Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 3
January 14, 2008

SANS Newsletters Home

It's a big week for critical vulnerabilities: Microsoft, SAP, McAfee, Apple QuickTime and IBM Tivoli users all have work to do this week.

Plus, in the complete list you'll find nearly 100 new vulnerabilities this week. More than half are web application errors. And those are the commercial tools. There are *hundreds of thousands* of web applications being written by people for custom web sites; and more than 80% of those have vulnerabilities, too. Does your organization have a secure application development initiative? If yes, please tell us about it. apaller@sans.org

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 3 (#1, #10)
    • Other Microsoft Products
    • 1 (#9)
    • Third Party Windows Apps
    • 12 (#5, #7, #8)
    • Aix
    • 1
    • Novell
    • 1
    • Cross Platform
    • 22 (#2, #3, #4, #6, #11)
    • Web Application - Cross Site Scripting
    • 6
    • Web Application - SQL Injection
    • 16
    • Web Application
    • 34
    • Network Device
    • 3

*********************Sponsored By Hewlett Packard ***********************

In his latest report, ESG security analyst Jon Oltsik comments that, "This slapdash approach to security management is no longer adequate". Find out why in this informative HP-sponsored webinar based on research with hundreds of security professionals. Discover the latest trends and where your organization ranks in terms of best practices and compliance. http://www.sans.org/info/22083

************************* SECURITY TRAINING UPDATE *********************

Where can you find Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and SANS' other top-rated courses? - - Orlando (SANS2008) (4/18-4/25) http://www.sans.org/sans2008 (Our biggest training program) - - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php - - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/prague08 - - Washington DC (VA) (3/24-3/31) http://www.sans.org/tysonscorner08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Aix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** SPONSORED LINK ****************************

1) This winter, train with warm weather and spectacular sunsets as a backdrop. SANS Phoenix 2008, Feb 11-16. http://www.sans.org/info/22088

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: SAP MaxDB Remote Command Execution
  • Affected:
    • SAP MaxDB versions 7.6.03 and prior

  • Description: SAP MaxDB is a popular enterprise database system. It fails to sanitize arguments to certain internal functions. A specially crafted call containing shell characters to one of these functions would allow an attacker to execute arbitrary commands with the privileges of the vulnerable process. Some of these functions are callable without authentication. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: SAP has not confirmed, no updates available.

  • References:
  • (4) CRITICAL: Apple QuickTime Player RTSP/HTTP Response Buffer Overflow
  • Affected:
    • Apple QuickTime versions 7.3.1 and prior

  • Description: Apple QuickTime is Apple's streaming media framework for Apple Mac OS X and Microsoft Windows. It contains a flaw in its handling of responses sent by remote servers when attempting to stream media from them. An overlong Hypertext Transfer Protocol (HTTP) error response could trigger a buffer overflow in QuickTime Player. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability manifests itself when HTTP is used as a fallback from a failed Real Time Transport Protocol (RTSP) connection. Note that QuickTime may launch automatically upon encountering a malicious link, depending upon configuration. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Apple has not confirmed, no updates available.

  • References:
  • (6) HIGH: Open Group OpenPegasus Authentication Buffer Overflow
  • Affected:
    • Open Group OpenPegasus versions 2.6.1 and prior

  • Description: Open Group OpenPegasus is an open source implementation of the Common Information Model (CIM) and Web-Based Enterprise Management (WBEM) standards. It is used to manage information technology and enterprise infrastructure. It contains a buffer overflow vulnerability in its authentication subsystem. A specially crafted authentication request could trigger this buffer overflow, and allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details for this vulnerability are available via source code analysis. OpenPegasus is used as a component of some other products, most notable VMWare ESX Server. Other products using OpenPegasus are presumably vulnerable. Note that the vulnerable interface is disabled by default on VMWare ESX Server.

  • Status: Open Group confirmed, updates available.

  • References:
  • (7) HIGH: AOL Radio AmpX ActiveX Control Buffer Overflow
  • Affected:
    • AOL Radio AmpX ActiveX Control versions prior to 2.6.2.6

  • Description: AOL Radio is a streaming media service from AOL. Part of its functionality is implemented as an ActiveX control. This control contains a flaw in its "AppendFileToPlaylist" method. A specially crafted web page that instantiates this control could leverage this flaw into a buffer overflow vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details for this vulnerability are publicly available.

  • Status: AOL confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSIDs "B49C4597-8721-4789-9250-315DFBD9F525" and "FA3662C3-B8E8-11D6-A667-0010B556D978". Note that this may affect normal application functionality.

  • References:
  • (8) HIGH: Gateway Web Launch ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Gateway Web Launch ActiveX Control versions 1.0.0.1 and prior

  • Description: The Gateway Web Launch ActiveX control is used to provide troubleshooting and launch services to users of Gateway computers. It is installed by default on many Gateway systems. This control contains multiple vulnerabilities in its "DoWebLaunch" method. This method does not validate its parameters, leaving it vulnerable to a path traversal attack. Additionally, it contains multiple buffer overflows in the parsing of other arguments. Successfully exploiting either of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Gateway has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "93CEA8A4-6059-4E0B-ADDD-73848153DD5E". Note that this may affect normal application functionality.

  • References:
  • (9) HIGH: Microsoft Visual FoxPro Multiple ActiveX Controls Remote Command Execution
  • Affected:
    • Microsoft Visual FoxPro version 6 and prior

  • Description: Microsoft Visual FoxPro is an integrated development environment for the FoxPro database language. Several ActiveX controls installed by the application contain arbitrary command execution vulnerabilities. These controls provide methods explicitly designed to execute commands upon request, and do not verify the caller. A malicious web page that instantiated one of these controls could exploit one of these vulnerabilities to execute arbitrary code with the privileges of the current user. Multiple proofs-of-concept are publicly available for these vulnerabilities. Note that these vulnerabilities may be related to issues discussed in previous editions of @RISK.

  • Status: Microsoft has not confirmed, updates are not available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "kill bit" mechanism for CLSIDs "008B6010-1F3D-11D1-B0C8-00A0C9055D74" and "A7CD2320-6117-11D7-8096-0050042A4CD2".

  • References:
  • (10) MODERATE: Microsoft Rich Text Box ActiveX Control Arbitrary File Overwrite
  • Affected:
    • Microsoft Rich Text Box ActiveX Control

  • Description: The Microsoft Rich Text Box ActiveX control provides a user interface widget for editing Rich Text Format (RTF) documents. This control provides a "SaveFile" method that, when called, will save the contents of the text box to an arbitrary file on the system. A specially crafted web page that instantiated this control would be able to exploit this vulnerability to create or overwrite arbitrary files with the privileges of the current user. A proof-of-concept is publicly available for this vulnerability.

  • Status: Microsoft has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSID "B617B991-A767-4F05-99BA-AC6FCABB102E".

  • References:
Other Software
  • (11) HIGH: VideoLAN Client Media Player SDP Parsing Buffer Overflow
  • Affected:
    • VideoLAN Client versions 0.8.6d and prior

  • Description: VideoLAN Client, known as VLC, is a popular open source multiplatform media player. VLC contains a buffer overflow in its handling of Session Description Protocol (SDP) requests. SDP is used to setup media streaming sessions. A specially crafted server responses to a request could trigger this vulnerability and allow an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, VLC may be launched automatically when a user accesses media that VLC is configured to play. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: VLC has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.3.1 - CVE: CVE-2007-5352
  • Platform: Windows
  • Title: Microsoft Windows LSASS LPC Request Local Privilege Escalation
  • Description: Microsoft Windows Local Security Authority Subsystem Service (LSASS) is a security mechanism that handles local security and login policies. The application is exposed to a local privilege escalation issue because it fails to handle specially-crafted local procedure call (LPC) requests.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-002.mspx
  • 08.3.2 - CVE: CVE-2007-0069
  • Platform: Windows
  • Title: Microsoft Windows TCP/IP IGMP MLD Remote Code Execution
  • Description: IGMP (Internet Group Management Protocol) is a communications protocol for managing IP multicast-group memberships. MLD (Multicast Listener Discovery) is the protocol used in the IPv6 protocol suite for discovering listeners for a specific multicast group. Microsoft Windows is exposed to a remote code execution issue because the Windows kernel fails to sufficiently validate user-supplied data when storing the state of IGMPv3 and MLDv2 requests that are processed by TCP/IP.
  • Ref: http://www.iss.net/threats/282.html
  • 08.3.3 - CVE: CVE-2007-0066
  • Platform: Windows
  • Title: Microsoft Windows TCP/IP ICMP Remote Denial of Service
  • Description: ICMP (Internet Control Management Protocol) is a TCP/IP communications protocol used primarily to send error messages related to network activity. The application is exposed to a remote denial of service issue because the Windows kernel fails to sufficiently validate fragmented router advertisement ICMP requests that are processed by TCP/IP.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx
  • 08.3.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Foxit WAC Server Denial of Service
  • Description: Foxit WAC Server is a telnet and SSH server available for Microsoft Windows. The application is exposed to a denial of service issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability exists when handling options larger than 260 bytes. Foxit WAC Server version 2.1.0.910 is affected.
  • Ref: http://aluigi.altervista.org/adv/waccaz-adv.txt
  • 08.3.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pragma Systems FortressSSH
  • Description: Pragma Systems FortressSSH is an SSH server for Microsoft Windows. The application is exposed to a remote denial of service issue because of exception handling. The server uses *_s functions to handle strings of incoming requests. FortressSSH version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485812
  • 08.3.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Pragma TelnetServer NULL-Pointer Dereference Denial of Service
  • Description: Pragma TelnetServer is a telnet and SSH server for the Microsoft Windows platform. The application is exposed to a denial of service issue because it fails to adequately handle "TELOPT PRAGMA LOGON" telnet options during the termination of multiple connections. Pragma TelnetServer version 7.0 Build 4 Revision 589 is affected.
  • Ref: http://aluigi.altervista.org/adv/pragmatel-adv.txt
  • 08.3.7 - CVE: CVE-2007-5665
  • Platform: Third Party Windows Apps
  • Title: Novell ZENworks ESM Security Client
  • Description: Novell ZENworks ESM (Endpoint Security Management) is a centrally-managed policy-based firewall application for the Microsoft Windows operating platform. ZENworks ESM Security Client "STEngine.exe" is exposed to a local privilege escalation issue. ZENworks Endpoint Security Management version 3.5.0.20 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635
  • 08.3.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystem Multiple Products "JSFC.DLL" Buffer Overflow
  • Description: JustSystem products are exposed to a buffer overflow issue because they fail to properly bounds check user-supplied data before using it in an insufficiently sized buffer.
  • Ref: http://www.securityfocus.com/bid/27153
  • 08.3.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Sun Java Runtime Environment "jpiexp32.dll" Object Name NULL-Pointer Denial of Service
  • Description: Sun Java Runtime Environment (JRE) is an environment for running applications written in Java. JRE is exposed to a remote denial of service issue when an HTML object that references an arbitrary Java applet but does not define the "name" attribute is handled by Internet Explorer (other browsers may also be affected). A NULL-pointer exception occurs when the data is passed to the JRE Virtual Machine. This issue occurs in the "jpiexp32.dll" library. Sun JRE versions prior to 5.0 update 14 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485942
  • 08.3.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Gateway CWebLaunchCtl ActiveX Control Remote Buffer Overflow
  • Description: CWebLaunchCtl is an ActiveX control provided on Gateway Computers products. The ActiveX control is exposed to a buffer overflow issue that affects the "DoWebLaunch()" method of the ActiveX control. weblaunch.ocx version 1.0.0.1, which provides the ActiveX control, is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.3.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution
  • Description: Microsoft VFP_OLE_Server ActiveX control is a tool used for linking Visual FoxPro components to other software. The control is exposed to a remote command execution issue.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.3.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Rich TextBox Control "richtx32.ocx" ActiveX Insecure Method
  • Description: Microsoft Rich TextBox Control is an ActiveX control used to display, enter, and format text. The application is exposed to an issue that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). Microsoft Rich TextBox Control richtx32.ocx version 6.1.97.82 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.3.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Visual FoxPro "vfp6r.dll" ActiveX Control Arbitrary Command Execution
  • Description: Microsoft Visual FoxPro provides tools to create and manage 32-bit database applications and components. The application is exposed to an issue that lets attackers execute arbitrary commands. Microsoft Visual FoxPro version 6.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.3.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SAP MaxDB "cons.exe" Remote Command Injection
  • Description: SAP MaxDB is a database application developed by SAP. It is available for multiple platforms. The application is exposed to a remote command injection issue due to a failure of the application to properly sanitize user-supplied input. MaxDB version 7.6.03 build 007 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486039
  • 08.3.15 - CVE: CVE-2007-6250
  • Platform: Third Party Windows Apps
  • Title: AOL Radio "MediaPlaybackControl.exe" AmpX ActiveX Control Stack Buffer Overflow
  • Description: AOL Radio is used for streaming audio files in web browsers. The application is exposed to a stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. AOL Radio "AmpX.dll" ActiveX control versions prior to 2.6.2.6 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.3.16 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX Trusted Execution Unspecified
  • Description: IBM AIX Trusted Execution is exposed to an unspecified issue due to a flaw in the "trustchk_block_write()" function. Please refer to the link below for further information.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ12119
  • 08.3.17 - CVE: CVE-2007-5762
  • Platform: Novell
  • Title: Novell Client for Windows "nicm.sys" Local Privilege Escalation
  • Description: Novell Client for Windows allows users to access Novell services from remote computers. The client is exposed to a local privilege escalation issue because it fails to adequately handle user-supplied input. Novell Client for Windows 4.91 SP3 and SP4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486053
  • 08.3.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: yaSSL Multiple Remote Buffer Overflow Vulnerabilities
  • Description: yaSSL (yet Another SSL) is an open source SSL (Secure Sockets Layer) library. The application is exposed to remote buffer overflow issues. yaSSL version 1.7.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485810
  • 08.3.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aruba Mobility Controller LDAP Authentication Bypass
  • Description: Aruba Mobility Controller is used to scale ArubaOS and other software modules on enterprise networks. The application is exposed to an authentication bypass issue in the LDAP-authentication mechanism. The LDAP authentication mechanism is not enabled by default. Aruba Mobility Controller firmware versions 2.3.6.15, 2.5.2.11, 2.5.4.25, 2.5.5.7, 3.1.1.3, 2.4.8.11-FIPS and earlier versions using LDAP authentication for management and VPN user-authentication are affected.
  • Ref: http://www.arubanetworks.com/support/alerts/aid-122207.asc
  • 08.3.20 - CVE: CVE-2007-5906, CVE-2007-5907
  • Platform: Cross Platform
  • Title: Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities
  • Description: Xen is an open-source hypervisor or virtual machine monitor. The application is exposed to a local denial of service issue. Ref: http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html
  • 08.3.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player "sdpplin_parse()" RTSP and Unspecified Heap Based Buffer Overflow Vulnerabilities
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to multiple heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. VLC version 0.8.6d is affected.
  • Ref: http://aluigi.altervista.org/adv/vlcxhof-adv.txt
  • 08.3.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Half-Life Counter-Strike Login Denial of Service
  • Description: Half-Life Counter-Strike is a game distributed and maintained by Valve Software. It includes features that allow users to play locally or across a network. The game engine is used in many modifications. The application is exposed to a denial of service issue because it fails to handle specially-crafted network packets. The issue occurs when logging into the server. Half-Life Counter-Strike version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/27159
  • 08.3.23 - CVE: CVE-2007-6600, CVE-2007-6601, CVE-2007-4772,CVE-2007-6067, CVE-2007-4769
  • Platform: Cross Platform
  • Title: PostgreSQL Multiple Privilege Escalation and Denial of Service Vulnerabilities
  • Description: PostgreSQL is an open-source database for Windows, UNIX, and Linux. The application is exposed to multiple remote issues. PostgreSQL versions 8.2, 8.1, 8.0, 7.4, and 7.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485864
  • 08.3.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Shareaza Update Notification Spoofing
  • Description: Shareaza is a peer to peer (P2P) client. The application is exposed to an issue that allows attackers to spoof update notifications because notifications from the domain "update.shareaza.com" are not controlled by the vendor. Shareaza versions prior to 2.3.1.0 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=110672&release_id=565250
  • 08.3.25 - CVE: CVE-2008-0003
  • Platform: Cross Platform
  • Title: OpenPegasus WBEM CIM Management Server PAM Authentication Remote Buffer Overflow
  • Description: OpenPegasus is an implementation of the WBEM (Web-Based Enterprise Management) and DMTF (Distributed Management Task Force) CIM (Common Information Model) standards. These standards define an information model and communication protocol for server resource management. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The version 2.6 series of OpenPegasus is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=426578
  • 08.3.26 - CVE: CVE-2007-5761
  • Platform: Cross Platform
  • Title: Motorola netOctopus Agent "nantsys.sys" Local Privilege Escalation
  • Description: netOctopus is an asset management agent. The application is exposed to a local privilege escalation issue because the "nantsys.sys" driver exposes ".NantSys" as a world-writeable device interface. Specifically, the driver allows reading and writing of CPU Model Specific Registers (MSRs). netOctopus version 5.1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485911
  • 08.3.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SynCE "vdccm" Daemon Remote Command Injection
  • Description: SynCE is an open-source project that provides tools to communicate between Microsoft Windows CE or Pocket PC devices and computers running Linux/Unix. The application is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. SynCE version 0.92 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485884
  • 08.3.28 - CVE: CVE-2007-6610
  • Platform: Cross Platform
  • Title: unp File Name Remote Arbitrary Shell Command Injection
  • Description: unp is a perl script to speed up and automate extraction of different archive files. The application is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. Specifically, filenames are not properly sanitized before being passed as arguments to invoked commands. Attackers can exploit this issue by enticing an unsuspecting user to use unp to open a file with a specially-crafted name. unp version 1.0.12 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448437
  • 08.3.29 - CVE: CVE-2007-5616
  • Platform: Cross Platform
  • Title: SSH Tectia Client and Server ssh-signer Local Privilege Escalation
  • Description: SSH Tectia Client and Server packages are commercial implementations of the SSH protocol. They are available for multiple platforms including Unix, Unix-like, and Microsoft Windows operating systems. The application is exposed to a local privilege escalation issue due to an unspecified flaw in the setuid-superuser "ssh-signer" utility. SSH Tectia Client and Server packages versions from 5.0 through to 5.2.3, and 5.3 through to 5.3.5 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/921339
  • 08.3.30 - CVE: Not Available614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472
  • Platform: Cross Platform
  • Title: McAfee E-Business Server Authentication Remote Code Execution
  • Description: McAfee E-Business Server secures communication channels on enterprise networks. E-Business Server is exposed to a remote code execution issue that occurs prior to authentication. E-Business Server versions 8.5.2 and earlier are affected.
  • Ref: https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=
  • 08.3.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-lib "rmff_dump_cont()" Remote Heap Buffer Overflow
  • Description: The "xine-lib" is a library that allows various media players to play various media formats. The library is a plugin for Real media. It is available for UNIX, Linux, Mac OS X, and other UNIX-like operating systems. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate boundary-checks on user-supplied data. xine-lib versions 1.1.9 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27203
  • 08.3.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Identity Manager Multiple Input Validation Vulnerabilities
  • Description: Sun Java System Identity Manager facilitates user identity management across various platforms and applications. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. Sun Java System Identity Manager versions 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0 and 7.1 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
  • 08.3.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Lotus Domino Unspecified Denial of Service
  • Description: IBM Lotus Domino is a client/server product designed for collaborative working environments. Domino Server supports email, scheduling, instant messaging, and data-driven applications. The application is exposed to a denial of service issue to deny service to legitimate users. IBM Lotus Domino versions prior to 7.0.2 Fix Pack 3 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27011539
  • 08.3.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Horde Products Multiple Unspecified Security Bypass Vulnerabilities
  • Description: Horde products are exposed to multiple unspecified issues. Mnemo version 2.1.1, Nag 2.1.3, Kronolith 2.1.6, Turba 2.1.5, Horde Groupware Webmail Edition 1.0.3, and Horde Groupware 1.0.2 is affected. Horde version 3.1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27217
  • 08.3.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow
  • Description: Apple QuickTime is a media player for Mac OS X and Microsoft Windows. The application is exposed to a remote buffer overflow issue because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized buffer. QuickTime version 7.3.1.70 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/112179
  • 08.3.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle January 2008 Advance Announcement Multiple Vulnerabilities
  • Description: Oracle has released an advance announcement of their critical patch update. The advisory will address 27 issues affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle People Soft Enterprise, and JD Edwards EnterpriseOne. Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
  • 08.3.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Storage Manager Express Remote Heap Overflow
  • Description: IBM Tivoli Storage Manager (TCM) facilitates data backup and archiving. The application is exposed to a remote heap overflow issue because the software fails to properly bounds check user-supplied data before copying it to an insufficiently sized buffer. The issue arises when an application which is not a TCM client directly opens the server TCP socket and sends specially-crafted packets to the server. IBM Tivoli Storage Manager Express version 5.3 for Microsoft Windows 2003 server platforms is exposed.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21291536
  • 08.3.38 - CVE: CVE-2007-6420, CVE-2007-6421, CVE-2007-6422,CVE-2007-6423
  • Platform: Cross Platform
  • Title: Apache "mod_proxy_balancer" Multiple Vulnerabilities
  • Description: Apache is exposed to multiple vulnerabilities affecting the "mod_proxy_balancer" module. Apache versions 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2 and 2.2.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486169
  • 08.3.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms, including Microsoft Windows and UNIX/Linux variants. The application is exposed to multiple remote issues. Drupal versions prior to 4.7.11 and 5.6 are affected.
  • Ref: http://drupal.org/node/208565
  • 08.3.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RotaBanner Local Multiple Cross-Site Scripting Vulnerabilities
  • Description: RotaBanner Local is a banner engine for web-based advertising. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "user" and "drop" parameters of the "index.php" script. RotaBanner versions Local 2 and 3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485786
  • 08.3.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Joomla-SMF Forum Multiple Cross-Site Scripting Vulnerabilities
  • Description: Joomla-SMF Forum is a bridge that integrates Joomla! and Simple Machines Forum (SMF). The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. SMF version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/27218
  • 08.3.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
  • Description: Snitz Forums 2000 is a web-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. The following scripts and parameters are affected: "/Forums/setup.php : mail" and "/login.php : target". Snitz Forums 2000 versions 2.4.05 and 3.4.06 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485836
  • 08.3.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IceWarp Mail Server "admin/index.html" Cross-Site Scripting
  • Description: IceWarp Mail Server is a commercially-available mail server implemented for Windows and Linux platforms. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "message" parameter of the "/admin/index.html" script.
  • Ref: http://www.securityfocus.com/bid/27189
  • 08.3.44 - CVE: CVE-2008-0005
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache "mod_proxy_ftp" Undefined Charset UTF-7 Cross-Site Scripting
  • Description: Apache is an HTTP webserver available for multiple operating platforms. The "mod_proxy_ftp" is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters. Reports indicate that this issue exists in the "mod_proxy_ftp.c" source file and an attacker can use the ";" character in a URL by setting the Charset to UTF-7 because the Charset is not defined by the application. Apache versions prior to 2.2.7-dev, Apache 1.3.40-dev, and Apache 2.0.62-dev are affected.
  • Ref: http://securityreason.com/achievement_securityalert/49
  • 08.3.45 - CVE: CVE-2007-6388
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 "mod_status" Cross-Site Scripting
  • Description: The Apache HTTP Server mod_status module provides information on server activity. The module is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to unspecified parameters. Specifically, this issue occurs when the "server-status" page is publicly accessible. Apache versions prior to 2.2.7-dev, 2.0.62-dev and 1.3.40-dev are affected.
  • Ref: http://httpd.apache.org/security/vulnerabilities_22.html
  • 08.3.46 - CVE:
  • Platform: Web Application - SQL Injection
  • Title: ID-Commerce "liste.php" SQL Injection
  • Description: ID-Commerce is a web-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idFamille" parameter of the "liste.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27220
  • 08.3.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SAM Broadcaster samPHPweb
  • Description: SAM Broadcaster is an application for streaming internet radio content. samPHPweb is a component of the application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "songid" parameter of the "songinfo.php" script before using it in an SQL query. SAM Broadcaster samPHPweb version 4.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27147
  • 08.3.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tribisur Multiple SQL Injection Vulnerabilities
  • Description: Tribisur is a content-management system (CMS). The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. Tribisur version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27149
  • 08.3.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS Newbb_plus Module Client-IP SQL Injection
  • Description: RunCMS is a web-based content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize client-supplied data to the "Clinet-IP" field in HTTP requests before using it in an SQL query. Specifically, the issue affects the "newbb_plus" module versions 0.92 and earlier and can be exploited by spoofing the the "Client-IP" header.
  • Ref: http://www.securityfocus.com/bid/27152
  • 08.3.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OneCMS Arbitrary File Upload Vulnerability and Multiple SQL Injection Vulnerabilities
  • Description: OneCMS is a PHP-based content manager. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. OneCMS version 2.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485837
  • 08.3.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlexBB "flexbb_temp_id" SQL Injection
  • Description: FlexBB is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "flexbb_temp_id" Cookie HTTP request parameter of the "Templates" function before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27164
  • 08.3.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DCP-Portal "index.php" SQL Injection
  • Description: DCP-Portal is a web-based portal application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize client-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query. DCP-Portal version 6.11 is affected.
  • Ref: http://www.securityfocus.com/bid/27167
  • 08.3.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Eggblog "eggblogpassword" SQL Injection
  • Description: Eggblog is a web-based tutoring application. The application is exposed to an SQL injection issue because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. The issue affects "eggblogpassword" parameter when handling malformed cookie data. Eggblog version 3.10 is affected.
  • Ref: http://www.securityfocus.com/bid/27168
  • 08.3.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SmallNuke "index.php" Multiple SQL Injection Vulnerabilities
  • Description: SmallNuke is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "user_email" and "username" parameters of the "index.php" script before using it in an SQL query. Specifically, the issues arise when "index.php" is called with the "go" parameter set to the value "Members". SmallNuke version 2.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/27180
  • 08.3.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zero CMS Arbitrary File Upload Vulnerability and Multiple SQL Injection Vulnerabilities
  • Description: Zero CMS is a PHP-based content manager. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Zero CMS version 1.0 Alpha is affected.
  • Ref: http://www.securityfocus.com/bid/27186
  • 08.3.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Webquest "soporte_horizontal_w.php" SQL Injection
  • Description: PHP Webquest is a PHP-based content manager designed for educators. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_actividad" parameter of the "soporte_horizontal_w.php" script before using it in an SQL query. PHP Webquest version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/27192
  • 08.3.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DomPHP "inscription.php" SQL Injection
  • Description: DomPHP is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mail" parameter of the "welcome/inscription.php" script before using it in an SQL query. DomPHP versions 0.81 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27212
  • 08.3.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MTCMS Index.PHP Multiple SQL Injection Vulnerabilities
  • Description: MTCMS is a content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "a" and "cid" parameters of the "index.php" script before using it in an SQL query. MTCMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486090
  • 08.3.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iGaming CMS "archive.php" SQL Injection
  • Description: iGaming CMS is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "section" parameter of the "archive.php" script before using it in an SQL query. iGaming CMS versions 1.3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27230
  • 08.3.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DigitalHive "gestion_membre.php" SQL Injection
  • Description: DigitalHive is a forum implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user_id" parameter of the "gestion_membre.php" script before using it in an SQL query. DigitalHive versions 2.0 RC2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27232/info
  • 08.3.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DomPHP "agenda/index.php" SQL Injection
  • Description: DomPHP is a content management system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "agenda/index.php" script before using it in an SQL query. DomPHP version 0.81 is affected.
  • Ref: http://www.securityfocus.com/bid/27233
  • 08.3.62 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS Information Disclosure
  • Description: XOOPS is a PHP-based content manager. The application is exposed to an information disclosure issue because the application fails to check user permissions in the "b_system_comments_show()" function of the script "htdocs/modules/system/blocks/system_blocks.php". XOOPS versions prior to 2.0.18 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1808484&group_id=41586&atid=430840
  • 08.3.63 - CVE: Not Available
  • Platform: Web Application
  • Title: netRisk Remote File Include
  • Description: netRisk is a multi-player, web-based version of the board game Risk. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. netRisk version 1.9.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27136
  • 08.3.64 - CVE: Not Available
  • Platform: Web Application
  • Title: SAM Broadcaster samPHPweb Remote File Include
  • Description: SAM Broadcaster is an application for streaming Internet radio content. SamPHPweb is a component of the application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "commonpath" parameter of the "/common/db.php" script. SAM Broadcaster samPHPweb version 4.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27137
  • 08.3.65 - CVE: Not Available
  • Platform: Web Application
  • Title: WebPortal CMS Unauthorized Access
  • Description: WebPortal CMS is a PHP-based content manager. The application is exposed to an issue that results in unauthorized access because the application generates predictable passwords for users who forget their password. WebPortal CMS version 0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/27145
  • 08.3.66 - CVE: Not Available
  • Platform: Web Application
  • Title: ClipShare Information Disclosure
  • Description: ClipShare is a PHP-based application that allows users to develop video-sharing web sites. The application is exposed to an information disclosure issue because it fails to sanitize user-supplied input before using it to provide authentication credentials.
  • Ref: http://www.securityfocus.com/bid/27148
  • 08.3.67 - CVE: Not Available
  • Platform: Web Application
  • Title: netRisk Information Disclosure
  • Description: netRisk is a multi-player, web-based version of the board game Risk. The application is exposed to an information disclosure issue because it fails to sanitize user-supplied input before using it to provide authentication credentials.
  • Ref: http://www.securityfocus.com/bid/27150
  • 08.3.68 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Plugin Wp-FileManager "ajaxfilemanager.php" Arbitrary File Upload
  • Description: WebPress is a web-based publishing application implemented in PHP. WP-FileManager plugin for WordPress provides functionality to upload, delete and organize files. The plugin is exposed to an arbitrary file upload issue because it fails to properly restrict access to file upload functionality. WP-FileManager version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27151
  • 08.3.69 - CVE: Not Available
  • Platform: Web Application
  • Title: UebiMiau "error.php" Local File Include
  • Description: UebiMiau is a web-based email client. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "selected_theme" parameter of the "error.php" script. UebiMiau versions 2.7.10 and 2.7.2 are affected.
  • Ref: http://www.securityfocus.com/bid/27154
  • 08.3.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Xoops XoopsGallery Module "init_basic.php" Remote File Include
  • Description: XoopsGallery is a gallery module for the XOOPS content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GALLERY_BASEDIR" parameter of the "init_basic.php" script when passed in a specially crafted URI that contains hash values for "GALLERY_BASEDIR". XoopsGallery version 1.3.3.9 is affected.
  • Ref: http://www.securityfocus.com/bid/27155
  • 08.3.71 - CVE: Not Available
  • Platform: Web Application
  • Title: SineCms "index.php" File Include
  • Description: SineCms is a web-based content manager. The application is exposed to a file include issue because it fails to sufficiently sanitize user-supplied input to the "sine[config][index_main]" parameter of the "mods/Integrated/index.php" script. SineCms versions 2.3.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27156
  • 08.3.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Loudblog "parse_old.php" Remote File Include
  • Description: Loudblog is a content-management application. It is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "template" parameter of the "inc/parse_old.php" script. Loudblog versions 0.6.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27157
  • 08.3.73 - CVE: Not Available
  • Platform: Web Application
  • Title: netRisk "patch/index.php" Multiple Input Validation Vulnerabilities
  • Description: netRisk is a PHP-based version of the Risk board game. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. netRisk version 1.9.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27161
  • 08.3.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Shop-Script "index.php" Local Information Disclosure
  • Description: Shop-Script is a PHP-based content management system framework. The application is exposed to a local information disclosure issue because it fails to properly sanitize user-supplied input to the "aux_page" parameter of the "Script/index.php" script. Shop-Script version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27165
  • 08.3.75 - CVE: Not Available
  • Platform: Web Application
  • Title: ekinboard Multiple Authentication Bypass and Arbitrary File Upload Vulnerabilities
  • Description: ekinboard is a content manager. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. ekinboard version 1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27166
  • 08.3.76 - CVE: Not Available
  • Platform: Web Application
  • Title: PortalApp "forums.asp" and "content.asp" Multiple Input Validation Vulnerabilities
  • Description: PortalApp is a content-management system implemented in ASP. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. PortalApp version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27170
  • 08.3.77 - CVE: Not Available
  • Platform: Web Application
  • Title: eTicket Multiple Scripts Multiple Input Validation Vulnerabilities
  • Description: eTicket is an open-source, support ticket system based on osTicket. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. eTicket version 1.5.5.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485835
  • 08.3.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Million Dollar Script "index.php" Local File Include
  • Description: Million Dollar Script is a PHP based application that enables site administrators to sell advertising space on their site. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "link" parameter of the "index.php" script. Million Dollar Script version 2.0.14 is affected.
  • Ref: http://www.securityfocus.com/archive/1/485882
  • 08.3.79 - CVE: Not Available
  • Platform: Web Application
  • Title: CherryPy Cookie Session Id Information Disclosure
  • Description: CherryPy is an object-oriented development framework for web applications; it is written in Python. The application is exposed to an information disclosure issue because it fails to properly validate user access rights before performing certain actions. CherryPy versions 2.2.1 and 3.0.2 are affected.
  • Ref: http://www.cherrypy.org/ticket/744
  • 08.3.80 - CVE: Not Available
  • Platform: Web Application
  • Title: SysHotel On Line System "index.php" Local File Include
  • Description: SysHotel On Line System is a hotel booking and management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/485940
  • 08.3.81 - CVE: CVE-2007-5401, CVE-2007-5402, CVE-2007-5403,CVE-2007-5404
  • Platform: Web Application
  • Title: HelpBox Multiple Security Vulnerabilities
  • Description: HelpBox is a web-based helpdesk application implemented in ASP. The application is exposed to multiple security issues because the application fails to properly sanitize user-supplied input. HelpBox version 3.7.1 is affected.
  • Ref: http://secunia.com/secunia_research/2007-94/advisory/
  • 08.3.82 - CVE: CVE-2008-0003
  • Platform: Web Application
  • Title: OpenPegasus Management Server PAM Authentication "cimservera.pp" Buffer Overflow
  • Description: OpenPegasus is an implementation of the WBEM (Web-Based Enterprise Management) and DMTF (Distributed Management Task Force) CIM (Common Information Model) standards. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. OpenPegasus version 2.6 series is affected. Ref: http://cvs.opengroup.org/cgi-bin/cvsweb.cgi/pegasus/src/Pegasus/Security/Cimservera/Attic/cimservera.cpp.diff?cvsroot=Pegasus&r1=1.6&r2=1.6.2.1&f=H&only_with_tag=RELEASE_2_5-branch
  • 08.3.83 - CVE: Not Available
  • Platform: Web Application
  • Title: EvilBoard Cross-Site Scripting and SQL Injection
  • Description: EvilBoard is a PHP-based bulletin board application. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "index.php" script. EvilBoard version 0.1a is affected.
  • Ref: http://www.securityfocus.com/bid/27190
  • 08.3.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Tune Studios Multiple Web Page Templates "index.php" Remote File Include
  • Description: Tune Studio Subwoofer, Freeze Theme, Orange Cutout, Lonely Maple, Endless, Classic Theme, Music Theme are web page templates. The application is exposed to a remote file include issue. When exploited, applications fail to sufficiently sanitize user-supplied data to the "page" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/27196
  • 08.3.85 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Webquest MySQL Credentials Information Disclosure
  • Description: PHP Webquest is a PHP-based content manager designed for educators. The application is exposed to an information disclosure issue because it fails to protect the MySQL database credentials. PHP Webquest version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/27202
  • 08.3.86 - CVE: Not Available
  • Platform: Web Application
  • Title: UploadScript and UploadImage "admin.php" Unauthorized Access
  • Description: UploadScript and UploadImage are PHP-based file hosting scripts. The applications are exposed to an issue that results in unauthorized access. This issue occurs because the application fails to restrict access to the "act=nopass" password setting functionality of the "admin.php" script. UploadScript and UploadImage version 1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/27203
  • 08.3.87 - CVE: Not Available
  • Platform: Web Application
  • Title: osDate "php121db.php" Remote File Include
  • Description: osDate is web-based dating application implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "php121dir" parameter of the "php121db.php" script. osDate version 2.0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/27208
  • 08.3.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Omegasoft Insel Authentication Bypass Vulnerability and User Enumeration Weakness
  • Description: Omegasoft Insel is a web-based application. The application is exposed to multiple remote issues. Omegasoft Insel version 7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486009
  • 08.3.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Docebo SQL Injection Vulnerability and Multiple Information Disclosure Vulnerabilities
  • Description: Docebo is a PHP-based content manager, targeted at corporate and higher education markets. The application is exposed to multiple information disclosure issues. Docebo version 3.5.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27211
  • 08.3.90 - CVE: CVE-2007-6018
  • Platform: Web Application
  • Title: Horde IMP and Groupware Webmail Edition Multiple Input Validation Vulnerabilities
  • Description: Horde IMP (Internet Messaging Program) is a PHP-based application that supports IMAP and POP3 webmail access. The application is exposed to multiple input validation issues because it fails to sanitize certain HTML and HTTP data. IMP version 4.1.5, Horde Application Framework version 3.1.5, and Horde Groupware Webmail Edition version 1.0.3 are affected.
  • Ref: http://secunia.com/secunia_research/2007-102/advisory/
  • 08.3.91 - CVE: Not Available
  • Platform: Web Application
  • Title: DomPHP "index.php" Remote File Include
  • Description: DomPHP is a content management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "aides/index.php" script. DomPHP version 0.81 is affected.
  • Ref: http://www.securityfocus.com/bid/27226
  • 08.3.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Evilsentinel Multiple Remote Vulnerabilities
  • Description: Evilsentinel is a PHP-based security application that protects against various web-based vulnerabilities. The application is exposed to multiple remote issues. Evilsentinel version 1.0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/27227
  • 08.3.93 - CVE: Not Available
  • Platform: Web Application
  • Title: vtiger CRM File Information Disclosure
  • Description: vtiger CRM is a customer relationship management application. The application is exposed to an information disclosure issue because it fails to restrict access to certain directories.
  • Ref: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107
  • 08.3.94 - CVE: Not Available
  • Platform: Web Application
  • Title: VisionBurst vcart "abs_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: VisionBurst vcart is a web-based shopping cart application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "abs_path" parameter of the "index.php" and "checkout.php" scripts. vcart version 3.3.2 is affected.
  • Ref: http://www.milw0rm.com/exploits/4889
  • 08.3.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo Search Remote Denial of Service
  • Description: Mambo is a PHP-based content manager. The application is exposed to a denial of service issue. Specifically, the application may crash when handling data supplied through the search component. Mambo versions 4.5.x and 4.6.x are affected.
  • Ref: http://forum.mambo-foundation.org/showthread.php?t=9651
  • 08.3.96 - CVE: Not Available
  • Platform: Network Device
  • Title: Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation
  • Description: Creative Ensoniq PCI ES1371 WDM drivers are exposed to a local privilege escalation issue when the vulnerable device drivers attempt to dereference a NULL pointer. User-space processes can map memory at 0, allowing attackers to execute arbitrary code with elevated privileges. This occurs only in certain circumstances, when affected drivers are running in Windows Vista operating systems. Creative Ensoniq PCI ES1371 WDM driver version 5.1.3612.0 of the "es1371mp.sys" driver is affected. Ref: http://www.reversemode.com/index.php?option=com_content&task=view&id=46&Itemid=2
  • 08.3.97 - CVE: Not Available
  • Platform: Network Device
  • Title: Level One WBR-3460A 4-Port ADSL 2/2+ Wireless Modem Router Unauthorized Access
  • Description: Level One WBR-3460A is a 4-Port ADSL 2/2+ Wireless Modem Router that includes QoS and VPN support. By default the router listens on TCP port 23 for its Telnet service and TCP port 80 for HTTP, however these services are only accessible via the local network. The router is exposed to an issue that results in unauthorized superuser access because the device lacks access control and authentication mechanisms for its Telnet service. WBR-3460A firmware versions 1.00.11 and 1.00.12 are affected.
  • Ref: http://www.securityfocus.com/archive/1/485935
  • 08.3.98 - CVE: Not Available
  • Platform: Network Device
  • Title: Ingate Firewall and SIParator Remote Denial of Service
  • Description: Ingate Firewalls are hardware firewall devices that support Session Initiation Protocol (SIP) via SIParator SIP-based communication devices. The application is exposed to a remote denial of service issue. Ingate Firewall versions prior to 4.6.1 and Ingate SIParator version 4.6.1 are affected.
  • Ref: http://www.ingate.com/relnote-461.php

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS provides the most exhaustive, comprehensive security source available. Bring your hardhat, you're going to work!
-Richard Williams, Symark Software

Get an iPad or Nexus 10 with Online Training

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage