Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 29
July 17, 2008

SANS Newsletters Home

Another bad week, but not as bad as last week. The critical vulnerabilities this week are in the Blackberry Attachment Service (anyone use that?) and in Oracle and Novell eDiscovery and the Linux Kernel.

The LINUX problem, in particular, illustrates one of the untold stories (at least in the press) of security. More than 370 versions of LINUX are vulnerable. Many are embedded in appliances (like security appliances?) and software tools where the user probably has no idea even what version of LINUX they are running. When vendors or open source groups announce a patch, saying they have "fixed the problem," the public is misled. Nothing is "fixed" until the patch is successfully installed. Most vendors and developers take no responsibility for ensuring their customers even know about the patches - much less install them. As politicians learn of the misperception (deception?), I expect to see a movement toward updating breach disclosure laws to require disclosure when ISP or web site or other application errors cause customers' computers to be infected enabling personal data (and money) to be lost. This will also affect all medium and large organizations that are ISPs for their employees or that have web sites available to customers or citizens.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 6 (#4)
    • Mac Os
    • 2 (#5, #6)
    • Linux
    • 1 (#2)
    • Unix
    • 3
    • Novell
    • 1 (#3)
    • Cross Platform
    • 22 (#1, #7)
    • Web Application - Cross Site Scripting
    • 4
    • Web Application - SQL Injection
    • 13
    • Web Application
    • 39

************************ Sponsored By Sourcefire, Inc. ******************

SC Magazine Names Snort(r) "Best Network Security." Learn how Snort is the engine powering the Sourcefire 3D(tm) System. This IPS is different from others because it shows you everything running on your network in real time. It also gives you context for your security events. Know more real threats. No more wild goose chases. Call 1.800.917.4134 today. http://www.sans.org/info/30844

*************************************************************************

TRAINING SCHEDULE UPDATE - - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/sansfire08/ - - Boston (8/9-8/17) http://www.sans.org/boston08/ - - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/ Plus 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application

*************************** Sponsored Links: **************************

1) Attend the Virtualization Security Summit August 7-8 in Las Vegas and hear about tools and techniques you can use. http://www.sans.org/info/30849

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (4) CRITICAL: BlackBerry Attachment Service PDF Processing Remote Code Execution
  • Affected:
    • Research In Motion BlackBerry Enterprise Server versions 4.1.5 and prior
    • Research In Motion BlackBerry Unite! versions earlier than 1.0.1 b36

  • Description: The Research In Motion BlackBerry is a popular mobile telephone and messaging device. It provides enterprise connectivity by running server software that integrates with an enterprise's messaging infrastructure. This server software preprocesses some document types to make them more easily viewable on a mobile device. The server software contains a flaw in its processing of Portable Document Format (PDF) documents. A specially crafted PDF could trigger this flaw, resulting in arbitrary code execution with the privileges of the vulnerable process. Note that a user must first open the PDF on a BlackBerry mobile device for exploitation to occur. Some technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (5) HIGH: Mozilla Firefox GIF Processing Vulnerability
  • Affected:
    • Mozilla Firefox versions prior to 3.0.1

  • Description: Mozilla Firefox, when running on Apple Mac OS X, contains a flaw in its handling of Graphics Interchange Format (GIF) images. A specially crafted GIF image could trigger this flaw, leading to memory corruption. Successfully exploiting this flaw would allow an attacker to execute arbitrary code with the privileges of the current user. Note that GIF images are usually rendered automatically upon receipt. Full technical details for this vulnerability are publicly available via source code analysis. Note that only Mozilla Firefox on Apple Mac OS X is affected.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) HIGH: Apple iPhone and iPod Touch Multiple Vulnerabilities
  • Affected:
    • Apple iPhone and iPod Touch operating systems versions prior to 2.0

  • Description: The embedded operating system running Apple's iPhone and iPod Touch contains multiple vulnerabilities. These vulnerabilities range from remote code execution to the spoofing of websites. Successfully exploiting one of the remote code execution vulnerabilities would allow an attacker to take complete control of the affected device. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) MODERATE: Mozilla Firefox URI Parsing Vulnerability
  • Affected:
    • Mozilla Firefox versions 3.x

  • Description: Mozilla Firefox fails to properly handle URIs passed to it upon invocation. If another application causes Firefox to launch, and this application passes a specially crafted URI to Firefox via its command line, an attacker could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to spoof or inject URIs into multiple tabs in the newly created Firefox session. If this vulnerability is used to exploit an additional vulnerability in the validation of error pages in Firefox, an attacker could execute arbitrary script code with the privileges of the current user. Note that Firefox must not be running to be vulnerable. Technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.29.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer New ActiveX Object String Concatenation Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. The application is exposed to a remote memory corruption issue that occurs when the application creates a new ActiveX object concatenated with a string of characters.
  • Ref: http://www.0x000000.com/
  • 08.29.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sun Java SE Secure Static Versioning Applet Execution Weakness
  • Description: Secure Static Versioning is a feature that was introduced in Sun JDK and JRE 5.0 Update 6. It prevents applets from running on older versions of JDK and JRE. The applications are exposed to a weakness that may allow arbitrary applets to run on older releases of the software. This issue may lead to various attacks. The following versions on Windows VISTA: JDK and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 6 through 15 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
  • 08.29.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Empire Server Prior to 4.3.15 Multiple Unspecified Vulnerabilities
  • Description: Empire Server is a client/server based Internet war game available for Microsoft Windows. The application is exposed to multiple remote issues. Empire Server versions prior to 4.3.15 are affected.
  • Ref: http://sourceforge.net/project/showfiles.php?group_id=24031
  • 08.29.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Simple DNS Plus Unspecified Remote Denial of Service
  • Description: Simple DNS Plus is a DNS server for Windows. The application is exposed to an unspecified denial of service issue that is triggered when multiple crafted DNS packets are sent to the server. Simple DNS Plus versions 5.0 and earlier and 4.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30207
  • 08.29.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sina DLoader Class ActiveX Control "DonwloadAndInstall" Method Arbitrary File Download
  • Description: Sina DLoader is exposed to an issue that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer. The issue affects the "DownloadAndInstall()" method of the DLoader class ActiveX control identified by CLSID: 2CACD7BB-1C59-4BBB-8E81-6E83F82C813B. The method fails to verify that files being downloaded are provided by a trusted source.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.29.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinRemotePC Packet Handling Remote Denial of Service
  • Description: WinRemotePC is a remote desktop application. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input. This issue occurs when the application processes specially-crafted network packets of arbitrary length. WinRemotePC Full 2008 r.2 and Lite 2008 r.2 are affected.
  • Ref: http://www.securityfocus.com/bid/30236
  • 08.29.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow
  • Description: Black Ice Software Document Imaging SDK/ActiveX is a software development tool that helps application developers and programmers create applications with image processing capabilities. This control is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Black Ice Software Document Imaging SDK/ActiveX version 10.95 is affected.
  • Ref: http://www.blackice.com/Document%20Imaging%20SDK%20ActiveX.htm
  • 08.29.8 - CVE: CVE-2008-2304
  • Platform: Mac Os
  • Title: Apple Xcode Core Image Fun House ".funhouse" File XML Data Handling Buffer Overflow
  • Description: Apple Xcode is a development environment for Mac OS X. The environment consists of various development tools including Core Image, an image processing and rendering framework. The example application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Apple Xcode versions 2.0 through 3.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/494230
  • 08.29.9 - CVE: CVE-2008-2318
  • Platform: Mac Os
  • Title: Apple Xcode WebObjects "WOHyperlink" Information Disclosure
  • Description: Apple Xcode is a development environment for Mac OS X. The environment consists of various development tools including WebObjects, a Java-based application server and web-application framework. WebObjects is exposed to an information disclosure issue affecting the API used to generate URIs for HTML documents. Xcode versions prior to 3.1 are affected.
  • Ref: http://support.apple.com/kb/HT2352
  • 08.29.10 - CVE: Not Available
  • Platform: Linux
  • Title: newsx "read_article()" Buffer Overflow
  • Description: newsx is an NNTP (Network News Transfer Protocol) client used to post and fetch news. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. newsx version 1.6 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=454483
  • 08.29.11 - CVE: Not Available
  • Platform: Unix
  • Title: ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service
  • Description: ReSIProcate is an implementation of the SIP (Session Initiation Protocol) stack and includes various application components. The application is exposed to a remote denial of service issue because it fails to perform adequate boundary checks when handling user-supplied URIs. ReSIProcate versions prior to 1.3.3 are affected.
  • Ref: http://www.resiprocate.org/ReSIProcate_1.3.3_Release
  • 08.29.12 - CVE: Not Available
  • Platform: Unix
  • Title: OP XAUTHORITY Variable Local Privilege Escalation
  • Description: The OP utility is a command that is used to allow unprivileged users to execute privileged commands. It is available for Unix and Unix-like operating systems. The application is exposed to a local privilege escalation issue because of a failure of the application to perform sufficient bounds checks. The OP utility version 1.32 is affected.
  • Ref: http://swapoff.org/changeset/563
  • 08.29.13 - CVE: Not Available
  • Platform: Unix
  • Title: Berkeley Yacc (byacc) "skeleton.c" Local Denial of Service
  • Description: Berkeley Yacc (byacc) is a reimplementation of the Unix parser generator Yacc. It is implemented in ANSI C. Berkeley Yacc (byacc) is exposed to a local denial of service issue because out-of-bounds stack memory may be accessed. This issue occurs in the "skeleton.c" source file, and can occur if a rule with an empty right-hand-side is reduced while the stack pointer is pointing at the end of the stack. All versions of byacc are affected; and this was discovered in OpenBSD version 4.3. Ref: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29
  • 08.29.14 - CVE: CVE-2008-1809
  • Platform: Novell
  • Title: Novell eDirectory LDAP Service Search Parameters Heap Overflow
  • Description: Novell eDirectory is an X.500-compatible directory service product for centrally managing access to resources on multiple servers and computers within a given network. The application is exposed to an issue in the LDAP service. Novell eDirectory versions 8.7.3 and 8.8 for all platforms are affected.
  • Ref: http://www.securityfocus.com/archive/1/494168
  • 08.29.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Sophos Products MIME Attachments Denial of Service
  • Description: Multiple Sophos Products are exposed to a denial of service issue that occurs when the applications scan certain MIME attachments that are zero bytes in length. Sophos Email Appliance and Pure Message for Unix instances that are using version 4.30 virus data/2.74 engine are affected. Ref: http://www.sophos.com/support/knowledgebase/article/42245.html?_log_from=rss
  • 08.29.16 - CVE: CVE-2008-3104
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
  • Description: Sun Java Runtime Environment is exposed to multiple unspecified issues that allow attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for Java applets.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
  • 08.29.17 - CVE: CVE-2008-3107
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Virtual Machine Privilege Escalation
  • Description: Sun Java Runtime Environment (JRE) is an enterprise development platform. JRE Virtual Machine is exposed to a privilege escalation issue when running untrusted applications or applets.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
  • 08.29.18 - CVE: CVE-2008-3105, CVE-2008-3106
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
  • Description: Sun Java Runtime Environment (JRE) allows users to run Java applications. The software is exposed to multiple remote issues. The following versions on Solaris, Linux, and Windows platforms are affected: JDK and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 15 and earlier.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0594.html
  • 08.29.19 - CVE: CVE-2008-3109, CVE-2008-3110
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Multiple Security Vulnerabilities
  • Description: Multiple security vulnerabilities affect multiple implementations of Java Runtime Environment (JRE). The following specific issues have been addressed: a privilege escalation issue affects JRE relating to scripting language support and an information disclosure issue affects JRE relating to scripting language support. JDK and JRE 6 Update versions 6 and earlier are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
  • 08.29.20 - CVE: CVE-2008-3103
  • Platform: Cross Platform
  • Title: Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access
  • Description: Sun Java Management Extensions (JMX) is a suite of tools used to manage and monitor devices, applications, and service-driven networks. JMX is shipped with Java JDK and JRE. The application is exposed to an unspecified unauthorized access issue. The cause of this issue is not known. The following versions for Windows, Solaris, and Linux are affected: JDK and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 15 and earlier.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
  • 08.29.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Runtime Environment Font Processing Buffer Overflow
  • Description: Sun Java Runtime Environment (JRE) allows users to run Java applications. JRE is exposed to a buffer overflow issue when running untrusted applications or applets. Specifically, the issue occurs when Java Runtime Environment processes fonts. The following versions on Solaris, Windows, and Linux are affected: JDK and JRE 5.0 Update 9 and earlier; SDK and JRE 1.4.2_17 and earlier; SDK and JRE 1.3.1_22 and earlier.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
  • 08.29.22 - CVE: CVE-2008-3112, CVE-2008-3113, CVE-2008-3114,CVE-2008-3111
  • Platform: Cross Platform
  • Title: Sun Java Web Start Multiple Vulnerabilities
  • Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch either from a desktop or from a web page. Java Web Start is exposed to multiple issues. The following versions are affected: JDK and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 15 and earlier; and SDK and JRE 1.4.2_17 and earlier.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
  • 08.29.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendors Unspecified SVG File Processing Denial of Service
  • Description: Multiple vendors' SVG implementations are exposed to an unspecified denial of service issue that arises when the software handles maliciously crafted SVG images. The latest versions of Firefox, Evince, EoG, and GIMP are affected.
  • Ref: http://www.securityfocus.com/bid/30149
  • 08.29.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FFmpeg libavformat "psxstr.c" STR Data Heap-Based Buffer Overflow
  • Description: FFmpeg is an open-source solution for handling audio and video data. The "libavformat" library is an FFmpeg component that contains parsers and generators for common audio and video formats. The application is exposed to a heap-based buffer overflow that occurs in the "str_read_packet()" function of the "libavformat/psxstr.c" source file when processing malformed STR data.
  • Ref: http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
  • 08.29.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WeFi WEP Key Data Local Information Disclosure
  • Description: WeFi is a WiFi hotspot connectivity client for Windows and Mac OS X. WeFi is exposed to a local information disclosure issue because it fails to securely store sensitive data. WeFi version 3.3.3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494102
  • 08.29.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Data ONTAP Multiple Unspecified Vulnerabilities
  • Description: IBM Data ONTAP is an operating system designed by Network Appliance to provide file-serving services for their proprietary hardware platform. IBM distributes a version of Data ONTAP for the IBM System Storage N series systems. Data ONTAP is exposed to multiple unspecified vulnerabilities that affect the Data ONTAP Gateway and Data ONTAP Filer components. Data ONTAP versions prior to 7.1.3 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373
  • 08.29.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Maximo "debug.jsp" HTML Injection And Information Disclosure Vulnerabilities
  • Description: IBM Maximo is asset-management software that runs on various platforms. The application is exposed to multiple issues. IBM Maximo versions 4.1 and 5.2 are affected.
  • Ref: http://www.securityfocus.com/bid/30180
  • 08.29.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark 1.0.1 Denial of Service
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic. It is available for Microsoft Windows and UNIX-like operating systems. The application is exposed to a denial of service issue. Wireshark versions 0.8.19 to 1.0.1 are affected.
  • Ref: http://www.wireshark.org/security/wnpa-sec-2008-04.html
  • 08.29.29 - CVE: VE-2008-1588CVE-2008-1589, CVE-2008-2303, CVE-2008-2317, CVE-2008-1590
  • Platform: Cross Platform
  • Title: Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
  • Description: Apple iPhone is a mobile phone that runs on the ARM architecture. Apple iPod touch is a portable music player that also contains the Safari browser. The applications are exposed to multiple remote issues. These issues affect iPhone versions 1.0 through 1.1.4 and iPod Touch versions 1.1 through 1.1.4.
  • Ref: http://www.securityfocus.com/bid/30186
  • 08.29.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari Domain Extensions Insecure Cookie Access
  • Description: Apple Safari is a web browsing application available for multiple operating platforms. Safari is exposed to an issue that allows attackers to set cookies for certain domain extensions. Apple Safari version 3.1.2 is affected. Ref: http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
  • 08.29.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari HTTPS to HTTPS Referer Information Disclosure
  • Description: Apple Safari is a web browser available for multiple operating platforms. Safari is exposed to an information disclosure issue because browser forwards HTTP Referer data in HTTPS requests made from secure HTTPS servers. Apple Safari version 3.1.2 is affected.
  • Ref: http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
  • 08.29.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: eMule Operating System User Account Information Disclosure Weakness
  • Description: eMule is a freely available, open source peer-to-peer file sharing application. eMule is exposed to an information disclosure issue that occurs because the application discloses the victim's operating system username when sending the shared file list. eMule version 0.49 is affected.
  • Ref: http://www.securityfocus.com/bid/30224
  • 08.29.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebird Multiple Denial of Service and Information Disclosure Vulnerabilities
  • Description: Firebird is a relational database management system (RDBMS) available for multiple operating platforms. Firebird is exposed to multiple issues. Firebird versions 2.0.4 and 2.1.0 are affected.
  • Ref: http://tracker.firebirdsql.org/browse/CORE-1887
  • 08.29.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Votorola Multiple Unspecified Security Vulnerabilities
  • Description: Votorola is an electronic voting software implemented in Java. The application is exposed to multiple unspecified issues that result from insufficient restrictions on the length of some user input. Due to the nature of this application, it is assumed that these issues present a remote threat. Votorola versions prior to 0.1.10 are affected.
  • Ref: http://zelea.com/project/votorola/changes.xht
  • 08.29.35 - CVE: CVE-2008-2933
  • Platform: Cross Platform
  • Title: Mozilla Firefox URI Splitting Security Bypass
  • Description: Firefox is exposed to a security bypass issue due to a design error in its URL splitting functionality. The issue occurs when the browser is not running and a command-line URI with pipe symbols is passed to it. Such a URI is split and opened in multiple tabs. A flaw exists in the splitting functionality that may allow attackers to bypass certain security restrictions and launch restricted URIs. Firefox version 3.0 and versions prior to 2.0.0.16 are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
  • 08.29.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox "chrome" Document Unspecified Script Injection Weakness
  • Description: Mozilla Firefox is a browser available for multiple platforms. The application is exposed to an unspecified script injection weakness due to input validation errors in an unspecified "chrome" document. Mozilla Firefox version 3.0 is affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
  • 08.29.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hudson "q" Parameter Cross-Site Scripting
  • Description: Hudson is a Java-based application for handling continuous integration and routine software jobs. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "q" parameter of the "search" feature. Hudson version 1.223 is affected.
  • Ref: http://www.securityfocus.com/bid/30184
  • 08.29.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BilboBlog Multiple Cross-Site Scripting Vulnerabilities
  • Description: BilboBlog is a PHP-based blogging application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. BilboBlog version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30228
  • 08.29.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CMME Cross-Site Scripting And Information Disclosure Vulnerabilities
  • Description: CMME (Content Management Made Easy) is a PHP-based content manager. The application is exposed to multiple issues. An attacker may obtain potentially sensitive information and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://www.securityfocus.com/bid/30239
  • 08.29.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Redmine Unspecified Cross-Site Scripting
  • Description: Redmine is a project management application implemented in Ruby. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Redmine versions 0.7.2 and earlier are affected.
  • Ref: http://jvn.jp/en/jp/JVN00945448/index.html
  • 08.29.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dreamlevels DreamNews "dreamnews-rss.php" SQL Injection
  • Description: Dreamlevels DreamNews is a news builder. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "dreamnews-rss.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30170
  • 08.29.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dreamlevels Dreampics Builder "page" Parameter SQL Injection
  • Description: Dreampics Builder is a PHP-based content manager and photo/video gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30166
  • 08.29.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: auraCMS "pages_data.php" Multiple SQL Injection Vulnerabilities
  • Description: auraCMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following parameters of the "pages_data.php" script before using them in SQL queries: "judul" and "konten". auraCMS version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30159
  • 08.29.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: File Store PRO "download.php" SQL Injection
  • Description: File Store PRO is a PHP-based application for managing files and archives. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "download.php" script before using it in an SQL query. File Store PRO version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30182
  • 08.29.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Million Pixels "tops_top.php" SQL Injection
  • Description: Million Pixels is a web-based application for selling pixels. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_cat" parameter of the "tops_top.php" script before using it in an SQL query. Million Pixels version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/30190
  • 08.29.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Avlc Forum "vlc_forum.php" SQL Injection
  • Description: Avlc Forum is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "vlc_forum.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30202
  • 08.29.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebCMS Portal Edition "index.php" SQL Injection
  • Description: WebCMS Portal Edition is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30204
  • 08.29.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: jSite "index.php" SQL Injection and Local File Include Vulnerabilities
  • Description: jSite is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script before using it in an SQL query. jSite version 1.0 OE is affected.
  • Ref: http://www.securityfocus.com/bid/30206
  • 08.29.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UltraStats "players-detail.php" SQL Injection
  • Description: UltraStats is a web-based log analyzing tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "players-detail.php" script before using it in an SQL query. The UltraStats versions 0.2.142 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30212
  • 08.29.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: mForum "usercp.php" Multiple SQL Injection Vulnerabilities
  • Description: mForum is a PHP-based forum application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. mForum version 0.1a is affected.
  • Ref: http://www.securityfocus.com/bid/30214
  • 08.29.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripteen Free Image Hosting Script Multiple SQL Injection Vulnerabilities
  • Description: Scripteen Free Image Hosting Script is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Scripteen Free Image Hosting Script version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30216
  • 08.29.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pubs Black Cat [The Fun] "browse.groups.php" SQL Injection
  • Description: Pubs Black Cat [The Fun] is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "browse.groups.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/494319
  • 08.29.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Comdev Web Blogger "arcmonth" Parameter SQL Injection
  • Description: Comdev Web Blogger is a PHP-based weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. The vulnerability affects the "arcmonth" parameter of various blog pages. Comdev Web Blogger version 4.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30237
  • 08.29.54 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Multiple Vulnerabilities
  • Description: Drupal is a PHP-based content manager. The application is exposed to multiple issues. Drupal versions 5.x before 5.8 and Drupal 6.x before 6.3 are affected.
  • Ref: http://drupal.org/node/280571
  • 08.29.55 - CVE: Not Available
  • Platform: Web Application
  • Title: AuraCMS
  • Description: AuraCMS is a PHP-based content manager. The application is exposed to an issue in the "pages_data.php" script that allows an unauthorized attacker to add, edit, or delete content on certain pages because the software fails to properly restrict access to certain functionality. AuraCMS versions 2.2.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30169
  • 08.29.56 - CVE: Not Available
  • Platform: Web Application
  • Title: Zenphoto "Function.php" Request Logging HTML Injection
  • Description: Zenphoto is a PHP-based photo-gallery application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue occurs in the "getComments()" function of the "Function.php" script. Zenphoto version 1.1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/30172
  • 08.29.57 - CVE: Not Available
  • Platform: Web Application
  • Title: V-webmail Multiple Remote File Include Vulnerabilities
  • Description: V-webmail is a webmail application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "CONFIG[pear_dir]" parameter. V-webmail version 1.6.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30162
  • 08.29.58 - CVE: CVE-2006-2665, CVE-2006-2666
  • Platform: Web Application
  • Title: V-webmail Multiple Remote File Include Vulnerabilities
  • Description: V-webmail is a webmail application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "CONFIG[pear_dir]" parameter of the following scripts: "includes/mailaccess/pop3.php" and "includes/mailaccess/pop3/core.php". V-webmail versions 1.6.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30164
  • 08.29.59 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal OpenID Module Cross-Site Scripting and Request Forgery Vulnerabilities
  • Description: OpenID is a decentralized authentication system. An OpenID module is available for Drupal. The module is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize the information sent from an OpenID provider. OpenID versions prior to 5.x-1.2 are affected.
  • Ref: http://drupal.org/node/280592
  • 08.29.60 - CVE: Not Available
  • Platform: Web Application
  • Title: Dokeos "user_portal.php" Local File Include
  • Description: Dokeos is a PHP-based application for online learning. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "include" parameter of the "user_portal.php" script. Dokeos version 1.8.5 is affected.
  • Ref: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8.5
  • 08.29.61 - CVE: Not Available
  • Platform: Web Application
  • Title: Xerox CentreWare Web Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Xerox CentreWare Web is a web-based administration tool for managing networked printers and multifunction devices. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. All versions prior to Xerox CentreWare Web 4.6.46 are affected.
  • Ref: http://sourceforge.net/project/showfiles.php?group_id=24031
  • 08.29.62 - CVE: Not Available
  • Platform: Web Application
  • Title: Xomol CMS "index.php" HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: Xomol CMS is a PHP-based content manager. Since it fails to properly sanitize user-supplied input, the application is exposed to multiple input validation issues. Xomol CMS version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30156
  • 08.29.63 - CVE: Not Available
  • Platform: Web Application
  • Title: GAPI CMS "toolbar.php" Remote File Include
  • Description: GAPI CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "dirDepth" parameter of the "ktmlpro/includes/ktedit/toolbar.php" script. GAPI CMS version 9.0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494138
  • 08.29.64 - CVE: Not Available
  • Platform: Web Application
  • Title: phpDatingClub "website.php" Local File Include
  • Description: phpDatingClub is a web-based application for social networking. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "/Script/website.php" script. phpDatingClub version 3.7 is affected.
  • Ref: http://www.securityfocus.com/bid/30176
  • 08.29.65 - CVE: Not Available
  • Platform: Web Application
  • Title: eSyndiCat "register.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: eSyndiCat is a PHP-based application for managing directories and links. The application is exposed to multiple cross-site scripting issues that affect the multiple fields of the "register.php" script. eSyndiCat Pro version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30178
  • 08.29.66 - CVE: Not Available
  • Platform: Web Application
  • Title: Wysi Wiki Wyg "index.php" Local File Include
  • Description: Wysi Wiki Wyg is a PHP-based wiki application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "c" parameter of the "index.php" script. Wysi Wiki Wyg version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30183
  • 08.29.67 - CVE: Not Available
  • Platform: Web Application
  • Title: Facebook Newsroom Application "includes/home.php" Remote File Include
  • Description: Facebook Newsroom Application is a web-based community application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "includes/home.php" script. Facebook Newsroom Application version 0.5.0 Beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/30185
  • 08.29.68 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Cart "mccart_cookie" Authentication Bypass
  • Description: Maian Cart is a PHP-based e-commerce application. The application is exposed to an authentication bypass issue due to a flow in how users are authenticated. Maian Cart version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30195
  • 08.29.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Gallery "mgalley_cookie" Authentication Bypass
  • Description: Maian Gallery is a PHP-based image gallery application. The application is exposed to an authentication bypass issue because if fails to adequately authenticate users. Maian Gallery version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30197
  • 08.29.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Music "mmusic_cookie" Authentication Bypass
  • Description: Maian Music is a PHP-based web application for building music stores. The application is exposed to an authentication bypass issue because if fails to adequately authenticate users. Maian Music version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30198
  • 08.29.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Greetings "mecard_admin_cookie" Authentication Bypass
  • Description: Maian Greetings is a PHP-based ecard application. The application is exposed to an authentication bypass issue because if fails to adequately authenticate users. Maian Greetings version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30199
  • 08.29.72 - CVE: Not Available
  • Platform: Web Application
  • Title: fuzzylime (cms) "polladd.php" Arbitrary Script Injection
  • Description: fuzzylime (cms) is a PHP-based content manager. The application is exposed to an arbitrary script injection issue because it fails to properly sanitize user-supplied input to the "_SERVER[REMOTE_ADDR]" parameter of the "/code/polladd.php" script. fuzzylime (cms) version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/30200
  • 08.29.73 - CVE: Not Available
  • Platform: Web Application
  • Title: n-forms Joomla! "com_n-forms" Component SQL Injection
  • Description: n-forms is a component for the Joomla! CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "form_id" parameter of the "com_n-forms" component before using it in an SQL query. n-forms version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/30201
  • 08.29.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Guestbook "gbook_cookie" Authentication Bypass
  • Description: Maian Guestbook is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Guestbook versions 3.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30203
  • 08.29.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Links "links_cookie" Authentication Bypass
  • Description: Maian Links is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Links versions 3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30205
  • 08.29.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Recipe "recipe_cookie" Authentication Bypass
  • Description: Maian Recipe is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Recipe versions 1.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30208
  • 08.29.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Weblog "weblog_cookie" Authentication Bypass
  • Description: Maian Weblog is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Weblog versions 4.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30209
  • 08.29.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Uploader "uploader_cookie" Authentication Bypass
  • Description: Maian Uploader is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Uploader versions 4.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30210
  • 08.29.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Maian Search "search_cookie" Authentication Bypass
  • Description: Maian Search is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Maian Search versions 1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30211
  • 08.29.80 - CVE: Not Available
  • Platform: Web Application
  • Title: fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
  • Description: "fuzzylime (cms)" is a PHP-based content manager. The application is exposed to multiple issues. fuzzylime (cms) version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/30213
  • 08.29.81 - CVE: Not Available
  • Platform: Web Application
  • Title: ITechBids Gold Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: ITechBids Gold is an online auction application. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. ITechBids Gold version 7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30215
  • 08.29.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Scripteen Free Image Hosting Script "cookid" Authentication Bypass
  • Description: Scripteen Free Image Hosting Script is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Scripteen Free Image Hosting Script version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30217
  • 08.29.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Pluck "predefined_variables.php" Multiple Local File Include Vulnerabilities
  • Description: Pluck is a content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the following parameters of the "data/inc/themes/predefined_variables.php" script: "file", "blogpost" and "cat". Pluck version 4.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494306
  • 08.29.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Edit-Point "upload.php" Arbitrary File Upload
  • Description: Edit-Point is a website editing tool. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code because it fails to properly sanitize user-supplied input, in the form of file extensions, to the "upload.php" script. Edit-Point version 4.00 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/30220
  • 08.29.85 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Prior to 3.0.2 Unspecified Remote Issue
  • Description: phpBB is a bulletin board application. The application is exposed to an unspecified remote issue. phpBB versions prior to 3.0.2 are affected.
  • Ref: http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2 d3a6352a484588e1ad80f09dd19fe33
  • 08.29.86 - CVE: Not Available
  • Platform: Web Application
  • Title: BilboBlog "admin/index.php" Authentication Bypass
  • Description: BilboBlog is a PHP-based blogging application. The application is exposed to an authentication bypass issue because the "admin/index.php" script fails to initialize the "login" and "password" parameters. BilboBlog version 0.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30225
  • 08.29.87 - CVE: Not Available
  • Platform: Web Application
  • Title: CodeDB "list.php" Local File Include
  • Description: CodeDB is a code repository application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "list.php" script.
  • Ref: http://www.securityfocus.com/bid/30227
  • 08.29.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Galatolo Web Manager SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Galatolo Web Manager is a web-based application. The application is exposed to multiple input validation issues, including a cross-site scripting issue affecting the "tag" parameter of the "all.php" script, and an SQL injection issue affecting the "id" parameter of the "plugins/users/index.php" script. Galatolo Web Manager version 1.3a is affected.
  • Ref: http://www.securityfocus.com/bid/30232
  • 08.29.89 - CVE: Not Available
  • Platform: Web Application
  • Title: pSys 0.7.0 Alpha Multiple Remote File Include Vulnerabilities
  • Description: pSys is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. pSys version 0.7.0 alpha is affected.
  • Ref: http://www.securityfocus.com/bid/30234
  • 08.29.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Pragyan CMS "form.lib.php" Remote File Include
  • Description: Pragyan CMS is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sourceFolder" parameter of the "/cms/modules/form.lib.php" script. Pragyan CMS version 2.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30235
  • 08.29.91 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "press-this.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: WordPress is a web-based publishing application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. WordPress versions prior to 2.6 are affected.
  • Ref: http://trac.wordpress.org/ticket/7220
  • 08.29.92 - CVE: Not Available
  • Platform: Web Application
  • Title: php Help Agent "head_chat.inc.php" Local File Include
  • Description: php Help Agent is a PHP-based web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "include/head_chat.inc.php" script.
  • Ref: http://www.securityfocus.com/bid/30240

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS training gives me the tools I need to do my job.
-Michael Hiramoto, NCI

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc