4134 today. http://www.sans.org/info/29043

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, both new Pen Testing courses, CISSP, and SANS' other top-rated courses plus evening sessions with Internet Storm Center handlers. - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program with many bonus sessions and a big exhibition of security products: http://www.sans.org/info/26774 - - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/16) http://www.sans.org/boston08/ - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Office
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: **************************** 1) Join your peers at the Penetration Testing and Ethical Hacking Summit - - Las Vegas June 2-3. http://www.sans.org/info/29048 *************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft Jet Engine MDB File Parsing Buffer Overflow (MS08-28)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: The Microsoft Jet Engine is a database engine used by a variety of Microsoft applications. This engine is included by default in some versions of Microsoft Windows. The engine contains a stack-based buffer overflow in its handling of "MDB" database files. A specially crafted MDB file could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that MDB files by default are considered an "unsafe" file type by Microsoft applications and will not be opened without first prompting the user. A new attack vector has been discovered, however, that is capable of bypassing this restriction. It is believed that this advisory or its exploitation vector is related to an issue discussed in a previous edition of @RISK. If this is the case, then full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (3) HIGH: Microsoft Publisher Remote Code Execution (MS08-027)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office 2007

  • Description: Microsoft Publisher contains a flaw in its handling of Publisher files. A specially crafted Publisher file could lead to a memory corruption condition within Publisher. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that on recent versions of Microsoft Word, documents are not opened upon receipt without first prompting the user. Some technical information is publicly available for these vulnerabilities.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (4) MODERATE: Microsoft Windows CE Multiple Image Processing Vulnerabilities
  • Affected:
    • Microsoft Windows CE 5.0

  • Description: Windows CE is Microsoft's version of its Windows operating system for consumer and embedded electronics. It is a popular operating system for smartphones and other devices. Windows CE contains several flaws in its handling of JPEG and GIF image files. A specially crafted image file loaded by a Windows CE application could trigger one of these flaws. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. On most commons hardware platforms, successful exploitation would allow complete control of the vulnerable device. These flaws would affect any application that uses the operating system routines to parse images, included email and web browser applications.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (5) MODERATE: Debian/Ubuntu OpenSSL Key Generation Weakness
  • Affected:
    • OpenSSL as distributed in Debian Linux versions 4.0 and prior
    • OpenSSL as distributed in Ubuntu Linux versions 8.04 and prior
    • Other Linux distributions based on Debian are likely vulnerable

  • Description: OpenSSL is an open source cryptography library that provides a variety of cryptographic services, as well as an implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is used by numerous applications, including Mozilla Firefox and OpenSSH. OpenSSL is included by most Linux distributions, including the Debian Linux distribution. The Debian project patched OpenSSL for their distribution and this patch introduced a weakness in the random number generation algorithm for secure keys. These keys are used for authentication in a variety of situations, most notably by the SSH server included in the operating system. These keys are, due to this flaw, easily guessable. Successfully guessing the key would allow an attacker to eavesdrop on encrypted sessions and potentially bypass authentication altogether. A public proof-of-concept is available that can enumerate through the entire keyspace very rapidly. Full technical details are publicly available for this vulnerability. Note that other Linux distributions based on Debian (such as Ubuntu) are likely vulnerable.

  • Status: Debian confirmed, updates available. Users of Debian-derived distributions are advised to check with their vendor for updates.

  • References:
  • (6) LOW: Microsoft Malware Protection Engine Denial-of-Service Vulnerabilities (MS08-029)
  • Affected:
    • Microsoft Windows Live OneCare
    • Microsoft Antigen for Exchange
    • Microsoft Antigen for SMTP Gateway
    • Microsoft Windows Defender
    • Microsoft Forefront Client Security
    • Microsoft Forefront Security for Exchange Server
    • Microsoft Forefront Security for SharePoint

  • Description: The Microsoft Malware Protection Engine is an anti-malware and antivirus engine used by a variety of Microsoft products. It contains multiple denial-of-service vulnerabilities. A specially crafted file, when analyzed by the engine, could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities could cause the malware protection engine to restart, or cause the system to become slow or unresponsive. Note that on email systems, a specially crafted email message transiting the server is sufficient for exploitation. Additionally, depending upon configuration, receipt of a malicious file is sufficient for exploitation.

  • Status: Microsoft confirmed, updates available.

  • References:
Other Software
  • (7) HIGH: IDAutomation Barcode ActiveX Control Multiple Vulnerabilities
  • Affected:
    • IDAutomation Barcode AciveX Controls

  • Description: IDAutomation provides a variety of barcode related tools an technologies, including several ActiveX controls used for barcode production and analysis. Several of these controls contain arbitrary file overwrite vulnerabilities. A malicious web page that instantiated one of these controls could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to overwrite arbitrary files with the privileges of the current user. These vulnerabilities could be leveraged to execute arbitrary code. Full technical details and a proof-of-concept are publicly available.

  • Status: IDAutomation has not confirmed, no updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "kill bit" mechanism for CLSIDs "0C3874AA-AB39-4B5E-A768-45F3CE6C6819", "DB67DB99-616A-4CAB-A3A1-2EF644F254E7", "E97EE6EB-7FBE-43B1-B6D8-C4D86C78C5A0" and "eba15b30-80b4-11dc-b31d-0050c2490048".

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 20, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.20.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
  • Description: Microsoft Windows CE is a compact version of the Windows operating system for embedded systems. The application is exposed to multiple issues that allow attackers to execute arbitrary code.
  • Ref: http://support.microsoft.com/kb/948812
  • 08.20.2 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has released advance notification for patches that it will release for May 2008. The highest severity rating for these issues is 'Critical'. Three 'Critical' bulletins affect the following: Microsoft Word, Microsoft Publisher, Microsoft Office, and Microsoft Jet Database Engine 4.0. One 'Moderate' bulletin affects the following: Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and Microsoft Forefront Security.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-may.mspx
  • 08.20.3 - CVE: Not Available
  • Platform: Office
  • Title: OpenOffice 'swriter' Unspecified Remote Code Execution Vulnerability Description: OpenOffice is prone to a remote code-execution vulnerability. Remote attackers can exploit this issue by enticing a victim into opening maliciously cra
  • Ref: http://www.securityfocus.com/bid/29142
  • 08.20.4 - CVE: CVE-2008-1091
  • Platform: Microsoft Office
  • Title: Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue that occurs because of memory-calculation errors when handling malformed strings in a Rich Text Format (RTF) document. This causes a heap-based buffer overflow.
  • Ref: http://www.kb.cert.org/vuls/id/543907
  • 08.20.5 - CVE: CVE-2008-1434
  • Platform: Microsoft Office
  • Title: Microsoft Word CSS Handling Memory Corruption Remote Code Execution
  • Description: Microsoft Word is exposed to a remote code execution issue that occurs because of memory calculation errors when handling malformed CSS (Cascading Style Sheet) values in Word documents.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-026.mspx
  • 08.20.6 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "DisableCachingOfSSLPages" Security Weakness
  • Description: Microsoft Internet Explorer is a browser application for the Windows operating system. The application is exposed to a weakness that may allow attackers to extract potentially sensitive information. Internet Explorer 7 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/468843
  • 08.20.7 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook Web Access "no-store" HTTP Directive Information Disclosure Weakness
  • Description: Microsoft Outlook Web Access is a web-based email client application that is bundled with Microsoft Exchange. Microsoft Outlook Web Access is exposed to a weakness that may allow sensitive information to be unintentionally stored on the local computer.
  • Ref: http://www.kb.cert.org/vuls/id/829876
  • 08.20.8 - CVE: CVE-2008-1437
  • Platform: Other Microsoft Products
  • Title: Microsoft Malware Protection Engine File Processing Remote Denial of Service
  • Description: Microsoft Malware Protection Engine is a component in several Microsoft security products. The Malware Protection Engine "mpengine.dll" is exposed to a remote denial of service issue because it fails to properly validate user-supplied input when parsing specially-crafted files.
  • Ref: http://secway.org/advisory/AD20080514.txt
  • 08.20.9 - CVE: CVE-2008-1438
  • Platform: Other Microsoft Products
  • Title: Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial of Service
  • Description: Microsoft Malware Protection Engine is a component in several Microsoft security products. The Malware Protection Engine "mpengine.dll" is exposed to a remote denial of service issue because it fails to properly validate certain data structures when parsing specially-crafted files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx
  • 08.20.10 - CVE: CVE-2008-0119
  • Platform: Other Microsoft Products
  • Title: Microsoft Publisher Memory Object Handler Data Remote Code Execution
  • Description: Microsoft Publisher is exposed to a remote code execution issue. The issue is caused by an error when calculating object handler data.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-027.mspx
  • 08.20.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ourgame "GLIEDown2.dll" ActiveX Control Remote Code Execution
  • Description: Ourgame "GLIEDown2.dll" ActiveX control is exposed to a remote code execution issue because it fails to sufficiently verify user-supplied input. GlobalLink version 2.8.1.2 beta is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.20.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities
  • Description: IDAutomation provides various ActiveX control barcode libraries that integrate with Microsoft Access, Excel, Infopath, Internet Explorer, Visual Basic and C++. The application is exposed to multiple issues that allow attackers to overwrite arbitrary files. Ref: http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1210750552.ff.php&page=last
  • 08.20.13 - CVE: CVE-2008-1619
  • Platform: Linux
  • Title: Linux Kernel "ssm_i" Emulation Hypervisor Panic Denial of Service
  • Description: The Linux Kernel is exposed to a denial of service issue. Attackers can exploit this issue in certain virtualized environments via certain network traffic. Specifically, "ssm_i" emulation by a privileged user in a fully virtualized guest can cause a dom0 panic on the hypervisor. The Linux Kernel IA-64 architecture is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
  • 08.20.14 - CVE: CVE-2007-6282
  • Platform: Linux
  • Title: Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue. This issue occurs in the IPsec protocol implementation. Specifically, the kernel fails to handle network packets that are sent in small fragmented pieces. When the kernel reassembles the packets, it will crash after a certain period of time.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0237.html
  • 08.20.15 - CVE: CVE-2007-5498
  • Platform: Linux
  • Title: Linux Kernel "/include/xen/blkif.h" 32-on-64 Support Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue due to a a lack of sanity checks when handling values when running 32-bit paravirtualized guests on a 64-bit host. This issue affects the "blkif_get_x86_32_req()" and "blkif_get_x86_64_req()" functions when handling "req->nr_segments" values.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
  • 08.20.16 - CVE: CVE-2007-5001
  • Platform: Linux
  • Title: Linux Kernel Asynchronous FIFO IO Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. It occurs when performing asynchronous input and output on a FIFO special file. Linux kernel versions prior to 2.4.21 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0211.html
  • 08.20.17 - CVE: CVE-2008-1615
  • Platform: Linux
  • Title: Linux Kernel x86_64 ptrace Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue when process traces are performed on 64-bit computers. The issue affects "/kernel/syscalls/ptrace/x86_64-cs" and "/kernel/syscalls/ptrace/x86_64-cs-biarch".
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0237.html
  • 08.20.18 - CVE: CVE-2008-1367
  • Platform: Linux
  • Title: Linux Kernel Direction Flag Local Memory Corruption
  • Description: The Linux kernel is exposed to an issue that causes kernel memory corruption. The vulnerability is due to the x86 implementation of the directory flags (DF) used when compiling an application with GCC.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
  • 08.20.19 - CVE: CVE-2008-1669
  • Platform: Linux
  • Title: Linux Kernel "fcntl_setlk()" SMP Ordering Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. The issue occurs in the "fcntl_setlk()" function on SMP systems. Linux kernel versions prior to 2.6.25.2 and 2.4.36.4 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0211.html
  • 08.20.20 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "sys_utimensat" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. The issue occurs if "utimensat()" is called with either both times set to "UTIME_NOW" or one of them set to "UTIME_NOW" and the other set to "UTIME_OMIT". kernel versions 2.6.22 through to 2.6.25.2 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
  • 08.20.21 - CVE: CVE-2008-0166
  • Platform: Linux
  • Title: Debian OpenSSL Package Random Number Generator Weakness
  • Description: OpenSSL is an open-source implementation of the SSL protocol that is used by a number of other projects, including but not restricted to, Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. The Debian OpenSSL package is exposed to a random-number-generator weakness. OpenSSL package for Debian versions prior to 0.9.8c-4etch3 are affected.
  • Ref: http://www.securityfocus.com/bid/29179
  • 08.20.22 - CVE: CVE-2008-1943
  • Platform: Linux
  • Title: Xen Para Virtualized Frame Buffer Backend Local Denial of Service
  • Description: Xen is an open-source hypervisor or virtual machine monitor. Xen is exposed to a local denial of service issue that occurs because the hypervisor's para-virtualized frame buffer (PFVP) fails to perform sufficient validation on the frontend framebuffer description.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0194.html
  • 08.20.23 - CVE: CVE-2008-1944
  • Platform: Linux
  • Title: Xen Para-Virtualized Framebuffer Message Format Denial of Service
  • Description: Xen is an open-source hypervisor or virtual machine monitor. Xen is exposed to a denial of service issue because the software fails to adequately verify user-supplied data.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0194.html
  • 08.20.24 - CVE: Not Available
  • Platform: Linux
  • Title: UUDeview Insecure Temporary File Creation
  • Description: UUDeview is a freely available utility that encodes and decodes binary files. UUDeview creates temporary files in an insecure manner. Specifically, the issue presents itself because the "tempnam()" function of the "uulib/uunconc.c" file uses a temporary file with a predictable name. UUDeview version 0.5.20 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972
  • 08.20.25 - CVE: CVE-2008-1659
  • Platform: HP-UX
  • Title: HP-UX LDAP-UX Unspecified Local Unauthorized Access
  • Description: LDAP-UX is an implementation of the Lightweight Directory Access Protocol (LDAP) protocol. The application is exposed to a local unauthorized issue.
  • Ref: http://www.securityfocus.com/bid/29078
  • 08.20.26 - CVE: CVE-2008-0713
  • Platform: HP-UX
  • Title: HP FTP Unspecified Remote Denial of Service
  • Description: FTP running on HP-UX is exposed to a remote denial of service issue. Technical details are currently unavailable.
  • Ref: http://www.securityfocus.com/archive/1/491966
  • 08.20.27 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris TCP SYN Flooding Remote Denial of Service
  • Description: Sun Solaris is exposed to a denial of service issue that occurs due to the TCP implementation. Computers undergoing a TCP SYN flood condition may be unable to accept new network connections.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200864-1
  • 08.20.28 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Print Service Unspecified Remote Code Execution
  • Description: Sun Solaris print service controls printing on Sun Solaris operating systems. Print service is susceptible to an unspecified remote code-execution issue that allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges on affected computers.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1
  • 08.20.29 - CVE: CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
  • Platform: Unix
  • Title: rdesktop Multiple Remote Memory Corruption Vulnerabilities
  • Description: rdesktop is a remote desktop client that speaks the Remote Desktop Protocol (RDP). The application is exposed to multiple memory corruption issues. rdesktop version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491811
  • 08.20.30 - CVE: CVE-2008-2004
  • Platform: Cross Platform
  • Title: QEMU "vl.c" Security Bypass
  • Description: QEMU is a processor emulator used to virtualize computer systems and to run guest operating systems within a host. The application is exposed to a security bypass issue because it fails to properly restrict access to certain functionality. QEMU version 0.9.1 is affected. Ref: http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277
  • 08.20.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySQL MyISAM Table Privileges Secuity Bypass
  • Description: MySQL is an open-source SQL database application available for multiple operating platforms. The application is exposed to a security bypass issue because it allows attackers to bypass certain privilege checks when creating a MyISAM table with certain unspecified "DATA DIRECTORY" and "INDEX DIRECTORY" options. MySQL versions 4 (prior to 4.1.24) and 5 (prior to 5.0.60) are affected.
  • Ref: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
  • 08.20.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Ray Kiosk Mode Unspecified Privilege Escalation
  • Description: Sun Ray Server Software is a virtual desktop server application available for Sun and Linux operating systems. The application is exposed to an unspecified privilege escalation issue that affects the software when it is running in Kiosk Mode, and is only exploitable by attackers with administrative privileges in the Sun Ray Web Administration GUI.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
  • 08.20.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Application Server and Web Server JSP Information Disclosure
  • Description: Sun Java Web Server is an enterprise-level web server. Sun Java Application Server is an enterprise-level application server. The application is exposed to an information disclosure issue that permit unauthorized attackers to gain access to JSP source code.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201255-1
  • 08.20.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TFTP Server Error Packet Handling Remote Buffer Overflow
  • Description: TFTP Server is a multithreaded Trivial File Transfer Protocol (TFTP) server. The application is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before storing it in a finite-sized memory buffer. TFTP Server SP version 1.4 running on Windows is affected.
  • Ref: http://www.securityfocus.com/bid/29111
  • 08.20.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Application Server Portal Authentication Bypass
  • Description: Oracle Application Server Portal is a solution for building, deploying, and maintaining portals. The application is exposed to an authentication bypass issue because the application fails to properly restrict access to certain resources. Oracle Application Server Portal version 10g is affected.
  • Ref: http://www.securityfocus.com/archive/1/491865
  • 08.20.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zarafa Multiple Remote Vulnerabilities
  • Description: Zarafa is an application that allows users to share email and calendars via Microsoft Outlook. The application is exposed to multiple HTML injection issues. Zarafa Script versions prior to 6.02 are affected.
  • Ref: http://download.zarafa.com/zarafa/release/docs/changelog.en.txt
  • 08.20.37 - CVE: CVE-2008-1880
  • Platform: Cross Platform
  • Title: Firebird "ISC_PASSWORD" Environment Variable Unauthorized Access
  • Description: Firebird is an open-source relational database available for multiple operating platforms. The application is exposed to an issue that can result in unauthorized access. Firebird version 2.0.3.12981.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29123
  • 08.20.38 - CVE: CVE-2008-1677
  • Platform: Cross Platform
  • Title: Red Hat Directory Server LDAP Query Patterns Buffer Overflow
  • Description: Red Hat Directory Server is a centralization server based on the Lightweight Directory Access Protocol (LDAP). The server is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data when processing LDAP query patterns.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=444712
  • 08.20.39 - CVE: CVE-2008-1922
  • Platform: Cross Platform
  • Title: SARG Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: SARG (Squid Analysis Report Generator) is an application that logs websites that users visit. The application is exposed to multiple remote issues.
  • Ref: http://www.securityfocus.com/bid/29141
  • 08.20.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GNU Emacs ".flc" File Processing
  • Description: Emacs is a freely available text editor. Emacs processes fast-lock files in an insecure manner. Specifically, the issue is triggered when a source file is opened and a crafted fast-lock ".flc" file resides in the same directory. Emacs version 21.3.1 is affected.
  • Ref: http://tracker.xemacs.org/XEmacs/its/issue378
  • 08.20.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
  • Description: Multiple operating systems are exposed to remote denial of service issues that occur when affected operating systems are acting as IPv6 routers. These issues are due to how the affected operating systems handle IPv6 route advertisements. Microsoft Windows XP, Microsoft Windows Server 2003, and Linux are exposed to these issues. Ref: http://blog.ncircle.com/blogs/vert/archives/2008/05/xp_ipv6_dos_ipv6_networking_is.html
  • 08.20.42 - CVE: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
  • Platform: Cross Platform
  • Title: libvorbis Multiple Remote Vulnerabilities
  • Description: The libvorbis library allows media applications to play Ogg Vorbis files. Applications using the libvorbis library are exposed to multiple remote issues. libvorbis version 1.2.0 is affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0270.html
  • 08.20.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wordnet Multiple Buffer Overflow Vulnerabilities
  • Description: Wordnet is a lexical database of English. Wordnet is exposed to multiple buffer overflow issues because the application fails to properly bounds check user-supplied input. WordNet versions 2.0, 2.1 and 3.0 are exposed.
  • Ref: https://bugs.gentoo.org/show_bug.cgi?id=211491
  • 08.20.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Net-SNMP Perl Module Buffer Overflow
  • Description: Net-SNMP is a set of tools and libraries. It provides a Perl SNMP module. The application is exposed to a remote buffer overflow issue because the software fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. Net-SNMP versions 5.4.1, 5.2.4 and 5.1.4 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694
  • 5.0) - CVE: Not Available730827 is affected.
  • Platform: Web Application - Cross Site Scripting
  • Title: SAP Internet Transaction Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: SAP Internet Transaction Server (ITS) facilitates communications between SAP R/3 systems and Web users, allowing users to access R/3 applications over the web. The application is exposed to multiple cross-site scripting issues because the software fails to sufficiently sanitize user-supplied data to the "~service" parameter of the "scripts/wgate.dll" script and other unspecified parameters. SAP Internet Transaction Server version 6200.1017.50954.0, Build
  • Ref: http://www.securityfocus.com/bid/29103
  • 08.20.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Web Server Search Module Cross-Site Scripting
  • Description: Sun Java System Web Server is an enterprise level web server application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the Search Module.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1
  • 08.20.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tux CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Tux CMS is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "q" parameter of the "index.php" script and the "returnURL" parameter of the "tux-login.php" script, as well as input supplied to the "tux-syndication/atom.php" script. Tux CMS version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29090
  • 08.20.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sphider "query" Parameter Cross-Site Scripting
  • Description: Sphider is a PHP-based search engine application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "query" parameter of the "search.php" script. Sphider version 1.3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491712
  • 08.20.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SonicWALL Email Security Error Page Cross-Site Scripting
  • Description: SonicWALL Email Security is an application that protects email communications. It provides antispam, antivirus, antiphishing, and policy/compliance management capabilities. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input when displaying URI address data in an error page. SonicWALL Email Security version 6.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29107
  • 08.20.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ZyWALL 100 HTTP Referer Header Cross-Site Scripting
  • Description: ZyWALL 100 is an internet security appliance. The appliance is exposed to a cross-site scripting issue that occurs in the web-based management interface.
  • Ref: http://www.securityfocus.com/archive/1/491818
  • 08.20.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache HTTP Server 403 Error Cross-Site Scripting
  • Description: Apache HTTP servers are exposed to a cross-site scripting issue. This issue occurs because the application fails to sufficiently sanitize UTF-7 characters.
  • Ref: http://www.securityfocus.com/archive/1/491862
  • 08.20.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: InfoBiz Server "keywords" parameter Cross-Site Scripting
  • Description: InfoBiz Server is modular web-based system that provides CMS, CRM, e-commerce and e-marketing solution. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "keywords" parameter of the "search_results.php" script.
  • Ref: http://www.securityfocus.com/bid/29116
  • 08.20.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel Multiple Cross-Site Scripting Vulnerabilities
  • Description: cPanel is a web-hosting control panel. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/491864
  • 08.20.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Phoenix View CMS "admin_frame.php" Cross-Site Scripting
  • Description: Phoenix View CMS is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "ltarget" parameter of the "admin_frame.php" script. Phoenix View CMS Pre Alpha2 is affected.
  • Ref: http://www.securityfocus.com/bid/29130
  • 08.20.55 - CVE: CVE-2007-5803
  • Platform: Web Application - Cross Site Scripting
  • Title: Nagios Unspecified Cross-Site Scripting
  • Description: Nagios is an open-source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. The software is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29140
  • 08.20.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpInstantGallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpInstantGallery is an image-gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29152
  • 08.20.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CyrixMED "index.php" Cross-Site Scripting
  • Description: CyrixMED is a patient management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "msg_erreur" parameter of the "index.php" script. CyrixMED version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29153
  • 08.20.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site Scripting
  • Description: IBM Lotus Quickr is web-based collaboration software. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Lotus Quickr versions prior to 8.1 Hotfix 5 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018711
  • 08.20.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ActualScripts ActualAnalyzer "view.php" Cross-Site Scripting
  • Description: ActualAnalyzer is a web-based application that collects site statistics. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "view.php" script.
  • Ref: http://www.majorsecurity.de/index_2.php?major_rls=major_rls52
  • 08.20.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Event Database Extension Unspecified Cross-Site Scripting
  • Description: Event Database is an extension for TYPO3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Event Database (rlmp_eventdb) versions prior to 1.1.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080513-3/
  • 08.20.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Build A Niche Store "q" Parameter Cross-Site Scripting
  • Description: Build A Niche Store is a web-based application designed to create affiliate websites for auctions. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the application's search script. Build A Niche Store version 3.0 is affected.
  • Ref: https://vuln.intranet.qualys.com:8443/sans/edit.php?id=20.46
  • 08.20.62 - CVE: CVE-2008-2165
  • Platform: Web Application - Cross Site Scripting
  • Title: Cisco BBSM Captive Portal "AccesCodeStart.asp" Cross-Site Scripting
  • Description: Cisco BBSM (Building Broadband Service Manager) is a device that provides public and guest Internet access control features and functionality to wired and wireless networks. The application is exposed to a cross-site scripting issue that occurs in the Captive Portal because the application fails to sufficiently sanitize user-supplied input to the "msg" parameter of the "AccessCodeStart.asp" script. Cisco BBSM version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29191
  • 08.20.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Interspire ArticleLive NX "Query" Field Cross-Site Scripting
  • Description: ArticleLive NX is a PHP-based content manager. The application is expsoed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "Query" field of the search form.
  • Ref: http://www.securityfocus.com/bid/29203
  • 08.20.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Django Login Form Cross-Site Scripting
  • Description: Django is a Python-based framework for building web applications. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "action" attribute of the login form. Django versions 0.91, 0.95, and 0.96 are affected.
  • Ref: http://www.djangoproject.com/weblog/2008/may/14/security/
  • 08.20.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OneCMS "asd.php" SQL Injection
  • Description: OneCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sitename" parameter of the "asd.php" script before using it in an SQL query. OneCMS version 2.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29102
  • 08.20.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS "pm.class.php" Multiple SQL Injection Vulnerabilities
  • Description: RunCMS is a content manager implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "msg_image" and "msg_attachment" parameters used by the "store()" function in the "modules/messages/class/pm.class.php" script file before using the data in an SQL query. RunCMS version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29069
  • 08.20.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Visual Shapers ezContents Multiple SQL Injection Vulnerabilities
  • Description: ezContents is a CMS solution. This application is exposed to multiple SQL injection issues because the application fails to sanitize user-supplied input before using it in an SQL query. exContents version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491813
  • 08.20.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Musicbox "viewalbums.php" SQL Injection
  • Description: Musicbox is a web-based application for hosting a music site. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "artistId" parameter of the "viewalbums.php" script before using it in an SQL query. Musicbox versions 2.3.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29100
  • 08.20.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Shader TV Multiple SQL Injection Vulnerabilities
  • Description: Shader TV is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the following scripts: "kanal.asp","google.asp", and "hakk.asp".
  • Ref: http://www.securityfocus.com/bid/29091
  • 08.20.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: gameCMS Lite "index.php" SQL Injection
  • Description: gameCMS Lite is a PHP-based content management application for gaming-related web sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "systemId" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29093
  • 08.20.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PostcardMentor "step1.asp" SQL Injection
  • Description: PostcardMentor is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_fldAuto" parameter of the "step1.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29094
  • 08.20.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: fipsCMS "print.asp" SQL Injection
  • Description: fipsCMS is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lg" parameter of the "/modules/print.asp" script file before using it in an SQL query. fipsCMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29095
  • 08.20.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Galleristic "index.php" SQL Injection
  • Description: Galleristic is a web-based photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29096
  • 08.20.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YouTube Clone Script "group_posts.php" SQL Injection
  • Description: YouTube Clone Script is a PHP-based application for sharing videos. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tid" parameter of the "group_posts.php" script before using it in an SQL query. YouTube Clone Script version 2.6 is affected.
  • Ref: http://forums.buyscripts.in/viewtopic.php?f=7&t=3389
  • 08.20.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HispaH Model Search "cat.php" SQL Injection
  • Description: HispaH Model Search is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "cat" parameter of the "cat.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/5577
  • 08.20.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SazCart "prodid" Parameter SQL Injection
  • Description: SazCart is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "prodid" parameter of the "index.php" script before using it in an SQL query. SazCart version 1.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491892
  • 08.20.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ktools PhotoStore "gallery.php" SQL Injection
  • Description: PhotoStore is a web-based application for displaying and selling photographs. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gid" parameter of the "gallery.php" script before using it in an SQL query. PhotoStore version 3.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29132
  • 08.20.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ktools PhotoStore Multiple SQL Injection Vulnerabilities
  • Description: PhotoStore is a web-based application for displaying and selling photographs. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.milw0rm.com/exploits/5582
  • 08.20.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Advanced Links Management "read.php" SQL Injection
  • Description: Advanced Links Management is a web-based links management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CatId" parameter of the "read.php" script before using it in an SQL query. Advanced Links Management version 1.5.2 is affected.
  • Ref: http://www.milw0rm.com/exploits/5581
  • 08.20.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Datsogallery Component "sub_votepic.php" SQL Injection
  • Description: Datsogallery is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sub_votepic.php" script before using it in an SQL query. Datsogallery version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29138
  • 08.20.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OtherLogic "vocourse.php" SQL Injection
  • Description: OtherLogic is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "vocourse.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/491900
  • 08.20.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo xsstream-dm Component "movie" Parameter SQL Injection
  • Description: The xsstream-dm component is an application for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "movie" parameter of the "com_xsstream-dm" component before using it in an SQL query. xsstream-dm version 0.01 Beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/491943
  • 08.20.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuickUpCMS Multiple SQL Injection Vulnerabilities
  • Description: QuickUpCMS is a web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/29145
  • 08.20.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vortex CMS "index.php" SQL Injection
  • Description: Vortex CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29146
  • 08.20.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress WP Photo Album Plugin "photo" Parameter SQL Injection
  • Description: The WP Photo Album (WPPA) program is a plugin for the WordPress web-based publishing application. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "photo" parameter before using it in an SQL query.
  • Ref: http://me.mywebsight.ws/web/wppa
  • 08.20.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Article "featured_article.php" SQL Injection
  • Description: AJ Article is a knowledgebase system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "featured_article.php" script before using it in an SQL query. AJ Article version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29149
  • 08.20.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction "classifide_ad.php" SQL Injection
  • Description: AJ Auction is a web-based auction system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "item_id" parameter of the "classifide_ad.php" script before using it in an SQL query. AJ Auction versions 6.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29150
  • 08.20.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Classifieds "index.php" SQL Injection
  • Description: AJ Classifieds is a web-based classifieds system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "posting_id" parameter of the "index.php" script before using it in an SQL query. AJ Classifieds version 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/29151
  • 08.20.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Dating "view_profile.php" SQL Injection
  • Description: AJ Dating is a web-based dating application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user_id" parameter of the "view_profile.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29154
  • 08.20.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZeusCart "category_list.php" SQL Injection
  • Description: ZeusCart is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "category_list.php" script before using it in an SQL query. ZeusCart version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29155
  • 08.20.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Editorial "admin/index.php3" SQL Injection
  • Description: Editorial is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "admin/index.php3" script when the "action" attribute is set to "mod" before using that data in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29161
  • 08.20.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Battle.net Clan Script "members.php" SQL Injection
  • Description: Battle.net Clan Script is a clan management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "showmember" parameter of the "members.php" script before using it in an SQL query. Battle.net Clan Script version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29166
  • 08.20.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mega File Hosting Script "members.php" SQL Injection
  • Description: Mega File Hosting Script is a file-hosting script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fid" parameter of the "members.php" script before using it in an SQL query. Mega File Hosting Script version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29167
  • 08.20.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Classifieds Script "fatherID" Parameter Multiple SQL Injection Vulnerabilities
  • Description: PHP Classifieds Script is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/29169
  • 08.20.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ABSoft Advanced Image Hosting Script "out.php" SQL Injection
  • Description: Advanced Image Hosting Script is an image-hosting application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "t" parameter of the "out.php" script before using it in an SQL query. Advanced Image Hosting Script version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29172
  • 08.20.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ HYIP Acme "topic_detail.php" SQL Injection
  • Description: AJ HYIP Acme is an HYIP manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "topic_detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29173
  • 08.20.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
  • Description: RakNet is a network library designed to be used with online games. It is available for Microsoft Windows and Unix platforms. Autopatcher is a component of RakNet that facilitates automated updating. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries. RakNet versions prior to 3.23 are affected.
  • Ref: http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0
  • 08.20.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 BLOG Engine "comment.php" SQL Injection
  • Description: e107 BLOG Engine is a blog plugin for the e107 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rid" parameter of the "comment.php" script before using it in an SQL query. e107 BLOG Engine version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29181
  • 08.20.99 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EQdkp "user_id" Parameter SQL Injection
  • Description: EQdkp is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user_id" cookie parameter before using it in an SQL query. EQdkp version 1.3.2f is affected.
  • Ref: http://www.securityfocus.com/bid/29184
  • 08.20.100 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zogo-shop "products.php" SQL Injection
  • Description: Zogo-shop is a ecommerce plugin for the e107 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "products.php" script. Zogo-shop version 1.16 Beta 13 is affected.
  • Ref: http://www.securityfocus.com/bid/29185
  • 08.20.101 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Meto Forum "forum/kategori.asp" SQL Injection
  • Description: Meto Forum is a web-based forum application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kid" parameter of the "forum/kategori.asp" script before using it in an SQL query. Meto Forum version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29189
  • 08.20.102 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Meto Forum Multiple SQL Injection Vulnerabilities
  • Description: Meto Forum is a web-based forum application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "uye.asp" and "oku.asp" scripts before using it in an SQL query. Meto Forum version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29192
  • 08.20.103 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CaLogic Calendars "userreg.php" SQL Injection
  • Description: CaLogic Calendars is a web-based calendar application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "langsel" parameter of the "userreg.php" script before using it in an SQL query. CaLogic Calendars version 1.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29193
  • 08.20.104 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: The Real Estate Script "dpage.php" SQL Injection
  • Description: The Real Estate Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "docID" parameter of the "dpage.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29200
  • 08.20.105 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EMO Realty Manager "news.php" SQL Injection
  • Description: EMO Realty Manager is a real estate manager script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ida" parameter of the "pagesnews.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29202
  • 08.20.106 - CVE: CVE-2008-2149
  • Platform: Web Application - SQL Injection
  • Title: Kalptaru Infotech Automated Link Exchange Portal "linking.page.php" SQL Injection
  • Description: Automated Link Exchange Portal is a script that facilitates creation of a links exchange site. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "linking.page.php" script before using it in an SQL query.
  • Ref: http://cmsnx.com/product.about.php?id=11
  • 08.20.107 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Faethon Cross-Site Scripting Vulnerability and Remote File Include
  • Description: CMS Faethon is a web-based Content Management. The application is exposed to multiple input validation issues. CMS Faethon version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29099
  • 08.20.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Nuke ET Journal Module Security Bypass and HTML Injection Vulnerabilities
  • Description: Nuke ET is a web application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. Nuke ET versions prior to 3.10 are affected.
  • Ref: http://www.truzone.org/modules.php?name=News&new_topic=27
  • 08.20.109 - CVE: Not Available
  • Platform: Web Application
  • Title: mvnForum Quick Reply Feature HTML Injection
  • Description: mvnForum is a web-based bulletin board implemented in JSP. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input. mvnForum version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/491713
  • 08.20.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Forum Rank System "settings["locale"]" Parameter Multiple Local File Include Vulnerabilities
  • Description: Forum Rank System is a module for the Php-Fusion content manager. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to the "settings["locale"]" parameter of the "forum.php" and "profile.php" scripts. Forum Rank System 6 is affected.
  • Ref: http://www.securityfocus.com/bid/29077
  • 08.20.111 - CVE: Not Available
  • Platform: Web Application
  • Title: SazCart "_saz[settings]" Multiple Remote File Include Vulnerabilities
  • Description: SazCart is a web-based shopping cart application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. SazCart version 1.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29113
  • 08.20.112 - CVE: Not Available
  • Platform: Web Application
  • Title: myWebland miniBloggie "del.php" Security Bypass
  • Description: miniBloggie is a web-log application. The application is exposed to an issue in the "del.php" script that allows an unauthorized attacker to delete arbitrary blog posts because it fails to properly restrict access to certain functionality. miniBloggie version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29115
  • 08.20.113 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenKM Document Export Security Bypass
  • Description: OpemKM is a web-based document manager. The application is exposed to an unspecified security bypass issue. This issue may allow an unprivileged attacker to export arbitrary documents. OpenKM versions prior to 2.0 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=597940
  • 08.20.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Cyberfolio "derniers_commentaires.php" Remote File Include
  • Description: Cyberfolio is a PHP-based web application. The component is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rep" parameter of the "/portfolio/commentaires/derniers_commentaires.php" script. Cyberfolio version 7.12 is affected.
  • Ref: http://www.securityfocus.com/bid/29124
  • 08.20.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Admidio "get_file.php" Local File Include
  • Description: Admidio is a PHP-based tool for managing memberships for clubs, organizations, etc. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "get_file.php" script. Admidio version 1.4.8 is affected.
  • Ref: http://www.securityfocus.com/bid/29127
  • 08.20.116 - CVE: Not Available
  • Platform: Web Application
  • Title: txtCMS "index.php" Local File Include
  • Description: txtCMS is a web-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "value" parameter of the "index.php" script. txtCMS version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29131
  • 08.20.117 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities
  • Description: BlogPHP is a web-based blogging application. The application is exposed to multiple HTML injection, cross-site scripting and cookie manipulation issues because it fails to adequately sanitize user-supplied input. BlogPHP version 2.0 is affected.
  • Ref: http://www.davidsopas.com/soapbox/blogphp.txt
  • 08.20.118 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpBlock Multiple Remote File Include Vulnerabilities
  • Description: PhpBlock is a map engine implemented in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. PhpBlock version a8.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29143
  • 08.20.119 - CVE: Not Available
  • Platform: Web Application
  • Title: ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: ClanLite is a PHP-based web portal. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input-validation issues. ClanLite version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29156
  • 08.20.120 - CVE: Not Available
  • Platform: Web Application
  • Title: BIGACE "GLOBALS[_BIGACE][DIR]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: BIGACE is a content manager written in PHP. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. BIGACE version 2.4 is affected.
  • Ref: http://www.bigace.de/security-problem-urgent-update-required.html
  • 08.20.121 - CVE: Not Available
  • Platform: Web Application
  • Title: IBD Micro CMS "microcms-admin-login.php" Multiple SQL Injection Vulnerabilities
  • Description: IBD Micro CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "administrators_username" and "administrators_pass" parameters of the "microcms-admin-login.php" script before using it in an SQL query. Micro CMS version 3.5 is affected.
  • Ref: http://wired-security.net/texts/advisories
  • 08.20.122 - CVE: Not Available
  • Platform: Web Application
  • Title: Claroline Multiple Remote File Include Vulnerabilities
  • Description: Claroline is a PHP-based online educational platform. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Claroline version 1.7.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29162
  • 08.20.123 - CVE: Not Available
  • Platform: Web Application
  • Title: Fusebox "fusebox5.php" Remote File Include
  • Description: Fusebox is a framework for building ColdFusion and PHP sites. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "FUSEBOX_APPLICATION_PATH" parameter of the "fusebox5.php" script. Fusebox version 5.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29163
  • 08.20.124 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpMyAgenda "infoevent.php3" Remote File Include
  • Description: PhpMyAgenda is a PHP-based calendar application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rootagenda" parameter of the "infoevent.php3" script. PhpMyAgenda version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29164
  • 08.20.125 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Made Simple "modules/FileManager/postlet/javaUpload.php" Arbitrary File Upload
  • Description: CMS Made Simple is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code. The problem occurs because the application fails to properly verify the contents of a file, and only checks the extension in "modules/FileManager/postlet/javaUpload.php". CMS Made Simple version 1.2.4 is affected. Ref: http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/
  • 08.20.126 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 WT Gallery Extension Multiple Input Validation Vulnerabilities
  • Description: WT Gallery is an extension for TYPO3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. WT Gallery (wt_gallery) versions 2.6.2 and earlier are affected by a cross-site scripting issue. WT Gallery (wt_gallery) versions 2.5.0 and earlier are affected by information disclosure issues. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/
  • 08.20.127 - CVE: Not Available
  • Platform: Web Application
  • Title: WGCC Web Group Communication Center Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: WGCC (Web Group Communication Center) is a PHP-based community application. Since it fails to sufficiently sanitize user-supplied data, the application is prone to multiple input validation issues. WGCC version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29188
  • 08.20.128 - CVE: Not Available
  • Platform: Network Device
  • Title: Citrix Access Gateway Standard and Advanced Edition Unspecified Authentication Bypass
  • Description: Citrix Access Gateway Standard and Advanced Editions are SSL/VPN appliances. The appliances are exposed to an unspecified authentication bypass issue. Affected are: Access Gateway Standard Edition versions 4.5.7 and earlier; Advanced Edition versions 4.5 HF2 and earlier.
  • Ref: http://support.citrix.com/article/CTX116930

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

There's nothing that compares to the detail and real world content in this course.
-John Daskal, Johns Hopkins University Applied Physics Laboratory

CyberTalent Assessments

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd