Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 22
May 29, 2008

SANS Newsletters Home

Some of this week's critical vulnerabilities are particularly troubling. Adobe Flash is being actively exploited and no patch is available. Multiple flaws in Apple OS X (versions prior to 10.5.3) can enable unauthorized remote control of Macs. IBM SameTime - being used in many sensitive military organizations - has a buffer overflow that will allow remote code execution. EMC, the leader in storage systems and owner of RSA and VMWare, has been selling backup software with multiple critical vulnerabilities. All are troubling, but Adobe's problems are likely to be affecting the most people. There is also a rumor that some Adobe product, when upgraded to a newer safer version, leaves the older vulnerable executables (unpatched) on the computer and doesn't tell the user. Has any @RISK reader checked this? Can you share your results with us? If true, it's very important. Email apaller@sans.org. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 3 (#3, #6, #7)
    • Apple
    • 1 (#2)
    • Linux
    • 2
    • Cross Platform
    • 5 (#1, #4, #5, #8)
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 11
    • Web Application
    • 14
    • Network Device
    • 1

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, both new Pen Testing courses, CISSP, and SANS' other top-rated courses plus evening sessions with Internet Storm Center handlers. - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program with many bonus sessions and a big exhibition of security products: http://www.sans.org/info/26774 - - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/16) http://www.sans.org/boston08/ - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Adobe Flash Player Remote Code Execution Vulnerability
  • Affected:
    • Adobe Flash Player versions 9.0.115.0 and prior
    • Adobe Flash Player versions 9.0.124.0 and prior on some platforms

  • Description: Adobe Flash Player is the most popular rich web content player on the Internet, installed by default on all Microsoft Windows and Apple Mac OS X systems. It is also often included in Unix and Linux systems. It contains a remote code execution vulnerability in its handling of Flash files. A specially crafted Flash file could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. While there are very few technical details publicly available at the present time, this vulnerability is being exploited in the wild. Flash content is displayed by default in most web browser configurations. There are some reports of advertising networks being co-opted to serve malicious Flash content. Currently, only Flash Player on Microsoft Windows is being exploited; it is suspected that this vulnerability affects Flash Player on other platforms.

  • Status: Adobe confirmed, no updates available. Users are advised to disable their Flash player installation if possible.

  • References:
  • (2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-003)
  • Affected:
    • Apple Mac OS X versions prior to 10.5.3

  • Description: Apple Mac OS X contains multiple vulnerabilities in several of its components. Flaws in the handling of user and network requests, and several file, document, and media formats, can lead to arbitrary remote code execution with the privileges of the vulnerable process. Other logical flaws in the handling of authentication can lead to arbitrary information disclosure. Additional issues include cross-site-scripting and denial-of-service vulnerabilities. Several of these vulnerabilities stem from flaws in included third-party applications and components. Note that this update also addresses the Adobe Flash vulnerability discussed above.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: EMC AlphaStor Multiple Vulnerabilities
  • Affected:
    • AlphaStor versions 3.1 SP1 and prior

  • Description: EMC AlphaStor is a popular enterprise storage management application. It contains multiple vulnerabilities in its handling of user requests. Its Server Agent and Library Manager components contain multiple buffer overflow vulnerabilities. A specially crafted request to one of these components could trigger one of these buffer overflows, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). No authentication is required to exploit these vulnerabilities. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available. Users are advised to block TCP ports 3500 and 41025 at the network perimeter, if possible.

  • References:
  • (6) HIGH: Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow
  • Affected:
    • Creative Labs AutoUpdate Engine ActiveX Control

  • Description: Several Creative Labs products include automatic update functionality. This functionality is provided by the AutoUpdate Engine ActiveX control. This control contains a buffer overflow in its handling of its 'cachefolder' property. A specially crafted web page that exploits this vulnerability could execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "0A5FD7C5-A45C-49FC-ADB5-9952547D5715".

  • References:
  • (7) HIGH: Alt-N MDaemon IMAP Server FETCH Command Handling Buffer Overflow
  • Affected:
    • Alt-N MDaemon versions 9.6.4 and prior

  • Description: MDaemon is a popular email server from Alt-N. Its IMAP component contains a buffer overflow in its handling of the IMAP "FETCH" command. A specially crafted FETCH request could trigger this buffer overflow. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process, usually SYSTEM. Note that authentication is required to exploit this vulnerability. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
  • (8) HIGH: Samba SMB Response Handling Memory Corruption Vulnerability
  • Affected:
    • Samba versions 3.0.0 to 3.0.29

  • Description: Samba is a popular open source application that provides both server and client implementations of the Server Message Block (SMB) and Common Internet Filesystem (CIFS) protocol stacks, allowing non-Windows systems to access or provide Microsoft Windows-style services. Samba contains a flaw in its handling of server responses. A specially crafted server response could trigger a memory corruption vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Exploitation would require an attacker to convince a user to connect to a malicious SMB server. Full technical details for this vulnerability are publicly available via source code analysis.

  • Status: Samba confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 22, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.22.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: eMule Plus Unspecified Security
  • Description: eMule Plus is a file sharing utility for the Microsoft Windows platform. The application is exposed to an unspecified issue that occurs when the application performs "staticservers.dat" processing. emule plus versions prior to 1.2d are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=600155
  • 08.22.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Core FTP "LIST" Command Directory Traversal
  • Description: Core FTP is an FTP client for Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. Core FTP LE/PRO version 2.1 Build 1565 is affected.
  • Ref: http://vuln.sg/coreftp211565-en.html
  • 08.22.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lenovo System Update SSL Certificate Validation Security Bypass
  • Description: Lenovo System Update is an automated tool for downloading and installing software updates. The application is exposed to a security bypass issue. The issue occurs because the application fails to properly check SSL certificates. Lenovo System Update version 3 (Version 3.13.0005, Build date 2008-1-3) is affected.
  • Ref: http://www.security-objectives.com/advisories/SECOBJADV-2008-01.txt
  • 08.22.4 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel Unspecified Security Issue
  • Description: The Linux kernel is exposed to an issue that stems from an unspecified error. This issue affects versions prior to Linux kernel 2.6.25.4.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4
  • 08.22.5 - CVE: CVE-2008-2137
  • Platform: Linux
  • Title: Linux Kernel SPARC "mmap()" Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue when memory address mapping is performed on SPARC-based computers. The issue occurs in the "sparc_mmap_check()" function when checking "mmap()" virtual address ranges. Linux kernel versions prior to 2.6.25.3 are affected.
  • Ref: http://kerneltrap.org/mailarchive/git-commits-head/2008/5/8/1760604
  • 08.22.6 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libpam-pgsql "pam_pgsql.c" Authentication Bypass
  • Description: libpam-pgsql is a PAM module to authenticate using a PostgreSQL database. The application is exposed to an issue that may let attackers authenticate without a valid password. Specifically, the function "pam_sm_authenticate()" in the "pam_pgsql.c" file allows attackers to bypass authentication when a "SIGINT" signal is sent during the authentication process. libpam-pgsql versions 0.6.3 and earlier are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970
  • 08.22.7 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SaraB DAR Encryption Ciphers Local Information Disclosure
  • Description: SaraB is an automatic backup solution. The application is exposed to an information disclosure issue. Specifically, this issue arises because encryption ciphers are passed to DAR as a command line argument. SaraB versions prior to 0.2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/29364
  • 08.22.8 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Flash Player SWF File Unspecified Remote Code Execution
  • Description: Adobe Flash Player is an application for playing Flash media files. The application is exposed to an unspecified remote code execution issue when processing specially-crafted SWF files. Adobe Flash Player versions 9.0.115.0 and 9.0.124.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/395473
  • 08.22.9 - CVE: CVE-2008-1105
  • Platform: Cross Platform
  • Title: Samba "lib/util_sock.c" Buffer Overflow
  • Description: Samba is a suite of software that provides file and print services for "SMB/CIFS" clients. It is available for multiple operating platforms. The application is exposed to a remote heap-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. Samba versions 3.0.28a and 3.0.29 are affected.
  • Ref: http://secunia.com/secunia_research/2008-20/advisory/
  • 08.22.10 - CVE: CVE-2008-0891, CVE-2008-1672
  • Platform: Cross Platform
  • Title: OpenSSL Multiple Denial of Service Vulnerabilities
  • Description: OpenSSL is an open-source implementation of the SSL protocol that is used by a number of other projects, including but not restricted to Apache, Sendmail, and Bind. It is commonly found on Linux and UNIX systems. The application is exposed to multiple denial of service issues. OpenSSL versions 0.9.8f and 0.9.8g are affected.
  • Ref: http://www.openssl.org/news/secadv_20080528.txt
  • 08.22.11 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SAFARI Montage "forgotPW.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: SAFARI Montage is a multimedia server application that supports video-on-demand (VOD) technology. The server is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "school" and "email" parameters of the "SAFARI/montage/forgotPW.php" script. Ref: http://www.digitrustgroup.com/advisories/web-application-security-safari-montage.html
  • 08.22.12 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting
  • Description: Sun Java System Web Server is an enterprise-level webserver application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input to the advanced search mechanism. Sun Java System Web Server versions 6.1 and 7.0 for SPARC, x86, Linux, Windows, HP-UX and AIX platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236481-1
  • 08.22.13 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PCPIN Chat "inc/url_redirection.inc.php" Cross-Site Scripting
  • Description: PCPIN Chat is a web-based instant messaging application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize unspecified user-supplied input to the "/inc/url_redirection.inc.php" script. PCPIN Chat versions prior to 6.11 are affected.
  • Ref: http://www.securityfocus.com/archive/1/492563
  • 08.22.14 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Kronolith Multiple Cross-Site Scripting Vulnerabilities
  • Description: Kronolith is a web-based calendar system. It uses the Horde Application Framework. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "timestamp" parameter of the "week.php", "workweek.php" and "day.php" scripts as well as the "horde" parameter.
  • Ref: http://www.securityfocus.com/bid/29365
  • 08.22.15 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: miniCWB "connector.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: miniCWB is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. The following parameters of the "/javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php" script are affected: "errcontent" and "fckphp_config[Debug_SERVER]". miniCWB version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492581
  • 08.22.16 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tr Script News "news.php" Cross-Site Scripting
  • Description: Tr Script News is a news script. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize unspecified user-supplied input to the "nb" parameter of the "news.php" script when the "mode" parameter is set to "voir". Tr Script News version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29388
  • 08.22.17 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 BLOG Engine "macgurublog.php" SQL Injection
  • Description: e107 BLOG Engine is a blog plugin for the e107 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter of the "macgurublog.php" script before using it in an SQL query. e107 BLOG Engine version 2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492506
  • 08.22.18 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Upload File Plugin "wp-uploadfile.php" SQL Injection
  • Description: WordPress is a PHP-based content manager. The application's Upload File plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "f_id" parameter of the "/wp-uploadfile.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/492578
  • 08.22.19 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DZOIC Handshakes "fname" Parameter SQL Injection
  • Description: DZOIC Handshakes is a PHP-based social networking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fname" parameter of the "index.php" script when a member search is being performed. DZOIC Handshakes version 3.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492556
  • 08.22.20 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RoomPHPlanning "resaopen.php" SQL Injection
  • Description: RoomPHPlanning is a PHP-based scheduling application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idresa" parameter of the "resaopen.php" script before using it in an SQL query. RoomPHPlanning version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29354
  • 08.22.21 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Xomol CMS "index.php" SQL Injection
  • Description: Xomol CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email" HTTP POST parameter of the "index.php" script before using it in an SQL query. Xomol CMS version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/29358
  • 08.22.22 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AbleSpace "adv_cat.php" SQL Injection
  • Description: AbleSpace is a community and dating script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "adv_cat.php" script. AbleSpace version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492576
  • 08.22.23 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Excuse Online "pwd.asp" SQL Injection
  • Description: Excuse Online is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pID" parameter of the "pwd.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/492580
  • 08.22.24 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpFix Multiple SQL Injection Vulnerabilities
  • Description: phpFix is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters: "browse.php: kind" and "00_pass.php: account". phpFix version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492582
  • 08.22.25 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ClassSystem Multiple SQL Injection Vulnerabilities and Arbitrary File Upload
  • Description: ClassSystem is a web-based application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. ClassSystem versions 2 and 2.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/492583
  • 08.22.26 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RoomPHPlanning "weekview.php" SQL Injection
  • Description: RoomPHPlanning is a PHP-based reservations application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idroom" parameter of the "weekview.php" script before using it in an SQL query. RoomPHPlanning version 1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492636
  • 08.22.27 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RevokeBB "search" Parameter SQL Injection
  • Description: RevokeBB is a PHP-based bulletin board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "/inc/acts/search.module.php" script before using it in an SQL query. RevokeBB version 1.0 RC11 is affected.
  • Ref: http://www.securityfocus.com/bid/29393
  • 08.22.28 - CVE: Not Available
  • Platform: Web Application
  • Title: WWW File Share Pro Unspecified Arbitrary File Upload
  • Description: WWW File Share Pro is an application that allows file sharing within a browser. The application is exposed to an issue that lets attackers upload arbitrary files. The application fails to verify file extensions and may allow arbitrary scripts to run. WWW File Share Pro version 5.30 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492416
  • 08.22.29 - CVE: Not Available
  • Platform: Web Application
  • Title: AbleDating "search_results.php" Multiple Input Validation Vulnerabilities
  • Description: AbleDating is a PHP-based application for setting up a dating site. Since it fails to sanitize user-supplied input data, the application is exposed to multiple input validation issues. AbleDating version 2.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492478
  • 08.22.30 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre Unspecified HTML Injection
  • Description: Xerox WorkCentre is a web-capable printer and photocopier. The application is exposed to an unspecified HTML injection issue because it fails to sanitize user-supplied input. Xerox WorkCentre versions 7132, 7228, 7235 and 7245 are affected.
  • Ref: http://www.securityfocus.com/bid/29345
  • 08.22.31 - CVE: Not Available
  • Platform: Web Application
  • Title: Sava CMS SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Sava CMS is a web-based content manager. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input-validation issues. Sava CMS versions prior to 5.0.122 are affected.
  • Ref: http://www.securityfocus.com/bid/29346
  • 08.22.32 - CVE: Not Available
  • Platform: Web Application
  • Title: Cerberus Helpdesk Controller Authentication Information Disclosure
  • Description: Cerberus Helpdesk is a PHP-based email application. The application is exposed to an information disclosure issue because of an authentication error on certain web pages. The issue occurs when accessing pages that aren't integrated with the application's web interface. Ref: http://www.cerb4.com/blog/2008/05/15/important-security-patch-40-build-599/
  • 08.22.33 - CVE: Not Available
  • Platform: Web Application
  • Title: Quate CMS Multiple Input Validation Vulnerabilities
  • Description: Quate CMS is a PHP-based content manager. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. Quate CMS version 0.3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492512
  • 08.22.34 - CVE: Not Available
  • Platform: Web Application
  • Title: phpRaider phpbb3 Bridge "phpbb3.functions.php" Remote File Include
  • Description: phpRaider is a web-based raid manager for MMORPGs (Massive Multiplayer Online Role Playing Game). The application is exposed to a remote file include issue in the phpbb3 bridge functionality because it fails to sufficiently sanitize user-supplied input to the "pConfig_auth[phpbb_path]" parameter of the "authentication/phpbb3/phpbb3.functions.php" script. phpRaider version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/29356
  • 08.22.35 - CVE: Not Available
  • Platform: Web Application
  • Title: plusPHP Short URL Multi-User Script Remote File Include
  • Description: plusPHP Short URL Multi-User Script is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_pages_dir" parameter of the "plus.php" script. plusPHP Short URL Multi-User Script version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29357
  • 08.22.36 - CVE: Not Available
  • Platform: Web Application
  • Title: Xomol CMS "index.php" Local File Include
  • Description: Xomol CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "op" parameter of the "index.php" script. Xomol CMS version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/29359
  • 08.22.37 - CVE: Not Available
  • Platform: Web Application
  • Title: Zina "index.php" Multiple Input Validation Vulnerabilities
  • Description: Zina is an application that allows users to view and play MP3 files through their browser. The application is exposed to multiple input validation issues. Zina version 1.0rc3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492593
  • 08.22.38 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Prior to 4.6.4 Multiple Input Validation Vulnerabilities
  • Description: Mambo is a PHP-based content manager. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. Mambo versions prior to 4.6.4 are affected.
  • Ref: http://forum.mambo-foundation.org/showthread.php?t=11799
  • 08.22.39 - CVE: Not Available
  • Platform: Web Application
  • Title: OneCMS "load" Parameter Local File Include
  • Description: OneCMS is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "load" parameter of the "install_mod.php" script when the "act" parameter is set to "go".
  • Ref: http://www.securityfocus.com/bid/29374
  • 08.22.40 - CVE: Not Available
  • Platform: Web Application
  • Title: Campus Bulletin Board SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Campus Bulletin Board is a web-based bulletin board application implemented in ASP. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues. Campus Bulletin Board version 3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492586
  • 08.22.41 - CVE: Not Available
  • Platform: Web Application
  • Title: RoomPHPlanning "userform.php" Unauthorized Access
  • Description: RoomPHPlanning is a PHP-based scheduling application. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts used for created accounts. RoomPHPlanning version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29377
  • 08.22.42 - CVE: Not Available
  • Platform: Network Device
  • Title: BT Home Hub Administrator Password Information Disclosure
  • Description: BT Home Hub is a wireless router developed by BT. BT Home Hub is exposed to an information disclosure issue. BT Home Hub firmware version 6.2.6.E is affected.
  • Ref: http://www.securityfocus.com/bid/29388

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course lays the foundation necessary to understand data storage, then jumps into using the latest tools available today to ensure immediate value upon returning to work
-Dave Howard, Emerson

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc