Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 27
July 3, 2008

SANS Newsletters Home

Firefox, Apple OS-X and Microsoft's GP (Great Plains) accounting software all are on the "critical" list this week. Lower down the list you'll also find more than 90 new vulnerabilities in commercial web applications. How many critical vulnerabilities do you think there are in the web applications your programmers are writing? Do you know? Is it time to find out? Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 3 (#1)
    • Third Party Windows Apps
    • 4
    • Mac Os
    • 1 (#2)
    • Linux
    • 6
    • Solaris
    • 1
    • Unix
    • 1
    • Cross Platform
    • 17 (#3, #4, #5)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 38
    • Web Application
    • 43
    • Network Device
    • 2

************************** Sponsored By SANS ****************************

The Virtualization Security Summit August 7-8 is a user-to-user, non-commercial conference on What Works in Virtualization Security. It is the only place where you can learn about the strengths and weaknesses of competing virtualization technologies and where users share the lessons they learned about how to make virtual environments secure. http://www.sans.org/info/30533

*************************************************************************

TRAINING SCHEDULE UPDATE - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/sansfire08/ - - Canberra (6/30-7/5) http://www.sans.org/canberra08/ - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ - - Boston (8/9-8/17) http://www.sans.org/boston08/ - - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/ Plus 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
  • Affected:
    • Apple Mac OS X versions prior to 10.5.4

  • Description: Apple Mac OS X contains multiple vulnerabilities in several of its subsystems. Impact from successfully exploiting these vulnerabilities range from remote code execution with the privileges of the current user to denials-of-service. Flaws are also present in the WebKit framework, used by several applications on Mac OS X to render HTML content. These applications include Safari and Mail. This security update also addresses several vulnerabilities discovered in third party applications bundled with the operating system. The WebKit vulnerability was discussed in a previous edition of @RISK.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Multiple Mozilla Firefox, Thunderbird, and SeaMonkey Vulnerabilities
  • Affected:
    • Mozilla Firefox versions prior to 3.0
    • Mozilla Thunderbird versions 2.x
    • Mozilla SeaMonkey versions prior 1.1.10

  • Description: Several vulnerabilities have been discovered in code shared among the Mozilla Firefox, Thunderbird, and SeaMonkey products. Flaws in the handling of web page layout, JavaScript scripts, Mozilla chrome, and other input can result in crashes. At least some of these crashes are believed to be exploitable for remote code execution with the privileges of the current user. Full technical details for these vulnerabilities are available via source code analysis. Note that Thunderbird is not believed vulnerable in its default configuration.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Opera Remote Multiple Vulnerabilities
  • Affected:
    • Opera versions prior to 9.51

  • Description: Opera is a popular cross-platform web browser and internet application suite. It contains an undisclosed vulnerability in its handling of input that can result in arbitrary code execution with the privileges of the current user. Additionally, several information disclosure vulnerabilities were discovered. Note that some reports indicate that only the version of Opera for Microsoft Windows is vulnerable.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) HIGH: VideoLAN Client WAV File Handling Integer Overflow
  • Affected:
    • VideoLAN Client (VLC) versions prior to 0.8.6i

  • Description: VideoLAN Client (VLC) is a popular cross-platform media player application. It contains a vulnerability in its handling of WAV format sound files. A specially crafted WAV file could trigger this vulnerability, leading to an integer overflow. Successfully exploiting this integer overflow could result in arbitrary code execution with the privileges of the current user. Note that, depending upon configuration, WAV files may be opened by the vulnerable application without first prompting the user. Full technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 27, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.27.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "location" and "location.href" Cross Domain Security Bypass
  • Description: Microsoft Internet Explorer is a web browser application available for Microsoft Windows. The application is exposed to a cross-domain security bypass issue because the application fails to enforce the same-origin policy.
  • Ref: http://www.cert.org/advisories/CA-2000-02.html
  • 08.27.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Frame Location Cross Domain Security Bypass
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The application is exposed to a cross-domain scripting security bypass issue because the application fails to properly enforce the same-origin policy. Internet Explorer versions 6, 7, and 8 Beta 1 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/516627
  • 08.27.3 - CVE: CVE-2006-5266, CVE-2006-5265
  • Platform: Other Microsoft Products
  • Title: Microsoft Dynamics GP Denial of Service and Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Microsoft Dynamics GP (known previously as Great Plains) is an ERP/CRM solution. The application is exposed to multiple remote buffer overflow issues affecting the application's accounting software. Microsoft Dynamics GP versions prior to 10.0 are affected.
  • Ref: http://xforce.iss.net/xforce/xfdb/25844
  • 08.27.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: 5th street "dx8render.dll" Format String Vulnerability
  • Description: 5th street is a music and dance game. The application is exposed to a format string issue because it does not sanitize user-supplied input before passing it as format-string specifiers to the "vsnwprintf()" function in the "dx8render.dll" module.
  • Ref: http://www.securityfocus.com/archive/1/493649
  • 08.27.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UUSee UUUpgrade ActiveX Control "Update" Method Arbitrary File Download
  • Description: UUSee is a client application for viewing media over the internet from UUSee.com. The application is exposed to an issue that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. UUSee version 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/29962
  • 08.27.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: S.T.A.L.K.E.R Shadow of Chernobyl Multiple Remote Vulnerabilities
  • Description: S.T.A.L.K.E.R Shadow of Chernobyl is a first player shooting game developed by GSC Game World. The application is exposed to multiple remote issues. S.T.A.L.K.E.R Shadow of Chernobyl version 1.0006 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493765
  • 08.27.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Soldner Secret Wars Endless Loop Remote Denial of Service
  • Description: Soldner is a tactical military game developed by Wings Simulations. The game is exposed to a remote denial of service issue because it fails to handle malformed UDP packets. Soldner versions 33724 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/493810
  • 08.27.8 - CVE: CVE-2008-2308, CVE-2008-2309, CVE-2008-2310,CVE-2008-2314, CVE-2008-2311, CVE-2008-2313
  • Platform: Mac Os
  • Title: Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update 2008-004 and Mac OS X/Mac OS X Server 10.5.4. The security update addresses a total of 6 new vulnerabilities that affect the Alias Manager, CoreTypes, c++filt, Dock, Launch Services, and System Configuration components of Mac OS X.
  • Ref: http://support.apple.com/kb/HT2163
  • 08.27.9 - CVE: CVE-2008-0598
  • Platform: Linux
  • Title: Linux Kernel 32-bit/64bit Emulation Local Information Disclosure
  • Description: The Linux kernel is exposed to an information disclosure issue. This issue occurs in the Linux kernel 32-bit and 64-bit emulations.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0519.html
  • 08.27.10 - CVE: CVE-2008-2729
  • Platform: Linux
  • Title: Linux Kernel Memory Copy Exception Local Information Disclosure
  • Description: The Linux kernel is exposed to an information disclosure issue. Specifically, this issue arises because destination memory locations are not zeroed out following a failed copy operation. Linux kernel versions prior to 2.6.19 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0508.html
  • 08.27.11 - CVE: CVE-2008-2365
  • Platform: Linux
  • Title: Linux Kernel ptrace Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue due to a race condition affecting "ptrace_attach()". The issue occurs when process traces are performed on processes that can not be attached to.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0508.html
  • 08.27.12 - CVE: Not Available
  • Platform: Linux
  • Title: NASM Multiple Buffer Overflow Vulnerabilities
  • Description: The Netwide Assembler (NASM) is an 80x86 and x86-64 assembler. NASM is exposed to multiple unspecified buffer overflow issues because the software fails to properly bounds check on user-supplied data when parsing the code that uses the "EQU" instruction. The issues affect NASM versions prior to 2.03.01.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=452800
  • 08.27.13 - CVE: Not Available
  • Platform: Linux
  • Title: Gnome Evolution "html_engine_get_view_width()" Denial of Service
  • Description: Gnome Evolution is an email, address book, and calendar application for users of the GNOME desktop. Evolution is exposed to a denial of service issue that occurs in the "html_engine_get_view_width()" function when handling emails that contain specially-crafted HTML. Evolution version 2.22.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493686
  • 08.27.14 - CVE: CVE-2008-2826
  • Platform: Linux
  • Title: Linux kernel "sctp_getsockopt_local_addrs_old()" function Local Buffer Overflow
  • Description: Linux kernel is exposed to a local buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "sctp_getsockopt_local_addrs_old()" function.
  • Ref: http://www.securityfocus.com/bid/29990
  • 08.27.15 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Unspecified "snmpXdmid(1M)" Remote Denial of Service
  • Description: The "snmpXdmid(1M)" utility is a subagent in the Solstice Enterprise Agent Desktop Management Interface package. This utility is exposed to an unspecified denial of service issue because of an unspecified issue in the Solstice Enterprise SNMP-DMI mapper subagent daemon ("snmpXdmid(1M)"). Solaris 8, 9, and 10 operating systems are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237985-1
  • 08.27.16 - CVE: Not Available
  • Platform: Unix
  • Title: GNOME Rhythmbox Malformed Playlist File Denial of Service
  • Description: GNOME Rhythmbox is a freely-available music management application, similar to Apple's iTunes, for Unix-based platforms. The application is exposed to a remote denial of service issue because it fails to adequately verify user-supplied input. GNOME Rhythmbox version 0.11.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493809
  • 08.27.17 - CVE: CVE-2008-2062, CVE-2008-2730
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager RIS Data Collector Service Authentication Bypass
  • Description: Cisco Unified Communications Manager (CUCM) is a component of Cisco IP Telephony that provides enterprise-level call processing and features. The application is exposed to an authentication bypass issue that affects the Real-Time Information Server data collector service. CUCM is exposed to an authentication bypass issue that affects the Real-Time Information Server (RIS) Data Collector service. Ref: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a00809b9017.html
  • 08.27.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DC++ NULL Pointer Remote Denial of Service
  • Description: DC++ is a peer-to-peer client that uses the Advanced Direct Connect (ADC) file-sharing protocol. The application is exposed to a remote denial of service issue because it fails to handle NULL-pointer exceptions caused by partial file list requests. DC++ versions up to and including 0.706 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287
  • 08.27.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM AFP Viewer Plugin "SRC" Property Heap-Based Buffer Overflow
  • Description: The IBM AFP Viewer plugin allows AFP files to be viewed using a web browser. The applications are all vulnerable to a heap-based buffer overflow issue because the software fails to properly bounds check user-supplied input in malicious AFP files. IBM AFP Viewer versions 2.0.7.1 and 3.2.1.1 are affected. Ref: http://www-1.ibm.com/support/docview.wss?rs=95&context=SRNPPZ&q=psd1*&uid=psd1P4000233
  • 08.27.20 - CVE: CVE-2008-2061
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager CTI Service Denial of Service
  • Description: Cisco Unified Communications Manager (CUCM) is a software-based call-processing component of the Cisco IP telephony solution. The application is exposed to a denial of service issue when handling malformed input. This issue affects the Computer Telephony Integration (CTI) Manager service. Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,64/_cursor,49/_total,94/tableid,1/
  • 08.27.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Pidgin MSN Protocol File Name Denial of Service
  • Description: Pidgin is a chat client available for multiple operating systems. The application is exposed to a denial of service issue when handling files sent via the MSN protocol. The vulnerability occurs in the "msn_sliplink_process_msg()" function. Pidgin version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493682
  • 08.27.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released multiple advisories regarding security issues in Firefox versions 2.0.0.14 and earlier. Exploiting these issues can allow attackers to steal authentication credentials, obtain potentially sensitive information, bypass security restrictions, crash the application, upload arbitrary files, execute scripts with elevated privileges, potentially execute arbitrary code, and compromise the browser. Other attacks are also possible. Ref: http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
  • 08.27.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Malformed JPEG File Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue because it fails to handle malformed JPEG files. Mozilla FireFox version 3 running on Ubuntu Linux 8.04 is affected.
  • Ref: http://www.securityfocus.com/bid/29984
  • 08.27.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
  • Description: Pidgin is a chat client available for multiple operating systems. The application is exposed to multiple denial of service issues affecting the UPnP and Jabber protocols. Pidgin version 2.0.0 is affected.
  • Ref: http://crisp.cs.du.edu/?q=ca2007-1
  • 08.27.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution
  • Description: Sun Java System Access Manager is an application for managing secure access to web applications. It was formerly called Sun Java System Identity Server. The application is exposed to an unspecified remote code execution issue that occurs when processing XSLT stylesheets contained in XML Signatures.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201538-1
  • 08.27.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AceFTP "LIST" Command Directory Traversal
  • Description: AceFTP is an File Transfer Protocol application for multiple operating systems. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. AceFTP Freeware version 3.80.3 is affected.
  • Ref: http://vuln.sg/aceftp3803-en.html
  • 08.27.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yukihiro Matsumoto Ruby "rb_ary_fill()" Remote Denial Of Service
  • Description: Yukihiro Matsumoto Ruby is an object-oriented scripting language. Ruby is exposed to a remote denial of service issue. An integer overflow in "rb_ary_fill()" can be exploited to cause denial of service conditions in affected applications. The problem occurs due to a lack of sanity checking on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/493829
  • 08.27.28 - CVE: CVE-2008-2954
  • Platform: Cross Platform
  • Title: DC++ Private Message Remote Denial of Service
  • Description: DC++ is a peer-to-peer client that uses the Advanced Direct Connect (ADC) file-sharing protocol. DC++ is exposed to a remote denial of service issue because it fails to handle empty private messages properly in "client/NmdcHub.cpp". DC++ versions 0.706 and earlier are affected. Ref: http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date
  • 08.27.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail IMAP Service "APPEND" Command Remote Buffer Overflow
  • Description: SurgeMail IMAP Service is a mail server. The application is affected by a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized buffer. SurgeMail IMAP Service version 3.9e is affected.
  • Ref: http://www.securityfocus.com/bid/30000
  • 08.27.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Directory Server Adding "ibm-globalAdminGroup" Entry Denial of Service
  • Description: IBM Tivoli Direcory Server is an LDAP-based identity management application. The application is exposed to a denial of service issue because the server contains a double-free error. Tivoli Directory Server versions 6.1.0.0 through 6.1.0.15 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113
  • 08.27.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenLDAP BER Decoding Remote Denial of Service
  • Description: OpenLDAP is an implementation of the Lightweight Directory Access Protocol (LDAP). The application is exposed to a remote denial of service issue. OpenLDAP version 2.3.41 is affected.
  • Ref: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
  • 08.27.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark 1.0.0 Multiple Vulnerabilities
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. The application is exposed to multiple issues when handling certain types of packets and protocols in varying conditions. Wireshark versions 0.9.5 up to and including 1.0.0 are affected.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2008-03.html
  • 08.27.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GraphicsMagick Multiple Denial of Service Vulnerabilities
  • Description: GraphicsMagick is an image-processing application available for multiple platforms. It was originally derived from ImageMagick 5.5.2. GraphicsMagick versions prior to 1.2.4 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=610253
  • 08.27.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Novell GroupWise WebAccess Simple Interface Cross-Site Scripting
  • Description: Novell GroupWise WebAccess is a secure, mobile option for GroupWise collaboration software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the simple interface. Novell GroupWise WebAccess versions 7.0.x are affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html
  • 08.27.35 - CVE: CVE-2008-2462
  • Platform: Web Application - Cross Site Scripting
  • Title: Caucho Technology Resin Viewfile "file" Parameter Cross-Site Scripting
  • Description: Caucho Technology Resin is an open-source application server available for multiple operating platforms; it is implemented in Java. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Resin versions prior to 3.0.25 and 3.1.4 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/305208
  • 08.27.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Commtouch Anti-Spam Enterprise Gateway "PARAMS" Parameter Cross-Site Scripting
  • Description: Commtouch Anti-Spam Enterprise Gateway is a network device designed to mitigate spam email. The device employs an ASP-based web console for users to manage spam rules and blocked messages. The device is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "PARAMS" parameter of the "/AntiSpamGateway/UPM/English/login/login.asp" script. Commtouch Anti-Spam Enterprise Gateway versions 4 and 5 are affected.
  • Ref: http://www.securityfocus.com/bid/29957
  • 08.27.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting
  • Description: phpMyAdmin is a third party extension for the TYPO3 content management system. phpMyAdmin is not a part of the TYPO3 default installation. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. phpMyAdmin extension versions prior to 3.2.0 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/
  • 08.27.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PolyPager "nr" Parameter Cross-Site Scripting
  • Description: PolyPager is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. The issue affects the "nr" parameter. PolyPager versions 1.0rc2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29975
  • 08.27.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yasna Yazd Discussion Forum Multiple Cross-Site Scripting Vulnerabilities
  • Description: Yazd Discussion Forum is a Java-based online forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29980
  • 08.27.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Cybozu Garoon Session Fixation and Cross-Site Scripting Vulnerabilities
  • Description: Cybozu Garoon is a workgroup collaboration suite. It is available for Linux, Solaris, and Microsoft Windows. The application is exposed to multiple issues. Cybozu Garoon versions 2.1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29981/info
  • 08.27.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Address Directory Unspecified Cross-Site Scripting
  • Description: Address Directory is a third party extension for the TYPO3 content management system. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Address Directory versions 0.2.10 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 WEC Discussion Forum Security Bypass and Multiple Cross-Site Scripting Vulnerabilities
  • Description: WEC Discussion Forum is a third party extension for the TYPO3 content management system. WEC Discussion Forum is not a part of the TYPO3 default installation. The application is exposed to multiple input-validation issues because it fails to sufficiently sanitize user-supplied input. WEC Discussion Forum versions prior to 1.6.3 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/
  • 08.27.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Send-A-Card Multiple Cross-Site Scripting Vulnerabilities
  • Description: Send-A-Card is a third party extension for the TYPO3 content management system. Send-A-Card is not a part of the TYPO3 default installation. The application is exposed to multiple unspecified cross-site scripting issues because it fails to sanitize user-supplied input. Send-A-Card versions prior to 2.2.4 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/
  • 08.27.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Articles Component "artid" Parameter SQL Injection
  • Description: Articles is a plugin that provides content-posting functionality for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter before using it in an SQL query when the "option" attribute is set to "articles" and the "task" action is set to "viewarticle".
  • Ref: http://www.securityfocus.com/bid/29936
  • 08.27.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyPHP CMS "pages.php" SQL Injection
  • Description: MyPHP CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "pid" parameter of "pages.php" before using it in an SQL query. MyPHP CMS version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29940
  • 08.27.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TOKOKITA Multiple SQL Injection Vulnerabilities
  • Description: TOKOKITA is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/29920
  • 08.27.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Viral DX 1 "adclick.php" SQL Injection
  • Description: Viral DX 1 is marketing software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bannerid" parameter of the "adclick.php" script. Viral DX version 1 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/29921
  • 08.27.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Link ADS 1 "out.php" SQL Injection
  • Description: Link ADS 1 is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "linkid" parameter of "out.php" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29923
  • 08.27.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softbiz Jokes and Funny Pictures Script "sbjoke_id" Parameter SQL Injection
  • Description: Jokes and Funny Pictures from Softbiz is a web-based script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sbjoke_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29931
  • 08.27.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webdevindo-CMS "hal" Parameter SQL Injection
  • Description: Webdevindo-CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "hal" parameter of "index.php" before using it in an SQL query. Webdevindo-CMS version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29930
  • 08.27.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Codeon Petition Extension Unspecified SQL Injection
  • Description: Codeon Petition is a third-party extension for the TYPO3 content manager. Codeon Petition is not a part of the TYPO3 default installation. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 Codeon Petition extension versions 0.0.2 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Support view Extension SQL Injection
  • Description: Support view is a third-party extension for the TYPO3 content manager. Support view is not a part of the TYPO3 default installation. The application is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 Support view extension versions 0.0.102 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EfesTECH Shop "cat_id" Parameter SQL Injection
  • Description: EfesTECH Shop is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "default.asp" script before using it in an SQL query. EfesTECH Shop version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30044
  • 08.27.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Branchenbuch Extension Unspecified SQL Injection
  • Description: Branchenbuch is an extension for the TYPO3 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 Branchenbuch versions up to and including 0.8.1 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: plx Ad Trader "ad.php" SQL Injection
  • Description: plx Ad Trader is a web-based content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "adid" parameter of the "ad.php" script before using it in an SQL query. plx Ad Trader version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30046
  • 08.27.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPmotion SQL Injection and Arbitrary File Upload Vulnerabilities
  • Description: PHPmotion is a web-based application. The application is prone to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. PHPmotion versions 2.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29949
  • 08.27.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: nBill Joomla! and Mambo Component SQL Injection
  • Description: nBill is a billing component for the Joomla! and Mambo content management systems. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "com_netinvoice" component before using it in an SQL query. nBill version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29951
  • 08.27.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Riddles Complete Website "riddle.php" SQL Injection
  • Description: EasySiteNetwork Riddles Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "riddleid" parameter of "riddle.php" before using it in an SQL query. Riddles Complete Website version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29966
  • 08.27.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Tips Complete Website "tip.php" SQL Injection
  • Description: EasySiteNetwork Tips Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "tipid" parameter of "tip.php" before using it in an SQL query. Tips Complete Website version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29969
  • 08.27.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Jokes Complete Website "joke.php" SQL Injection
  • Description: EasySiteNetwork Jokes Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "jokeid" parameter of "joke.php" before using it in an SQL query. Jokes Complete Website version 2.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/29968
  • 08.27.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Drinks Complete Website "drink.php" SQL Injection
  • Description: EasySiteNetwork Drinks Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "drinkid" parameter of "drink.php" before using it in an SQL query. Drinks Complete Website version 2.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29969
  • 08.27.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Cheats Complete Website "item.php" SQL Injection
  • Description: EasySiteNetwork Cheats Complete Website is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "itemid" parameter of "item.php" before using it in an SQL query. Cheats Complete Website version 1.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29970
  • 08.27.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PolyPager "nr" Parameter SQL Injection
  • Description: PolyPager is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "nr" parameter before using it in an SQL query. PolyPager versions 1.0rc2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/29972
  • 08.27.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eTicket "pri" Parameter Multiple SQL Injection Vulnerabilities
  • Description: eTicket is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "pri" parameter. eTicket version 1.5.7 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html
  • 08.27.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Kroax Module "category" Parameter SQL Injection
  • Description: Kroax is a module for the PHP-Fusion content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "kroax.php" script. Kroax versions up to and including 4.42 are affected.
  • Ref: http://www.securityfocus.com/bid/29976
  • 08.27.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo jabode "id" Parameter SQL Injection
  • Description: jabode is a horoscope component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_jabode" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29994
  • 08.27.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "classifieds/classifieds.php" SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "lid" parameter of the "classifieds/classifieds.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29995
  • 08.27.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SePortal "poll.php" SQL Injection
  • Description: SePortal is a web portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "poll_id" parameter of the "poll.php" script before using it in an SQL query. SePortal version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29996
  • 08.27.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sisplet CMS "index.php" SQL Injection
  • Description: Sisplet CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script before using it in an SQL query. Sisplet CMS version 2008-01-24 is affected.
  • Ref: http://www.securityfocus.com/bid/30032
  • 08.27.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VanGogh CMS "get_article.php" SQL Injection
  • Description: VanGogh CMS is a web-based content management system. The application is prone to an SQL injection issue because it fails to properly sanitize user-supplied input to the "article_ID" parameter of the "get_article.php" script before using it in an SQL query. VanGogh CMS version 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/30033
  • 08.27.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Talking Birds eSHOP100 "index.php" SQL Injection
  • Description: eSHOP100 is a web-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "SUB" parameter of "index.php" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30002
  • 08.27.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SebracCMS Multiple SQL Injection Vulnerabilities
  • Description: SebracCMS is a web-based content management system. The application is exposed to multiple SQL injection issues. The application fails to sufficiently sanitize user-supplied input to the following script and parameter: "read.php": "recid". SebracCMS versions 0.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30003
  • 08.27.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Online Booking Manager "checkavail.php" SQL Injection
  • Description: Online Booking Manager is a web-based booking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of the "checkavail.php" script before using it in an SQL query. Online Booking Manager version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30004
  • 08.27.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_beamospetition" Component "pet" Parameter SQL Injection
  • Description: "com_beamospetition" is a petition component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pet" parameter of the "com_beamospetition" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30005
  • 08.27.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Acmlmboard "memberlist.php" SQL Injection
  • Description: Acmlmboard is a web-based forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "pow" parameter of the "memberlist.php" script before using it in an SQL query. Acmlmboard version 1.A2 is affected.
  • Ref: http://www.milw0rm.com/exploits/5969
  • 08.27.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Catviz "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Catviz is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "webpage" and "foreign_key_value" parameters of the "index.php" script before using it in an SQL query. Catviz version 0.4.0-beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/30014
  • 08.27.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 News Calendar Extension Unspecified SQL Injection
  • Description: News Calendar is an extension for the TYPO3 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL-query. TYPO3 News Calendar versions up to and including version 1.0.7 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AShop Deluxe "catalogue.php" SQL Injection
  • Description: AShop Deluxe is a web-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "cat" parameter of the "catalogue.php" script before using it in an SQL query. AShop Deluxe version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/30022
  • 08.27.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Address Directory Unspecified SQL Injection
  • Description: Address Directory is a third-party extension for the TYPO3 content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to an unspecified script before using it in an SQL query. Address Directory versions 0.2.10 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Versioning Component "id" Parameter SQL Injection
  • Description: Versioning is a component for the Mambo and Joomla! content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_versioning" component before using it in an SQL query. Versioning version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30050
  • 08.27.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pSys "chatbox.php" SQL Injection
  • Description: pSys is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "showid" parameter of the "chatbox.php" script before using it in an SQL query. pSys version 0.7.0 Alpha is affected.
  • Ref: http://www.securityfocus.com/bid/30023
  • 08.27.82 - CVE: Not Available
  • Platform: Web Application
  • Title: mUnky "zone" Parameter Local File Include
  • Description: mUnky is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "zone" parameter of the "index.php" script. mUnky version 0.01 is affected.
  • Ref: http://www.securityfocus.com/bid/29934
  • 08.27.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
  • Description: Avaya Communication Manager is a messaging application. The application is exposed to multiple remote command execution issues in the administration interface. Ref: http://www.voipshield.com/research-details.php?id=99&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=50&sort=discovered&sortby=DESC
  • 08.27.84 - CVE: Not Available
  • Platform: Web Application
  • Title: RT "Devel::StackTrace" Perl Module Remote Denial of Service
  • Description: RT (Request Tracker) is a web-based ticketing system. The application is exposed to a remote denial of service issue because it fails to handle exceptional conditions. RT versions prior to 3.6.7 are affected. Ref: http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html
  • 08.27.85 - CVE: Not Available
  • Platform: Web Application
  • Title: mask PHP File Manager Cookie Authentication Bypass
  • Description: mask PHP File Manager is a PHP-based file management application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. mask PHP File Manager versions 2.2d and earlier are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=608915
  • 08.27.86 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI Collaboration RSS Information Disclosure
  • Description: WebGUI is a content management system (CMS). The application is exposed to an information disclosure issue because it fails to authenticate users before allowing access to the RSS feed. WebGUI versions prior to 7.5.13 (beta) are affected. Ref: http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
  • 08.27.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Page Manager "upload.php" Arbitrary File Upload
  • Description: Page Manager is PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary code because it fails to properly sanitize user-supplied files uploaded via the "upload.php" script. Page Manager version 2006-02-04 is affected.
  • Ref: http://www.securityfocus.com/bid/29929
  • 08.27.88 - CVE: Not Available
  • Platform: Web Application
  • Title: IdeaBox "include.php" Remote File Include
  • Description: IdeaBox is an idea management and suggestion application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "gorumDir" parameter of the "include.php" script.
  • Ref: http://www.securityfocus.com/archive/1/493651
  • 08.27.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Google Talk "http" and "mailto" Remote Script Code Injection
  • Description: Google Talk is an instant messaging application. The application is exposed to a remote script code injection issue because it fails to sanitize user-supplied input. Google version 1.0.0.105 is affected. Ref: http://lostmon.blogspot.com/2008/06/gtalk-100105-html-injection-and.html
  • 08.27.90 - CVE: Not Available
  • Platform: Web Application
  • Title: CAT2 "spaw_root" Parameter Local File Include
  • Description: CAT2 is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sanitize user-supplied input supplied to the "spaw_root" parameter of the "objects/extern/spaw/spaw_control.class.php" script. CAT2 version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30042
  • 08.27.91 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Industry Database Security Bypass
  • Description: Industry Database is a third-party extension for the TYPO3 content management system. The application is exposed to an issue that may allow users to bypass access validation checks and edit data owned by other users. Industry Database versions 1.0.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Jonascms Multiple Local File Include Vulnerabilities
  • Description: Jonascms is a web-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "taal" parameter of the "backup.php" and "gb_voegtoe.php" scripts. Jonascms version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29950
  • 08.27.93 - CVE: Not Available
  • Platform: Web Application
  • Title: MosXML "mod_mainmenu.php" Remote File Include
  • Description: MosXML is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "modules/mod_mainmenu.php" script. MosXML Alpha version 1.* is affected.
  • Ref: http://www.securityfocus.com/bid/29952
  • 08.27.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Suggested Terms Module Multiple HTML Injection Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. Suggested Terms is a module for Drupal. Suggested Terms is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Suggested Terms versions prior to 5.x-1.2 are affected.
  • Ref: http://drupal.org/node/274919
  • 08.27.95 - CVE: Not Available
  • Platform: Web Application
  • Title: EVA cms "index.php" Remote File Include
  • Description: EVA cms is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "eva[caminho]" parameter of the "index.php" script. EVA cms version 2.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/29954
  • 08.27.96 - CVE: Not Available
  • Platform: Web Application
  • Title: The Rat CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: The Rat CMS is a PHP-based content management application. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied data. The Rat CMS Pre-Alpha version 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493684
  • 08.27.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Galmeta Post "test_adodb_lite.php" Multiple Local File Include Vulnerabilities
  • Description: Galmeta Post is a content management system. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Galmeta Post version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/29962
  • 08.27.98 - CVE: Not Available
  • Platform: Web Application
  • Title: TietoEnator Procapita Multiple Remote Vulnerabilities
  • Description: TientoEnator's Procapita is a web-based school management application. The application is exposed to multiple remote issues.
  • Ref: http://www.securityfocus.com/archive/1/493681
  • 08.27.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Keller Web Admin "action" Parameter Local File Include
  • Description: Keller Web Admin is a PHP-based content manager. The application is exposed to a local file include issue because it fails to sanitize user-supplied input to the "action" parameter of the "index.php" script. Keller Web Admin version 0.94 Pro is affected.
  • Ref: http://www.securityfocus.com/bid/29971
  • 08.27.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Orca "params.php" Remote File Include
  • Description: Orca is a web-based forum. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "gConf[dir][layouts]" parameter of the "layout/default/params.php" script. Orca version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/29974
  • 08.27.101 - CVE: Not Available
  • Platform: Web Application
  • Title: A+ PHP Scripts News Management System Cookie Authentication Bypass
  • Description: A+ PHP Scripts News Management System is a web-based application. News Management System is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/29977
  • 08.27.102 - CVE: Not Available
  • Platform: Web Application
  • Title: testMaker Remote Unspecified PHP Script Code Execution
  • Description: testMaker is software for web-based assessment. The application is exposed to an unspecified issue due to unspecified errors in the code. This issue will allow a remote attacker to execute arbitrary PHP code on the web server in the context of the hosting web server process. testMaker versions prior to 3.0p16 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=609679
  • 08.27.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Seagull Arbitrary File Upload
  • Description: Seagull is a web-based framework for building PHP applications. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the form of multiple file extensions to the "tinyfck/filemanager/connectors/php/config.php" script. Seagull versions up to and including 0.6.4 are affected.
  • Ref: http://www.securityfocus.com/bid/29982
  • 08.27.104 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBLASTER CMS Multiple Local File Include Vulnerabilities
  • Description: phpBLASTER is a web-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "DB", "lang" and "skin" parameters of the "index.php" script. phpBLASTER version 1.0 RC1 is affected.
  • Ref: http://www.securityfocus.com/bid/29983
  • 08.27.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Mask PHP File Manager Configuration Security Bypass
  • Description: Mask PHP File Manager (mPFM) is a PHP-based file manager. The application is exposed to a security bypass issue because the application fails to properly restrict access to certain portions of the application. Mask PHP File Manager version 2.4 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=609546
  • 08.27.106 - CVE: Not Available
  • Platform: Web Application
  • Title: OTManager "conteudo" Parameter Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: OTManager is a PHP-based content manager. The application is exposed to a local file include issue and a cross-site scripting issue. Both of these issues affect the "conteudo" parameter of the "index.php" script. OTManager version 24a is affected.
  • Ref: http://www.securityfocus.com/bid/29992
  • 08.27.107 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerAward Multiple Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: PowerAward is a home page award system. The application is exposed to multiple input validation issues. PowerAward version 1.1.0 RC1 is affected.
  • Ref: http://www.securityfocus.com/bid/29993
  • 08.27.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Agenda "index.php" Local File Include
  • Description: Simple PHP Agenda is a web-based agenda tool. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. Simple PHP Agenda version 2.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30034
  • 08.27.109 - CVE: Not Available
  • Platform: Web Application
  • Title: W1L3D4 Philboard Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Philboard is a web-based forum implemented in ASP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. W1L3D4 Philboard version 1.14 is affected.
  • Ref: http://www.securityfocus.com/bid/29998
  • 08.27.110 - CVE: Not Available
  • Platform: Web Application
  • Title: OTManager Cookie Authentication Bypass
  • Description: OTManager is a PHP-based content manager. News Management System is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. OTManager version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/29999
  • 08.27.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo "com_xewebtv" Component "id" Parameter SQL Injection Vulnerability
  • Description: "com_xewebtv" is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_xewebtv" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30006
  • 08.27.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Pivot "t" Parameter Directory Traversal
  • Description: Pivot is a PHP-based tool for creating weblogs and other dynamic web sites. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "t" parameter of the "search.php" script. Pivot version 1.40.5 is affected.
  • Ref: http://forum.pivotlog.net/viewtopic.php?t=12471
  • 08.27.113 - CVE: Not Available
  • Platform: Web Application
  • Title: BareNuked CMS "admin/users.php" Cookie Authentication Bypass
  • Description: BareNuked CMS is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. This issue affects the "admin/users.php" script when adding new users. BareNuked CMS version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30011
  • 08.27.114 - CVE: Not Available
  • Platform: Web Application
  • Title: RSS-aggregator Multiple SQL Injection and Authentication Bypass Vulnerabilities
  • Description: RSS-aggregator is a PHP-based application that allows users to display multiple RSS feeds on single page. The application is exposed to multiple remote issues. RSS-aggregator version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/493783
  • 08.27.115 - CVE: Not Available
  • Platform: Web Application
  • Title: myBloggie Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: myBloggie is a web-log application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. myBloggie version 2.1.6 is affected.
  • Ref: http://www.netvigilance.com/advisory0040
  • 08.27.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Fa Name Multiple Cross-Site Scripting Vulnerabilities
  • Description: Fa Name is content management system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Fa Name version 1.0 is affected.
  • Ref: http://www.netvigilance.com/advisory0043
  • 08.27.117 - CVE: Not Available
  • Platform: Web Application
  • Title: HIOX Banner Rotator "hioxBannerRotate.php" Remote File Include
  • Description: HIOX Banner Rotator is a web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "hm" parameter of the "hioxBannerRotate.php" script. HIOX Banner Rotator version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30021
  • 08.27.118 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
  • Description: SQL Frontend is a third-party extension for the TYPO3 content manager. SQL Frontend is not a part of the TYPO3 default installation. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 SQL Frontend versions up to and including 1.0.11 are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.119 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Packman Extension Unspecified Remote
  • Description: Packman is a third-party extension for the TYPO3 content management system. The application is exposed to an issue in unspecified functionality related to an incomplete blacklist. Packman versions 0.2.1 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.120 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 KB Unpack Extension Unspecified Remote
  • Description: KB Unpack is a third-party extension for the TYPO3 content manager. The application is exposed to an issue in unspecified functionality related to an incomplete blacklist. KB Unpack versions 0.1.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.121 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 DAM Frontend Extension Multiple Unspecified Vulnerabilities
  • Description: DAM Frontend is a third-party extension for the TYPO3 content manager. The application is exposed to multiple issues, including an SQL injection issue, an information disclosure issue, and other unspecified issues that arise because the application fails to handle access controls and errors in a proper manner. DAM Frontend versions 0.1.0 and earlier are affected.
  • Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
  • 08.27.122 - CVE: Not Available
  • Platform: Web Application
  • Title: QNX Neutrino RTOS "phgrafx" Local Buffer Overflow
  • Description: QNX Neutrino RTOS is a realtime operating system available both freely and for commercial use. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. QNX Neutrino RTOS versions 6.3.2 and 6.3.0 are affected.
  • Ref: http://www.scanit.net/rd/advisories/adv01
  • 08.27.123 - CVE: Not Available
  • Platform: Web Application
  • Title: Wordtrans-web Remote Arbitrary Shell Command Injection
  • Description: Wordtrans-web is a web interface for Wordtrans. Wordtrans is a front-end for several dictionaries. The application is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. Wordtrans-web version 1.1.pre15 is affected.
  • Ref: http://www.scanit.net/rd/advisories/adv02
  • 08.27.124 - CVE: CVE-2008-1663
  • Platform: Web Application
  • Title: HP System Management Homepage (SMH) for Linux and Windows Cross- Site Scripting
  • Description: System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. HP System Management Homepage is exposed to a cross-site scripting issue. HP System Management Homepage (SMH) versions 2.1.10 and 2.1.11 for Linux and Windows are affected.
  • Ref: http://www.securityfocus.com/bid/30029
  • 08.27.125 - CVE: Not Available
  • Platform: Network Device
  • Title: Avaya Communication Manager Multiple Security Vulnerabilities
  • Description: Avaya Communication Manager is an IP telephony platform. The application is exposed to multiple security issues.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm
  • 08.27.126 - CVE: Not Available
  • Platform: Network Device
  • Title: Palm Centro System Lockout Authentication Bypass
  • Description: Palm Centro is a mobile phone. The device is exposed to an authentication bypass issue when in lockout mode. Lockout mode is designed to limit access to most features of the phone when enabled; a user can still make 911 or "*2" calls.
  • Ref: http://www.securityfocus.com/bid/30030

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The OnSite program allowed many of our members to attend that have had restrictions on out of state travel.
-- Randy Raw

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee