Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 26
June 26, 2008

SANS Newsletters Home

If you were wondering how people's PCs get infected (actually) look no further than the PDF (Adobe Reader) flaw. PDF documents may get opened without prompting the user. Then they take over the system. Also two new remote code execution flaws in Apple Safari. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 4 (#2, #3)
    • Mac Os
    • 1
    • Linux
    • 1
    • BSD
    • 1
    • Unix
    • 1
    • Cross Platform
    • 17 (#1, #4)
    • Web Application - Cross Site Scripting
    • 16
    • Web Application - SQL Injection
    • 39
    • Web Application
    • 48

************************************************************************* TRAINING SCHEDULE UPDATE - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/sansfire08/ - - Canberra (6/30-7/5) http://www.sans.org/canberra08/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/17) http://www.sans.org/boston08/ - - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/ Plus 100 other cites and on line any time: www.sans.org *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
BSD
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Adobe Acrobat JavaScript Remote Code Execution
  • Affected:
    • Adobe Reader versions 8.1.2 and prior
    • Adobe Acrobat versions 8.1.2 and prior

  • Description: Acrobat and Reader are Adobe's Portable Document Format (PDF) viewers. They contain a flaw in their handling of certain JavaScript constructs. A PDF document containing embedded JavaScript could trigger this flaw, creating a buffer overflow condition. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, PDF documents may be opened by the vulnerable applications upon receipt without first prompting the user. Reports indicate that this vulnerability is being actively exploited in the wild.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) HIGH: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari 3.1.1 and prior for Microsoft Windows.

  • Description: Safari, Apple's web browser for Mac OS X and Microsoft Windows contains multiple vulnerabilities in its handling of a variety of inputs. Two vulnerabilities can result in remote code execution. The first of these has to do with a logic flaw in Safari's handling of user preferences. Safari reads part of its configuration from Microsoft Internet Explorer's configuration; certain combinations of these settings can result in automatic execution of downloaded files. Note that Safari is not vulnerable in the default configuration for sites not in Internet Explorer's "Local" zone. Additionally, a buffer overflow exists in Safari's handling of JavaScript arrays. A specially crafted JavaScript script could trigger this overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that technical details of this vulnerability may be publicly available via source code analysis.

  • Status: Vendor confirmed, updates available. Note that only Safari for Microsoft Windows is affected.

  • References:
  • (4) MODERATE: Ruby Multiple Vulnerabilities
  • Affected:
    • Ruby versions 1.8.7-p21 and prior

  • Description: Ruby is a popular scripting and programming language. It contains multiple flaws in certain functions. If these functions are used to process user input, an attacker could trigger one of these flaws. Successfully exploiting one of these flaws would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that technical details for these vulnerabilities is available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 26, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.26.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Basic Enterprise Edition 6 "vb6skit.dll" Remote Buffer Overflow
  • Description: Microsoft Visual Basic Enterprise Edition 6 is a development platform for building applications for Microsoft Windows operating systems. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate size checks on user-supplied input. Microsoft Visual Basic Enterprise Edition 6 SP6 is affected.
  • Ref: http://www.securityfocus.com/bid/29792
  • 08.26.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraEdit FTP/SFTP "LIST" Command Directory Traversal
  • Description: UltraEdit is a text, HTML and HEX editor available for Microsoft Windows. The application contains an FTP/SFTP browser. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP/SFTP client. Specifically, the application fails to sanitize directory-traversal strings included in the "LIST" command. UltraEdit version 14.00b is affected.
  • Ref: http://vuln.sg/ultraedit1400b-en.html
  • 08.26.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WISE-FTP FTP Client "LIST" Command Directory Traversal
  • Description: WISE-FTP is a FTP client application for Microsoft Windows. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. WISE-FTP versions prior to 5.5.9 are affected.
  • Ref: http://vuln.sg/wiseftp558-en.html
  • 08.26.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: World in Conflict NULL Pointer Remote Denial of Service
  • Description: World in Conflict is a realtime strategy (RTS) game available for Microsoft Windows. The application is exposed to a remote denial of service issue because it fails to handle NULL-pointer exceptions. World in Conflict version 1.008 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493596
  • 08.26.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SunAge Multiple Denial of Service Vulnerabilities
  • Description: SunAge is a real-time strategy game available for Microsoft Windows systems. The application is exposed to multiple denial of service issues. SunAge version 1.08.1 is affected.
  • Ref: http://aluigi.altervista.org/adv/sunagex-adv.txt
  • 08.26.6 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation
  • Description: Mac OS X is exposed to a local privilege escalation issue affecting ARDAgent (Apple Remote Desktop). ARDAgent is installed setuid. When an AppleScript script is used to invoke ARDAgent, the ARDAgent process does not drop privileges. Mac OS X version 10.5 is affected.
  • Ref: http://it.slashdot.org/it/08/06/18/1919224.shtml
  • 08.26.7 - CVE: CVE-2008-1951
  • Platform: Linux
  • Title: Red Hat SBLIM Insecure Library Path Local Privilege Escalation
  • Description: SBLIM is an Open Source project, intended to enhance the manageability of GNU/Linux systems. The application is exposed to a local privilege escalation issue because they were built with insecure library search paths. Certain libraries RPATH (runtime library search path) in the ELF (Executable and Linking Format) header point to a world-writeable temporary directory.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-0497.html
  • 08.26.8 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD GNU Screen Locked Authentication Bypass
  • Description: GNU Screen is a window manager that allows users to create and use multiple virtual consoles on one physical terminal. GNU Screen for OpenBSD is exposed to an issue that allows local attackers to bypass the locked screen password prompt. GNU Screen version 4.0.3 for OpenBSD 4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29810
  • 08.26.9 - CVE: Not Available
  • Platform: Unix
  • Title: TMSNC UBX Message Remote Buffer Overflow
  • Description: TMSNC is a command-line, text-only MSN messenger client application available for Unix and Unix-like systems. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. TMSNC version 0.3.2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487222
  • 08.26.10 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail IMAP Command Unspecified Denial of Service
  • Description: SurgeMail is a mail server available for various platforms. The application is exposed to a remote denial of service issue due to an unspecified error when handling certain IMAP commands. SurgeMail versions prior to 3.9g2 are affected.
  • Ref: http://www.netwinsite.com/surgemail/help/updates.htm
  • 08.26.11 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OFFSystem HTTP Headers Remote Buffer Overflow
  • Description: Owner-Free Filesystem is a distributed file system. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when parsing HTTP headers. OFFSystem versions up to 0.19.14 are affected.
  • Ref: http://www.securityfocus.com/bid/29809
  • 08.26.12 - CVE: CVE-2008-2060
  • Platform: Cross Platform
  • Title: Cisco Intrustion Prevention System (IPS) Platforms Inline Mode Denial of Service
  • Description: Cisco Intrustion Prevention System (IPS) platforms are designed to monitor network traffic for malicious activity and to mitigate possible attacks. The application is exposed to a denial of service issue when handling a specific series of jumbo ethernet frames. Cisco Intrustion Prevention System versions prior to 5.1(8)E2 and 6.0(5)E2 are affected. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml
  • 08.26.13 - CVE: CVE-2008-2786
  • Platform: Cross Platform
  • Title: Mozilla Firefox 3 Unspecified Buffer Overflow
  • Description: Mozilla Firefox is a web browser available for multiple platforms. The application is exposed to an unspecified buffer overflow issue. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html
  • 08.26.14 - CVE: CVE-2008-2666
  • Platform: Cross Platform
  • Title: PHP "chdir()" and "ftok()" "safe_mode" Multiple Security Bypass Vulnerabilities
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple "safe_mode" restriction bypass issues. PHP version 5.2.6 is affected.
  • Ref: http://securityreason.com/achievement_securityalert/55
  • 08.26.15 - CVE: CVE-2008-2665
  • Platform: Cross Platform
  • Title: PHP 5 "posix_access()" Function "safe_mode" Bypass Directory Traversal Vulnerability
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to a directory traversal issue that affects the "posix_access()" function. PHP version 5.2.6 is affected.
  • Ref: http://securityreason.com/achievement_securityalert/54
  • 08.26.16 - CVE: CVE-2008-2785
  • Platform: Cross Platform
  • Title: Mozilla Firefox Unspecified Remote Code Execution
  • Description: Mozilla Firefox is a web browser available for multiple platforms. The application is exposed to an unspecified remote code execution issue. Mozilla Firefox versions 3.0 and earlier are affected. Ref: http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
  • 08.26.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "rfc822_write_address()" Function Buffer Overflow
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. The application is exposed to a buffer overflow issue because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. PHP versions 5.2.6 and earlier are affected.
  • Ref: http://bugs.php.net/bug.php?id=42862
  • 08.26.18 - CVE: CVE-2008-2306
  • Platform: Cross Platform
  • Title: Apple Safari Automatic File Launch Remote Code Execution
  • Description: Apple Safari is web browser available for Apple Mac OS X and Microsoft Windows. The application is exposed to a remote code execution issue because the application automatically launches executable files when downloading from a web site. Apple Safari versions prior to 3.1.2 running on Microsoft Windows XP and Windows Vista are affected.
  • Ref: http://www.kb.cert.org/vuls/id/127185
  • 08.26.19 - CVE: CVE-2008-2307
  • Platform: Cross Platform
  • Title: Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow
  • Description: WebKit is a browser framework used in the Apple Safari browser and other applications. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks when handling specially crafted JavaScript arrays.
  • Ref: http://www.securityfocus.com/bid/29836
  • 08.26.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Classic FTP "LIST" Command Directory Traversal
  • Description: Classic FTP is a FTP client application for multiple operating systems. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Classic FTP version 1.02 for Microsoft Windows is affected.
  • Ref: http://vuln.sg/classicftp102-en.html
  • 08.26.21 - CVE: CVE-2008-2427
  • Platform: Cross Platform
  • Title: Multiple XnView Products TAAC File Buffer Overflow
  • Description: XnView is an image viewing and converting application; NConvert is a batch image file conversion application; GFL SDK is an imaging library designed to read and write numerous image file formats. The applications are exposed to a buffer overflow issue due to insufficient boundary checking of user-supplied input in malicious image files. Affected applications are: XnView Standard versions 1.70 and 1.93.6, XnView NConvert version 4.92, and XnView GFL SDK version 2.82.
  • Ref: http://www.securityfocus.com/archive/1/493505
  • 08.26.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JSCAPE Secure FTP Applet Host Key Validation Security Bypass
  • Description: JSCAPE Secure FTP Applet is a secure ftp client. It runs as a Java applet in a browser. The application is exposed to a security bypass issue that occurs because the application fails to properly validate the host key when securely connecting to a server. JSCAPE Secure FTP Applet versions prior to 4.9.0 are affected.
  • Ref: http://www.securityfocus.com/bid/29882
  • 08.26.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perl "rmtree()" Function Local Insecure Permissions
  • Description: Perl is a multi-platform programming language. Computers running Perl are exposed to a local issue that occurs when handling symbolic links. Perl version 5.10.0 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
  • 08.26.24 - CVE: CVE-2008-2662, CVE-2008-2663, CVE-2008-2725,CVE-2008-2726, CVE-2008-2664
  • Platform: Cross Platform
  • Title: Ruby Multiple Unspecified Arbitrary Code Execution Vulnerabilities
  • Description: Ruby is exposed to multiple unspecified arbitrary code execution issues. Kindly refer to the link below for further details. Ref: http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
  • 08.26.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Unspecified Arbitrary File Access Weakness
  • Description: Mozilla Firefox is a web browser application available for various operating systems. The application is exposed to a weakness that may allow attackers to gain access to arbitrary files.
  • Ref: http://xs-sniper.com/blog/
  • 08.26.26 - CVE: CVE-2008-2641
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader "JavaScript" Method Remote Code Execution
  • Description: The Adobe Acrobat and Reader package are PDF file readers available for multiple platforms. The application is exposed to a remote code execution issue because the application fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-15.html
  • 08.26.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CGIWrap Error Page Handling Cross-Site Scripting
  • Description: CGIWrap is a gateway program that allows CGI scripts to execute in a secure manner. CGIWrap is exposed to a cross-site scripting issue, which occurs because the application generates error messages without specifying a charset. This issue can be exploited only on certain browsers like Internet Explorer. CGIWrap versions prior to 4.1 are affected.
  • Ref: http://jvn.jp/en/jp/JVN45389864/index.html
  • 08.26.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting
  • Description: TYPO3 is an application for creating web portals. The DCD GoogleMap extension facilitates the insertion of Google Maps. The DCD GoogleMap extension for TYPO3 is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. The DCD GoogleMap extension for TYPO3 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin Moderation Control Panel "redirect" Parameter Cross-Site Scripting
  • Description: vBulletin is a PHP-based content manager. The application is exposed to a cross-site scripting issue that occurs in the MCP (moderation control panel) because it fails to properly sanitize user-supplied input to the "redirect" parameter of the "vB3/modcp/index.php" script. vBulletin versions 3.7.1 PL1 and 3.6.10 PL1 are affected.
  • Ref: http://www.vbulletin.com/forum/showthread.php?postid=1570307
  • 08.26.30 - CVE: CVE-2008-0925
  • Platform: Web Application - Cross Site Scripting
  • Title: Novell eDirectory iMonitor Unspecified Cross-Site Scripting
  • Description: iMonitor is a web-based management interface used for eDirectory, a directory server package available for multiple platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters. The issue affects error messages of the HTTP stack. Novell eDirectory versions prior to and including 8.8.2 and 8.7.3.9 for Solaris, Linux, and Windows 2000/2003 are affected. Ref: http://www.novell.com/support/viewContent.do?externalId=3460217&sliceId=1
  • 08.26.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Traindepot Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: Traindepot is a PHP-based application that allows users to manage their model train collection. The application is exposed to multiple input validation issues. Traindepot version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29790
  • 08.26.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 JobControl Extension Unspecified Cross-Site Scripting
  • Description: TYPO3 is an application for creating web portals. The JobControl extension allows job offers to be posted on TYPO3 web sites. The JobControl extension for TYPO3 is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. JobControl versions prior to 1.15.1 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MindTouch DekiWiki Search Cross-Site Scripting
  • Description: MindTouch DekiWiki is a file server and intranet tool. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter when performing a search. MindTouch DekiWiki Versions prior to 8.05.1 are affected.
  • Ref: http://bugs.developer.mindtouch.com/view.php?id=4200
  • 08.26.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Resource Library Extension Unspecified Cross-Site Scripting
  • Description: Resource Library is an extension for the TYPO3 content manager. The Resource Library extension for TYPO3 is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input. Resource Library version 0.10 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GL-SH Deaf Forum Cross-Site Scripting Vulnerability and Arbitrary File Upload
  • Description: GL-SH Deaf Forum is a web-based forum application. The application is exposed to two issues because it fails to sanitize user-supplied input. A cross-site scripting issue that affects the "search.php" script, and an arbitrary file upload issue that affects the "upload.php" script. GL-SH Deaf Forum version 6.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29849
  • 08.26.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: JaxUltraBB Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: JaxUltraBB is a bulletin board application. The application is exposed to multiple input validation issues. A local file include issue affects the "user" parameter of the "viewprofile.php" script, and a cross-site scripting issue affects the "forum" parameter of the "viewforum.php" script. JaxUltraBB version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29853
  • 08.26.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PEGames Multiple Cross-Site Scripting Vulnerabilities
  • Description: PEGames is a CMS for gaming sites. The application is exposed to multiple cross-site scripting issues that affect the following parameters of the "template2.php" script: "sitetitle", "sitenav", "sitemain" and "sitealt".
  • Ref: http://www.securityfocus.com/bid/29865
  • 08.26.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chipmunk Blog "membername" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Chipmunk Blog is a PHP-based web-log application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/29883
  • 08.26.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HTML Purifier CSS Multiple Cross-Site Scripting Vulnerabilities
  • Description: HTML Purifier is an HTML-filtering application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. HTML Purifier versions prior to 2.1.5 and 3.1.1 are affected.
  • Ref: http://htmlpurifier.org/news.html
  • 08.26.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Trabajando Multiple Cross-Site Scripting Vulnerabilities
  • Description: Trabajando is a web application developed using Cold Fusion. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29887
  • 08.26.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TinX/cms Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: TinX/cms is a content management application. The application is exposed to multiple input validation issues. TinX/cms version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29907
  • 08.26.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MM Chat Remote File Include and Multiple Cross-Site Scripting Vulnerabilities
  • Description: MM Chat is a PHP-based chat system. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple input validation issues. MM Chat version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29910
  • 08.26.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easy Webstore "index.php" SQL Injection
  • Description: Easy Webstore is a PHP-based shop application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_path" parameter of the "index.php" script before using it in an SQL query. Easy Webstore version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29806
  • 08.26.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KEIL Software photokorn "index.php" SQL Injection
  • Description: photokorn is a PHP-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "action" parameter of the "index.php" script before using it in an SQL query. photokorn version 1.542 is affected.
  • Ref: http://www.securityfocus.com/bid/29808
  • 08.26.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Samart-cms "site.php" SQL Injection
  • Description: samart-cms is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "contentsid" parameter of the "site.php" script before using it in an SQL query. samart-cms version 2.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/5862
  • 08.26.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS-BRD "index.php" SQL Injection
  • Description: CMS-BRD is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "menuclick" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29816
  • 08.26.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection
  • Description: TYPO3 Diocese of Portsmouth Calendar Today extension is a calendar extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 Diocese of Portsmouth Calendar Today versions 0.0.3 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 CoolURI Extension SQL Injection
  • Description: TYPO3 CoolURI extension is a URI modification extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 CoolURI versions 1.0.11 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection
  • Description: TYPO3 Diocese of Portsmouth Training Courses extension is a training course extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 Diocese of Portsmouth Training Courses version 0.1.1 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 TIMTAB - Social Bookmark Icons Extension SQL Injection
  • Description: TYPO3 TIMTAB - social bookmark icons extension is a bookmarking extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 TIMTAB - social bookmark icons versions 2.0 4 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Fussballtippspiel Extension SQL Injection
  • Description: TYPO3 Fussballtippspiel extension is an extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 Fussballtippspiel versions 0.1.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Download System Extension SQL Injection
  • Description: TYPO3 Download system is a download management extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 Download system version 0.1.4 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Random Prayer Extension SQL Injection
  • Description: TYPO3 Random Prayer extension is an extension for TYPO3. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize unspecified input before using it in an SQL query. TYPO3 Random Prayer version 0.0.1 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EroCMS "site" parameter SQL Injection
  • Description: EroCMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize the "site" parameter of the "index.php" script. EroCMS versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29781
  • 08.26.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TorrentTrader Classic Edition Multiple SQL Injection Vulnerabilities
  • Description: TorrentTrader Classic Edition is a PHP-based torrent tracker. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. TorrentTrader versions 1.08 Classic Edition is affected.
  • Ref: http://www.securityfocus.com/archive/1/493434
  • 08.26.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBizz-Classifieds "index.php" SQL Injection
  • Description: MyBizz-Classifieds is a classified-ads application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29798
  • 08.26.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MaxTrade Trade Module SQL Injection
  • Description: MaxTrade is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categori" parameter of the "Trade" module before using it in an SQL query. MaxTrade version 1.3.23 is affected.
  • Ref: http://www.securityfocus.com/bid/29799
  • 08.26.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BoatScripts Classifieds "type" Parameter SQL Injection
  • Description: BoatScripts Classifieds is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "type" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29801
  • 08.26.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Carscripts Classifieds "index.php" SQL Injection
  • Description: Carscripts Classifieds is a classified-ads application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29803
  • 08.26.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CaupoShop "csc_article_details.php" SQL Injection
  • Description: CaupoShop is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "saArticle[ID]" parameter of the "csc_article_details.php" script before using it in an SQL query. CaupoShop Classic version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29834
  • 08.26.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction Pro "cate_id" Parameter SQL Injection
  • Description: AJ Auction Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cate_id" parameter of the "category.php" module before using it in an SQL query. AJ Auction Pro, web version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29839
  • 08.26.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction "id" Parameter SQL Injection
  • Description: AJ Auction is a web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" module before using it in an SQL query. AJ Auction version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29840
  • 08.26.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CiBlog "links-extern.php" SQL Injection
  • Description: CiBlog is a blog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "links-extern.php" script before using it in an SQL query. CiBlog version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29852
  • 08.26.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: emuCMS "index.php" SQL Injection
  • Description: emuCMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "cat_id" parameter of "index.php" before using it in an SQL query. emuCMS version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29855
  • 08.26.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPAuction "profile.php" SQL Injection
  • Description: PHPAuction is a web-based auction site. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "auction_id" parameter of "profile.php" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29856
  • 08.26.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ektron CMS400.NET "ContentRatingGraph.aspx" SQL Injection
  • Description: CMS400.NET is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "res" parameter of "ContentRatingGraph.aspx" before using it in an SQL query. CMS400.NET versions 7.5.2 and earlier are affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-ektron.html
  • 08.26.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: @CMS Multiple SQL Injection Vulnerabilities
  • Description: @CMS is a web-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "readarticle.php: article_id" and "articles.php: cat_id". @CMS version 2.1.1 is affected.
  • Ref: http://www.milw0rm.com/exploits/5881
  • 08.26.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KbLance.com "index.php" SQL Injection
  • Description: KbLance.com is web-based knowledge base software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "cat_id" parameter of "index.php" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29859
  • 08.26.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Online Fantasy Football League Multiple SQL Injection Vulnerabilities
  • Description: Online Fantasy Football League is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Online Fantasy Football League versions 0.2.6 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29861
  • 08.26.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scientific Image DataBase "projects.php" SQL Injection
  • Description: Scientific Image DataBase is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of "projects.php" before using it in an SQL query. Scientific Image DataBase versions 0.41 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29862
  • 08.26.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ HYIP Acme "news.php" SQL Injection
  • Description: AJ HYIP Acme is an HYIP manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29863
  • 08.26.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpAuction "item.php" SQL Injection
  • Description: phpAuction is web-based auction software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of "item.php" before using it in an SQL query. phpAuction version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29864
  • 08.26.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EXP Shop Joomla! "com_expshop" Component SQL Injection
  • Description: EXP Shop is a component for Joomla! CMS that provides ecommerce functionality. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_expshop" component before using it in an SQL query. EXP Shop version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29869
  • 08.26.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PageSquid CMS "index.php" SQL Injection
  • Description: PageSquid CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "page" parameter of "index.php" before using it in an SQL query. PageSquid CMS version 0.3 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/29870
  • 08.26.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: sHibby sHop "default.asp" SQL Injection
  • Description: sHibby sHop is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "sayfa" parameter of "default.asp" before using it in an SQL query. sHibby sHop version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29875
  • 08.26.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CCleague Pro "u" Cookie Parameter SQL Injection
  • Description: CCleague Pro is a web-based application for managing sports teams. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "u" cookie parameter before using it in an SQL query. CCleague Pro versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29876
  • 08.26.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IGSuite "formid" Parameter SQL Injection
  • Description: IGSuite is a groupware application. It is available for Linux and Windows platforms. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "formid" parameter of "cgi-bin/igsuite" script before using it in an SQL query. IGSuite version 3.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29879
  • 08.26.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HoMaP-CMS "index.php" SQL Injection
  • Description: HoMaP-CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "go" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29897
  • 08.26.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Relative Real Estate Systems "listing_id" Parameter SQL Injection
  • Description: Relative Real Estate Systems is a web-based, real estate application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "listing_id" parameter of the "index.php" script when the "go" parameter is set to "listing". Relative Real Estate Systems version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29915
  • 08.26.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ShareCMS Multiple SQL Injection Vulnerabilities
  • Description: ShareCMS is a content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. ShareCMS version 0.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/29916
  • 08.26.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DUcalendar "detail.asp" SQL Injection
  • Description: DUcalendar is an event calendar application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "iEve" parameter of the "detail.asp" script. DUcalendar version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29919
  • 08.26.82 - CVE: Not Available
  • Platform: Web Application
  • Title: nweb2fax Multiple Remote Vulnerabilities
  • Description: nweb2fax is a PHP-based application for sending faxes. The application is exposed to multiple remote issues, including command execution and directory traversal issues, because the application fails to properly sanitize user-supplied input. nweb2fax versions 0.2.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29804
  • 08.26.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal TrailScout Module SQL Injection and HTML Injection Vulnerabilities
  • Description: TrailScout is a module for Drupal to display last visited pages as breadcrumbs. TrailScout is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. TrailScout versions prior to 5.x-1.4 are affected.
  • Ref: http://drupal.org/node/272191
  • 08.26.84 - CVE: Not Available
  • Platform: Web Application
  • Title: eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities
  • Description: eLineStudio Site Composer is a content manager. The application is exposed to multiple input validation issues. eLineStudio Site Composer version 2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493473
  • 08.26.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities
  • Description: Academic Web Tools CMS is content management system. The application is exposed to multiple input validation issues. Academic Web Tools CMS version 1.4.2.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493472
  • 08.26.86 - CVE: Not Available
  • Platform: Web Application
  • Title: OwnRS "clanek.php" Multiple Input Validation Vulnerabilities
  • Description: OwnRS is a content manager. Since it fails to adequately sanitize user-supplied data, the application is exposed to multiple input validation issues affecting the "id" parameter of the "clanek.php" script. OwnRS beta version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/29818
  • 08.26.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Orlando CMS classes "GLOBALS["preloc"]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Orlando CMS classes is a set of PHP classes for building content managers. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "GLOBALS["preloc"]" parameter of the "/modules/core/logger/init.php" and "/AJAX/newscat.php" scripts. Orlando CMS classes version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29820
  • 08.26.88 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
  • Description: The TARGET-E WorldCup Bets is a web-based betting application extension for TYPO3. The extension is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied data. These issues include unspecified cross-site scripting and SQL injection vulnerabilities. TARGET-E WorldCup Bets version 2.0.0 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.89 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar "tools/send_reminders.php" Remote File Include
  • Description: WebCalendar is a web-based calendar application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "includedir" parameter of the "tools/send_reminders.php" script. WebCalendar version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29783
  • 08.26.90 - CVE: Not Available
  • Platform: Web Application
  • Title: ManageEngine OpUtils "hostName" HTML Injection
  • Description: ManageEngine OpUtils is a web-based network management application. The application is exposed to an HTML injection issue because it fails to sanitize user-supplied input to the "hostName" parameter of the "MainLayout.do" script. ManageEngine OpUtils version 5 is affected.
  • Ref: http://www.securityfocus.com/bid/29785
  • 08.26.91 - CVE: CVE-2008-2557
  • Platform: Web Application
  • Title: CRE Loaded Multiple HTML Injection Vulnerabilities
  • Description: CRE Loaded is a web-based ecommerce application. The application is exposed to multiple unspecified HTML injection issues that affect the "Links" and "Links Submit" pages because it fails to sufficiently sanitize user-supplied data. CRE Loaded versions 6.2.13.1 and earlier are affected.
  • Ref: http://oscommerceuniversity.com/lounge/index.php?topic=249.0
  • 08.26.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Exero CMS "theme" Parameter Multiple Local File Include Vulnerabilities
  • Description: Exero CMS is a content management system. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input. Exero CMS versions 1.0.0 and 1.0.1 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=607502
  • 08.26.93 - CVE: Not Available
  • Platform: Web Application
  • Title: doITlive CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: doITlive CMS is a content manager implemented in ASP. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied data. doITlive CMS version 2.50 is affected.
  • Ref: http://www.securityfocus.com/bid/29789
  • 08.26.94 - CVE: Not Available
  • Platform: Web Application
  • Title: aspWebCalendar "calendar_admin.asp" Arbitrary File Upload
  • Description: aspWebCalendar is a web-based scheduling application implemented in ASP. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the form of file extensions to the "calendar_admin.asp" script. aspWebCalendar 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/29795
  • 08.26.95 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation
  • Description: nepa-design.de Spam Protection is an extension for TYPO3 that is designed to mitigate spam email. The extension is exposed to an issue that results in the manipulation of external settings. nepa-design.de Spam Protection version 0.1.3 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.96 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Frontend Filemanager Extension Unspecified Code Execution
  • Description: The Frontend Filemanager extension adds file management capabilities to TYPO3. The application is exposed to an unspecified code execution issue. Frontend Filemanager versions prior to 0.6.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
  • 08.26.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Lotus Core CMS "phpbb_root_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Lotus Core CMS is an application to create web sites. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter of the "system/plugins/index.php" and "system/plugins/error/404.php" scripts. Lotus Core CMS version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29838
  • 08.26.98 - CVE: Not Available
  • Platform: Web Application
  • Title: EZTechhelp Company EZCMS Multiple Unspecified Vulnerabilities
  • Description: EZCMS is a PHP-based content manager. The application is exposed to multiple issues including an SQL injection issue and unspecified issues affecting the application's "News manager", "Calendar", and "Contact form manager". EZCMS versions 1.2 and earlier are affected.
  • Ref: http://ezcms.eztechhelp.com/index.php?page=3&nid=27
  • 08.26.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Virtual Support Office-XP Multiple Remote Vulnerabilities
  • Description: Virtual Support Office-XP is a web-based help desk application implemented in ASP. The application is exposed to multiple remote issues. Virtual Support Office-XP versions 3.0.29 and 3.0.27 are affected.
  • Ref: http://www.securityfocus.com/bid/29841
  • 08.26.100 - CVE: Not Available
  • Platform: Web Application
  • Title: FireAnt "index.php" Local File Include
  • Description: FireAnt is a PHP-based media player designed for internet TV. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. FireAnt version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29843
  • 08.26.101 - CVE: Not Available
  • Platform: Web Application
  • Title: IPTBB "act" Parameter Local File Include
  • Description: IPTBB is a web-based bulletin board application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "act" parameter of the "index.php" script. IPTBB version 0.5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/29845
  • 08.26.102 - CVE: Not Available
  • Platform: Web Application
  • Title: FubarForum "index.php" Local File Include
  • Description: FubarForum is a PHP-based web forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. FubarForum version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29847
  • 08.26.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Lightweight News Portal Multiple Input Validation and Authentication Bypass Vulnerabilities
  • Description: Lightweight news portal is a PHP-based content manager. The application is exposed to multiple issues. Attackers can leverage these issues to have arbitrary HTML or script code execute in the context of the affected site, or access certain administrative functions. Lightweight news portal version 1.0b is affected.
  • Ref: http://www.securityfocus.com/bid/29848
  • 08.26.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Diigo Toolbar and Diigolet Comment Feature HTML Injection and Information Disclosure Vulnerabilities
  • Description: Diigo Toolbar and Diigolet are browser plugins for Firefox and Internet Explorer. The plugins interface with the Diigo social networking service. The plugins are exposed to a cross-site scripting issue and an information disclosure issue. The HTML injection issue occurs because Diigo Toolbar fails to adequately sanitize user-supplied input to the shared comment feature.
  • Ref: http://www.securityfocus.com/archive/1/493531
  • 08.26.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Jamroom "purchase.php" Remote File Include
  • Description: Jamroom is a web-based content management system for artists. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "jamroom[jm_dir]" parameter of the "include/plugins/jrBrowser/purchase.php" script. Jamroom version 3.3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29854
  • 08.26.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Aprox CMS Engine "index.php" Local File Include
  • Description: Aprox CMS Engine is a content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Aprox CMS Engine version 5.1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29860
  • 08.26.107 - CVE: Not Available
  • Platform: Web Application
  • Title: IDMOS "site_absolute_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: IDMOS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. IDMOS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29868
  • 08.26.108 - CVE: Not Available
  • Platform: Web Application
  • Title: le.cms "admin/upload.php" Arbitrary File Upload
  • Description: le.cms is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input containing file extensions to the "admin/upload.php" script. le.cms versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29867
  • 08.26.109 - CVE: Not Available
  • Platform: Web Application
  • Title: CCleague Pro "type" Cookie Parameter Authentication Bypass
  • Description: CCleague Pro is a web-based application for managing sports teams. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. CCleague Pro versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29871
  • 08.26.110 - CVE: Not Available
  • Platform: Web Application
  • Title: le.cms "submit0" Parameter Authentication Bypass
  • Description: le.cms is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input. le.cms versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29872
  • 08.26.111 - CVE: Not Available
  • Platform: Web Application
  • Title: RSS-aggregator "display.php" Remote File Include
  • Description: RSS-aggregator is a web-based application that is used to display several different RSS feeds on a Web page. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter of the "display.php" script.
  • Ref: http://www.securityfocus.com/bid/29873
  • 08.26.112 - CVE: Not Available
  • Platform: Web Application
  • Title: MiGCMS Multiple Remote File Include Vulnerabilities
  • Description: MiGCMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[application][app_root]" parameter of the following scripts: "collection.class.php" and "content_image.class.php". MiGCMS version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29874
  • 08.26.113 - CVE: Not Available
  • Platform: Web Application
  • Title: HoMaP "plugin_admin.php" Remote File Include
  • Description: HoMaP is a web-based content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "_settings[pluginpath]" parameter of the "plugin_admin.php" script. HoMaP version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29877
  • 08.26.114 - CVE: Not Available
  • Platform: Web Application
  • Title: phpDMCA Multiple Remote File Include Vulnerabilities
  • Description: phpDMCA is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "ourlinux_root_path" parameter of the following scripts: "adodb-errorpear.inc.php" and "adodb-pear.inc.php". phpDMCA version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29880
  • 08.26.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Open Digital Assets Repository System Remote File Include
  • Description: Open Digital Assets Repository System (ODARS) is a web-based content and asset management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "CLASSES_ROOT=[SHELL]" parameter of the "resource_categories_view.php" script. ODARS version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29881
  • 08.26.116 - CVE: Not Available
  • Platform: Web Application
  • Title: benja CMS Multiple Input Validation and Unauthorized Access Vulnerabilities
  • Description: benja CMS is a PHP-based content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, have arbitrary script code execute in the context of the application, or to access administrative scripts. benja CMS version 0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493568
  • 08.26.117 - CVE: Not Available
  • Platform: Web Application
  • Title: J00lean-CMS "includes/classes/page.php" Unspecified Remote Vulnerability
  • Description: J00lean-CMS is a PHP-based content manager. The application is exposed to an unspecified issue that occurs in the "includes/classes/page.php" script. J00lean-CMS version 1.03 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=608171
  • 08.26.118 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Mini "view/index.php" Multiple Local File Include Vulnerabilities
  • Description: CMS Mini is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "path" and "p" parameters of the "view/index.php" script. CMS Mini version 0.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29890
  • 08.26.119 - CVE: Not Available
  • Platform: Web Application
  • Title: CMReams Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: CMReams is a content management application. The application is exposed to multiple input validation issues. CMReams version 1.3.1.1beta 2 is affected.
  • Ref: http://www.securityfocus.com/bid/29891
  • 08.26.120 - CVE: Not Available
  • Platform: Web Application
  • Title: emuCMS "upload.php" Arbitrary File Upload
  • Description: emuCMS is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input to the "NewFile" parameter of the "/admin/FCKeditor/editor/filemanager/upload/php/upload.php" script. emuCMS version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29892
  • 08.26.121 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogPHP "email" Parameter Privilege Escalation
  • Description: BlogPHP is a PHP-based blogging application. The application is exposed to a privilege escalation issue because it fails to adequately sanitize user-supplied input to the "email" parameter during user registration. BlogPHP version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29898
  • 08.26.122 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: MyBlog is a PHP-based Blog/CMS application. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/29900
  • 08.26.123 - CVE: CVE-2008-2827
  • Platform: Web Application
  • Title: Joomla! and Mambo FacileForms Component "ff_compath" Parameter rEmote File Include
  • Description: FacileForms is a PHP-based form creation component for the Mambo and Joomla! content managers. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "ff_compath" parameter of the "com_facileforms/facileforms.frame.php" script. FacileForms version 1.4.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29904
  • 08.26.124 - CVE: Not Available
  • Platform: Web Application
  • Title: Dagger "skins/default.php" Remote File Include
  • Description: Dagger is a content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "dir_inc" parameter of the "skins/default.php" script.
  • Ref: http://www.securityfocus.com/bid/29906
  • 08.26.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Ourvideo CMS Multiple Input Validation Vulnerabilities
  • Description: Ourvideo CMS is a media content manager. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. Ourvideo CMS version 9.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29909
  • 08.26.126 - CVE: Not Available
  • Platform: Web Application
  • Title: cmsWorks "lib.module.php" Remote File Include
  • Description: cmsWorks is a content management solution. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mod_root" parameter of the "admin/include/lib.module.php/lib.module.php" script. cmsWorks version 2.2 RC4 is affected.
  • Ref: http://www.securityfocus.com/bid/29911
  • 08.26.127 - CVE: Not Available
  • Platform: Web Application
  • Title: cmsWorks "config.php" Arbitrary File Upload
  • Description: cmsWorks is a web-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the form of file extensions to the "path/admin/include/FCKeditor/editor/filemanager/browser/mcpuk/ connectors/php/config.php" script. cmsWorks version 2.2 RC4 is affected.
  • Ref: http://www.securityfocus.com/bid/29914
  • 08.26.128 - CVE: Not Available
  • Platform: Web Application
  • Title: A+ PHP Scripts News Management System Multiple Input Validation Vulnerabilities
  • Description: A+ PHP Scripts News Management System is a web-based application. The application is exposed to multiple input validation issues. News Management System version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29912
  • 08.26.129 - CVE: Not Available
  • Platform: Web Application
  • Title: Php F1 Max's Image Uploader "index.php" Arbitrary File Upload
  • Description: Max's Image Uploader is a PHP-based web application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied files uploaded via the "index.php" script.
  • Ref: https://vuln.intranet.qualys.com:8443/sans/edit.php?id=26.50

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS is hands down the best bang for the buck available, no one else even comes close!
-Derek Masseth, University of Arizona

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd