Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 24
June 12, 2008

SANS Newsletters Home

A tough week - probably worse than it appears. Substantial numbers of critical vulnerabilities were reported for users of widely deployed software - Microsoft Bluetooth, Internet Explorer, and DirectX, Apple QuickTime and Cisco and other vendors' SNMP. But also in the less visible world of web applications where a massive wave of attacks against web apps became more visible in this week's data - nearly 80 new vulnerabilities in commercial web apps this week alone -- and hundreds of thousands of sites compromised because of flaws in their custom-developed web applications. Several organizations have completed a joint draft benchmarking assessment for web app security. If you are responsible for web app security in a medium or large organization, and have a pretty robust program, yell (apaller@sans.org) and I'll send it to you so you can compare the maturity of your program with those of others. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 5 (#1, #2, #3, #9, #10)
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 17
    • Mac Os
    • 6
    • Linux
    • 6
    • Novell
    • 1 (#8)
    • Cross Platform
    • 25 (#4, #5, #6, #7)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 33
    • Web Application
    • 35

*************************************************************************

TRAINING SCHEDULE UPDATE - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/info/26774 - - Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ Plus 100 other cites and on line any time: www.sans.org

************************ SPONSORED LINK *******************************

1) Free whitepaper: Five Code RED Security Threats to Windows Servers - - - How to Detect Them http://www.sans.org/info/29569

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Bluetooth Remote Code Execution (MS08-030)
  • Affected:
    • Microsoft Windows XP
    • Microsoft Windows Vista

  • Description: Bluetooth is an industry standard, short-range wireless networking protocol. It is often used to provide connectivity for keyboards, mice, cell phones, cameras and printers, among other devices. The Microsoft Windows Bluetooth protocol stack contains a flaw in its handling of Service Discovery Protocol (SDP) packets. A large number of SDP packets could trigger this vulnerability, leading to arbitrary code execution with the kernel-level privileges. Any attacker within Bluetooth range of an affected system could exploit this vulnerability. A computer must be discoverable by Bluetooth to be vulnerable, but otherwise, no authentication is necessary to exploit this vulnerability. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-031)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft WIndows XP
    • Microsoft Windows Internet Explorer 6
    • Microsoft WIndows Internet Explorer 7

  • Description: Microsoft Internet Explorer contains multiple vulnerabilities. Flaws in the handling of script calls to HTML object methods can result in memory corruption. A specially crafted web page containing such calls could exploit this vulnerability to execute arbitrary code with the privileges of the current user. Additionally, a flaw in the handling of HTTP request headers can bypass normal cross-domain protections. A specially crafted web page could trigger this vulnerability, allowing cross-domain information disclosure. Some technical details are available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Multiple SNMP Implementations Authentication Bypass Vulnerability
  • Affected:
    • Multiple SNMP implementations, including:
    • Net-SNMP versions prior to 5.4.1
    • UCD-SNMP, all versions
    • eCos, all versions (patched in CVS)
    • Cisco, multiple products

  • Description: The Simple Network Management Protocol (SNMP) is an internet-standard protocol to manage and monitor devices on a network. Devices may also be configured to allow modification of their configuration via SNMP. Several versions of SNMP are defined, with the most recent (and increasingly most common) version being 3. Version 3 SNMP requests can be authenticated using a secure hashing algorithm. Several popular implementations of SNMP have a flaw in their handling of this hashing algorithm. A specially crafted SNMP packet could trigger this vulnerability, allowing an attacker to bypass authentication. Depending upon configuration, this would allow an attacker to obtain sensitive configuration information, or modify the configuration of a managed device. Note that an attacker would still need to know a valid username to exploit this vulnerability. Full technical details and a proof-of-concept for this vulnerability are available via source code analysis.

  • Status: Vendors confirmed, updates available.

  • References:
  • (6) HIGH: OpenOffice.org Remote Code Execution
  • Affected:
    • OpenOffice.org versions 2.4 and prior
    • StarOffice versions 8.x

  • Description: OpenOffice.org is a popular open source office suite. It is included by default in most Unix, Unix-like, and Linux operating system distributions. It is also available for Microsoft Windows and Mac OS X. It contains a flaw in its handling of malformed documents. A specially crafted OpenOffice.org document could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, documents may be opened upon receipt without first prompting the user. Full technical details are available for this vulnerability via source code analysis. Note that Star Office, a popular commercial fork of OpenOffice.org is vulnerable as well.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Novell GroupWise Messaging Client Buffer Overflow
  • Affected:
    • Novell GroupWise Messenger versions prior to 2.0.3 HP1

  • Description: Novell GroupWise is a popular enterprise instant messaging application. Its client for Microsoft Windows contains a flaw in its handling of server responses. A specially crafted response from a malicious server could trigger this flaw, leading to a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) LOW: Microsoft Windows Pragmatic General Multicast Denial-of- Service (MS08-036)
  • Affected:
    • Microsoft WIndows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: The Pragmatic General Multicast protocol (PGM) is an Internet experimental protocol for reliable multicasting. The implementation of this protocol in Microsoft Windows contains multiple denial-of-service vulnerabilities in its handling of PGM streams. A specially crafted PGM packet could trigger one of these vulnerabilities, causing the affected system to crash. Note that PGM is not enabled in the default installation of Microsoft Windows.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) LOW: Microsoft Active Directory Denial-of-Service (MS08-035)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Server 2008

  • Description: Microsoft Active Directory is Microsoft's implementation of the Lightweight Directory Access Protocol (LDAP). It contains a denial-of-service vulnerability in its handling of certain LDAP requests. A specially crafted LDAP request could trigger this vulnerability, potentially crashing the affected system. On systems other than Microsoft WIndows 2000, an attacker must have valid authentication credentials to exploit this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.24.1 - CVE: CVE-2008-1440
  • Platform: Windows
  • Title: Microsoft Windows PGM Invalid Length Remote Denial of Service
  • Description: Microsoft Windows PGM (Pragmatic General Multicast) is a multicast protocol to detect, report on, and request retransmission of incomplete or lost inbound data. The application is exposed to a remote denial of service issue because of the way that it handles malformed PGM packets.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
  • 08.24.2 - CVE: CVE-2008-1441
  • Platform: Windows
  • Title: Microsoft Windows PGM Invalid Fragment Remote Denial of Service
  • Description: Microsoft Windows PGM (Pragmatic General Multicast) is a multicast protocol to detect, report on, and request retransmission of incomplete or lost inbound data. The application is exposed to a remote denial of service issue because of the way that it handles malformed PGM packets.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
  • 08.24.3 - CVE: CVE-2008-1453
  • Platform: Windows
  • Title: Microsoft Windows Bluetooth Stack Remote Code Execution
  • Description: Bluetooth is an industry-standard protocol that enables wireless connectivity for computers, handheld devices, mobile phones, and other devices. Microsoft Windows is exposed to a remote code execution issue because the Bluetooth stack fails to adequately handle specially crafted SDP (Service Discovery Protocol) requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-030.mspx
  • 08.24.4 - CVE: CVE-2008-1445
  • Platform: Windows
  • Title: Microsoft Windows Active Directory LDAP Request Validation Remote Denial of Service
  • Description: Lightweight Directory Access Protocol (LDAP) is a protocol that allows authorized users to view or update data in a meta directory. Windows is exposed to a remote denial of service issue because Microsoft Active Directory, ADAM (Active Directory Application Mode), and AD LDS (Active Directory Lightweight Directory Service) fails to handle specially crafted LDAP requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-035.mspx
  • 08.24.5 - CVE: CVE-2008-1451
  • Platform: Windows
  • Title: Microsoft Windows WINS Server Local Privilege Escalation
  • Description: Windows Internet Naming Service (WINS) is a protocol used to support NetBIOS over TCP/IP and to locate network resources such as computers and printers. The application is exposed to a local privilege escalation issue that may be triggered by malicious WINS network packets.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-034.mspx
  • 08.24.6 - CVE: CVE-2008-1442
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Objects Unexpected Method Calls Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for Windows operating systems. Internet Explorer is exposed to a remote code execution issue because it fails to adequately handle unexpected method calls to certain HTML objects.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
  • 08.24.7 - CVE: CVE-2008-2158
  • Platform: Third Party Windows Apps
  • Title: EMC AlphaStor Server Agent Multiple Stack-Based Buffer Overflow Vulnerabilities
  • Description: AlphaStor is part of an enterprise backup and file-sharing application. Server Agent is an application within AlphaStor that is used to initiate disk-management requests. The application is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers. AlphaStor version 3.1 SP1 for Windows is affected.
  • Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=702
  • 08.24.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CA Internet Security Suite "UmxEventCli.dll" ActiveX Control Arbitrary File Overwrite
  • Description: Computer Associates Internet Security Suite is exposed to an issue that lets attackers overwrite files. This issue affects the "SaveToFile()" method of the "UmxEventCli.dll" ActiveX control library because it fails to sanitize user-supplied input. Internet Security Suite 2008 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492679
  • 08.24.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SecurityGateway "SecurityGateway.dll" Remote Buffer Overflow
  • Description: SecurityGateway is an email firewall for Exchange and SMTP Servers. The management console of the product running on TCP port 4000 is exposed to a buffer overflow issue. SecurityGateway version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29457
  • 08.24.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FFFTP "LIST" Command Directory Traversal
  • Description: FFFTP is an FTP client for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. FFFTP version 1.96b is affected.
  • Ref: http://vuln.sg/FFFTP196b-en.html
  • 08.24.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VMware "vmCOM.dll" "GuestInfo()" Method ActiveX Control Remote Buffer Overflow
  • Description: A VMware ActiveX control is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. "vmCOM.dll" version 1.0.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.24.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: C6 Messenger Installation URL Downloader ActiveX Control Arbitrary File Download
  • Description: C6 Messenger is an IM application. The application is exposed to an issue that lets remote attackers download files from arbitrary locations to an affected computer.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.24.13 - CVE: CVE-2007-5607
  • Platform: Third Party Windows Apps
  • Title: HP Instant Support "HPISDataManager.dll" RegistryString Buffer Overflow
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/526131
  • 08.24.14 - CVE: CVE-2008-0952
  • Platform: Third Party Windows Apps
  • Title: HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Creation
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products. The application is exposed to an issue that lets attackers create and overwrite files with arbitrary, attacker-controlled content. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/190939
  • 08.24.15 - CVE: CVE-2007-5610
  • Platform: Third Party Windows Apps
  • Title: HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Delete
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products. HP Instant Support "HPISDataManager.dll" ActiveX control is exposed to an issue that lets attackers delete arbitrary files on the affected computer. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/857539
  • 08.24.16 - CVE: CVE-2008-0955
  • Platform: Third Party Windows Apps
  • Title: Creative Labs AutoUpdate Eng "CTSUEng.ocx" ActiveX Control Remote Buffer Overflow
  • Description: Creative Software AutoUpdate Engine is an auto-update component for Creative Labs software. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.kb.cert.org/vuls/id/501843
  • 08.24.17 - CVE: CVE-2008-1805
  • Platform: Third Party Windows Apps
  • Title: Skype "file://" URI Handler Bypass Remote Code Execution
  • Description: Skype is peer-to-peer communications software that supports IP-based voice communications. The application is exposed to a remote code execution issue caused by a logic error in the affected application. The issue occurs in the "file://" URI handler. Skype versions prior to 3.8.0.139 are affected.
  • Ref: http://www.skype.com/security/skype-sb-2008-003.html
  • 08.24.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sleipnir "favorite search" Function Script Code Execution
  • Description: Sleipnir is a browser available for Microsoft Windows. The application is exposed to an issue that lets remote attackers execute arbitrary script code because the application fails to properly sanitize user-supplied input. The vulnerability occurs in the "favorite search" function. Sleipnir version 2.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29555
  • 08.24.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Black Ice Multiple Applications "BiDib.dll" ActiveX Control Remote Buffer Overflow
  • Description: Multiple Black Ice Software applications are exposed to a stack-based buffer overflow issue because they fail to perform adequate boundary checks on user-supplied input. The applications that include BiDib.dll version 10.9.3.0 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.24.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ALFTP FTP Client "LIST" Command Directory Traversal
  • Description: ALFTP is an FTP client and server application available for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. ALFTP versions 4.1 beta 2 (English) and 5.0 (Korean) are affected.
  • Ref: http://vuln.sg/alftp41b2-en.html
  • 08.24.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Exiv2 Pretty Printing for Nikon Lens Metadata Denial of Service
  • Description: Exiv2 is a C++ library and command-line utility used to manage image metadata. The library is exposed to a denial of service issue that occurs when processing Nikon lens metadata for pretty printing. Exiv2 version 0.16 is affected. Ref: http://vuln.sg/alftp41b2-en.htmlhttp://dev.robotbattle.com/bugs/view.php?id=0000546
  • 08.24.22 - CVE: CVE-2008-0956
  • Platform: Third Party Windows Apps
  • Title: BackWeb "LiteInstActivator.dll" ActiveX Control Buffer Overflow
  • Description: BackWeb is an application used to facilitate certain installation and updating functionality in other software. BackWeb is embedded in the Logitech Desktop manager. The application is exposed to a remote buffer overflow issue due to a flaw in one of its ActiveX control components. The issue occurs because the component fails to perform adequate boundary checks on user-supplied input prior to copying it to a buffer. BackWeb versions prior to 8.1.1.87 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/216153
  • 08.24.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Black Ice "BiAnno.ocx" Annotation SDK/ActiveX Control Remote Buffer Overflow
  • Description: Black Ice Annotation SDK/ActiveX Control is a toolkit used to add data to TIFF image files. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate size checks on user-supplied input. Annotation SDK/ActiveX Control provided by "BiAnno.ocx" version 10.9.5 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.24.24 - CVE: CVE-2008-1576
  • Platform: Mac Os
  • Title: Apple Mac OS X Mail Memory Corruption
  • Description: Apple Mac OS X is exposed to a memory corruption issue that affects the Mail application. This issue may be triggered when a malicious email is sent through an SMTP server over IPv6. This will cause Mail to use a buffer containing partially uninitialized memory, which could be revealed to mail recipients and mail server administrators. Mac OS X and Mac OS X Server version 10.4.11 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/566875
  • 08.24.25 - CVE: CVE-2008-1571
  • Platform: Mac Os
  • Title: Apple Mac OS X Image Capture Webserver Directory Traversal
  • Description: Apple's Image Capture facilitates transfer of images from a digital camera to a computer. It includes an embedded webserver. Image Capture is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input. Mac OS X and Mac OS X Server version 10.4.11 is affected.
  • Ref: http://www.securityfocus.com/bid/29501
  • 10.5.2 - CVE: CVE-2008-157310.4.11 and Mac OS X versions through are affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure
  • Description: Apple Mac OS X ImageIO is an image-processing framework that provides applications with read and write functionality for various image file formats. The application is exposed to an information disclosure issue. Mac OS X and Mac OS X Server version
  • Ref: http://www.kb.cert.org/vuls/id/566875
  • 08.24.28 - CVE: CVE-2008-1578
  • Platform: Mac Os
  • Title: Apple Mac OS X Single Sign-On "sso_util" Local Information Disclosure
  • Description: Apple Mac OS X is exposed to a local information disclosure issue that affects the Single Sign-On "sso_util" command-line utility. The issue occurs because "sso_util" requires that password data be supplied as a command-line argument. Mac OS X and Mac OS X Server versions 10.4.11 and 10.5 through 10.5.2 are affected.
  • Ref: http://www.securityfocus.com/bid/29520
  • 08.24.29 - CVE: CVE-2008-1572
  • Platform: Mac Os
  • Title: Apple Mac OS X Image Capture Local Arbitrary File Overwrite
  • Description: Apple Mac OS X Image Capture is exposed to an issue that allows local attackers to overwrite arbitrary files. Specifically, an insecure file operation occurs when handling temporary files. Mac OS X and Mac OS X Server version 10.4.11 is affected.
  • Ref: http://www.securityfocus.com/bid/29521
  • 08.24.30 - CVE: CVE-2008-2359
  • Platform: Linux
  • Title: Fedora "system-config-network" Security Bypass
  • Description: The "system-config-network" command is used to configure network hardware. The command is exposed to a security bypass issue because the software fails to properly restrict access to certain functionality. "system-config-network" version 1.5.5-1.fc8 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=448557
  • 08.24.31 - CVE: CVE-2008-1109, CVE-2008-1108
  • Platform: Linux
  • Title: Gnome Evolution iCalendar Multiple Buffer Overflow Vulnerabilities
  • Description: Gnome Evolution is an email, address book and calendar application for users of the GNOME desktop. The application is exposed to multiple issues because it fails to perform adequate boundary checks on user-supplied data. Gnome Evolution version 2.21.1 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0516.html
  • 08.24.32 - CVE: CVE-2008-1673
  • Platform: Linux
  • Title: Linux Kernel BER Decoding Remote Buffer Overflow
  • Description: The Linux Kernel is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs in the "asn1_ioid_decode()" structure of the "ip_nat_snmp_basic.c" source file. Ref: http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.26-rc5-git1.log
  • 08.24.33 - CVE: CVE-2008-2358
  • Platform: Linux
  • Title: Linux Kernel DCCP Subsystem Buffer Overflow
  • Description: The Linux kernel is exposed to a buffer overflow issue due to insufficient boundary checks. Specifically, the issue occurs in the DCCP subsystem due to missing feature length checks. Linux kernel version 2.6.18 is affected.
  • Ref: http://www.securityfocus.com/bid/29603
  • 08.24.34 - CVE: CVE-2008-2389
  • Platform: Linux
  • Title: opensuse-updater Symbolic Link Local Information Disclosure
  • Description: opensuse-updater is an update notifier applet for openSUSE. The application is exposed to a local information disclosure issue. opensuse-updater running on openSUSE 10.2 is affected. Ref: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
  • 08.24.35 - CVE: CVE-2008-0960
  • Platform: Linux
  • Title: Net-SNMP Remote Authentication Bypass
  • Description: Net-SNMP is a set of tools and libraries. The application is exposed to a remote authentication bypass issue because of a design error. Specifically, the "snmplib/scapi.c" source file uses the length of HMAC authentication code from an SNMPv3 packet for validation. Net-SNMP versions 5.4.1, 5.3.2, 5.2.4 and earlier are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=447974
  • 08.24.36 - CVE: Not Available
  • Platform: Novell
  • Title: Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities
  • Description: Novell GroupWise Messenger is an instant messaging client. The application is exposed to unspecified buffer overflow issues because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized buffer. Specifically, the issues occur when crafted spoofed server responses are sent to valid clients. Novell GroupWise Messenger versions prior to 2.0.3 HP1 are affected.
  • Ref: http://download.novell.com/Download?buildid=HHSfPO91pLQ~
  • 08.24.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Anubis Plugin for encrypt Original File Size Information Disclosure Weakness
  • Description: The "encrypt" application is a freely available utility designed to encrypt and decrypt sensitive information. The Anubis plugin for "encrypt" provides additional encryption algorithms. The application is exposed to an information disclosure issue because the software fails to properly safeguard potentially sensitive information. Anubis versions prior to 1.3 are affected. Ref: https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2
  • 08.24.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CuteFTP "LIST" Command Directory Traversal
  • Description: CuteFTP is an FTP client for Microsoft Windows and Apple Mac OS X. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input data. CuteFTP Home versions 8.2.0 Build 02.26.2008.4 and 04.01.2008.1 are affected.
  • Ref: http://vuln.sg/cuteftp820-en.html
  • 08.24.39 - CVE: CVE-2008-2157
  • Platform: Cross Platform
  • Title: EMC AlphaStor Library Manager
  • Description: EMC AlphaStor is a suite of applications used for disk management. The Library Manager ("robotd") is a single process that manages the replacement of disk drives located in the distrusted locations. The application is exposed to a remote code execution issue that occurs in the Library Manager because the application fails to sufficiently sanitize user-supplied input. EMC AlphaStor version 3.1 SP1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492667
  • 08.24.40 - CVE: CVE-2008-2054
  • Platform: Cross Platform
  • Title: CiscoWorks Common Services Unspecified Remote Code Execution
  • Description: CiscoWorks Common Services is a set of management services used by other CiscoWorks applications. The application is exposed to an unspecified remote code execution issue.
  • Ref: http://www.securityfocus.com/archive/1/492685
  • 08.24.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AhsayOBM and AhsayACB SSL Certificate Validation Security Bypass
  • Description: AhsayOBM (Ahsay Online Backup Manager) and AhsayACB (Ahsay A-Click Backup) are online backup applications. The applications are exposed to a security bypass issue because they fail to properly validate SSL certificates from a server when performing online backups.
  • Ref: http://forum.ahsay.com/viewtopic.php?t=2313
  • 08.24.42 - CVE: CVE-2008-1579
  • Platform: Cross Platform
  • Title: Apple Mac OS X Wiki Server User Name Enumeration Weakness
  • Description: Wiki Server is a component of Mac OS X Server. The application is exposed to a weakness that may allow an attacker to enumerate valid user names. The problem occurs when the Wiki Server is enabled and an attacker tries to access a blog that doesn't exist. Mac OS X Server versions 10.5 to 10.5.2 are affected.
  • Ref: http://support.apple.com/kb/HT1897
  • 08.24.43 - CVE: CVE-2008-2541
  • Platform: Cross Platform
  • Title: Computer Associates eTrust Secure Content Manager Multiple Vulnerabilities
  • Description: Computer Associates eTrust Secure Content Manager is a gateway application that monitors, filters and blocks possible threats from computers. The application is exposed to multiple issues because it fails to perform adequate boundary checks on user-supplied data. Computer Associates eTrust Secure Content Manager version 8.0 is affected. Ref: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408#section2
  • 08.24.44 - CVE: CVE-2008-1581, CVE-2008-1582, CVE-2008-1583,CVE-2008-1584, CVE-2008-1585
  • Platform: Cross Platform
  • Title: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to multiple remote issues that may allow remote attackers to execute arbitrary code or carry out denial of service attacks. QuickTime versions prior to 7.5 are affected.
  • Ref: http://secunia.com/secunia_research/2008-9/advisory/
  • 08.24.45 - CVE: CVE-2008-2152
  • Platform: Cross Platform
  • Title: OpenOffice "rtl_allocateMemory()" Heap-Based Buffer Overflow
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. The application is exposed to a heap-based buffer overflow. The issue stems from an integer overflow error in the "rtl_allocateMemory()" custom memory allocation function. OpenOffice versions 2 up to and including 2.4 are affected.
  • Ref: http://www.openoffice.org/security/cves/CVE-2008-2152.html
  • 08.24.46 - CVE: CVE-2008-2403
  • Platform: Cross Platform
  • Title: Sun Java ASP Server Multiple Directory Traversal Vulnerabilities
  • Description: Sun Java System Active Server Pages software allows organizations to deploy Active Server Pages (ASP)-based web applications on a variety of web servers and operating systems.These applications are exposed to multiple directory traversal issues because the ASP engine fails to sufficiently sanitize user-supplied input. Sun Java ASP Server versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/493066
  • 08.24.47 - CVE: CVE-2008-2402
  • Platform: Cross Platform
  • Title: Sun Java ASP Server Information Disclosure
  • Description: Sun Java ASP Server provides Active Server Pages functionality for webservers. The server is available for multiple operating platforms. The server is exposed to an information disclosure issue because it fails to restrict access to potentially sensitive information. Java ASP Server versions 4.0.2 and earlier are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
  • 08.24.48 - CVE: CVE-2008-2097
  • Platform: Cross Platform
  • Title: VMware Openwsman on ESX and ESXi Local Privilege Escalation
  • Description: VMware ESX is a set of server emulation applications for several platforms. Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). The Openwsman service is exposed to a privilege escalation issue because of an unspecified invalid Content-Length error. Openwsman service on ESX and ESXi version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29547
  • 08.24.49 - CVE: CVE-2008-2100
  • Platform: Cross Platform
  • Title: VMware VIX API Multiple Unspecified Buffer Overflow Vulnerabilities
  • Description: VMware VIX API is an Application Programming Interface that allows users to write scripts and programs that manipulate virtual machines. Vix is exposed to multiple buffer overflow issues because it fails to adequately bounds check user-supplied input before copying it to insufficiently sized buffers. VMware VIX API versions 1.1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29552
  • 08.24.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Service Tag Registry "/var" Consumption Local Denial of Service
  • Description: Sun Security Tag uniquely identifies each tagged piece of hardware and allows information about the hardware to be shared over a local network in a standard XML format. The application is exposed to a local denial of service issue that affects the registry.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238414-1
  • 08.24.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Server Console Unspecified Code Execution
  • Description: VMware Server Console is an application designed to allow administrators to remotely manage VMware servers and guest operating systems. The application is exposed to an unspecified code execution issue caused by a stack-based buffer overflow issue. VMware Server Console version 1.0.5 build 80187 is affected.
  • Ref: http://www.dbappsecurity.com/news-08_5_9__02.html
  • 08.24.52 - CVE: CVE-2008-2543
  • Platform: Cross Platform
  • Title: Asterisk-addons "OOH323" Channel Driver Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to a remote denial of service issue that stems from a design error. The application listens on a TCP socket to receive packets containing memory addresses to be freed.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-009.html
  • 08.24.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GraphicsMagick Multiple Remote Vulnerabilities
  • Description: GraphicsMagick is an image-processing application available for multiple platforms. It was originally derived from ImageMagick 5.5.2. GraphicsMagick versions 1.1.14 and 1.2.3 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485
  • 08.24.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms, including Linux, AIX, Solaris, and Microsoft Windows. The application is exposed to multiple issues. IBM DB2 Universal Database Server versions prior to DB2 9.1 Fixpak 5 are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.phpid=688
  • 08.24.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Icon Labs Iconfidant SSH Multiple Denial of Service Vulnerabilities
  • Description: Icon Labs Iconfidant SSH server is exposed to three issues that can cause denial of service conditions. The issues are triggered in the following ways: when multiple authentication attempts are performed over a short period of time; when an authentication attempt occurs simultaneously with certain management operations; and when certain invalid authentication credentials are provided during authentication. Iconfidant SSH server versions prior to 2.3.8 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/626979
  • 08.24.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Interstage Management Console Unspecified Arbitrary File Access
  • Description: The Fujitsu Interstage management console allows administrators to manage, monitor and control the entire server farm from a single browser based console. The application is exposed to an unspecified arbitrary file access issue. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html
  • 08.24.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Motion "read_client()" Off-By-One Buffer Overflow
  • Description: Motion is a camera motion detector. The application is exposed to an off-by-one buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs in the "read_client()" function of the "webhttpd.c" source file. Motion versions 3.2.10 and earlier are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572
  • 08.24.58 - CVE: CVE-2008-1808
  • Platform: Cross Platform
  • Title: FreeType Printer Font Binary Heap-Based Buffer Overflow
  • Description: FreeType is an open source library for parsing fonts. The application is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs when parsing Printer Font Binary (PFB) format font files. FreeType version 2 2.3.5 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
  • 08.24.59 - CVE: CVE-2008-1808
  • Platform: Cross Platform
  • Title: FreeType TrueType Font Heap-Based Buffer Overflow
  • Description: FreeType is an open source library for parsing fonts. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when parsing TrueType Font (TTF) font files. FreeType version 2.3.5 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
  • 08.24.60 - CVE: CVE-2008-1806
  • Platform: Cross Platform
  • Title: FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow
  • Description: FreeType2 is an open source library for parsing fonts. The application is exposed to an integer overflow issue because it fails to perform adequate checks on user-supplied data. FreeType version 2 2.3.5 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
  • 08.24.61 - CVE: CVE-2008-1807
  • Platform: Cross Platform
  • Title: FreeType2 Printer Font Binary Remote Code Exeuction
  • Description: FreeType2 is an open source library for parsing fonts. The application is exposed to a remote code execution issue when parsing Printer Font Binary (PFB) format font files. If an invalid "number of axes" in a PFB file is processed, "free()" could be called on unallocated memory. FreeType version 2 2.3.5 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
  • 08.24.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 "KJ: Image Lightbox v2" Extension Unspecified Cross-Site Scripting
  • Description: KJ: Image Lightbox v2 (kj_imagelightbox2) is an extension for TYPO3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. kj_imagelightbox versions prior to 2 1.1.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080527-1/
  • 08.24.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kent WEB MART Unspecified Cross-Site Scripting
  • Description: WEB MART is a web-based shopping cart application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to an unspecified parameter. WEB MART version 1.61 is affected.
  • Ref: http://www.securityfocus.com/bid/29436
  • 08.24.64 - CVE: CVE-2008-1947
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat Host Manager Cross-Site Scripting
  • Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The Apache Tomcat Host Manager web application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "name" attribute of the "host-manager/html/add" script. Tomcat versions 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 are affected.
  • Ref: http://tomcat.apache.org/security-6.html
  • 08.24.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SamTodo "tid" Parameter Cross-Site Scripting
  • Description: SamTodo is a web-based application for managing to-do lists. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "tid" parameter of the "index.php" script. SamTodo version 1.1 is affected.
  • Ref: http://www.davidsopas.com/soapbox/samtodo.txt
  • 08.24.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SamTodo "completed" Parameter Cross-Site Scripting
  • Description: SamTodo is a PHP-based application for managing to-do lists. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "completed" parameter of the "index.php" script. SamTodo version 1.1 is affected.
  • Ref: http://www.davidsopas.com/soapbox/samtodo.txt
  • 08.24.67 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F5 FirePass SSL VPN Multiple Cross-Site Request Forgery Vulnerabilities
  • Description: FirePass SSL VPN is a secure Virtual Private Network device that uses SSL connections to encapsulate network traffic. The device's management interface is exposed to multiple cross-site request-forgery issues because it fails to adequately sanitize user-supplied input. FirePass version 6.0.2 hotfix 3 is affected.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
  • 08.24.68 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kronos webTA Project Management Module Multiple Cross-Site Scripting Vulnerabilities
  • Description: Kronos webTA is a labor management application designed for the U.S. Federal Government. The application is exposed to multiple cross-site scripting issues that affect the following scripts in the Project Management module: "/servlet/com.threeis.webta.H710selProject" and "/servlet/com.threeis.webta.H720editProjectInfo".
  • Ref: http://www.securityfocus.com/archive/1/493193
  • 08.24.69 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Workplace Unspecified Cross-Site Scripting
  • Description: IBM Workplace products are web-based applications that provide role-based frameworks for Business. The application is exposed to an unspecified cross-site scripting issue because the applications fail to sanitize user-supplied input.
  • Ref: http://www-306.ibm.com/software/lotus/products/workplace/
  • 08.24.70 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tornado Knowledge Retrieval System "p" Parameter Cross-Site Scripting
  • Description: Tornado Knowledge Retrieval System is a knowledge management application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "p" parameter of the "searcher.exe" script. Tornado Knowledge Retrieval System version 4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493217
  • 08.24.71 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Image Gallery "action" Parameter Cross-Site Scripting
  • Description: PHP Image Gallery is a photo gallery application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "action" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29643
  • 08.24.72 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Glassfish "name" Parameter Cross-Site Scripting
  • Description: Sun Glassfish is a web administration interface for the Sun Java System Application Server. The application is exposed to a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input to the "name" parameter of the "httpListenerEdit.jsf" source file.
  • Ref: http://www.securityfocus.com/archive/1/493243
  • 08.24.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MAXSITE "index.php" SQL Injection
  • Description: MAXSITE is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "index.php" script before using it in an SQL query. MAXSITE versions 1.10 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29381
  • 08.24.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 "sg_zfelib" Extension Multiple SQL Injection Vulnerabilities
  • Description: Library for Frontend plugins (sg_zfelib) is an extension for the TYPO3 content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified scripts and parameters. sg_zfelib versions 1.1.512 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/
  • 08.24.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CKGold Shopping Cart "item.php" SQL Injection
  • Description: CKGold Shopping Card is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "item.php" script before using it in an SQL query. CKGold Shopping Cart 2.5 is affected; other versions may also be vulnerable.
  • Ref: http://www.securityfocus.com/bid/29394
  • 08.24.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Artists Component "idgalery" Parameter SQL Injection
  • Description: Artists is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idgalery" parameter of the "com_artist" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29407
  • 08.24.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AirvaeCommerce "index.php" SQL Injection
  • Description: AirvaeCommerce is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter when the "p" parameter is set to "vzh". AirvaeCommerce version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29423
  • 08.24.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JustPORTAL "site" Parameter Multiple SQL Injection Vulnerabilities
  • Description: JustPORTAL is a web portal implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. JustPORTAL version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29426
  • 08.24.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Proje ASP Portal "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Proje ASP Portal is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Proje ASP Portal version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29427
  • 08.24.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Booking Calendar "details_view.php" SQL Injection
  • Description: PHP Booking Calendar is a web-based calendar application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "event_id" parameter of the "details_view.php" script before using it in an SQL query. PHP Booking Calendar version 10d is affected.
  • Ref: http://www.securityfocus.com/bid/29435
  • 08.24.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Social Site Generator Multiple SQL Injection Vulnerabilities
  • Description: Social Site Generator is a PHP-based application for social networking. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29452
  • 08.24.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS Easyway "mid" Parameter SQL Injection
  • Description: CMS Easyway is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mid" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29461
  • 08.24.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo myContent Component "id" Parameter SQL Injection
  • Description: myContent is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_mycontent" component before using it in an SQL query. myContent version 1.1.13 is affected.
  • Ref: http://www.securityfocus.com/bid/29468
  • 08.24.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OtomiGenX "userAccount" Parameter SQL Injection
  • Description: OtomiGenX is a web application. It is designed for library automation. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. OtomiGenX version 2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492914
  • 08.24.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Bible Study Component "id" Parameter SQL Injection
  • Description: The Bible Study component is a bible plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_biblestudy" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29473
  • 08.24.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Pblog Module "index.php" SQL Injection
  • Description: Pblog is a photo blog module for Drupal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "albumId" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29495
  • 08.24.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo eQuotes Component SQL Injection
  • Description: Mambo and Joomla! are PHP-based content managers. The eQuotes ("com_equotes") component for Joomla! and Mambo is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. eQuotes version 0.9.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29498
  • 08.24.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Battle Blog "comment.asp" SQL Injection
  • Description: Battle Blog is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "entry" parameter of the "comment.asp" script before using it in an SQL query. Battle Blog version 1.25 is affected.
  • Ref: http://www.securityfocus.com/bid/29507
  • 08.24.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pNews "index.php" SQL Injection
  • Description: pNews is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "shownews" parameter of the "index.php" script before using it in an SQL query. pNews version 2.08 is affected.
  • Ref: http://www.securityfocus.com/bid/29617
  • 08.24.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo JotLoader Component "cid" Parameter SQL Injection
  • Description: JotLoader is a plugin for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "com_jotloader" component before using it in an SQL query.
  • Ref: http://www.kanich.net/radio/cms/content/view/50/9/
  • 08.24.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Simple Shop Component "catid" Parameter SQL Injection
  • Description: Simple Shop is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_simpleshop" component before using it in an SQL query. Simple Shop versions 3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29565
  • 08.24.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Power Phlogger "css_str" SQL Injection
  • Description: Power Phlogger is a website statistics tool. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "css_str" parameter of the "edCss.php" script before using it in an SQL query. All versions up to and including Power Phlogger version 2.2.5 are affected.
  • Ref: http://websecurity.com.ua/2158/
  • 08.24.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! GameQ Component "category_id" Parameter SQL Injection
  • Description: GameQ is a plugin that provides game-related functionality for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "com_gameq" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29592
  • 08.24.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Rapid-Source Rapid-Recipe Joomla! Component "recipe_id" Parameter SQL Injection
  • Description: Rapid-Recipe is a component for publishing recipes for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "recipe_id" parameter of the "com_rapidrecipe" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29593
  • 08.24.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JiRo's FAQ Manager eXperience "fID" Parameter SQL Injection
  • Description: JiRo's FAQ Manager eXperience is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "fID" parameter of the "read.asp" script before using it in an SQL query. JiRo's FAQ Manager eXperience version 1.0 is affected.
  • Ref: http://www.jiros.net/products/product.asp?pID=9
  • 08.24.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: yvComment Joomla! Component "ArticleID" Parameter SQL Injection
  • Description: yvComment is a component for publishing comments for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ArticleID" parameter of the "com_yvcomment" component before using it in an SQL query. yvComment versions 1.16 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29596
  • 08.24.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iJoomla News Portal Component "Itemid" Parameter SQL Injection
  • Description: iJoomla News Portal component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter of the "com_news_portal" module before using it in an SQL query. iJoomla News Portal version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29604
  • 08.24.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Courier-Authlib Non-Latin Character Handling SQL Injection
  • Description: Courier-Authlib is an authentication library for Courier applications. The library is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. The issue occurs when the library processes non-Latin characters. Courier-Authlib versions prior to 0.60.6 are affected.
  • Ref: http://marc.info/?l=courier-users&m=121294465330832
  • 08.24.99 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPilot Pilot Cart "pilot.asp" SQL Injection
  • Description: ASPilot Pilot Cart is an ecommerce application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "article" parameter of the "pilot.asp" script before using it in an SQL query. ASPilot Pilot Cart version 7.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29615
  • 08.24.100 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DCFM Blog "comments.php" SQL Injection
  • Description: DCFM Blog is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "comments.php" script before using it in an SQL query. DCFM Blog version 0.9.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493220
  • 08.24.101 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Insanely Simple Blog "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Insanely Simple Blog is a PHP-based blogging application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter and "term" search field parameter of the "index.php" script before using it in an SQL query. Insanely Simple Blog version 0.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493224
  • 08.24.102 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPPortal "reply.asp" SQL Injection
  • Description: ASPPortal is a website builder application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Topic_Id" parameter of the "content/forums/reply.asp" script before using it in an SQL query. ASPPortal Free Version is affected.
  • Ref: http://www.securityfocus.com/bid/29631
  • 08.24.103 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP News Management "viewnews.asp" SQL Injection
  • Description: ASP News Management is a news announcement application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsID" parameter of the "viewnews.asp" script before using it in an SQL query. ASP News Management version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29638
  • 08.24.104 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Experts "answer.php" SQL Injection
  • Description: Experts is a question and answer script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "question_id" parameter of the "answer.php" script before using it in an SQL query. Experts version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29642
  • 08.24.105 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Yuhhu Superstar 2008 "view.topics.php" SQL Injection
  • Description: Yuhhu Superstar 2008 is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "board" parameter of the "view.topics.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29647
  • 08.24.106 - CVE: Not Available
  • Platform: Web Application
  • Title: The Campus Request Repairs System "sentout.asp" Unauthorized Access
  • Description: The Campus Request Repairs System is an ASP-based application for managing repair requests; it is distributed by the Gaoxiong Municipal government Bureau of Education. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts used for creating accounts. The Campus Request Repairs System version 1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/492589
  • 08.24.107 - CVE: Not Available
  • Platform: Web Application
  • Title: trombyn "demoupload.php" Arbitrary File Upload
  • Description: The "trombyn" program is a web-based genealogy tracker. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input to the "membres/demoupload.php" script. trombyn version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29390
  • 08.24.108 - CVE: Not Available
  • Platform: Web Application
  • Title: DT Centrepiece SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: DT Centrepiece is a web-based content manager. The application is exposed to an SQL injection issue and a cross-site scripting issue. Both issues affect the "searchFor" parameter of the "search.asp" script because the application fails to sufficiently sanitize user-supplied data. DT Centrepiece version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29403
  • 08.24.109 - CVE: Not Available
  • Platform: Web Application
  • Title: FlashBlog "imgupload.php" Arbitrary File Upload
  • Description: FlashBlog is a blogging application with a Flash interface. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input to the "admin/Editor/imgupload.php" script. FlashBlog BETA version 0.31 is affected.
  • Ref: http://www.securityfocus.com/bid/29419
  • 08.24.110 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS from Scratch "upload.php" Arbitrary File Upload
  • Description: CMS from Scratch is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input, in the form of file extensions, to the "FCKeditor/editor/filemanager/connectors/php/upload.php" script. CMS from Scratch version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29431
  • 08.24.111 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS from Scratch "image.php" Directory Traversal and Arbitrary File Upload Vulnerabilities
  • Description: CMS from Scratch is a PHP-based content manager. The application is exposed to a directory traversal issue and an arbitrary file upload issue because it fails to properly sanitize user-supplied input. CMS from Scratch version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29434
  • 08.24.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Opencosmo VisualSentinel User Agent HTML Injection
  • Description: Opencosmo VisualSentinel is a PHP-based security application. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/492876
  • 08.24.113 - CVE: Not Available
  • Platform: Web Application
  • Title: PassWiki "site_id" Parameter Local File Include
  • Description: PassWiki is a PHP-based Wiki application. The application is prone to a local file include issue because it fails to properly sanitize user-supplied input to the "site_id" parameter of the "passwiki.php" script. PassWiki versions 0.9.16 RC3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29455
  • 08.24.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Social Site Generator "social_game_play.php" Remote File Include
  • Description: Social Site Generator is a PHP-based application for social networking. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "social_game_play.php" script.
  • Ref: http://www.securityfocus.com/bid/29462
  • 08.24.115 - CVE: Not Available
  • Platform: Web Application
  • Title: SMEWeb SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
  • Description: SMEWeb is a web-based application. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. SMEWeb version 1.4b is affected.
  • Ref: http://www.securityfocus.com/archive/1/493130
  • 08.24.116 - CVE: Not Available
  • Platform: Web Application
  • Title: LimeSurvey Prior to 1.71 Multiple Remote Vulnerabilities
  • Description: LimeSurvey is an open-source survey application implemented in PHP. The application is exposed to multiple issues. LimeSurvey versions prior to 1.71 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922
  • 08.24.117 - CVE: Not Available
  • Platform: Web Application
  • Title: QuickerSite Multiple Vulnerabilities
  • Description: QuickerSite is ASP-based content manager. The application is exposed to multiple issues. QuickerSite version 1.8.5 is affected.
  • Ref: http://bugreport.ir/index.php?/39
  • 08.24.118 - CVE: CVE-2007-5608
  • Platform: Web Application
  • Title: HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Download
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products. HP Instant Support ActiveX control is exposed to an issue that lets attackers download arbitrary files.
  • Ref: http://www.kb.cert.org/vuls/id/949587
  • 08.24.119 - CVE: CVE-2007-5605
  • Platform: Web Application
  • Title: HP Instant Support "HPISDataManager.dll" "GetFileTime" ActiveX Control Buffer Overflow
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues affecting HP products. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/558163
  • 08.24.120 - CVE: CVE-2007-5606
  • Platform: Web Application
  • Title: HP Instant Support "HPISDataManager.dll" "MoveFile" ActiveX Control Buffer Overflow
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues that affect HP products. HP Instant Support "HPISDataManager.dll" ActiveX control is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/221123
  • 08.24.121 - CVE: CVE-2008-0953
  • Platform: Web Application
  • Title: HP Instant Support "HPISDataManager.dll" "StartApp" ActiveX Control Insecure Method
  • Description: HP Instant Support is a suite of web-based support tools that automate resolving technical issues affecting HP products. The application is exposed to an insecure method issue. HP Instant Support versions 1.0.0.22 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/998779
  • 08.24.122 - CVE: Not Available
  • Platform: Web Application
  • Title: Achievo "config.php" Arbitrary File Upload
  • Description: Achievo is a web-based resource management tool. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input, in the form of file extensions, to the "/atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/ config.php" script. Achievo version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29621
  • 08.24.123 - CVE: CVE-2008-2406
  • Platform: Web Application
  • Title: Sun Java ASP Server Remote Authentication Bypass
  • Description: Sun Java ASP Server allows organizations to deploy ASP-based web applications on various web servers and operating systems. The server is exposed to a remote authentication bypass issue because of a design error in the affected application. Sun Java ASP Server versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/493071
  • 08.24.124 - CVE: Not Available
  • Platform: Web Application
  • Title: Realm CMS Multiple Input Validation Vulnerabilities
  • Description: Realm CMS is a content management system. The application is exposed to multiple input validation issues. An SQL injection issue affect the "kwrd" parameter of the "inc_routine.asp" script. Multiple cross-site scripting issues affect the "Boyut" and the "CmpctedDB" parameters of the "compact.asp" script. An authentication bypass issue due to the application allowing users to manipulate cookie data. Realm CMS version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29616
  • 08.24.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Flux CMS "loadsave.php" Arbitrary File Overwrite
  • Description: Flux CMS is a content management system. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files because the software fails to verify user-supplied input. Flux CMS version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29618
  • 08.24.126 - CVE: Not Available
  • Platform: Web Application
  • Title: 427BB Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: 427BB is a bulletin board system implemented in PHP with a MySQL backend. The application is exposed to multiple input validation issues. 427BB version 2.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29564
  • 08.24.127 - CVE: Not Available
  • Platform: Web Application
  • Title: WEBalbum "photo_add-c.php" HTML Injection
  • Description: WEBalbum is a web-based photo application. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input. This issue affects the "Add Comment" functionality provided by the "comment" parameter of the "photo_add-c.php" script. WEBalbum version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493143
  • 08.24.128 - CVE: Not Available
  • Platform: Web Application
  • Title: Galatolo WebManager "com" Parameter Local File Include
  • Description: Galatolo WebManager is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sanitize user-supplied input supplied to the "com" parameter of the "index.php" script. Galatolo WebManager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29595
  • 08.24.129 - CVE: Not Available
  • Platform: Web Application
  • Title: phpInv Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: phpInv is a PHP-based inventory script. The application is exposed to multiple issues. phpInv version 0.8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29597
  • 08.24.130 - CVE: Not Available
  • Platform: Web Application
  • Title: BrowserCRM "clients.php" Remote File Include
  • Description: BrowserCRM is a PHP-based customer management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "bcrm_pub_root" parameter of the "clients.php" script. BrowserCRM version 5.002.00 is affected.
  • Ref: http://www.securityfocus.com/bid/29598
  • 08.24.131 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Uploader Module "filename" Parameter Directory Traversal
  • Description: Uploader is a PHP-based component for the XOOPS content manager. The application is exposed to a directory traversal issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "index.php" script. XOOPS Uploader version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29600
  • 08.24.132 - CVE: Not Available
  • Platform: Web Application
  • Title: NextGEN Gallery WordPress Plugin "nggallery-manage-gallery" HTML Injection
  • Description: The NextGEN Gallery plugin for WordPress is a web-based photo application. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input. This issue affects the description textbox provided by the "nggallery-manage-gallery" action of the "admin.php" script. NextGEN Gallery version 0.96 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493182
  • 08.24.133 - CVE: Not Available
  • Platform: Web Application
  • Title: Real Estate Website "location.asp" Multiple Input Validation Vulnerabilities
  • Description: Real Estate Website is a content manager implemented in ASP. The application is exposed to multiple input validation issues because it fails to adequately sanitized user supplied data. Real Estate Website version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29612
  • 08.24.134 - CVE: Not Available
  • Platform: Web Application
  • Title: proManager "config.php" Local File Include
  • Description: proManager is a PHP-based mind map and project manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "config.php" script. proManager version 0.73 is affected.
  • Ref: http://www.securityfocus.com/bid/29613
  • 08.24.135 - CVE: Not Available
  • Platform: Web Application
  • Title: Telephone Directory 2008 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Telephone Directory 2008 is a PHP-based address book. The application is exposed to multiple input validation issues. An SQL injection issue affects the "id" parameter of the "view_more.php" script and "code" parameter of the "edit1.php" script when used with the "confirm_data" action. A cross-site scripting issue affects the "action" parameter of the "edit1.php" script.
  • Ref: http://www.securityfocus.com/bid/29614
  • 08.24.136 - CVE: Not Available
  • Platform: Web Application
  • Title: ErfurtWiki Multiple Local File Include Vulnerabilities
  • Description: ErfurtWiki is a wiki application. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to these parameters and scripts: "fragments/css.php: ewiki_id, ewiki_action" and "index.php: id". ErfurtWiki version R1.02b is affected.
  • Ref: http://www.securityfocus.com/archive/1/493219
  • 08.24.137 - CVE: Not Available
  • Platform: Web Application
  • Title: yblog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: yblog is a PHP-based weblog application. The application is exposed to multiple input validation issues. yblog version 0.2.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493222
  • 08.24.138 - CVE: Not Available
  • Platform: Web Application
  • Title: Hot Links SQL-PHP Multiple Cross-Site Scripting Vulnerabilities
  • Description: Hot Links SQL-PHP is a web application. The application is exposed to multiple cross-site scripting issues that affect the following scripts and parameters: "search.php: search", "report.php: id" and "reviews.php: id".
  • Ref: http://www.securityfocus.com/bid/29632
  • 08.24.139 - CVE: Not Available
  • Platform: Web Application
  • Title: SyndeoCMS Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: SyndeoCMS is a content management system. SyndeoCMS is exposed to multiple input validation issues. SyndeoCMS version 2.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29644
  • 08.24.140 - CVE: Not Available
  • Platform: Web Application
  • Title: TNT Forum "index.php" Local File Include
  • Description: TNT Forum is an open-source forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "modulo" parameter of the "index.php" script. TNT Forum version 0.9.4 is affected.
  • Ref: http://sourceforge.net/projects/tntforum/

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Just amazing content and instruction, it's really a 'must do' for any info sec professional.
-Mark Austin, PHH Mortgage

vLive FOR408

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP