Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 32
August 7, 2008

SANS Newsletters Home

It's Apple Mac OS-X and CA's backup product causing most of the big problems this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 8 (#2)
    • Mac Os
    • 5 (#1)
    • Linux
    • 3
    • HP-UX
    • 1
    • Solaris
    • 3
    • Aix
    • 1
    • Novell
    • 1
    • OpenVMS
    • 1 (#4)
    • Cross Platform
    • 27 (#3)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 26
    • Web Application
    • 29
    • Network Device
    • 3

*************************************************************************

SPONSORED BY SANS NETWORK SECURITY 2008 - LAS VEGAS September 28-October 6. Fifty courses including the much sought after new penetration testing and secure coding courses. A big exhibit; a big evening program. By far the best value on security education. http://www.sans.org/ns2008

ADDITIONAL TRAINING UPDATE - - Boston (8/9-8/16) http://www.sans.org/boston08/ - - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/ - - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE - - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
HP-UX
Solaris
Aix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: CA ARCserve Backup Buffer Overflow
  • Affected:
    • CA ARCserve Backup for Laptops and Desktops versions 11.5 and prior
    • CA ARCserve Desktop Management Suite versions 11.2 and prior
    • CA ARCserve Protection Suites versions 3.1 and prior

  • Description: CA ARCserve Backup is a popular enterprise backup solution. Part of its functionality is provided by a process, called "LGServer". This process contains a buffer overflow in its handling of user input. A specially crafted request to this service could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (often SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Blue Coat K9 Web Protection Multiple Vulnerabilities
  • Affected:
    • Blue Cot K9 Web Protections versions 3.2.44 and prior

  • Description: Blue Coat K9 Web Protector is a popular web proxying and filtering solution. It contains multiple buffer overflows in its handling of HTTP headers. A malicious web site that sends specially crafted HTTP headers could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed. A beta version of the software has been released that has fixed these vulnerabilities. A full update will be released in September of 2008.

  • References:
  • (4) MODERATE: HP OpenVMS Finger Server Buffer Overflow
  • Affected:
    • HP OpenVMS MultiNet Finger Server, unknown versions

  • Description: OpenVMS is HP's minicomputer operating system for VAX, Alpha, and Itanium architectures, and it widely deployed in industrial control, accounting, and timesharing systems. Its MultiNet networking package contains a server for the finger service. This service allows users to query the status of other users on remote systems. This server contains a buffer overflow vulnerability in its handling of usernames. An overlong username would trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. A simple proof-of-concept is publicly available for this vulnerability. As a note of historical interest, a flaw in the Unix implementation of the finger protocol was one of the vectors used by the infamous Morris worm, often considered the first true worm.

  • Status: Vendor has not confirmed, no updates available. Users are advised to disable the finger service if it is unnecessary.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 32, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.32.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BlazeVideo HDTV Player PLF File Stack-Based Buffer Overflow
  • Description: BlazeVideo HDTV Player is a high definition television player for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because the application fails to properly handle malformed playlist files. BlazeVideo HDTV Player version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/30442
  • 08.32.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Citrix Presentation Server "icabar.exe" Local Privilege Escalation
  • Description: Citrix Presentation Server (formerly Citrix MetaFrame Server) is an application server built on the Independent Computing Architecture (ICA). The server is exposed to a privilege escalation issue. The issue can be leveraged by attackers who can write to a specified directory or subdirectory that is scanned before the directory where the file is located. Citrix MetaFrame Presentation Server versions 3.0 and earlier and Citrix MetaFrame XP versions 1.0 and earlier are affected.
  • Ref: http://seclists.org/fulldisclosure/2008/Jul/0561.html
  • 08.32.3 - CVE: CVE-2008-1518
  • Platform: Third Party Windows Apps
  • Title: Multiple Kaspersky Products "kl1.sys" Local Stack-Based Buffer Overflow
  • Description: Kaspersky Anti-Virus and Internet Security are security applications for Microsoft Windows. Multiple Kaspersky products are exposed to a local stack-based buffer overflow issue because they fail to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/493090
  • 08.32.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailEnable 3.52 IMAP Remote Denial of Service
  • Description: MailEnable is a commercially available mail server for the Microsoft Windows platform. The application is exposed to a denial of service issue that occurs when handling multiple IMAP connections to the same folder. MailEnable version 3.62 Professional Edition and Enterprise Edition are affected.
  • Ref: http://www.mailenable.com/hotfix/
  • 08.32.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RealVNC 4.1.2 "vncviewer.exe" Remote Denial of Service
  • Description: RealVNC (Virtual Network Computing) allows users to access remote computers for administration purposes. The application is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied data. RealVNC version 4.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30499
  • 08.32.6 - CVE: CVE-2008-3431
  • Platform: Third Party Windows Apps
  • Title: Sun xVM VirtualBox "VBoxDrv.sys" Local Privilege Escalation
  • Description: Sun xVM VirtualBox is an open source virtualization application. The application is exposed to a local privilege escalation issue in the "VBoxDrv.sys" driver. The problem occurs because the driver allows unauthorized users to load the ".VBOxDrv" device and issue IOCTLs with buffer mode "METHOD_NEITHER" without performing sufficient validation on the user-supplied data. Sun xVM VirtualBox versions 1.6.0 and 1.6.2 running on Microsoft Windows are affected.
  • Ref: http://www.securityfocus.com/archive/1/495095
  • 08.32.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp "NowPlaying" Unspecified Security Vulnerability
  • Description: Winamp is a media player from Nullsoft. The application is exposed to an unspecified vulnerability that affects the "NowPlaying" functionality. Winamp versions prior to 5.541 are affected.
  • Ref: http://forums.winamp.com/showthread.php?threadid=295505
  • 08.32.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Aurigma Image Uploader Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
  • Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a server. Multiple Aurigma Image Uploader ActiveX controls are exposed to multiple unspecified issues.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
  • 08.32.9 - CVE: CVE-2008-2320
  • Platform: Mac Os
  • Title: Apple Mac OS X CarbonCore Stack-Based Buffer Overflow
  • Description: Apple Mac OS X is exposed to a buffer overflow issue that affects the CarbonCore component. A stack-based buffer overflow issue occurs in the CarbonCore component when handling overly long file names.
  • Ref: http://www.securityfocus.com/archive/1/495040
  • 08.32.10 - CVE: CVE-2008-2321
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple memory corruption issues. Multiple memory corruption issues occur in the CoreGraphics component when parsing untrusted arguments from applications such as a web browser.
  • Ref: http://www.securityfocus.com/bid/30490
  • 08.32.11 - CVE: CVE-2008-2322
  • Platform: Mac Os
  • Title: Apple Mac OS X CoreGraphics Heap-Based Buffer Overflow
  • Description: Apple Mac OS X is exposed to a buffer overflow issue. An integer overflow issue occurs in the CoreGraphics component. Specifically, the issue can be triggered when the application parses a maliciously crafted PDF file with Type 1 fonts.
  • Ref: http://www.securityfocus.com/bid/30488
  • 08.32.12 - CVE: CVE-2008-2323
  • Platform: Mac Os
  • Title: Apple Mac OS X Data Detectors Engine Denial Of Service
  • Description: Apple Mac OS X is exposed to a denial of service issue that affects the Data Detectors Engine. Data Detectors are used to extract reference information from text or archives. The issue is caused by resource exhaustion when handling maliciously crafted textual content.
  • Ref: http://www.securityfocus.com/bid/30490
  • 08.32.13 - CVE: CVE-2008-2325
  • Platform: Mac Os
  • Title: Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple memory corruption issues that arise because the application fails to perform boundary checks before copying user-supplied data into process buffers.
  • Ref: http://www.securityfocus.com/bid/30493
  • 08.32.14 - CVE: CVE-2008-1376
  • Platform: Linux
  • Title: "nfs-utils" Package for Red Hat Enterprise Linux 5 TCP Wrappers Security Bypass
  • Description: The "nfs-utils" package provides a daemon for the kernel NFS server and related tools. The application is exposed to a security bypass issue because it was not properly built with TCP Wrappers support. This issue can cause a false sense of security because an administrator may believe access restrictions are in place, when they are not actually enabled. "nfs-utils" package built with Red Hat Enterprise Linux 5 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=440114
  • 08.32.15 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "uvc_driver.c" Format Descriptor Parsing Buffer Overflow
  • Description: The Linux kernel is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "uvc_parse_format()" function of the "drivers/media/video/uvc/uvc_driver.c" source file. Linux kernel versions prior to 2.6.26.1 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1
  • 08.32.16 - CVE: CVE-2008-3272
  • Platform: Linux
  • Title: Linux Kernel "snd_seq_oss_synth_make_info()" Information Disclosure
  • Description: The Linux kernel is exposed to an information disclosure issue because the "snd_seq_oss_synth_make_info()" function reports information back to user space without sufficiently checking the validity of the device number. Linux kernel versions prior to 2.6.27-rc2 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.27-rc2
  • 08.32.17 - CVE: CVE-2008-1662
  • Platform: HP-UX
  • Title: HP-UX System Administration Manager NFS Configuration Security Bypass
  • Description: HP-UX is a Unix-based operating system. HP-UX is exposed to a security bypass issue because the System Administration Manager (SAM) application can provide an unintended configuration for NFS. HP-UX versions B.11.11 and B.11.23 are affected.
  • Ref: http://www.securityfocus.com/archive/1/494973
  • 08.32.18 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Platform Information and Control Library picld(1M) Local Denial of Service
  • Description: Sun Solaris is an enterprise grade UNIX distribution. The Sun Solaris Platform Information and Control Library daemon "picld(1M)" is exposed a local denial of service issue. Solaris 8, 9, 10 and OpenSolaris for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239728-1
  • 08.32.19 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "namefs" Kernel Local Privilege Escalation
  • Description: Sun Solaris is a UNIX-based operating system. The application is exposed to a local privilege escalation issue that occurs in the "namefs" kernel module.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237986-1
  • 08.32.20 - CVE: CVE-2008-0964, CVE-2008-0965
  • Platform: Solaris
  • Title: Sun Solaris "snoop(1M)" Utility Remote Command Execution
  • Description: "snoop(1M)" is a network utility for capturing and analyzing network traffic. Solaris "snoop(1M)" is exposed to a command execution issue when displaying SMB packets. An attacker can exploit this issue by supplying a malicious capture file or by supplying malicious data through a network where an instance of "snoop(1M)" is being used to monitor traffic.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240101-1
  • 08.32.21 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "scsidiskdd" Uninitialized "DRVR_PVT" Structure Local Denial Of Service
  • Description: AIX is a UNIX operating system from IBM. IBM AIX is exposed to a denial of service issue that occurs in the SCSI disk device ("scsidiskdd"). This issue occurs when handling an uninitialized "DRVR_PVT" structure. IBM AIX versions 5.2 and 5.3 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ19199
  • 08.32.22 - CVE: Not Available
  • Platform: Novell
  • Title: Novell iManager Property Book Page Deletion Security Bypass
  • Description: Novell iManager is a web-based management portal for various Novell products. Property books are lists of role-dependent attributes that an administrator can manage with the iManager application. The application is exposed to a security bypass issue because if fails to properly verify access to property book pages. Arbitrary users can delete property book pages created with Plug-in Studio. iManager versions prior to 2.7 Support Pack 1 are affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5031820.html
  • 08.32.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Condor Wild Card Authorization Policy Security Bypass
  • Description: Condor is a workload management system for Unix and Windows operating platforms. Condor is exposed to a security bypass issue because if fails to properly process wildcard characters (*) specified in authorization policies. Condor versions prior to 7.0.4 are affected. Ref: http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4
  • 08.32.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server SOAP Security Header Unspecified
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. The application is exposed to an unspecified issue that affects the SOAP security header in Web Services applications. WebSphere Application Server versions prior to 6.1.0.17 are affected. Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61017
  • 08.32.25 - CVE: CVE-2008-0967
  • Platform: Cross Platform
  • Title: VMware vmware-authd Daemon Local Privilege Escalation
  • Description: VMware is a set of server emulation applications that are available for several platforms. The "vmware-authd" application is prone to a privilege escalation issue because it uses an insecure library path. VMware on the Linux platform, VMware ESX, and VMware ESXi are affected.
  • Ref: http://www.securityfocus.com/archive/1/493147
  • 08.32.26 - CVE: CVE-2008-2401
  • Platform: Cross Platform
  • Title: Sun Java ASP Server File Creation Remote Code Execution
  • Description: Sun Java ASP Server provides Active Server Pages functionality for web servers. The server is available for multiple operating platforms. The application is exposed to a remote code execution issue because of a file creation issue in the affected application. Sun Java ASP Server versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/493064
  • 08.32.27 - CVE: CVE-2008-2405
  • Platform: Cross Platform
  • Title: Sun Java ASP Server Remote Arbitrary Shell Command Injection Vulnerabilities
  • Description: Sun Java ASP Server is an application server for hosting ASP-based applications with servers other than their native Microsoft IIS. The application is exposed to multiple remote command injection issues because it fails to adequately sanitize user-supplied input data. Sun Java ASP Server versions prior to 4.0.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/493067
  • 08.32.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Server 7.0 Plugin for Sun N1SPS Remote Authentication Bypass
  • Description: Sun's N1 Service Provisioning System is a utility for server administration. Sun Java System Web Server 7.0 plugin is a plugin for N1SPS which enables administration of the Java System Web Server 7.0. The application is exposed to a remote authentication bypass issue. Sun N1 Service Provisioning System versions 5.2 and 6.0 with the Java System Web Server 7.0 plugin installed are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239566-1
  • 08.32.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acronis True Image Echo Server Information Disclosure Weakness
  • Description: Acronis True Image Echo Server is a disk imaging and disaster recovery application. The application is exposed to an information disclosure weakness. This issue is caused by a failure to properly encrypt data when the information is being backed up to an FTP server. Acronis True Image Echo Server version 9.5 build 8072 is affected.
  • Ref: http://www.acronis.com/enterprise/products/ATISWin/
  • 08.32.30 - CVE: CVE-2007-2952
  • Platform: Cross Platform
  • Title: Blue Coat K9 Web Protection "Referer" Header Stack-Based Buffer Overflow
  • Description: Blue Coat K9 Web Protection is an Internet filtering application used to restrict children from accessing certain web sites. K9 web Protection is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Blue Coat K9 Web Protection version 3.2.44 with Filter version 3.2.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494975
  • 08.32.31 - CVE: CVE-2007-2952
  • Platform: Cross Platform
  • Title: Blue Coat K9 Web Protection Centralized Server HTTP Responses Buffer Overflow
  • Description: Blue Coat K9 Web Protection is an Internet filtering application used to restrict children from accessing certain web sites. Blue Coat K9 Web Protection is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks when receiving data from the centralized server "sp.cwfservice.net". Blue Coat K9 Web Protection version 3.2.44 with Filter version 3.2.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494984
  • 08.32.32 - CVE: CVE-2008-2935
  • Platform: Cross Platform
  • Title: libxslt RC4 Encryption and Decryption Functions Buffer Overflow
  • Description: The "libxslt" library is for converting XML files to other textual formats. The library is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when the library processes XSL style sheet files containing overly long input strings. libxslt versions 1.1.8 to 1.1.24 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0649.html
  • 08.32.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/Cm2/Network Node Manager Unspecified Denial of Service
  • Description: Hitachi JP1/Cm2/Network Node Manager is exposed to an unspecified denial of service issue. Successful exploits will deny service to legitimate users. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-006/index.html
  • 08.32.34 - CVE: CVE-2008-3175
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup for Laptops and Desktops Remote Buffer Overflow
  • Description: Computer Associates ARCserve Backup for Laptops and Desktops is an application for backing up data. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/495020
  • 08.32.35 - CVE: CVE-2008-2235
  • Platform: Cross Platform
  • Title: OpenSC CardOS M4 Smart Cards Insecure Permissions
  • Description: OpenSC is a smart card management. OpenSC insecurely initializes Seimens CardOS M4 based smart cards and USB crypto tokens. The application assigns "00" (all access allowed) access rights to the "ADMIN" file control information contained in the "5015" directory of the smart cards. OpenSC versions prior to 0.11.5 are affected.
  • Ref: http://www.securityfocus.com/bid/30473
  • 08.32.36 - CVE: CVE-2008-1810
  • Platform: Cross Platform
  • Title: SAP MaxDB "dbmsrv" Process "PATH" Environment Variable Local Privilege Escalation
  • Description: SAP MaxDB is a database application. It is available for multiple platforms. The application is exposed to a local privilege escalation issue that occurs in the "dbmsrv" process. SAP MaxDB version 7.6.03.15 on Linux is affected.
  • Ref: http://www.securityfocus.com/archive/1/494990
  • 08.32.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/HIBUN Advanced Edition Multiple Unspecified Local Information Disclosure Vulnerabilities
  • Description: JP1/HIBUN Advanced Edition is a modular security application for securing data transfer, encrypting data, and providing access control. The application is exposed to multiple information disclosure issues that affect encryption, decryption, and data reproduction functions.
  • Ref: http://jvndb.jvn.jp/contents/en/2008/JVNDB-2008-001150.html
  • 08.32.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified Remote Vulnerabilities
  • Description: Hitachi JP1/Cm2/Network Node Manager is exposed to multiple unspecified remote issues. These issues affect the Web coordinated function. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-008/index.html#id
  • 08.32.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi XMAP3 Printing Service Unspecified Denial of Service
  • Description: Hitachi XMAP3 is exposed to a denial of service issue when the printing service receives unexpected data. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-011/index.html
  • 08.32.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Unspecified Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote unspecified denial of service issue which is caused by a NULL-pointer dereference when the browser opens a maliciously crafted HTML web page. Firefox versions 3.0 and 3.0.1 are affected.
  • Ref: http://www.radware.com/newsevents/pressrelease.aspx?id=6459
  • 08.32.41 - CVE: CVE-2008-2315, CVE-2008-2316, CVE-2008-3142,CVE-2008-3143, CVE-2008-3144
  • Platform: Cross Platform
  • Title: Python Multiple Buffer Overflow Vulnerabilities
  • Description: Python is an interpreted dynamic object oriented programming language that is available for many operating systems. The application is exposed to multiple issues. Python versions prior to 2.5.2-r6 are affected.
  • Ref: http://www.securityfocus.com/bid/30491
  • 08.32.42 - CVE: CVE-2008-2370
  • Platform: Cross Platform
  • Title: Apache Tomcat "RequestDispatcher" Information Disclosure
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. The application is exposed to a remote information disclosure issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/495022
  • 08.32.43 - CVE: CVE-2008-3423
  • Platform: Cross Platform
  • Title: IBM WebSphere Portal Server Remote Administration Authentication Bypass
  • Description: IBM WebSphere Portal Server is a framework for developing websites. The application is exposed to an authentication bypass issue caused by an unspecified error in the "Authorization/Authentication (login/logout)" module. Ref: http://www-1.ibm.com/support/docview.wss?rs=688&ca=portall2&uid=swg1PK67104
  • 08.32.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IrfanView ".IFF" File Handling Remote Buffer Overflow
  • Description: IrfanView is an image viewer that supports multiple file formats. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. This issue occurs when handling malformed ".IFF" files. IrfanView version 3.99 is affected.
  • Ref: http://www.securityfocus.com/bid/30507
  • 08.32.45 - CVE: CVE-2008-3357, CVE-2008-3389, CVE-2008-3356
  • Platform: Cross Platform
  • Title: Ingres Database Multiple Local Vulnerabilities
  • Description: Ingres Database is a database server used in various Computer Associates products. The application is exposed to multiple local issues. Refer to the link below for further information. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=732
  • 08.32.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenVPN Client "lladdr" and "iproute" Configuration Directive Remote Code Execution
  • Description: OpenVPN is an OpenSSL based tunneling application to securely tunnel IP networks over the TCP and UDP protocols. The OpenVPN client is exposed to a remote code execution issue that could occur when it receives specially crafted "lladdr" or "iproute" configuration directives. OpenVPN clients versions 2.1-beta14 through 2.1-rc8 are affected. Ref: http://openvpn.net/index.php/documentation/change-log/changelog-21.html
  • 08.32.47 - CVE: CVE-2008-3273
  • Platform: Cross Platform
  • Title: JBoss Enterprise Application Platform Information Disclosure
  • Description: JBoss is an open source Java Application server. It is distributed and maintained by JBoss Group and is available for a number of platforms including Microsoft Windows and Unix/Linux variants. The application is exposed to a remote information disclosure due to an unspecified error. JBoss Enterprise Application Platform versions prior to 4.3.0.CP01 and 4.2.0.CP03 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0825.html
  • 08.32.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Git Pathname Multiple Buffer Overflow Vulnerabilities
  • Description: Git is an open source application for version control of source code. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Git version 1.5.6.3 is affected.
  • Ref: http://kerneltrap.org/mailarchive/git/2008/7/16/2529284
  • 08.32.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Netra T5220 Server Local Denial of Service
  • Description: Sun Netra T5220 Server is a server designed for virtualization. Sun Netra T5220 Server is exposed to a local denial of service issue. A local unprivileged attacker can exploit this issue to cause a system panic which will result in a denial of service condition. Sun Netra T5220 Server with firmware version 7.1.3 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239930-1
  • 08.32.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MJGUEST "guestbook.js.php" Cross-Site Scripting
  • Description: MJGUEST is a guestbook application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "link" parameter of the "guestbook.js.php" script. MJGUEST version 6.8 GT is affected.
  • Ref: http://www.securityfocus.com/archive/1/494931
  • 08.32.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Panasonic Network Cameras Error Page Multiple Cross-Site Scripting Vulnerabilities
  • Description: Panasonic Network Cameras are cameras that can viewed and controlled over a network. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to unspecified parameters before using it in dynamically generated content displayed on its error page.
  • Ref: http://jvn.jp/en/jp/JVN33706820/index.html
  • 08.32.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Concrete5 Contact Form Cross-Site Scripting
  • Description: Concrete5 is a content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the Contact form. Concrete5 version 5.0.0b2 is affected.
  • Ref: http://www.securityfocus.com/bid/30470
  • 08.32.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mono Multiple Cross-Site Scripting Vulnerabilities
  • Description: Mono is a web server application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "action" attribute of HTML form submissions, and the "HtmlInputRadioButton.Value", "HtmlImage.Src", and "HtmlInputImage.Src" HTML attributes.
  • Ref: https://bugzilla.novell.com/show_bug.cgi?id=413534
  • 08.32.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: common solutions csphonebook "index.php" Cross-Site Scripting
  • Description: The "csphonebook" program (from common solutions) is a PHP based application for managing contacts. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "letter" parameter of the "index.php" script. csphonebook version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/30485
  • 08.32.55 - CVE: CVE-2008-1232
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache Tomcat "HttpServletResponse.sendError()" Cross-Site Scripting
  • Description: Apache Tomcat is a Java-based web server application for multiple operating systems. Tomcat is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the message argument of calls to the "HttpServletResponse.sendError()" function.
  • Ref: http://www.securityfocus.com/archive/1/495021
  • 08.32.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: freeForum "acuparam" Parameter Cross-Site Scripting
  • Description: freeForum is a PHP based bulletin board. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "acuparam" parameter in the "index.php" script. freeForum version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/30509
  • 08.32.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pligg "category" Parameter Cross-Site Scripting
  • Description: Pligg is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "category" parameter of the "index.php" script. Pligg version 9.9.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495058
  • 08.32.58 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Homes 4 Sale "results.php" Cross-Site Scripting
  • Description: Homes 4 Sale is PHP based real estate application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "Keywords" parameter of the "results.php" script.
  • Ref: http://www.securityfocus.com/archive/1/495059
  • 08.32.59 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MRBS "area" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: MRBS (Meeting Room Booking Software) is a PHP based application for booking meeting rooms. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. MRBS version 1.2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/30531
  • 08.32.60 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: XAMPP Linux Multiple Cross-Site Scripting Vulnerabilities
  • Description: XAMPP Linux is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server and phpMyAdmin. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. XAMPP Linux version 1.6.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495096
  • 08.32.61 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pluck 4.5.2 Multiple Cross-Site Scripting Vulnerabilities
  • Description: Pluck is a PHP based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Pluck version 4.5.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495110
  • 08.32.62 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Crafty Syntax Live Help "livehelp_js.php" Cross-Site Scripting
  • Description: Crafty Syntax Live Help (CSLH) is a web application that allows site operators to interact with visitors. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "department" parameter of the "livehelp_js.php" script.
  • Ref: http://www.securityfocus.com/bid/30543
  • 08.32.63 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Softbiz Photo Gallery Multiple Cross-Site Scripting Vulnerabilities
  • Description: Softbiz Photo Gallery is a PHP based photo gallery. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/30546
  • 08.32.64 - CVE: CVE-2008-2939
  • Platform: Web Application - Cross Site Scripting
  • Title: Apache "mod_proxy_ftp" Wildcard Characters Cross-Site Scripting
  • Description: Apache is an HTTP web server available for multiple operating platforms. The "mod_proxy_ftp" module is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Apache versions 2.0.63 and 2.2.9 are affected.
  • Ref: http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
  • 08.32.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zee Reviews Opinions Rating Posting Engine PHP Script "comments.php" SQL Injection
  • Description: Zee Reviews Opinions Rating Posting Engine PHP Web-Site Script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter of the "comments.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30445
  • 08.32.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo JoomRadio Component "id" Parameter SQL Injection
  • Description: JoomRadio is a plugin that provides streaming audio and video for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_joomradio" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/29504
  • 08.32.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ResearchGuide "guide.php" SQL Injection
  • Description: ResearchGuide is a web-based application for delivering subject guides to academic libraries. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of "guide.php" before using it in an SQL query. ResearchGuide version 0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/29895
  • 08.32.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Demo4 CMS "index.php" SQL Injection
  • Description: Demo4 CMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of "index.php" before using it in an SQL query. Demo4 CMS version beta01 is affected.
  • Ref: http://www.securityfocus.com/bid/29901
  • 08.32.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Article Friendly Pro "authordetail.php" SQL Injection
  • Description: Article Friendly is an article publishing script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "autid" parameter of the "authordetail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30452
  • 08.32.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Article Friendly Standard "categorydetail.php" SQL Injection
  • Description: Article Friendly is an article publishing script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Cat" parameter of the "categorydetail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30453
  • 08.32.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PozScripts Classified Ads "browsecats.php" SQL Injection
  • Description: PozScripts Classified Ads is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "browsecats.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30454
  • 08.32.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PozScripts TubeGuru Video Sharing Script "ugroups.php" SQL Injection
  • Description: TubeGuru Video Sharing Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "UID" parameter of the "ugroups.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30455
  • 08.32.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eNdonesia Calendar Module SQL Injection
  • Description: eNdonesia is a web portal application. The Calendar module for eNdonesia is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "loc_id" parameter.
  • Ref: http://www.securityfocus.com/bid/30457
  • 08.32.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Symphony "class.admin.php" SQL Injection
  • Description: Symphony is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sym_auth" cookie value of the "lib/class.admin.php" script before using it in an SQL query. Symphony version 1.7.01 is affected.
  • Ref: http://www.securityfocus.com/bid/30477
  • 08.32.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPX "PXL" Cookie Parameter SQL Injection
  • Description: PHPX a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PXL" cookie parameter handled by the "includes/functions.inc.php" script before using it in an SQL query. PHPX version 3.5.16 is affected.
  • Ref: http://www.securityfocus.com/bid/30478
  • 08.32.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpMyRealty "location" Parameter SQL Injection
  • Description: phpMyRealty is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "location" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30484
  • 08.32.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPAuction GPL Enhanced "profile.php" SQL Injection
  • Description: PHPAuction GPL Enhanced is a web-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize input to the "id" parameter of "profile.php" before using it in an SQL query. PHPAuction GPL Enhanced version 2.5.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30501
  • 08.32.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eStoreAff "index.php" SQL Injection
  • Description: eStoreAff is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" cookie value of the "index.php" script when the "menu" parameter is set to "showcat". eStoreAff version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30502
  • 08.32.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Online Dating "mail.php" SQL Injection
  • Description: E-topbiz Online Dating is a PHP based dating application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mail_id" parameter of the "members/mail.php" script before using it in an SQL query. Online Dating version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/30503
  • 08.32.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iPost "go.php" SQL Injection
  • Description: iPost is a PHP based application for posting images. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. iPost version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30504
  • 08.32.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iTGP "go.php" SQL Injection
  • Description: iTGP is a PHP based application for posting thumbnail images. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This issue affects the "id" parameter of the "go.php" script when the "action" parameter is set to "report". iTGP version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30505
  • 08.32.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GreenCart PHP Shopping Cart "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: GreenCart PHP Shopping Cart is a PHP based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/30506
  • 08.32.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Book Catalog Module "catid" Parameter SQL Injection
  • Description: Book Catalog is a PHP Nuke module that allows users to organize their book collection. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30511
  • 08.32.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MagicScripts Multiple E-Store Scripts "viewdetails.php" SQL Injection
  • Description: E-Store scripts are e-commerce applications. The applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "pid" parameter of the "viewdetails.php" scripts before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30524
  • 08.32.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo EZ Store Component SQL Injection
  • Description: EZ Store is a PHP-based component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_ezstore" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30527
  • 08.32.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Keld PHP-MySQL News Script "login.php" SQL Injection
  • Description: Keld PHP-MySQL News Script is a web-based news script application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Keld PHP-MySQL News Script version 0.7.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495086
  • 08.32.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pcshey Portal "kategori.asp" SQL Injection
  • Description: Pcshey Portal is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kid" parameter of the "forum/kategori.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30534
  • 08.32.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E.Z.Poll "admin/login.asp" Multiple SQL Injection Vulnerabilities
  • Description: E.Z.Poll is a web-based voting application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "Username" and "Password" parameters of the "admin/login.asp" script before using them in an SQL query. E.Z.Poll version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/30536
  • 08.32.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Plogger Multiple SQL Injection Vulnerabilities
  • Description: Plogger is a PHP based photo gallery. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. Plogger versions 3.0 and earlier are affected.
  • Ref: http://dev.plogger.org/changeset/569
  • 08.32.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PowerGap Shopsystem "s03.php" SQL Injection
  • Description: PowerGap Shopsystem is web-based shop software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
  • 08.32.91 - CVE: Not Available
  • Platform: Web Application
  • Title: HIOX Random Ad "hioxRandomAd.php" Remote File Include Vulnerability
  • Description: HIOX Random Ad is a web-based advertisement application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "hm" parameter of the "hioxRandomAd.php" script. HIOX Random Ad version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494927
  • 08.32.92 - CVE: Not Available
  • Platform: Web Application
  • Title: HIOX Browser Statistics "hm" Parameter Multiple Remote File Include Vulnerabilities
  • Description: HIOX Browser Statistics is a PHP based detection script used for identifying visitors' web browser usage. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "hm" parameter of the "hioxupdate.php" and "hioxstats.php" scripts. HIOX Browser Statistics version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494930
  • 08.32.93 - CVE: Not Available
  • Platform: Web Application
  • Title: nzFotolog "action_file" Parameter Local File Include Vulnerability
  • Description: nzFotolog is a PHP based photo gallery. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "action_file" parameter of the "index.php" script. nzFotolog version 0.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30439
  • 08.32.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Hosting Directory Cookie Authentication Bypass
  • Description: PHP Hosting Directory is a PHP based application for web hosting. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. PHP Hosting Directory version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30444
  • 08.32.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Hedgehog-CMS "header.php" Local File Include Vulnerability
  • Description: Hedgehog-CMS is a PHP based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "c_temp_path" parameter of the "includes/header.php" script. Hedgehog-CMS version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/29893
  • 08.32.96 - CVE: Not Available
  • Platform: Web Application
  • Title: HomePH Design Multiple Administrator Scripts Multiple Input Validation Vulnerabilities
  • Description: HomePH Design is a PHP based content manager. Since it fails to adequately sanitize user-supplied input, the application is exposed to multiple input validation issues. HomePH Design version 2.10 RC2 is affected.
  • Ref: http://www.securityfocus.com/bid/29896
  • 08.32.97 - CVE: Not Available
  • Platform: Web Application
  • Title: DEV Web Management System Multiple Input Validation Vulnerabilities
  • Description: DEV Web Management System is a PHP based content manager application. It is exposed to multiple input validation issues due to insufficient sanitization of user-supplied input. DEV Web Management System version 1.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/494951
  • 08.32.98 - CVE: CVE-2008-2231
  • Platform: Web Application
  • Title: Slashcode Slash "Environment.pm" Multiple Input Validation Vulnerabilities
  • Description: Slash is a web-based content manager. Slash was originally used to create a popular news site and has since been released under the GNU General Public License. Since it fails to sufficiently sanitize user-supplied data, Slash is exposed to multiple input validation issues. Slash versions 2.2.6 and earlier are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499
  • 08.32.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple HIOX Products "admin/passwo.php" Authentication Bypass
  • Description: HIOX Random Ad is a web-based advertisement application, HIOX Browser Statistics is a web site statistics application. The applications are exposed to an authentication bypass issue because remote attackers have write access to the "admin/passwo.php", which contains the applications' user authentication credentials.
  • Ref: http://www.securityfocus.com/bid/30448
  • 08.32.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Pligg Multiple Remote Vulnerabilities
  • Description: Pligg is a web-based content manager. The application is exposed to multiple issues. Pligg versions 9.9.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/494987
  • 08.32.101 - CVE: Not Available
  • Platform: Web Application
  • Title: ImpressCMS Unspecified Remote Vulnerabilities
  • Description: ImpressCMS is a content manager. The application is exposed to multiple unspecified issues. One of the issues is caused by an unknown error in the "modules/admin.php" script. ImpressCMS version 1.0 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=616122
  • 08.32.102 - CVE: Not Available
  • Platform: Web Application
  • Title: phpFreeChat "nickid" Parameter Session Hijacking
  • Description: phpFreeChat is a chat room application. The application is exposed to a session hijacking issue because the "nickid" parameter is equal to the "session_id" parameter. The "nickid" parameter is used as a public identifier and is shared between all users of the chat room. phpFreeChat versions prior to 1.2 are affected.
  • Ref: http://www.phpfreechat.net/changelog/1.2
  • 08.32.103 - CVE: Not Available
  • Platform: Web Application
  • Title: H0tturk Panel "gizli.php" Remote File Include Vulnerability
  • Description: H0tturk Panel is a web-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "cfgProgDir" parameter of the "gizli.php" script.
  • Ref: http://www.securityfocus.com/bid/30468
  • 08.32.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery "lang" Cookie Parameter Local File Include Vulnerability
  • Description: Coppermine Photo Gallery is a PHP based image gallery application for web sites. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" cookie parameter that is processed by "/include/init.inc.php" script. Coppermine Photo Gallery version 1.4.18 is affected.
  • Ref: http://www.securityfocus.com/bid/30480
  • 08.32.105 - CVE: Not Available
  • Platform: Web Application
  • Title: LetterIt "wysiwyg.php" Local File Include Vulnerability
  • Description: LetterIt is an application for generating newsletters. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "inc/wysiwyg.php" script.
  • Ref: http://www.securityfocus.com/bid/30482
  • 08.32.106 - CVE: Not Available
  • Platform: Web Application
  • Title: e-Vision CMS 2.0 Multiple Remote Vulnerabilities
  • Description: e-Vision CMS is a content management system. The application is exposed to multiple remote issues. e-Vision CMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495032
  • 08.32.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Max File Upload File Extension Arbitrary File Upload
  • Description: Max File Upload is a PHP based application that allows users to upload files onto their web server. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process.
  • Ref: http://www.securityfocus.com/archive/1/495053
  • 08.32.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Pligg "CAPTCHA" Registration Automation Security Bypass Weakness
  • Description: Pligg is a web-based content manager. The application is exposed to a security bypass weakness because it fails to properly sanitize user-supplied input. The weaknesses occur in the "CAPTCHA" process when registering users. Pligg version 9.9.5 is affected.
  • Ref: http://www.rooksecurity.com/blog/?p=17
  • 08.32.109 - CVE: Not Available
  • Platform: Web Application
  • Title: K-Link SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: K-Link is a link management application. Since it fails to sufficiently sanitize user-supplied input, K-Link is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30520
  • 08.32.110 - CVE: Not Available
  • Platform: Web Application
  • Title: IntelliTamper HTML Parser "IMG" Tag Buffer Overflow
  • Description: IntelliTamper is a spider application for scanning web sites. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. IntelliTamper version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/30521
  • 08.32.111 - CVE: Not Available
  • Platform: Web Application
  • Title: HydraIRC Remote Denial of Service
  • Description: HydraIRC is an open source IRC client. The application is exposed to a denial of service issue because it fails to properly validate user-supplied data. HydraIRC versions 0.3.164 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30523
  • 08.32.112 - CVE: Not Available
  • Platform: Web Application
  • Title: moziloCMS "download.php" File Disclosure Vulnerability
  • Description: moziloCMS is a content manager. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input to the "cat" parameter of the "download.php" script when the "file" parameter is set to "hola". moziloCMS version 1.10.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30526
  • 08.32.113 - CVE: Not Available
  • Platform: Web Application
  • Title: TGS Content Management Arbitrary Script Injection
  • Description: TGS Content Management is a content manager. The application is exposed to an arbitrary script injection issue because it fails to properly sanitize user-supplied input to the "right_delimiter" parameter of the "admin/admin.template_engine.php" script. TGS Content Management version 0.3.2r2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495087
  • 08.32.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Syzygy CMS "index.php" Local File Include
  • Description: Syzygy CMS is a PHP based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "x/index.php" script. Syzygy CMS version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30530
  • 08.32.115 - CVE: Not Available
  • Platform: Web Application
  • Title: UNAK-CMS "connector.php" Local File Include Vulnerability
  • Description: UNAK-CMS is a PHP based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "Dirroot" parameter of the "fckeditor/editor/filemanager/browser/default/connectors/php/connector.php" script. UNAK-CMS version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495090
  • 08.32.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Dayfox Blog "index.php" Multiple Local File Include Vulnerabilities
  • Description: Dayfox Blog is blogging software. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "p", "cat" and "archive" parameters of the "index.php" script. Dayfox Blog version 4.6.12 is affected.
  • Ref: http://www.securityfocus.com/bid/30538
  • 08.32.117 - CVE: Not Available
  • Platform: Web Application
  • Title: IGES CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: IGES CMS is a PHP based content manager. The application is exposed to multiple input validation issues. Attackers may exploit the SQL injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. IGES CMS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495125
  • 08.32.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Pidgin NSS plugin SSL Certificate Validation Security Bypass
  • Description: Pidgin is a chat client available for multiple operating systems. Pidgin is exposed to a security bypass issue that occurs because the NSS plugin fails to properly validate SSL certificates when connecting to a server. Pidgin version 2.4.3 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
  • 08.32.119 - CVE: Not Available
  • Platform: Web Application
  • Title: LiteNews Administrator Cookie Authentication Bypass
  • Description: LiteNews is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/30555
  • 08.32.120 - CVE: CVE-2008-2055, CVE-2008-2056, CVE-2008-2057,CVE-2008-2058, CVE-2008-2059
  • Platform: Network Device
  • Title: Cisco PIX and Cisco ASA Multiple Denial of Service and Unauthorized Access Vulnerabilities
  • Description: Cisco PIX and Cisco ASA are security appliances. The applications are exposed to multiple denial of service issues and an unauthorized access issue. An attacker can exploit these issues to bypass ACL lists and to cause an affected device to reboot or crash.
  • Ref: http://www.securityfocus.com/archive/1/493078
  • 08.32.121 - CVE: Not Available
  • Platform: Network Device
  • Title: Xerox Phaser 8400 Empty UDP Packet Remote Denial of Service
  • Description: Xerox Phaser 8400 is a network enabled printer. The device is exposed to a remote denial of service issue because the application fails to handle malformed UDP packets.
  • Ref: http://www.securityfocus.com/bid/30522
  • 08.32.122 - CVE: Not Available
  • Platform: Network Device
  • Title: 8E6 Technologies R3000 Host Header Internet Filter Security Bypass
  • Description: The 8e6 Technologies R3000 Internet Filter is an appliance for filtering internet traffic. The appliance is exposed to an issue that allows attackers to bypass URI filters. R3000 Internet Filter version 2.0.12.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495117

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

This track and the Hacker Refresher course by Skoudis really opened my eyes to the amount of vulnerabilities that we face today.
-Stephen De Jong, Equity Office Properties

CISSP Get Certified Program

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd