The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 25
June 19, 2008

SANS Newsletters Home

Both Microsoft Word and Firefox have newly discovered vulnerabilities that allow remote attackers to control the victims' computers - Word through a corrupted document and Firefox through a malicious web site. Neither vendor has released patches. It is a great time to remind you users never to open attachments unless you were expecting them from someone you know. There's really no security awareness defense against the Firefox vulnerability because many trusted sites are already infecting unsuspecting users. Alan P.S. The Virtualization Security Summit in Las Vegas ( http://www.sans.org/virtualization08_summit/) and the European SCADA Summit in Amsterdam ( http://www.sans.org/euscada08_summit/) were just posted today for registration.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 1 (#1)
    • Third Party Windows Apps
    • 4
    • Linux
    • 2
    • Solaris
    • 4
    • Unix
    • 2
    • Novell
    • 1 (#3)
    • Cross Platform
    • 22 (#2, #4)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 33
    • Web Application
    • 41

********************* Sponsored By Sourcefire, Inc. *********************

SC Magazine Names Snort(r) "Best Network Security." Learn how Snort is the engine powering the Sourcefire 3D(tm) System. This IPS is different from others because it shows you everything running on your network in real time. It also gives you context for your security events. Know more real threats. No more wild goose chases. Call 1.800.917.4134 today. http://www.sans.org/info/30124

*************************************************************************

TRAINING SCHEDULE UPDATE - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/sansfire08/ - - Canberra (6/30-7/5) http://www.sans.org/canberra08/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/17) http://www.sans.org/boston08/ - - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/ Plus 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Novell iPrint Multiple Vulnerabilities
  • Affected:
    • Novell iPrint ActiveX controls prior to 4.36

  • Description: Novell iPrint is a network printing system. Part of its client's functionality is provided by an ActiveX control. This control contains multiple vulnerabilities in its handling of various parameters. A specially crafted web page that instantiates this control could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSID "36723F97-7AA0-11D4-8919-FF2D71D0D32C". Note that this may affect normal application functionality.

  • References:
  • (4) MODERATE: Opera Multiple Vulnerabilities
  • Affected:
    • Opera versions prior to 9.5

  • Description: Opera is a popular cross-platform web browser. It contains multiple vulnerabilities in its handling of images, HTML frames, and certain characters in addresses. Successfully exploiting one of these vulnerabilities would allow an attacker to load images from non-authorized domains, obscure the current page address, or alter the contents of unrelated frames. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.25.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word Unordered List Handling Remote Memory Corruption
  • Description: Microsoft Word is exposed to a remote memory corruption issue when it handles specially-crafted Word files containing unordered lists.
  • Ref: http://www.nullcode.com.ar/ncs/crash/video2.htm
  • 08.25.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: muvee autoProducer "TextOut.dll" ActiveX Control Remote Buffer Overflow
  • Description: muvee autoProducer is a movie producing application available for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. muvee autoProducer version 6.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.25.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: artegic AG Dana Remote Buffer Overflow
  • Description: Dana is an IRC client for Microsoft Windows. The application is exposed to a buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Dana versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29724
  • 08.25.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Glub Tech Secure FTP "LIST" Command Directory Traversal
  • Description: Glub Tech Secure FTP is an FTP client application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Secure FTP version 2.5.15 for Microsoft Windows is affected.
  • Ref: http://vuln.sg/glubsecureftp2515-en.html
  • 08.25.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 3D-FTP "LIST" and "MLSD" Directory Traversal Vulnerabilities
  • Description: 3D-FTP is an FTP client for Microsoft Windows. The application is exposed to multiple directory traversal issues because it fails to sufficiently sanitize user-supplied input data. 3D-FTP version 8.01 is affected.
  • Ref: http://vuln.sg/3dftp801-en.html
  • 08.25.6 - CVE: CVE-2008-2366
  • Platform: Linux
  • Title: Red Hat Enterprise Linux OpenOffice Insecure Library Path Local Privilege Escalation
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. Red Hat has released OpenOffice packages with some in-house modifications in their Enterprise Linux distributions. The application is exposed to a local privilege escalation issue because they were built with insecure library search paths. OpenOffice version 1.1.x built and shipped with Red Hat Enterprise Linux 3 and 4 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0538.html
  • 08.25.7 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "pppol2tp_recvmsg()" Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue in the code that processes PPP (Point-to-Point Protocol) packets sent over L2TP (Layer 2 Transport Protocol). The issue occurs in the "pppol2tp_recvmsg()" function of the "drivers/net/pppol2tp.c" source file. Linux Kernel versions prior to 2.6.26-rc6 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b6707a50c7598a83820077393f8823ab791abf8
  • 08.25.8 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 and OpenSolaris Unspecified Kernel Denial of Service
  • Description: Sun Solaris and OpenSolaris are UNIX-based operating systems. These Operation systems are exposed to a denial of service issue due to an unspecified issue affecting the kernel.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238688-1
  • 08.25.9 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris 10 Event Port Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. This system is exposed to a denial of service issue due to an unspecified error in the event port implementation. A security issue in the event port implementation may lead to a system panic when executing an application program that submits and retrieves user-defined events from a port. Solaris 10 operating system is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235122-1
  • 08.25.10 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris and OpenSolaris Local IP Multicast Filter Integer Overflow
  • Description: Sun Solaris and OpenSolaris are UNIX-based operating systems. The application is exposed to an issue in the IP multicast Filter processing of Sockets because it fails to adequately bounds check user-supplied data. Sun Solaris 10 and OpenSolaris builds snv_13 through snv_91 for SPARC and x886 platforms are affected.
  • Ref: http://www.trapkit.de/advisories/TKADV2008-003.txt
  • 10 - CVE: Not Available82571/82572 network interface controllers. Solaris and OpenSolarisfor SPARC and x86 platforms are affected.
  • Platform: Solaris
  • Title: Sun Solaris "e1000g(7D)" Driver Remote Unspecified Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Solaris is exposed to a denial of service issue caused by an unspecified error in the "e1000g(7D)" Gigabit Ethernet driver when used with Intel
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238250-1
  • 08.25.12 - CVE: Not Available
  • Platform: Unix
  • Title: IBM OS/400 "BrSmRcvAndCheck()" Buffer Overflow
  • Description: IBM OS/400 is a Unix operating system. The application is exposed to a remote buffer overflow issue because it fails to properly perform size checks on user-supplied input. Ref: http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64
  • 08.25.13 - CVE: Not Available
  • Platform: Unix
  • Title: Fetchmail Verbose Mode Large Log Messages Remote Denial of Service
  • Description: Fetchmail is a freely available, open-source mail-retrieval utility. It is available for UNIX, Linux, and other UNIX-like operating systems. The application is exposed to a remote denial of service issue because the application fails to handle exceptional conditions. Fetchmail versions prior to 6.3.9 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/535
  • 08.25.14 - CVE: Not Available
  • Platform: Novell
  • Title: Novell iPrint Client Unspecified
  • Description: Novell iPrint Client lets users access printers from remote locations. The application is exposed to a security issue due to an unspecified error. iPrint Client versions prior to 4.36 are affected.
  • Ref: http://www.novell.com/products/netware/printing/quicklook.html
  • 08.25.15 - CVE: CVE-2008-1583
  • Platform: Cross Platform
  • Title: Apple QuickTime "PICT" Image Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a heap-based buffer overflow issue that arises when the application handles specially crafted "PICT" image files. QuickTime versions prior to 7.5 are affected.
  • Ref: http://support.apple.com/kb/HT1991
  • 08.25.16 - CVE: CVE-2008-1581
  • Platform: Cross Platform
  • Title: Apple QuickTime "PICT" Image "PixData" Structures Handling Heap Overflow
  • Description: QuickTime is a multimedia application developed by Apple. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. QuickTime versions prior to 7.5 for Windows XP and Vista are affected.
  • Ref: http://www.securityfocus.com/archive/1/493225
  • 08.25.17 - CVE: CVE-2008-1585
  • Platform: Cross Platform
  • Title: Apple QuickTime "file:" URI File Execution
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to an issue that allows remote attackers to launch arbitrary applications and files. This issue may lead to a remote compromise. QuickTime versions prior to 7.5 running on Apple Mac OS X 10.3.9, Mac OS X 10.4.9 to v10.4.11, Mac OS X 10.5 or later, Windows Vista, and Windows XP SP2 are affected.
  • Ref: http://support.apple.com/kb/HT1991
  • 08.25.18 - CVE: CVE-2008-1584
  • Platform: Cross Platform
  • Title: Apple QuickTime Indo Video Codec Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a stack-based buffer overflow that occurs in the "Indeo.qtx" file when handling specially crafted Indo video codec content. QuickTime versions prior to 7.5 are affected.
  • Ref: http://support.apple.com/kb/HT1991
  • 08.25.19 - CVE: CVE-2008-2364
  • Platform: Cross Platform
  • Title: Apache "mod_proxy_http" Interim Response Denial of Service
  • Description: Apache is an HTTP webserver available for multiple operating platforms. The "mod_proxy_http" module provides functionality used for proxying HTTP requests. The application is exposed to a denial of service issue. The issue affects the "ap_proxy_http_process_response()" function when the application handles excessive interim responses from an origin server and sends them to a client. Apache versions 2.2.8 and 2.0.63 are affected.
  • Ref: http://www.apache.org/dist/httpd/CHANGES_2.2.9
  • 08.25.20 - CVE: CVE-2008-1582
  • Platform: Cross Platform
  • Title: Apple QuickTime "AAC-encoded" Media Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue that arises when it handles specially crafted "AAC-encoded" media files. QuickTime versions prior to 7.5 are affected.
  • Ref: http://support.apple.com/kb/HT1991
  • 08.25.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NASM "ppscan()" Off-By-One Buffer Overflow
  • Description: The Netwide Assembler, NASM, is an 80x86 and x86-64 assembler. The application is exposed to an off-by-one buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. NASM versions 2.02 and earlier are affected. Ref: https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
  • 08.25.22 - CVE: CVE-2008-2361
  • Platform: Cross Platform
  • Title: X.Org X Server RENDER Extension "ProcRenderCreateCursor()" Denial of Service
  • Description: The X.Org X Windows System is an open-source X Window System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a denial of service issue because the software fails to properly handle exceptional conditions.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0503.html
  • 08.25.23 - CVE: CVE-2008-1379
  • Platform: Cross Platform
  • Title: X.Org X Server MIT-SHM Extension Information Disclosure
  • Description: The X.Org X Server is an open-source X Window System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to an information disclosure issue that lets X clients read arbitrary X server memory.
  • Ref: http://www.securityfocus.com/archive/1/493295
  • 08.25.24 - CVE: CVE-2008-2362
  • Platform: Cross Platform
  • Title: X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
  • Description: The X.Org X Server is an open-source X Window System for UNIX, Linux, and variants. It is freely available and distributed publicly. The RENDER component for X Server is exposed to multiple integer overflow issues because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/493291
  • 08.25.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager Authentication Bypass
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. Sun Java System Access Manager is exposed to an authentication bypass issue due to an unspecified error. Sun Java System Access Manager version 7.1 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238416-1
  • 08.25.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser 9.27 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to multiple security issues. Opera versions prior to 9.5 are affected.
  • Ref: http://www.opera.com/support/search/view/878/
  • 08.25.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Vim Vim Script Multiple Command Execution Vulnerabilities
  • Description: Vim is a text editor available for multiple operating platforms. The application is exposed to multiple command execution issues because it fails to sufficiently sanitize user-supplied data. These issues arise because the application utilizes "execute" commands in Vim Script within the application. Vim version 7.1.298 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493352
  • 08.25.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: S.T.A.L.K.E.R. Game Server Remote Denial of Service
  • Description: S.T.A.L.K.E.R. is a multi-player first person shooter game. Players can play against each other online using the game servers hosted by GSC Game World. The application is exposed to a remote denial of service issue because it fails to handle exceptional conditions when processing user nicknames longer than 64 characters. All versions up to and including 1.0006 are affected.
  • Ref: http://www.securityfocus.com/bid/29723
  • 08.25.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ClamAV "petite.c" Invalid Memory Access Denial of Service
  • Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. The application is exposed to a denial of service issue due to an invalid memory access during a "memcpy()" call. The issue occurs in the "libclamav/petite.c" source file. ClamAV versions prior to 0.93.1 are affected. Ref: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886
  • 08.25.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: No-IP DUC Client for Windows Local Information Disclosure
  • Description: DUC is the Dynamic Update Client application for the No-IP dynamic DNS service. It is available for Microsoft Windows, Linux, and Mac OS X platforms. The DUC application for No-IP is exposed to a local information disclosure issue when it is running on Microsoft Windows operating systems.
  • Ref: http://www.securityfocus.com/archive/1/493367
  • 08.25.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Skulltag Malformed Packet Denial of Service
  • Description: Skulltag is a Doom engine for Linux and Microsoft Windows operating systems. The application is exposed to an issue that can cause denial of service conditions. When the application processes a large malformed packet a loop occurs that causes the application to freeze temporarily. Skulltag version 0.97d2-RC3 is affected.
  • Ref: http://aluigi.altervista.org/adv/skulltagloop-adv.txt
  • 08.25.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Calendar Server Denial of Service
  • Description: Sun Java System Calendar Server is an application for managing events, tasks, and resources. The application is exposed to a denial of service issue caused by an unspecified error.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235521-1
  • 08.25.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Jura Internet Connectivity Kit Unauthorized Access
  • Description: Jura IMPRESSA F90 or F9 coffee makers can be connected to a computer so that configuration parameters and other features can be controlled remotely via the computer. The application does not require engineers to authenticate prior to accessing a connected coffee maker. Furthermore, the engineers can access the affected computer with the privileges of the user running the application. Attackers can leverage this issue by connecting to affected computers in the guise of legitimate engineers.
  • Ref: http://www.securityfocus.com/archive/1/493387
  • 08.25.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Altiris Notification Server Agent Local Privilege Escalation
  • Description: Symantec Altiris Notification Server Agent provides core components used by each Altiris solution and supports the entire Altiris infrastructure. The application is exposed to a local privilege escalation issue that occurs in the graphical user interface (GUI). Ref: http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html
  • 08.25.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Deterministic Network Extender "dne2000.sys" Local Privilege Escalation
  • Description: Deterministic Network Extender is a driver provided by Deterministic Networks that other software vendors use for network analysis purposes. The application is exposed to a local privilege escalation issue because it fails to adequately sanitize user-supplied data.
  • Ref: http://www.deterministicnetworks.com/Products/dne.asp
  • 08.25.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Foxy "fs" Parameter Memory Exhaustion Remote Denial of Service
  • Description: Foxy is a P2P file sharing application. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input. This issue occurs when the application processes specially crafted download requests in the form of a webpage.
  • Ref: http://www.securityfocus.com/bid/29776
  • 08.25.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Cross-Site Scripting Vulnerability and File Upload
  • Description: TYPO3 is an application for creating web portals. The application is exposed to a cross-site scripting vulnerability and a file upload issue because it fails to sanitize user-supplied input. TYPO3 versions 3.x, 4.0 to 4.0.8, 4.1 to 4.1.6, and 4.2.0 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
  • 08.25.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Taxonomy Image Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Taxonomy Image is a module that can be used with Drupal to allow site administrators to associate images with taxonomy terms. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. Taxonomy Image versions prior to 5.x-1.3 and prior to 6.x-1.3 are affected.
  • Ref: http://drupal.org/project/taxonomy_image
  • 08.25.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin "redirect" Parameter Cross-Site Scripting
  • Description: vBulletin is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "redirect" parameter of the "/vB3/admincp/index.php" script. vBulletin versions 3.7.1 and 3.6.10 are affected.
  • Ref: http://www.vbulletin.com/forum/showthread.php?t=274882
  • 08.25.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Contenido CMS Cross-Site Scripting and Multiple Remote File Include Vulnerabilities
  • Description: Contenido CMS is a content manger. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Contenido CMS version 4.8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29719
  • 08.25.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Glassfish Multiple Cross-Site Scripting Vulnerabilities
  • Description: Sun Glassfish is a web-based administration interface for the Sun Java System Application Server. The application is exposed to multiple cross-site scripting issues.
  • Ref: http://www.securityfocus.com/archive/1/493370
  • 08.25.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SimpleNotes Multiple Cross-Site Scripting Vulnerabilities
  • Description: SimpleNotes is a PHP-based tool to manage and categorize notes, links, or files. The application is exposed to multiple cross-site scripting issues.
  • Ref: http://www.securityfocus.com/bid/29755
  • 08.25.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Lyris ListManager "words" Parameter Cross-Site Scripting
  • Description: Lyris ListManager is an email marketing software solution. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "words" parameter in "read", "search" and "results" pages returned to the user. Lyris ListManager version 9.3d is affected.
  • Ref: http://www.securityfocus.com/bid/29761
  • 08.25.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki WikiHiero Extension Multiple Cross-Site Scripting Vulnerabilities
  • Description: WikiHiero is an extension of MediaWiki. The application is exposed to multiple cross-site scripting issues that affect the "index.php", "wh_generate.php" and "wh_table.php" scripts. Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-June/000073.html
  • 08.25.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenDocMan "out.php" Cross-Site Scripting
  • Description: OpenDocMan is a PHP-based open-source document management application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "last_message" parameter of the "out.php" script. OpenDocMan version 1.2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493390
  • 08.25.46 - CVE: CVE-2008-2640
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe Flex 3 History Management "historyFrame.html" Cross-Site Scripting
  • Description: Adobe Flex 3 is a development solution for building web-based applications. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. The issue occurs in code used by the History Management feature. Flex Builder version 3, Flex SDK version 3.0.1, and any applications built with Flex 3 that have enabled History Management are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-14.html
  • 08.25.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eFiction "toplist.php" SQL Injection
  • Description: eFiction is a story archiving application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "list" parameter of the "toplist.php" script before using it in an SQL query. eFiction version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29658
  • 08.25.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Noticia Portal "detalle_noticia.php" SQL Injection
  • Description: Noticia Portal is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_noticia" parameter of the "detalle_noticia.php" script before using it in an SQL query.
  • Ref: http://packetstormsecurity.org/0806-exploits/noticia-sql.txt
  • 08.25.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MycroCMS "entry_id" Parameter SQL Injection
  • Description: MycroCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "entry_id" parameter of the "index.php" script. MycroCMS version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29671
  • 08.25.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pooya Site Builder Multiple SQL Injection Vulnerabilities
  • Description: Pooya Site Builder is an ASP-based website building application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Pooya Site Builder version 6.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493299
  • 08.25.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JAMM CMS "id" Parameter SQL Injection
  • Description: JAMM CMS is a web-based content management system. This system is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29674
  • 08.25.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Clever Copy "results.php" SQL Injection
  • Description: Clever Copy is a scalable website portal and news-posting system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "searchtype" parameter of the "results.php" script before using it in an SQL query. Clever Copy version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29694
  • 08.25.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gryphon gllcTS2 "detail" Parameter SQL Injection
  • Description: Gryphon, LLC's gllcTS2 is a webpost script for TeamSpeak 2 that displays a listing of servers and detailed information for each server. gllcTS2 is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "detail" parameter of the "login.php" script before using it in an SQL query. All versions up to and including gllcTS2 version 4.2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/29697
  • 08.25.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Ads Portal Multiple SQL Injection Vulnerabilities
  • Description: Pre Ads Portal is a personal listings application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Pre Ads Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29709
  • 08.25.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre News Manager "index.php" Parameter SQL Injection
  • Description: Pre News Manager is a web-based news-publishing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Pre News Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29710
  • 08.25.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebChamado "lista_anexos.php" SQL Injection
  • Description: WebChamado is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tsk_id" parameter of the "lista_anexos.php" script before using it in an SQL query. WebChamado version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29711
  • 08.25.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-SMART CART "productsofcat.asp" SQL Injection
  • Description: E-SMART CART is an e-commerce application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "productsofcat.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29712
  • 08.25.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP JOBWEBSITE PRO "JobSearch3.php" SQL Injection
  • Description: PHP JOBWEBSITE PRO is used to build job hunting and posting websites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the search module of the "/jobseekers/JobSearch3.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/493374
  • 08.25.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gryphon gllcTS2 "listimg.php" SQL Injection
  • Description: Gryphon, LLC's gllcTS2 is a webpost script for TeamSpeak 2 that displays a listing of servers and detailed information for each server. gllcTS2 is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sort" parameter of the "listing.php" script before using it in an SQL query. All versions up to and including gllcTS2 version 4.2.4 are affected.
  • Ref: http://www.securityfocus.com/bid/29714
  • 08.25.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Job Board "JobSearch.php" SQL Injection
  • Description: Pre Job Board is a web-based employment application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the search module of the "jobseekers/JobSearch.php" script before using it in an SQL query. Pre Job Board version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29717
  • 08.25.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Advanced Webhost Billing System "news.php" SQL Injection
  • Description: Advanced Webhost Billing System (AWBS) is a domain management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "viewnews" parameter of the "news.php" script before using it in an SQL query. AWBS versions 2.3.3, 2.5.0, 2.6.3, 2.7.0, and 2.7.1 are affected.
  • Ref: http://www.securityfocus.com/bid/29721
  • 08.25.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Haudenschilt Family Connections Multiple SQL Injection Vulnerabilities
  • Description: Family Connections is a content management system (CMS). The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Family Connections version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29722
  • 08.25.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Conkurent PHPMyCart "shop.php" SQL Injection
  • Description: PHPMyCart is a Web-based shopping cart. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "shop.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29726
  • 08.25.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Application Dynamics Cartweaver PHP "details.php" SQL Injection
  • Description: Cartweaver PHP is a Web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "prodId" parameter of the "details.php" script before using it in an SQL query. Cartweaver PHP versions 3.x are affected.
  • Ref: http://www.securityfocus.com/bid/29727
  • 08.25.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Oxygen "post.php" SQL Injection
  • Description: Oxygen is web-based bulletin board software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "repquote" parameter of the "post.php" script before using it in an SQL query. Oxygen version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29729
  • 08.25.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Machines Forum "load.php" SQL Injection
  • Description: Simple Machines Forum is a web-based forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize the "db_character_set" variable in the "load.php" script before using it in an SQL query. Simple Machines Forum version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29734
  • 08.25.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPeasyblog "newsarchive.php" SQL Injection
  • Description: PHPeasyblog is a web-based news management software. PHPeasyblog was formerly known as PHPEasyNews. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "post" parameter of the "newsarchive.php" script before using it in an SQL query. PHPeasyblog versions up to and including 1.13 RC2 are affected.
  • Ref: http://www.securityfocus.com/bid/29735
  • 08.25.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EZTechhelp Company EZCMS "index.php" SQL Injection
  • Description: EZCMS is a Web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script before using it in an SQL query. EZCMS versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29737
  • 08.25.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NITRO Web Gallery "albums.php" SQL Injection
  • Description: NITRO Web Gallery is a PHP-based image gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CatId" parameter of the "albums.php" script before using it in an SQL query. NITRO Web Gallery versions 1.3, 1.4, 1.41, 1.42 and 1.43 are affected.
  • Ref: http://www.securityfocus.com/bid/29753
  • 08.25.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyMarket "index.php" SQL Injection
  • Description: MyMarket is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29754
  • 08.25.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DIY "index_topic.php" SQL Injection
  • Description: DIY is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "did" parameter of the "index_topic.php" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/5816
  • 08.25.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlognPlus Unspecified SQL Injection
  • Description: BlognPlus is a PHP-based blog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to an unspecified parameter before using it in an SQL query. BlognPlus versions 2.5.4 and earlier for MySQL and PostgreSQL editions are affected.
  • Ref: http://www.securityfocus.com/bid/29764
  • 08.25.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Comparison Engine Power "product.detail.php" SQL Injection
  • Description: Comparison Engine Power is a web-based marketing and product comparison script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Comparison Engine Power version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29768
  • 08.25.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bizon-CMS "photo/index.php" SQL Injection
  • Description: Bizon-CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "photo/index.php" script before using it in an SQL query. Bizon-CMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29770
  • 08.25.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Basic-CMS "index.php" SQL Injection
  • Description: Basic-CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29771
  • 08.25.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FreeCMS "index.php" SQL Injection
  • Description: FreeCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script before using it in an SQL query. FreeCMS version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29773
  • 08.25.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: easyTrade "detail.php" SQL Injection
  • Description: easyTrade is a web-based classified advertisement portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29775
  • 08.25.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Site Lock "index.php" SQL Injection
  • Description: PHP Site Lock is a PHP-based authentication application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articleid" parameter of the "index.php" script before using it in an SQL query. PHP Site Lock version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29777
  • 08.25.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ClipShare "group_posts.php" SQL Injection
  • Description: ClipShare is a video sharing script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tid" parameter of the "group_posts.php" script before using it in an SQL query. ClipShare versions prior to 3.0.1 are affected.
  • Ref: http://www.milw0rm.com/exploits/5839
  • 08.25.80 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPEasyData Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: PHPEasyData is a PHP-based application that displays dynamic data and directories in a web browser. The application is exposed to multiple input validation issues. PHPEasyData version 1.5.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493273
  • 08.25.81 - CVE: CVE-2008-0071
  • Platform: Web Application
  • Title: uTorrent and BitTorrent HTTP "Range" Header Remote Denial of Service
  • Description: BitTorrent and uTorrent both contain a web-based administrative interface to manage file transfers. BitTorrent and uTorrent are both owned by BitTorrent Inc. The web interfaces are exposed to a remote denial of service issue. uTorrent version 1.7.7 and BitTorrent version 6.0.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/493269
  • 08.25.82 - CVE: Not Available
  • Platform: Web Application
  • Title: FOG Forum Multiple Local File Include Vulnerabilities
  • Description: FOG Forum is a web-based forum application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. FOG Forum version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29651
  • 08.25.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Flat Calendar Multiple Administrative Scripts Authentication Bypass Vulnerabilities
  • Description: Flat Calendar is a PHP-based scheduling application. The application is exposed to multiple authentication bypass issues because it fails to perform adequate authentication checks when the following scripts are requested: "/admin/add.php" and "/admin/deleteEvent.php". Flat Calendar version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493278
  • 08.25.84 - CVE: Not Available
  • Platform: Web Application
  • Title: IPTBB User Control Panel Privilege Escalation
  • Description: IPTBB is a bulletin board application. The application is exposed to a privilege escalation issue because it fails to sufficiently sanitize user-supplied input. IPTBB version 0.5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29663
  • 08.25.85 - CVE: Not Available
  • Platform: Web Application
  • Title: net2ftp FTP Client Request Handling Unspecified Security Vulnerability
  • Description: net2ftp is a web-based FTP client. The application is exposed to an issue that can allow remote attackers to retrieve and delete files, and execute arbitrary PHP code. net2ftp versions 0.96 (stable) and 0.97 (beta) are affected.
  • Ref: http://vuln.sg/net2ftp096-en.html
  • 08.25.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Xigla Software Multiple Scripts SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Multiple Xigla Software products are exposed to cross-site scripting and SQL injection issues because the applications fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/493293
  • 08.25.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Aggregation Module Multiple Vulnerabilities
  • Description: Aggregation is a module for Drupal content manager. The module is exposed to multiple issues. Aggregation versions prior to 5.x-4.4 are affected.
  • Ref: http://drupal.org/node/269479
  • 08.25.88 - CVE: Not Available
  • Platform: Web Application
  • Title: dotProject Security Bypass
  • Description: dotProject is an open source project management tool. The application is exposed to an issue that may allow users to bypass authentication and access certain administrative pages. dotProject version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29679
  • 08.25.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery 2.2.4 and Prior Versions Multiple Vulnerabilities
  • Description: Gallery is a web-based photo album organizer. The application is exposed to multiple issues. Gallery versions 2.2.4 and earlier are affected.
  • Ref: http://gallery.menalto.com/gallery_2.2.5_released
  • 08.25.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Magic Tabs Module PHP Code Execution
  • Description: Magic Tabs is a module for the Drupal content management system. It implements tabs and allows the tabs to be filled via AJAX requests. The application is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to properly sanitize user-supplied input. Magic Tabs versions prior to 5.x-1.1 are affected.
  • Ref: http://drupal.org/node/269321
  • 08.25.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Gravity Board X Multiple Input Validation Vulnerabilities
  • Description: Gravity Board X is a web-based forum application. The application is exposed to multiple input validation issues. Gravity Board X version 2.0 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/29685
  • 08.25.92 - CVE: Not Available
  • Platform: Web Application
  • Title: DotNetNuke Prior to 4.8.4 Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: Serendipity is a web-log application. Since it fails to properly sanitize user-supplied input, the application is exposed to multiple input validation issues. DotNetNuke versions prior to 4.8.4 are affected. Ref: http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx
  • 08.25.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre Webserver Unspecified HTML Injection
  • Description: Xerox WorkCentre is a web-capable printer and photocopier. The application is exposed to an unspecified HTML injection issue because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29689
  • 08.25.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox Multiple Copier/Printer Models Web Server Unspecified HTML Injection
  • Description: Xerox provides web-capable printers and photocopiers. The web server in multiple Xerox copier/printer models is exposed to an unspecified HTML injection issue because it fails to properly sanitize user-supplied input. The following Xerox copier/printer models are affected: Xerox 4110, Xerox 4590 and Xerox 4595.
  • Ref: http://www.securityfocus.com/bid/29690
  • 08.25.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access
  • Description: Xerox WorkCentre is exposed to an issue that can result in unauthorized Web Services access. The issue occurs when the Extensible Interface Platform feature is accessed under certain unspecified conditions.
  • Ref: http://www.securityfocus.com/bid/29691
  • 08.25.96 - CVE: Not Available
  • Platform: Web Application
  • Title: FacilCMS Multiple Local File Include Vulnerabilities
  • Description: FacilCMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the following parameters and scripts: "index.php : change_lang" and "modules.php : modload". FacilCMS version 0.1RC is affected.
  • Ref: http://www.securityfocus.com/bid/29692/references
  • 08.25.97 - CVE: Not Available
  • Platform: Web Application
  • Title: XChat "ircs://" URI Command Execution
  • Description: XChat is an IRC chat program. The application is exposed to an issue that allows remote attackers to execute arbitrary commands in the context of the vulnerable user. XChat versions 2.8.7b and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29696
  • 08.25.98 - CVE: Not Available
  • Platform: Web Application
  • Title: X-Poll "admin/images/index.php" Arbitrary File Upload
  • Description: X-Poll a web-based application to create polls. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. X-Poll version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29698
  • 08.25.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Butterfly Organizer Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Butterfly Organizer is a PHP-based application for organizing web accounts. The application is exposed to multiple input validation issues. Butterfly Organizer version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29700
  • 08.25.100 - CVE: Not Available
  • Platform: Web Application
  • Title: WebChamado "admin/corpo.php" Unauthorized Access
  • Description: WebChamado is a web-based application. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts used for created accounts. WebChamado version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29701
  • 08.25.101 - CVE: Not Available
  • Platform: Web Application
  • Title: TBDEV.net Comment Field Denial of Service
  • Description: TBDEV.net is a PHP-based torrent tracker and content management application based on torrentbits/bytemonsoon source code. The application is exposed to an issue that can cause denial of service conditions. The issue occurs because the application fails to handle specially-crafted comments posted to torrent description pages. TBDEV-01-01-08 is affected.
  • Ref: http://sourceforge.net/projects/tbdevnet/
  • 08.25.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Butterfly Organizer Multiple Arbitrary Data Deletion Vulnerabilities
  • Description: Butterfly Organizer is a PHP-based application for organizing web accounts. The application is exposed to two issues that allow attackers to delete arbitrary data because it fails to properly sanitize user-supplied input. Butterfly Organizer version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29703
  • 08.25.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo galleries Component "aid" Parameter SQL Injection
  • Description: galleries is a photo gallery component for the Mambo and Joomla! content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter of the "com_galleries" component before using it in an SQL query. galleries version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29706
  • 08.25.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy-Clanpage Arbitrary File Upload and Local File Include Vulnerabilities
  • Description: Easy-Clanpage is a web-based content manager. The application is exposed to multiple input validation issues. Easy-Clanpage version 3.0b1 is affected.
  • Ref: http://www.easy-clanpage.de/?section=downloads&show=dlc&id=1
  • 08.25.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Cache_Lite Class "mosConfig_absolute_path" Remote File Include
  • Description: The Cache_Lite class uses output buffering to cache web data for the Mambo content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "/includes/Cace/Lite/Output.php" script. Cache_Lite version 1.1 from Mambo version 4.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29716
  • 08.25.106 - CVE: Not Available
  • Platform: Web Application
  • Title: GSC Client Privilege Escalation
  • Description: GSC Client is a gaming communication application similar to IRC. The application is exposed to a privilege escalation issue because it fails to sufficiently validate administrator credentials. This issue occurs because the GSC server does not validate administrator commands it relieves from the client. GSC Client version 1.00 2067 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493355
  • 08.25.107 - CVE: Not Available
  • Platform: Web Application
  • Title: SH-News "action.php" Authentication Bypass
  • Description: SH-News is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication inside the "action.php" script. SH-News version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29725
  • 08.25.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Devalcms "currentfile" Parameter Local File Include
  • Description: Devalcms is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sanitize user-supplied input supplied to the "currentfile" parameter of the "func.php" script. Devalcms version 1.4a is affected.
  • Ref: http://www.securityfocus.com/bid/29728
  • 08.25.109 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft AskMe Pro "forum_answer.php" and "profile.php" Multiple SQL Injection Vulnerabilities
  • Description: AlstraSoft AskMe Pro is a PHP-based knowledge management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "que_id" parameter of the "forum_answer.php" script and the "id" parameter of the "profile.php" script before using it in an SQL query. All AlstraSoft AskMe Pro versions up to and including 2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/29732
  • 08.25.110 - CVE: Not Available
  • Platform: Web Application
  • Title: WallCity-Server: Shoutcast Admin Panel "index.php" Local File Include
  • Description: WallCity-Server: Shoutcast Admin Panel is a PHP-based administration application for Shoutcast servers. The application is exposed to a local file include issue because it fails to sanitize user-supplied input supplied to the "page" parameter of the "index.php" script. WallCity-Server: Shoutcast Admin Panel version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29733
  • 08.25.111 - CVE: Not Available
  • Platform: Web Application
  • Title: EZTechhelp Company EZCMS Security Bypass
  • Description: EZCMS is a Web-based content management system. The application is exposed to an issue that may allow users to bypass authentication and access certain administrative pages. EZCMS versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29738
  • 08.25.112 - CVE: Not Available
  • Platform: Web Application
  • Title: xeCMS Cookie Parameters Authentication Bypass
  • Description: xeCMS is content management system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. xeCMS versions 1.0.0 RC2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29740
  • 08.25.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Turba Contact Manager HTML Injection
  • Description: Turba is a contact management application developed by Horde using PHP. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input. All versions of Turba Contact Manager up to 2.2.1 are affected.
  • Ref: http://lists.horde.org/archives/announce/2008/000420.html
  • 08.25.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Horde Turba "services/obrowser/index.php" HTML Injection
  • Description: Horde Turba is a PHP-based content manager. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input to the "name" parameter of the "services/obrowser/index.php" script. Horde versions 3.1.7, 3.2 and earlier versions are affected.
  • Ref: http://lists.horde.org/archives/announce/2008/000416.html
  • 08.25.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Webmatic Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Webmatic is a PHP-based application for organizing web accounts. The application is exposed to multiple cross-site scripting and SQL injection issues because it fails to sufficiently sanitize user-supplied data. Webmatic versions prior to 2.8 are affected.
  • Ref: http://www.securityfocus.com/bid/29748
  • 08.25.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Ananta CMS "change.php" Authentication Bypass
  • Description: Ananta CMS is a web-based content manager. The application is exposed to an authentication bypass issue because it fails to perform authentication checks to the "Change Profile" section implemented by the "change.php" script. Ananta CMS version 1.0b5 is affected.
  • Ref: http://www.securityfocus.com/bid/29752
  • 08.25.117 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Azimyt CMS "lang-system.php" Local File Include
  • Description: Open Azimyt CMS is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "lang-system.php" script. Open Azimyt CMS versions 0.22 minimal and 0.21 stable are affected.
  • Ref: http://www.securityfocus.com/bid/29756
  • 08.25.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Crysis HTTP/XML-RPC Service Remote Denial of Service
  • Description: Crysis is a commercially available first-person-shooter video game distributed by Electronic Arts. The application is exposed to a denial of service issue because it fails to handle exceptional conditions. Specifically, this issue is caused by a NULL-pointer dereference error in the HTTP/XML-RPC service, which receives "rcon" commands. Crysis version 1.21 is affected.
  • Ref: http://aluigi.altervista.org/adv/dontcrysis-adv.txt
  • 08.25.119 - CVE: Not Available
  • Platform: Web Application
  • Title: ThaiQuickCart "PHPSESSID" Cookie Parameter Local File Include
  • Description: ThaiQuickCart is a shopping cart application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "PHPSESSID" cookie parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/29774
  • 08.25.120 - CVE: Not Available
  • Platform: Web Application
  • Title: MyShoutPro "admin_access" Cookie Parameter Authentication Bypass
  • Description: MyShoutPro is a shout box application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. MyShoutPro version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29780

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This course opened my eyes and gave new perspectives of web app penetration testing.
-Ji Lee, Seamless Web

SANS 2010-sky-c

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT