Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 31
July 31, 2008

SANS Newsletters Home

RealPlayer is the only major problem this week - assuming you have made sure you and your ISPs have fixed the DNS problem from last week. Here are two ways to test your ISP (Internet Service Provider) to determine whether the DNS server you rely on has been patched. 1. Dan Kaminsky's test is at the upper right corner at http://www.doxpara.com/ 2. The DNS Operations, Analysis and Research Center offers a testing tool at https://www.dns-oarc.net/oarc/services/dnsentropy and here is a great explanation of the problem by Dan Kaminsky. http://www.doxpara.com/ ?p=1185 Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Third Party Windows Apps
    • 11 (#2, #3)
    • Linux
    • 3
    • Unix
    • 2
    • Cross Platform
    • 13 (#1)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 44
    • Network Device
    • 1

******** A Challenge/Gift for People Who have CEH Certifications *******

The new GPEN (GIAC Penetration Tester) Certification measures mastery of tools that are so up to date and measures pen testing skills so effectively that people who buy penetration testing have begun asking for it in potential pen testers. As a gift to the CEH community, SANS is offering free testing to 50 active CEH holders who want to demonstrate that their skills cover the most up to date set of tools and effective pen testing procedures, as well. The first 50 CEH's who ask will be allowed to take the exam at no cost. If you want to take the exam, email me (apaller@sans.org).

*************************************************************************

TRAINING UPDATE

- - Las Vegas (9/28-10/6) http://www.sans.org/ns2008 NETWORK SECURITY 2008

- - Boston (8/9-8/16) http://www.sans.org/boston08/

- - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/

- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE

- - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: Trend Micro OfficeScan ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Trend Micro OfficeScan versions 7.3 and prior

  • Description: Trend Micro OfficeScan is a popular antivirus solution. Part of its functionality is provided by an ActiveX control. This control contains multiple buffer overflows in its handling of various parameters. A malicious web page that instantiates this control would allow an attacker to exploit one of these buffer overflows. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for these vulnerabilities.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "5EFE8CB1-D095-11D1-88FC-0080C859833B". Note that this may affect normal application functionality.

  • References:
  • (3) MODERATE: HP OVIS Probe Builder Arbitrary Process Kill Vulnerability
  • Affected:
    • HP OVIS Probe Builder versions 2.2 and prior

  • Description: HP OVIS Probe Builder, also known as HP Internet Services and European Performance Systems Probe Builder, is a popular enterprise network architecture management system. It contains a vulnerability in its handling of remote procedure calls. An unauthenticated user could call an exported procedure that can kill (terminate) a user-specified process on the vulnerable host. A user could cause a complete system shutdown by killing a Microsoft Windows system process, or kill other applications running on the vulnerable system. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking TCP port 32968 at the network perimeter, if possible.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.31.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EMC Dantz Retrospect Backup Client "retroclient.exe" Remote Memory Corruption
  • Description: EMC Dantz Retrospect Backup Client is an application that allows users to back up and restore files. The application is exposed to a remote memory corruption issue that occurs in the "retroclient.exe" processes listening on TCP port 497 by default.
  • Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
  • 08.31.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PowerDVD ".m3u" and ".pls" File Multiple Buffer Overflow Vulnerabilities
  • Description: PowerDVD is an application for playing DVDs; it is available for Microsoft Windows. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. These issues occur when handling malformed ".m3u" and ".pls" files. PowerDVD version 8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30341
  • 08.31.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Outpost Security Suite Pro Filename Parsing Security Bypass
  • Description: Outpost Security Suite Pro is a security application that provides firewall, antivirus, and other threat protection for Windows-based computers. The application is exposed to an issue that allows an unauthorized attacker to bypass antivirus and firewall rules. This issue occurs because the application fails to adequately sanitize user-supplied input. Outpost Security Suite Pro 2009 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494660
  • 08.31.4 - CVE: CVE-2007-5400
  • Platform: Third Party Windows Apps
  • Title: RealNetworks RealPlayer SWF File Heap-Based Buffer Overflow
  • Description: RealNetworks RealPlayer is an application that allows users to play various media formats. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue stems from a frame-handling error when processing SWF (Shockwave Flash) files. RealPlayer version 10.5 Build 6.0.12.1483 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494749
  • 08.31.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cygwin "setup.exe" Installation and Update Process Mirror Authenticity Verification
  • Description: Cygwin is a Linux-style operating environment for Microsoft Windows. Cygwin "setup.exe" is exposed to an issue caused by inadequate verification of mirror authenticity. Cygwin "setup.exe" versions prior to 2.573.2.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/494756
  • 08.31.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RealNetworks RealPlayer "rmoc3260.dll" ActiveX Control Multiple Memory Corruption Vulnerabilities
  • Description: RealNetworks RealPlayer is an application that allows users to play various media formats. RealPlayer "rmoc3260.dll" ActiveX control is exposed to multiple heap-based memory corruption issues. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0460.html
  • 08.31.7 - CVE: CVE-2008-3066
  • Platform: Third Party Windows Apps
  • Title: RealPlayer "rjbdll.dll" ActiveX Control "Import" Method Stack Buffer Overflow
  • Description: RealPlayer is an application that allows users to play various media formats. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.kb.cert.org/vuls/id/461187
  • 08.31.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Trend Micro OfficeScan "ObjRemoveCtrl.dll" ActiveX Control Multiple Stack Overflow Vulnerabilities
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. The control is exposed to multiple stack-based buffer overflow issues because it fails to properly bounds check user-supplied input. OfficeScan version 7.3 build 1343 is affected. Ref: http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0509.html
  • 08.31.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AVG Anti-Virus UPX File Parsing Denial of Service
  • Description: AVG Anti-Virus is an antivirus application for the Microsoft Windows platform. The application is exposed to a denial of service issue by supplying a malicious UPX packed file. When the AVG Anti-Virus scanning engine scans this file a divide-by-zero error will occur. AVG Anti-Virus versions prior to 8.0.156 are affected. Ref: http://www.nruns.com/advisories/%5Bn.runs-SA-2008%20004%5D%20-%20AVG%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt
  • 08.31.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CoolPlayer M3U File Buffer Overflow
  • Description: CoolPlayer is a media player application for the Windows operating system. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/bid/30418
  • 08.31.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Eyeball MessengerSDK "CoVideoWindow.ocx" ActiveX Control Remote Buffer Overflow
  • Description: Eyeball MessengerSDK is a VoIP, video telephony and instant messaging API. The "CoVideoWindow.ocx" ActiveX control of Eyeball MessengerSDK is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Eyeball MessengerSDK "CoVideoWindow.ocx control version 5.0.907.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494756
  • 08.31.12 - CVE: Not Available
  • Platform: Linux
  • Title: openSUSE "libxcrypt" Insecure Password Hash Weakness
  • Description: openSUSE is exposed to an insecure password hash weakness. This issue stems from a design error when "libxcrypt" is used to calculate password hashes. The "libxcrypt" library facilitates the use of DES, MD5, or "blowfish" algorithms for creating password hashes.
  • Ref: http://www.securityfocus.com/bid/30301
  • 08.31.13 - CVE: CVE-2008-3247
  • Platform: Linux
  • Title: SUSE openSUSE x86_64 Kernel Unspecified Buffer Overflow
  • Description: The openSUSE x86_64 kernel is exposed to an unspecified buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs in the Local Descriptor Table (LDT) handling code. openSUSE kernel version 2.6.25 is affected.
  • Ref: http://www.securityfocus.com/bid/30351
  • 08.31.14 - CVE: CVE-2008-1946
  • Platform: Linux
  • Title: GNU Coreutils "pam_succeed_if" PAM Local Authentication Bypass
  • Description: GNU Coreutils is a set of basic utilities for manipulating files, text, etc. The application is exposed to a local authentication bypass issue because of a design error in the "pam_succeed_if" Pluggable Authentication Module (PAM). Successfully exploiting this issue may lead to other attacks.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0780.html
  • 08.31.15 - CVE: CVE-2008-2375
  • Platform: Unix
  • Title: vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service
  • Description: The "vsftpd" FTP server (Very Secure File Transfer Protocol Daemon) is an FTP server for UNIX-like platforms. The application is exposed to a remote denial of service issue when used with Pluggable Authentication Modules (PAM). The issue is caused by a memory leak that occurs when an invalid authentication attempt is made. vsftpd versions prior to 2.0.5 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0579.html
  • 08.31.16 - CVE: Not Available
  • Platform: Unix
  • Title: reSIProcate Multiple Unspecified Memory Corruption Vulnerabilities
  • Description: reSIProcate is an implementation of the SIP (Session Initiation Protocol) stack; it includes various application components. The application is exposed to multiple unspecified memory corruption issues. This issue will allow attackers to consume all the stack memory. reSIProcate versions prior to 1.3.4 are affected.
  • Ref: http://www.resiprocate.org/ReSIProcate_1.3.4_Release
  • 08.31.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EMC Retrospect Backup Client Password Hash Information Disclosure
  • Description: EMC Retrospect is a secured online backup system for Mac OS X and Windows. The Retrospect Backup Client is exposed to an information disclosure issue when the client processes a specially crafted packet. The client responds by sending information that includes a password hash in plain text. Retrospect Backup Client version 7.5.116 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494560
  • 08.31.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: EMC Retrospect Backup Client NULL Pointer Remote Denial of Service
  • Description: EMC Retrospect Backup Client is an application that allows users to back up and restore files. The application is exposed to a remote denial of service issue because of a design error that causes a NULL-pointer exception.
  • Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
  • 08.31.19 - CVE: CVE-2008-3263
  • Platform: Cross Platform
  • Title: Asterisk IAX "POKE" Requests Remote Denial of Service
  • Description: Asterisk is a PBX and telephony application for multiple operating platforms. Asterisk supports the IAX VoIP protocol. The IAX control "POKE" is used as a "ping"-style command. The application is exposed to a remote denial of service issue because it fails to handle multiple "POKE" requests in quick succession.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-010.html
  • 08.31.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSSH "X11UseLocalhost" X11 Forwarding Session Hijacking
  • Description: OpenSSH is a free implementation of the Secure Shell protocol suite. It is available for various operating systems. The application is exposed to an issue that allows attackers to hijack forwarded X connections. OpenSSH version 5.0 is affected.
  • Ref: http://www.openssh.com/txt/release-5.1
  • 08.31.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ZDaemon NULL Pointer Remote Denial of Service
  • Description: ZDaemon is a Doom source port based on ZDoom. The application is exposed to a remote denial of service issue because it fails to handle NULL-pointer exceptions. Specifically, the issue occurs when sending crafted data with type "0x06" commands. ZDaemon versions 1.08.07 and earlier are affected.
  • Ref: http://aluigi.altervista.org/adv/zdaemonull-adv.txt
  • 08.31.22 - CVE: CVE-2008-1447
  • Platform: Cross Platform
  • Title: Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing
  • Description: Multiple vendors' implementations of the DNS protocol are exposed to a DNS-spoofing issue because the software fails to securely implement random values when performing DNS queries. Microsoft Windows DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS releases are affected.
  • Ref: http://www.securityfocus.com/archive/1/494716
  • 08.31.23 - CVE: CVE-2008-3264
  • Platform: Cross Platform
  • Title: Asterisk IAX2 Firmware Provisioning Packet Amplification Remote Denial of Service
  • Description: Asterisk is a private branch exchange (PBX) application available for Linux, BSD, and Mac OS X platforms. The application is exposed to remote denial of service attacks. This issue is caused by a flaw in the IAX2 firmware download protocol.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-011.html
  • 08.31.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IntelliTamper HTML "Server" Header Parsing Buffer Overflow
  • Description: IntelliTamper is a spider application for scanning websites. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. IntelliTamper version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/30356
  • 08.31.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Minix Psuedo Terminal Denial of Service
  • Description: Minix is light weight operating system. The application is exposed to a denial of service issue. A problem in the "drivers/tty/tty.c" source file can be exploited to consume all available psuedo terminals, subsequently resulting in future connections to be denied. Minix version 3.1.2a is affected.
  • Ref: http://www.securityfocus.com/bid/30357
  • 08.31.26 - CVE: CVE-2008-3064
  • Platform: Cross Platform
  • Title: RealPlayer Unspecified Local Resource Reference
  • Description: RealPlayer allows users to stream various media files through their browser. The application is exposed to an unspecified issue. Please refer to the link below for further details.
  • Ref: http://service.real.com/realplayer/security/07252008_player/en/
  • 08.31.27 - CVE: CVE-2008-1667
  • Platform: Cross Platform
  • Title: European Performance Systems Probe Builder Unspecified Denial of Service
  • Description: European Performance Systems (EPS) Probe Builder is an application designed for use with HP's OpenView Internet Services. The application is exposed to an unspecified denial of service issue. Probe Builder versions prior to A.02.20.901 on Windows are affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728
  • 08.31.28 - CVE: CVE-2008-3329
  • Platform: Cross Platform
  • Title: Links "only proxies" Unspecified Security
  • Description: Links is a text-based web browser. The application is exposed to an unspecified security issue related to providing URIs to external programs. The issue may be triggered when "only proxies" is enabled.
  • Ref: http://links.twibright.com/download/ChangeLog
  • 08.31.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: @Mail Multiple Local Information Disclosure Vulnerabilities
  • Description: @Mail is an email server. Since it fails to restrict access to certain files, @Mail is exposed to multiple information disclosure issues. Specifically, the application fails to restrict access to the "webmail/libs/Atmail/Config.php" and "webmail/webadmin/.htpasswd" files. @Mail version 5.41 is affected.
  • Ref: http://www.securityfocus.com/bid/30434
  • 08.31.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EasyBookMarker "ajaxp_backend.php" Cross-Site Scripting
  • Description: EasyBookMarker is a PHP-based tool for managing bookmarks. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "rs" parameter of the "ajaxp_backend.php" script. EasyBookMarker version 4.0tr is affected.
  • Ref: http://www.securityfocus.com/archive/1/494550
  • 08.31.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Maran PHP Blog "comments.php" Cross-Site Scripting
  • Description: Maran PHP Blog is a web-log application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the 'id' parameter of the "comments.php" script.
  • Ref: http://www.securityfocus.com/archive/1/494549
  • 08.31.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: XOOPS Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: XOOPS is a PHP-based content manager. The application is exposed to a local file include issue and a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "fct" parameter of the "/modules/system/admin.php" script. XOOPS version 2.0.18.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30330
  • 08.31.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: VisualPic Cross-Site Scripting
  • Description: VisualPic is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "pic" parameter. VisualPic version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30334
  • 08.31.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Century System XR Routers Cross-Site Request Forgery
  • Description: XR routers are a series of network devices designed for home and small-office setups. Multiple Century System XR routers are exposed to a cross-site request forgery issue.
  • Ref: http://jvn.jp/en/jp/JVN67573833/index.html
  • 08.31.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities
  • Description: Claroline is a PHP-based online education platform. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Claroline versions prior to 1.8.11 are affected.
  • Ref: http://www.securityfocus.com/archive/1/494655
  • 08.31.36 - CVE: CVE-2008-3336
  • Platform: Web Application - Cross Site Scripting
  • Title: PunBB Multiple Cross-Site Scripting Vulnerabilities
  • Description: PunBB is a PHP-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Unspecified parameters of the "include/parser.php" and "moderate.php" scripts are affected. PunBB versions prior to 1.2.19 are affected.
  • Ref: http://punbb.informer.com/
  • 08.31.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Geeklog Forum Plugin Cross-Site Scripting
  • Description: Geeklog Forum Plugin is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. This issue occurs in the forum search. Geeklog versions prior to 2.7.1 are affected.
  • Ref: http://www.geeklog.net/article.php/20080719093147449
  • 08.31.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pure Software Lore Multiple Cross-Site Scripting Vulnerabilities
  • Description: Pure Software Lore is Knowledge Base software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input passed to the "article comments feature" and the "search log". Lore versions prior to 1.7.0 are affected.
  • Ref: http://puresw.com/kb/idx.php/8/025/Versions/article/Changelog.html
  • 08.31.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Web Wiz Forum "mode" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Web Wiz Forum is an ASP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. This affects the "mode" parameter of the "admin_group_details.asp" and "admin_category_details.asp" scripts. Web Wiz Forum version 9.5 is affected.
  • Ref: http://www.securityfocus.com/bid/30398
  • 08.31.40 - CVE: CVE-2008-3328
  • Platform: Web Application - Cross Site Scripting
  • Title: Trac Unspecified Wiki Engine Cross-Site Scripting
  • Description: Trac is a wiki and issue-tracking system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter in the Wiki Engine. Trac versions prior to 0.10.5 are affected.
  • Ref: http://trac.edgewall.org/wiki/ChangeLog
  • 08.31.41 - CVE: CVE-2008-3334
  • Platform: Web Application - Cross Site Scripting
  • Title: MyBB "search.php" Cross-Site Scripting
  • Description: MyBB is a bulletin board. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter in the "search.php" script. MyBB versions prior to 1.2.14 are affected.
  • Ref: http://community.mybboard.net/thread-33865.html
  • 08.31.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Web Wiz Rich Text Editor "RTE_popup_link.asp" Cross-Site Scripting
  • Description: Web Wiz Rich Text Editor is an ASP-based text editor application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Email" parameter of "RTE_popup_link.asp". Web Wiz Rich Text Editor version 4.0.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494822
  • 08.31.43 - CVE: CVE-2008-3100
  • Platform: Web Application - Cross Site Scripting
  • Title: Owl Intranet Engine "register.php" Cross-Site Scripting
  • Description: Owl Intranet Engine is a PHP-based knowledgebase system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "register.php" script. Owl version 0.95 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494843
  • 08.31.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. phpMyAdmin versions prior to 2.11.8 are affected.
  • Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008 - -6
  • 08.31.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DigiLeave "info_book.asp" SQL Injection
  • Description: DigiLeave is an ASP-based application for managing employee time-off bookings. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "book_id" parameter of the "info_book.asp" script before using it in an SQL query. DigiLeave version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30314
  • 08.31.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HRS Multi "picture_pic_bv.asp" SQL Injection
  • Description: HRS (Hotel Reservation System) Multi is an ASP-based reservation system for multiple properties. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "key" parameter of the "picture_pic_bv.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30316
  • 08.31.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpKF "forum_duzen.php" SQL Injection
  • Description: phpKF is web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fno" parameter of the "forum_duzen.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30318
  • 08.31.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MojoPersonals "mojoClassified.cgi" SQL Injection
  • Description: MojoPersonals is dating software implemented in Perl/CGI. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "mojoClassified.cgi" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30325
  • 08.31.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Shopcart DX "product_detail.php" SQL Injection
  • Description: Shopcart DX is a web-based shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, it fails to properly sanitize the "pid" parameter of the "product_detail.php" script. Shopcart DX version 4.30 is affected.
  • Ref: http://www.securityfocus.com/bid/30337
  • 08.31.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SocialEngine Multiple SQL Injection Vulnerabilities
  • Description: SocialEngine is a PHP-based platform for social networking. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. SocialEngine versions prior to 2.83 are affected.
  • Ref: http://www.securityfocus.com/archive/1/494638
  • 08.31.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Survey Generator "default.asp" SQL Injection
  • Description: Pre Survey Generator is a PHP-based survey application. It is also referred to as Pre Survey Poll. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "poll/default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30349
  • 08.31.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EMC Centera Universal Access "username" Parameter SQL Injection
  • Description: EMC Centera Universal Access allows applications to communicate with EMC Centera storage system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. EMC Centera Universal Access version 4.0_4735.p4 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063418.html
  • 08.31.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Camera Life "sitemap.xml.php" SQL Injection
  • Description: Camera Life is a PHP-based photo-gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sitemap.xml.php" script before using it in an SQL query. Camera Life version 2.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30368
  • 08.31.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FizzMedia "comment.php" SQL Injection
  • Description: FizzMedia is a web-based media application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mid" parameter of the "comment.php" script before using it in an SQL query. FizzMedia version 1.51.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30374
  • 08.31.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PhpTest "picture.php" SQL Injection
  • Description: PhpTest is a web-based testing tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "image_id" parameter of the "picture.php" script before using it in an SQL query. PhpTest version 0.6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30377
  • 08.31.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FipsCMS R Parameter "index.asp" SQL Injection
  • Description: fipsCMS is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "r" parameter of the "index.asp" script file before using it in an SQL query. fipsCMS version 2.1 is affected.
  • Ref: http://www.milw0rm.com/exploits/6135
  • 08.31.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IceBB SQL Injection
  • Description: IceBB is a web-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data. The issue is caused by a design flaw in the "clean_string" function in the "/includes/functions.php" script. IceBB versions prior to 1.0-rc9.3 are affected.
  • Ref: http://forums.xaos-ia.com/?topic=760
  • 08.31.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities
  • Description: Mobius Web Publishing Software is PHP-based software. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "browse.php" and the "s" parameter of the "detail.php" script. Mobius Web Publishing Software versions up to and including 1.4.4.1 are affected.
  • Ref: http://www.securityfocus.com/bid/30382
  • 08.31.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
  • Description: phpLinkat is a web-based application implemented in PHP. The application is prone to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "showcat.php" script file before using it in an SQL query. phpLinkat version 0.1 is affected.
  • Ref: http://www.milw0rm.com/exploits/6140
  • 08.31.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpwebnews-mysql Multiple SQL Injection Vulnerabilities
  • Description: phpwebnews-mysql is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize input to the "a1" and "a2" cookie parameters before using it in an SQL query. phpwebnews-mysql version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30383
  • 08.31.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Willoughby TriO SQL Injection
  • Description: Willoughby TriO is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "browse.php" script. Willoughby TriO versions up to and including 2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/30384
  • 08.31.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EPShop "pid" Parameter "index.php" SQL Injection
  • Description: EPShop is a web-based application implemented in PHP. The product name has been changed from EPShop to ECShop. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "index.php" script file before using it in an SQL query. EPShop versions prior to 3.0 are affected.
  • Ref: http://www.securityfocus.com/bid/30387
  • 08.31.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Greatclone Getacoder Clone "search_form.php" SQL Injection
  • Description: Greatclone Getacoder Clone script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sb_protype" parameter of the "search_form.php" script.
  • Ref: http://www.securityfocus.com/bid/30388
  • 08.31.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Greatclone GC Auction Platinum "category.php" SQL Injection
  • Description: Greatclone GC Auction Platinum is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cate_id" parameter of the "category.php" script.
  • Ref: http://www.securityfocus.com/bid/30389
  • 08.31.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SiteAdmin CMS "art" Parameter "line2.php" SQL Injection
  • Description: SiteAdmin CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "art" parameter of the "line2.php" script file before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30391
  • 08.31.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Greatclone Youtuber Clone "ugroups.php" SQL Injection
  • Description: Greatclone Youtuber Clone script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "UID" parameter of the "ugroups.php" script.
  • Ref: http://www.securityfocus.com/bid/30392
  • 08.31.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ViArt Shop "products_rss.php" SQL Injection
  • Description: ViArt Shop is a web-based shopping application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "products_rss.php" script before using it in an SQL query. ViArt Shop versions 3.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/494839
  • 08.31.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gregarius "ajax.php" SQL Injection
  • Description: Gregarius is a web-based RSS/RDF/ATOM feed aggregator. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rsargs[]" parameter of the "ajax.php" script before using it in an SQL query. Gregarius version 0.5.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494866
  • 08.31.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Jobbex JobSite "search_result.cfm" Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Jobbex JobSite is a ColdFusion-based content manager for job websites. Since it fails to adequately sanitize user-supplied input, the application is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30302
  • 08.31.70 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyDynamicPages Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: EasyDynamicPages is a PHP-based web portal. Since it fails to adequately sanitize user-supplied input, the application is exposed to multiple input validation issues. EasyDynamicPages version 3.0tr is affected.
  • Ref: http://www.securityfocus.com/archive/1/494551
  • 08.31.71 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyPublish "read" Parameter Multiple SQL Injection and Cross-Site Vulnerabilities
  • Description: EasyPublish is a PHP-based application for publishing news. Since it fails to sufficiently sanitize user-supplied input, EasyPublish is exposed to multiple input validation issues. EasyPublish version 3.0tr is affected.
  • Ref: http://www.securityfocus.com/archive/1/494556
  • 08.31.72 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog Multiple Remote Information Disclosure Vulnerabilities
  • Description: MyBlog is a PHP-based blog/CMS application. Since it fails to restrict access to certain actions, MyBlog is exposed to multiple information disclosure issues. MyBlog version 0.9.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494577
  • 08.31.73 - CVE: Not Available
  • Platform: Web Application
  • Title: EZWebAlbum "download.php" Local File Include
  • Description: EZWebAlbum is a PHP-based photo album. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dlfilename" parameter of the "download.php" script.
  • Ref: http://www.securityfocus.com/archive/1/494573
  • 08.31.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Flip "config.php" Remote File Include
  • Description: Flip is a web-log application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "incpath" parameter of the "config.php" script. Flip version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30312
  • 08.31.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Interact "help.php" Multiple Local File Include Vulnerabilities
  • Description: Interact is a PHP-based application for online learning. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "module" and "get" parameters of "help.php".
  • Ref: http://www.securityfocus.com/archive/1/494582
  • 08.31.76 - CVE: Not Available
  • Platform: Web Application
  • Title: IntelliTamper HTML "href" Parsing Buffer Overflow
  • Description: IntelliTamper is a spider application for scanning web sites. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. IntelliTamper version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/30317
  • 08.31.77 - CVE: Not Available
  • Platform: Web Application
  • Title: EMC Retrospect Weak Hash Algorithm Insecure Password Weakness
  • Description: EMC Retrospect is a secured online backup system. The application is exposed to an insecure password-hash weakness that resides in the Server Authentication Module. This issue occurs because the application uses a weak hash algorithm to generate encrypted passwords.
  • Ref: http://www.securityfocus.com/archive/1/494636
  • 08.31.78 - CVE: Not Available
  • Platform: Web Application
  • Title: HiFriend "cgi-bin/hifriend.pl" Open Email Relay
  • Description: HiFriend is a Perl-based script for sending web page links to arbitrary email addresses. The application is exposed to an open email relay issue that occurs in the "cgi-bin/hifriend.pl" script.
  • Ref: http://www.securityfocus.com/archive/1/494605
  • 08.31.79 - CVE: Not Available
  • Platform: Web Application
  • Title: MyReview Remote Information Disclosure
  • Description: MyReview is a PHP-based application for submitting and reviewing research papers. The application is exposed to a remote information disclosure issue because it fails to properly secure submitted content. MyReview version 1.9.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494567
  • 08.31.80 - CVE: Not Available
  • Platform: Web Application
  • Title: EasyE-Cards SQL Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
  • Description: EasyE-Cards is a PHP-based application for sending and receiving greeting cards. Since it fails to sufficiently sanitize user-supplied data, EasyE-Cards is exposed to multiple input validation issues. EasyE-Cards version 3.10a is affected.
  • Ref: http://www.securityfocus.com/archive/1/494555
  • 08.31.81 - CVE: Not Available
  • Platform: Web Application
  • Title: RunCMS Multiple Remote File Include Vulnerabilities
  • Description: RunCMS is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. RunCMS version 1.6.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30331
  • 08.31.82 - CVE: Not Available
  • Platform: Web Application
  • Title: eSyndiCat "admin_lng" Cookie Parameter Authentication Bypass
  • Description: eSyndiCat is a PHP-based directory application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. eSyndiCat version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/30332
  • 08.31.83 - CVE: Not Available
  • Platform: Web Application
  • Title: AlphAdmin CMS "aa_login" Cookie Parameter Authentication Bypass
  • Description: AlphAdmin CMS is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. AlphAdmin CMS version 1.0.5_03 is affected.
  • Ref: http://www.securityfocus.com/bid/30333
  • 08.31.84 - CVE: Not Available
  • Platform: Web Application
  • Title: AtomatiCMS "upload.php" Arbitrary File Upload
  • Description: AtomatiCMS is an ASP-based content manager. The application is exposed to a vulnerability that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "/admin/FCKeditor/editor/filemanager/upload/php/upload.php" script. AtomatiCMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30336
  • 08.31.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Ceica Groupware Multiple Remote File Upload Vulnerabilities
  • Description: Ceica Groupware is a web-based application. The application is exposed to multiple issues that allow an attacker to upload arbitrary script code and execute it in the context of the web server process. Ceica Groupware version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/30338
  • 08.31.86 - CVE: Not Available
  • Platform: Web Application
  • Title: EZWebAlbum Cookie Authentication Bypass
  • Description: EZWebAlbum is a PHP-based application for managing photo albums. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/30343
  • 08.31.87 - CVE: Not Available
  • Platform: Web Application
  • Title: YouTube Blog Multiple Input Validation Vulnerabilities
  • Description: YouTube Blog is a PHP-based videolog application for posting YouTube videos. Since it fails to adequately sanitize user-supplied data, the application is exposed to multiple input validation issues. YouTube Blog version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30345
  • 08.31.88 - CVE: Not Available
  • Platform: Web Application
  • Title: TamperData Firefox Plugin HTML Injection
  • Description: TamperData is a Firefox plugin for viewing and modifying HTTP/HTTPS headers and post parameters. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. TamperData version 10.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30394
  • 08.31.89 - CVE: CVE-2008-3335
  • Platform: Web Application
  • Title: PunBB Unspecified Arbitrary SMTP Command Injection
  • Description: PunBB is a PHP-based forum application. The application is exposed to an unspecified issue that can be leveraged to inject arbitrary SMTP commands. PunBB versions prior to 1.2.19 are affected.
  • Ref: http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt
  • 08.31.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle "etitle" Parameter HTML Injection
  • Description: Moodle is an open-source application for managing online courseware. It is freely available under the GNU Public license for Unix and variants and for Microsoft Windows. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "etitle" form-field parameter of the "blog/edit.php" script.
  • Ref: http://www.securityfocus.com/archive/1/494656
  • 08.31.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Mantis "account_prefs_update.php" Local File Include
  • Description: Mantis is bug-tracking software. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "account_prefs_update.php" script. Mantis versions prior to 1.1.2 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=456044
  • 08.31.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Session Fixation
  • Description: Drupal is a PHP-based content manager. The application is exposed to a session-fixation issue which is caused by a design error when handling sessions. Drupal versions 5.x before 5.9, and Drupal versions .x before 6.3 are affected.
  • Ref: http://drupal.org/node/280571
  • 08.31.93 - CVE: Not Available
  • Platform: Web Application
  • Title: ibase "download.php" Local File Include
  • Description: The "ibase" program is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "download.php" script. ibase version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30362
  • 08.31.94 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Wp Downloads Manager Module "upload.php" Arbitrary File Upload
  • Description: The Wp Downloads Manager module is a plugin for WordPress. The application is exposed to an issue that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied file extensions before uploading files onto the web server via the "upload.php" script. Wp Downloads Manager version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30365
  • 08.31.95 - CVE: Not Available
  • Platform: Web Application
  • Title: XRMS 1.99.2 Multiple Remote Vulnerabilities
  • Description: XRMS is a customer relation management (CRM) application. The application is exposed to multiple remote issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and execute arbitrary code within the context of the web server process. XRMS version 1.99.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30369
  • 08.31.96 - CVE: Not Available
  • Platform: Web Application
  • Title: CMScout "common.php" Local File Include
  • Description: CMScout is a content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "bit" parameter of the "common.php" script. CMScout version 2.05 is affected.
  • Ref: http://www.securityfocus.com/bid/30385
  • 08.31.97 - CVE: Not Available
  • Platform: Web Application
  • Title: TalkBack "help.php" Local File Include
  • Description: TalkBack is a web-based application implemented in PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "help.php" script. TalkBack version 2.3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/30393
  • 08.31.98 - CVE: CVE-2008-3199
  • Platform: Web Application
  • Title: Pixelpost "index.php" Local File Include
  • Description: Pixelpost is a photoblog application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language_full" parameter of the "index.php" script. Pixelpost versions 1.7.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/494817
  • 08.31.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Trac Unspecified Quickjump Function URI Redirection
  • Description: Trac is a wiki and issue-tracking system. Trac is exposed to a remote URI redirection issue because it fails to properly sanitize user-supplied input in the quickjump function. Trac versions prior to 0.10.5 are affected.
  • Ref: http://trac.edgewall.org/wiki/ChangeLog
  • 08.31.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
  • Description: Jamroom is a web-based content manager for artists. The application is exposed to fourteen security issues, including an authentication-bypass issue because the application fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/archive/1/494820
  • 08.31.101 - CVE: Not Available
  • Platform: Web Application
  • Title: ATutor "import.php" Remote File Include
  • Description: ATutor is a web-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "type" parameter of the "tools/packages/import.php" script. ATutor versions 1.6.1-pl1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30412
  • 08.31.102 - CVE: Not Available
  • Platform: Web Application
  • Title: IDevSpot BizDirectory Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: IDevSpot BizDirectory is a business listing directory. Since it fails to sufficiently sanitize user-supplied input, BizDirectory is exposed to multiple input validation issues which are caused by a failure to sufficiently sanitize user-supplied data. IDevSpot BizDirectory versions prior to 2.07 are affected.
  • Ref: http://idevspot.com/forum/index.php/topic,764.0.html
  • 08.31.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Cerberus Content Management System "cerberus_user" Cookie Parameter HTML Injection
  • Description: Cerberus Content Management System is a web-based content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user supplied input before using it in dynamically generated content. This issue affects the "cerberus_user" cookie parameter. Cerberus Content Management System version 3_1.3_0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/30416
  • 08.31.104 - CVE: Not Available
  • Platform: Web Application
  • Title: miniBB RSS Plugin Multiple Remote File Include Vulnerabilities
  • Description: miniBB is a web-based bulletin board application. The RSS plugin provides XML RSS feeds for miniBB forums. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the following parameters of the "rss2.php" script: "premodDir" and "pathToFiles".
  • Ref: http://www.securityfocus.com/archive/1/494861
  • 08.31.105 - CVE: Not Available
  • Platform: Web Application
  • Title: HTTrack URI Parsing Remote Buffer Overflow
  • Description: HTTrack is a utility used for creating mirrors of web sites so they can be stored for offline browsing. HTTrack is exposed to a remote buffer overflow issue because of insufficient boundary checks when parsing long URIs. This issue is caused by incorrect length validation of URIs used on the command-line. HTTrack versions prior to 3.42-3 are affected.
  • Ref: http://www.httrack.com/history.txt
  • 08.31.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Unreal Tournament 2004 NULL Pointer Remote Denial of Service
  • Description: Unreal Tournament 2004 is a multiplayer first-person-shooter game. The game is exposed to a remote denial of service issue because it fails to handle NULL-pointer exceptions. Specifically, the issue occurs when sending a specific sequence of crafted packets to the game server. Unreal Tournament 2004 versions 3369 and earlier are affected.
  • Ref: http://aluigi.org/adv/ut2004null-adv.txt
  • 08.31.107 - CVE: Not Available
  • Platform: Web Application
  • Title: JnSHosts PHP Hosting Directory "admin.php" Remote File Include
  • Description: PHP Hosting Directory is a web-based application implemented in PHP. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "rd" parameter of the include/admin.php" script. PHP Hosting Directory version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30428
  • 08.31.108 - CVE: Not Available
  • Platform: Web Application
  • Title: ScrewTurn Software ScrewTurn Wiki
  • Description: ScrewTurn Wiki is a Wiki engine implemented in C# for the ASP.NET 2.0 platform. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. ScrewTurn Wiki versions 2.0.29 and 2.0.30 are affected.
  • Ref: http://www.portcullis.co.uk/281.php
  • 08.31.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Unreal Tournament 3 Denial of Service and Memory Corruption Vulnerabilities
  • Description: Unreal Tournament 3 is a multiplayer first-person-shooter game. The game is exposed to multiple remote issues. Unreal Tournament versions 3 1.3beta4 and 3 1.2 and earlier are affected.
  • Ref: http://aluigi.org/adv/ut3mendo-adv.txt
  • 08.31.110 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpWebGallery Information Disclosure
  • Description: PhpWebGallery is a PHP-based photo gallery. PhpWebGallery is exposed to a remote information disclosure issue because it fails to properly secure sensitive content. PhpWebGallery versions prior to 1.7.2 are affected.
  • Ref: http://www.securityfocus.com/bid/30431
  • 08.31.111 - CVE: Not Available
  • Platform: Web Application
  • Title: InfoMining BookMine SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: BookMine is a web-based book management application. Since it fails to sufficiently sanitize user-supplied input, BookMine is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30432
  • 08.31.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Unica Affinium Campaign Multiple Remote Vulnerabilities
  • Description: Affinium Campaign is a web-based campaign management solution. The application is exposed to multiple issues. Affinium Campaign version 7.2.1.0.55 is affected.
  • Ref: http://www.portcullis.co.uk/286.php
  • 08.31.113 - CVE: Not Available
  • Platform: Network Device
  • Title: Axesstel AXW-D800 Multiple Remote Authentication Bypass Vulnerabilities
  • Description: Axesstel AXW-D800 is a wireless modem. The application is exposed to multiple authentication bypass issues. Specifically, the application fails to restrict access to certain administrative scripts which are used to modify the modem's configuration settings.
  • Ref: http://www.securityfocus.com/archive/1/494815

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Attending a SANS conference provides attendees with a great opportunity to learn from and share with world class IS Security professionals at a reasonable cost.
-Theresa Wahl, USAF

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage