Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 33
August 14, 2008

SANS Newsletters Home

Two types of critical vulnerabilities this week: Those that can be exploited by viewing web sites and those that can be exploited by opening Word, Excel or PowerPoint files. This pattern of vulnerabilities closely matches the pattern techniques being used in cyber espionage. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 6 (#1, #2, #8)
    • Microsoft Office
    • 12 (#3, #4, #5, #6, #7)
    • Other Microsoft Products
    • 6 (#12)
    • Third Party Windows Apps
    • 4 (#9, #11)
    • Linux
    • 3
    • HP-UX
    • 2
    • Solaris
    • 3
    • Cross Platform
    • 11 (#10)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 14
    • Web Application
    • 20
    • Network Device
    • 5

*************************************************************************

SPONSORED BY SANS NETWORK SECURITY 2008 LAS VEGAS

September 28-October 6.

Fifty courses including the much sought after new penetration testing and secure coding courses. A big exhibit; a big evening program. By far the best value on security education.  Early registration discount deadline next Wednesday.

http://www.sans.org/ns2008

ADDITIONAL TRAINING UPDATE

- - Boston (8/9-8/16) http://www.sans.org/boston08/

- - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/

- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE

- - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
HP-UX
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************************************************************

Are you a penetration tester who wants to learn about the latest testing procedures and tools to improve your skills? Come to the Penetration Testing and Ethical Hacking Summit to hear experts discuss policy, process and technical aspects of testing. September 17 - London.

http://www.sans.org/info/31639

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Color Management System Remote Code Execution (MS08-046)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: The Microsoft Color Management System (CMS) is a component of the Windows operating system that parses International Color Consortium (ICC) color profiles in image files that are used to ensure consistent color across displays and platforms. It contains a heap-based buffer overflow vulnerability in its parsing of this profile information. A specially crafted image file embedded in a web page or other document or otherwise opened by a user could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Access Snapshot Viewer ActiveX Control Remote Code Execution (MS08-041)
  • Affected:
    • Snapshot Viewer for Microsoft Access
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003

  • Description: The Access component of Microsoft Office provides some of its functionality via an ActiveX control. This control contains a flaw in its handling of user input. A malicious web page that instantiated this control could trigger this flaw. Successfully exploiting this flaw would allow an attacker to execute arbitrary code with the privileges of the current user. Proof-of-concept code for this vulnerability is publicly available, and it is believed that this vulnerability is being actively exploited in the wild. This vulnerability was disclosed prior to the Microsoft advisory and was discussed in a previous edition of @RISK.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSIDs "F0E42D50-368C-11D0-AD81- 00A0C90DC8D9", "F0E42D60-368C-11D0-AD81-00A0C90DC8D9", and "F2175210- 368C-11D0-AD81-00A0C90DC8D9". Note that this may affect normal application functionality.

  • References:
  • (7) CRITICAL: Microsoft Word Remote Code Execution Vulnerability (MS08- 042)
  • Affected:
    • Microsoft Office XP
    • Microsoft Office 2003

  • Description: Microsoft Word contains a memory corruption vulnerability in its parsing of Word documents. A specially crafted document could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, documents are not opened upon receipt without first prompting the user. This vulnerability was previously discussed in a previous version of @RISK. It is believed that this vulnerability is being actively exploited in the wild, and exploit code is available to subscribers to the CORE Impact product.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Microsoft Windows Event System Multiple Vulnerabilities (MS08- 049)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: The Microsoft Windows Event System (ES) is a component of the Microsoft Windows operating system that manages method calls, events and subscriptions to events for user applications. It contains two vulnerabilities in its handling of user requests. A specially crafted user request could trigger one of these vulnerabilities to execute arbitrary code with the privileges of the vulnerable subsystem. Some technical details are publicly available for these vulnerabilities. Note that an attacker would require authentication to exploit these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) HIGH: WebEx Meeting Manager ActiveX Control Buffer Overflow
  • Affected:
    • WebEx Meeting Manager ActiveX control versions prior to 20.2008.2606.4919

  • Description: WebEx is a popular conferencing tool. Part of its functionality is provided through a "meeting manager" ActiveX control. This control contains a vulnerability in its handling of arguments passed to its "NewObject" method. A specially crafted web page that instantiates this control could trigger this vulnerability to execute arbitrary code with the privileges of the current user. A proof-of-concept for this vulnerability is publicly available.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "32E26FD9-F435-4A20-A561- 35D4B987CFDC". Note that this could affect normal application functionality.

  • References:
  • (10) HIGH: BitTorrent and uTorrent Torrent File Processing Buffer Overflow
  • Affected:
    • uTorrent versions prior to 1.8 rc7
    • BitTorrent versions 6.0.3 and prior

  • Description: BitTorrent is a popular file distribution system. A given "torrent" (shared file) is described using a ".torrent" file. The BitTorrent and uTorrecnt clients contain a flaw in their parsing of the "created by" field of these files. A specially crafted .torrent file could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that .torrent files are often opened automatically, without first prompting the user. Full technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (11) HIGH: Maxthon Browser Content-Type Handling Buffer Overflow
  • Affected:
    • Maxthon Web Browser versions prior to 2.0

  • Description: Maxthon is the second most popular web browser in China . It contains a flaw in its handling of the HTTP "Content-type" header. A specially crafted header sent by a malicious server could trigger this flaw, leading to a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of- concept are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (12) LOW: Microsoft Windows Messenger Information Disclosure (MS08-050)
  • Affected:
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows 2000

  • Description: Microsoft Windows Messenger is Microsoft Windows's built-in instant messaging and conferencing client. Part of its functionality is provided by an ActiveX control. This control contains an information disclosure vulnerability. A malicious web page that instantiates this control could access arbitrary information with the privileges of the current user, including that user's Windows Messenger authentication credentials. Successfully stealing these credentials would allow an attacker to log in to messaging services as the victim.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "B69003B3-C55E-4b48-836C- BC5946FC3B28". Note that this may affect normal application functionality.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 33, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.33.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows "NSlookup.exe" Unspecified Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue due to an unspecified error in "NSlookup.exe" when parsing malformed functions. Microsoft Windows XP Professional SP2 is affected.
  • Ref: http://www.securityfocus.com/bid/30636
  • 08.33.2 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Messenger ActiveX Control Information Disclosure
  • Description: Microsoft Windows Messenger is an instant messaging application available for Microsoft Windows. The application is exposed to an information disclosure issue that occurs in the "Messenger.UIAutomation.1" ActiveX control identified by CLSID: B69003B3-C55E-4b48-836C-BC5946FC3B28.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-050.mspx
  • 08.33.3 - CVE: CVE-2008-1457
  • Platform: Windows
  • Title: Microsoft Windows Event System User Subscription Request Remote Code Execution
  • Description: Microsoft Windows Event System is a service that distributes events from publishers to subscribing objects to facilitate event notifications for applications. Microsoft Windows Event System is exposed to a remote code execution issue because the application fails to handle per-user subscriptions in a proper manner.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx
  • 08.33.4 - CVE: CVE-2008-1456
  • Platform: Windows
  • Title: Microsoft Windows Event System Array Index Verification Remote Code Execution
  • Description: Microsoft Windows Event System is a service that distributes events from publishers to subscribing objects to facilitate event notifications for applications. Microsoft Windows Event System is exposed to a remote code execution issue that arises because the application fails to verify the range for values used as an index for a static array of function pointers.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-049.mspx
  • 08.33.5 - CVE: CVE-2008-2245
  • Platform: Windows
  • Title: Microsoft Windows Image Color Management Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue due to a flaw in the Microsoft Color Management System (MSCMS) module of the Image Color Management System (ICM). This issue may arise when the module parses image files and allocates memory.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-046.mspx
  • 08.33.6 - CVE: CVE-2008-2246
  • Platform: Windows
  • Title: Microsoft Windows IPsec Information Disclosure
  • Description: Microsoft Windows is prone to a vulnerability in the IPsec implementation. The vulnerability exists due to an error that occurs when pre-existing IPsec policies are imported from a Windows Server 2003 domain to a Windows Server 2008 domain.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-047.mspx
  • 08.33.7 - CVE: CVE-2008-0120
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Picture Index Remote Code Execution
  • Description: Microsoft PowerPoint is exposed to a remote code execution issue that is caused by an error that can occur when the application calculates memory requirements for a malformed picture index in a specially crafted PowerPoint file.
  • Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php ?id=739
  • 08.33.8 - CVE: CVE-2008-0121
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Picture Index Variant Remote Code Execution
  • Description: Microsoft PowerPoint is exposed to a remote code execution issue due to an error that can occur when the application calculates memory requirements for a malformed picture index in a specially crafted PowerPoint file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx
  • 08.33.9 - CVE: CVE-2008-1455
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint List Value Parsing Remote Code Execution
  • Description: Microsoft PowerPoint is exposed to a remote code execution issue that is caused by an error that occurs when the application calculates memory requirements for parsing list values in a specially crafted PowerPoint file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-051.mspx
  • 08.33.10 - CVE: CVE-2008-3019
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed EPS Filter Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution issue that occurs when the Office EPS (Encapsulated PostScript) filter parses a malformed EPS file. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
  • 08.33.11 - CVE: CVE-2008-3018
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed PICT Filter Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution issue that occurs when the Office PICT filter parses a malformed PICT file. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
  • 08.33.12 - CVE: CVE-2008-3021
  • Platform: Microsoft Office
  • Title: Microsoft Office PICT Filter Parsing Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution issue that occurs when the Office PICT filter parses a malformed PICT image file. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
  • 08.33.13 - CVE: CVE-2008-3020
  • Platform: Microsoft Office
  • Title: Microsoft Office Malformed BMP Filter Remote Code Execution
  • Description: Microsoft Office is prone to a remote code execution issue. The issue occurs when the Office BMP filter parses a malformed BMP file. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
  • 08.33.14 - CVE: CVE-2008-3460
  • Platform: Microsoft Office
  • Title: Microsoft Office WPG Image File Remote Code Execution
  • Description: Microsoft Office is exposed to a remote code execution issue. The issue occurs when the Office WPG (WordPerfect Graphics) filter parses a malformed WPG file. Attackers can exploit this issue by enticing a victim to open the malicious file with the vulnerable application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-044.mspx
  • 08.33.15 - CVE: CVE-2008-3004
  • Platform: Microsoft Office
  • Title: Microsoft Excel Indexing Validation Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to validate index values in Excel files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx
  • 08.33.16 - CVE: CVE-2008-3005
  • Platform: Microsoft Office
  • Title: Microsoft Excel Index Array Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to validate index array records in Excel files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-043.mspx
  • 08.33.17 - CVE: CVE-2008-3006
  • Platform: Microsoft Office
  • Title: Microsoft Excel Record Parsing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to validate record values in Excel files.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-048/
  • 08.33.18 - CVE: CVE-2008-3003
  • Platform: Microsoft Office
  • Title: Microsoft Excel Credential Caching
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Microsoft Excel is exposed to an issue that allows unauthorized access to remote data source credentials that have been cached in Excel files. Microsoft Excel 2007 and Microsoft Office 2008 for Mac are affected.
  • Ref: http://blogs.technet.com/swi/archive/2008/08/12/ms08-043-how-to-p revent-this-information-disclosure-vulnerability.aspx
  • 08.33.19 - CVE: CVE-2008-1448
  • Platform: Other Microsoft Products
  • Title: Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure
  • Description: Microsoft Outlook Express and Windows Mail are email client applications available for Microsoft Windows. The applications are exposed to an information disclosure issue because of an error in Windows MHTML protocol handler.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-048.mspx
  • 08.33.20 - CVE: CVE-2008-2258
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Objects Variant Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue that occurs when the application attempts to parse a specially crafted Web page. This issue is due to the application attempting to access uninitialized memory while parsing specially crafted Web pages.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
  • 08.33.21 - CVE: CVE-2008-2256
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Uninitialized Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue that occurs when the application attempts to parse a specially crafted Web page. This issue occurs when the application attempts to access incorrectly initialized or deleted objects in memory.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
  • 08.33.22 - CVE: CVE-2008-2259
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Component Handling Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue that occurs when the application attempts to parse a specially crafted Web page. Specifically, this issue presents itself when the application attempts to validate arguments while handling print previews.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
  • 08.33.23 - CVE: CVE-2008-2257
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Objects Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue that occurs when the application attempts to parse a specially crafted Web page. This issue is due to the application attempting to access uninitialized memory while parsing specially crafted Web pages.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-050/
  • 08.33.24 - CVE: CVE-2008-2254
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Object Memory Corruption
  • Description: Microsoft Internet Explorer is exposed to a remote memory corruption issue that occurs when the application attempts to parse a specially crafted Web page. This issue is due to the application attempting to access uninitialized memory while parsing specially crafted Web pages.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
  • 08.33.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Maxthon Browser Content-Type Buffer Overflow
  • Description: Maxthon Browser is a web browser available for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to properly validate the "Content-Type" before copying it into an insufficiently sized buffer. Maxthon Browser versions prior to 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/30617
  • 08.33.26 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JComSoft "AniGIF.ocx" ReadGIF and ReadGIF2 Methods ActiveX Buffer Overflow Vulnerabilities
  • Description: Animation GIF ActiveX control is an ActiveX control for displaying and manipulating GIF files. The control is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. Animation GIF ActiveX versions 2.47, 1.12a and 1.12b are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.33.27 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WebEx Meeting Manager "atucfobj.dll" ActiveX Control Remote Buffer Overflow
  • Description: WebEx is a file-sharing and conferencing application set for Microsoft Windows. The "atucfobj" module of WebEx Meeting Manager is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. "atucfobj.dll" version 20.2008.2601.4928 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.33.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: uTorrent and BitTorrent File Handling Remote Buffer Overflow
  • Description: uTorrent and BitTorrent are Torrent clients available for Microsoft Windows. The applications are exposed to a remote buffer overflow issue because they fail to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. This issue occurs when a malicious ".torrent" file containing an excessive value for the "created by" field is handled by a vulnerable application. uTorrent version 1.7.7 (build 8179) and BitTorrent version 6.0.3 (build 8642) are affected.
  • Ref: http://www.securityfocus.com/bid/30653
  • 08.33.29 - CVE: CVE-2008-3275
  • Platform: Linux
  • Title: Linux Kernel UBIFS Orphan Inode Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue affecting the VFS behavior in UBIFS (UBI File System). UBIFS is a flash filesystem comparable to JFFS2. The issue occurs because the "->delete_inode()" function may not be properly called in certain cases, causing the child dentry cache for deleted directories to persist on disk. As a result, the orphaned inode area can be overflowed.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=457858
  • 08.33.30 - CVE: Not Available
  • Platform: Linux
  • Title: IPsec-Tools Remote Denial of Service
  • Description: IPsec-Tools is a port of KAME's IPsec utilities for the Linux-2.6 IPsec implementation. IPsec-Tools is affected by a remote denial of service issue because the application fails to properly handle certain network packets. IPsec-Tools versions prior to 0.7.1 are affected.
  • Ref: http://sourceforge.net/mailarchive/message.php?msg_name=200807240 84529.GA3768%40zen.inc
  • 08.33.31 - CVE: Not Available
  • Platform: Linux
  • Title: Amarok "MagnatuneBrowser::listDownloadComplete()" Insecure Temporary File Creation
  • Description: Amarok is a media-player application available for Linux and Unix operating platforms. The issue occurs in the "MagnatuneBrowser::listDownloadComplete()" function of the "amarok/src/magnatunebrowser/magnatunebrowser.cpp" file. Amarok version 1.4.9.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
  • 08.33.32 - CVE: CVE-2008-1664
  • Platform: HP-UX
  • Title: HP-UX "libc" Unspecified Remote Denial of Service
  • Description: HP-UX is exposed to a remote denial of service issue. The cause of this issue is unknown. Exploiting this issue allows remote attackers to trigger denial of service conditions. HP-UX versions B.11.23 and B.11.31 using libc are affected.
  • Ref: http://www.securityfocus.com/bid/30581
  • 08.33.33 - CVE: CVE-2008-1668
  • Platform: HP-UX
  • Title: HP-UX "ftpd" Unspecifed Remote Privilege Escalation
  • Description: HP-UX is a UNIX-based operating system. HP-UX running "ftpd" is exposed to a remote privilege escalation issue. Remote attackers can exploit this issue to gain elevated privileges on the affected computer.
  • Ref: http://www.securityfocus.com/bid/30666
  • 08.33.34 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Trusted Extensions Labeled Networking Security Bypass
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. Solaris is exposed to a security bypass issue that affects the Trusted Extensions labeled networking. A Solaris Trusted Extensions system with a labeled zone which is in the "installed" state is vulnerable to a security bypass issue. Solaris 10 and OpenSolaris platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240099-1
  • 08.33.35 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "pthread_mutex_reltimedlock_np(3C)" API Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The Sun Solaris "pthread_mutex_reltimedlock_np(3C)" (priority-inherited pthread mutex) API is exposed to a local denial of service issue. Solaris 10 and OpenSolaris versions prior to build snv_90 for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239387-1
  • 08.33.36 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "sendfilev()" Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The Sun Solaris "sendfilev()" system call is exposed to an unspecified local denial of service issue. A local unprivileged attacker can exploit this issue with a malicious program designed to trigger the issue. Solaris 10 and OpenSolaris versions prior to build snv_95 for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239186-1
  • 08.33.37 - CVE: CVE-2008-1945
  • Platform: Cross Platform
  • Title: QEMU Security Bypass
  • Description: QEMU is a processor emulator used to virtualize computer systems and to run guest operating systems within a host. QEMU is exposed to a security bypass issue because the application fails to properly restrict access to certain functionality.
  • Ref: http://www.securityfocus.com/bid/30604
  • 08.33.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenVMS Finger Service Stack-Based Buffer Overflow
  • Description: The finger service ("fingerd") is part of the MultiNet suite of TCP/IP applications for OpenVMS. The service is exposed to a stack-based buffer overflow issue because it fails to adequately bounds check user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/495207
  • 08.33.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Micro Edition (ME) Multiple Unspecified Security Bypass Vulnerabilities
  • Description: Sun Java Micro Edition (ME) is an implementation of the Java runtime environment designed for use on mobile devices such as cellular phones. Java ME is exposed to two unspecified issues that can be leveraged to bypass Java security restrictions.
  • Ref: http://www.securityfocus.com/archive/1/495224
  • 08.33.40 - CVE: CVE-2008-3337
  • Platform: Cross Platform
  • Title: PowerDNS Malformed Query Handling Weakness
  • Description: PowerDNS is an open-source DNS server. The application is exposed to a weakness caused by dropping malformed DNS queries. This issue increases the risk that other nameservers have of accepting spoofed answers and having their cache poisoned for domains hosted by PowerDNS nameservers. PowerDNS versions prior to 2.9.21.1 are affected.
  • Ref: http://doc.powerdns.com/powerdns-advisory-2008-02.html
  • 08.33.41 - CVE: CVE-2008-2938
  • Platform: Cross Platform
  • Title: Apache Tomcat UTF-8 Directory Traversal
  • Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/495318
  • 08.33.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ruby Multiple Security Bypass and Denial of Service Vulnerabilities
  • Description: Ruby is an object-oriented programming language. Ruby is exposed to multiple issues. Attackers can exploit these issues to perform unauthorized actions on affected applications. Ruby versions 1.8.5, 1.8.6-p286, 1.8.7-p71, and 1.9 r18423 are affected.
  • Ref: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilit ies-in-ruby/
  • 08.33.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xen Para Virtualized Frame Buffer "ioemu" Frontend Frame Buffer Denial of Service
  • Description: Xen is an open-source hypervisor or virtual machine monitor. The application is exposed to a local denial of service issue that occurs in the "tools/ioemu/hw/xenfb.c" source file. This issue occurs because the hypervisor's para-virtualized framebuffer (PFVP) fails to perform sufficient validation on the frontend frame buffer description.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=447759
  • 08.33.44 - CVE: CVE-2008-3432
  • Platform: Cross Platform
  • Title: Vim "mch_expand_wildcards()" Heap-Based Buffer Overflow
  • Description: Vim is a text editor available for multiple operating platforms. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Vim versions 6.2.429 through 6.3.058 are affected.
  • Ref: http://www.openwall.com/lists/oss-security/2008/07/15/4
  • 08.33.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP Multiple Buffer Overflow Vulnerabilities
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to multiple buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data. PHP versions prior to 4.4.9 are affected.
  • Ref: http://www.php.net/archive/2008.php#id2008-08-07-1
  • 08.33.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SOURCENEXT Virus Security and Virus Security ZERO Unspecified Denial of Service
  • Description: SOURCENEXT Virus Security and Virus Security ZERO are antivirus applications that protect computers from viruses. Virus Security and Virus Security ZERO are exposed to an unspecified denial of service issue. Virus Security and Virus Security ZERO versions up to and including 9.5.0173 are affected.
  • Ref: http://jvn.jp/en/jp/JVN66077895/
  • 08.33.47 - CVE: CVE-2008-3514
  • Platform: Cross Platform
  • Title: VMWare VirtualCenter User Account Information Disclosure
  • Description: VMWare VirtualCenter client is an application that monitors and manages virtualized IT environments through a single interface. The application is exposed to an information disclosure issue.
  • Ref: http://www.vmware.com/support/vi3/doc/vi3_esx35u2_vc25u2_rel_note s.html
  • 08.33.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yogurt Social Network "uid" Parameter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Yogurt Social Network is a social networking module for multiple CMS applications. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Yogurt Social Network version 3.2 rc1 is affected.
  • Ref: http://lostmon.blogspot.com/2008/08/yogurt-social-network-multipl e-scripts.html
  • 08.33.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RMSOFT Downloads Plus Multiple Cross-Site Scripting Vulnerabilities
  • Description: RMSOFT Downloads Plus is a web-based downloads module for multiple CMS applications. The application is exposed to multiple cross-site scripting issue because it fails to properly sanitize user-supplied input. Downloads Plus versions 1.5 and 1.7 are affected.
  • Ref: http://lostmon.blogspot.com/2008/08/rmsoft-downloads-plus-two-scr ipts-two.html
  • 08.33.50 - CVE: CVE-2008-3515, CVE-2008-3516
  • Platform: Web Application - Cross Site Scripting
  • Title: Adobe Presenter Multiple Cross-Site Scripting Vulnerabilities
  • Description: Adobe Presenter is an application for creating web-based Flash presentations. The application is exposed to multiple cross-site scripting issues because sites generated with the vulnerable application fail to sufficiently sanitize user-supplied data. Adobe Presenter versions 6 and 7 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-17.html
  • 08.33.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Google Notebook and Google Bookmarks Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Google Notebook and Google Bookmarks are applications that extend the functionality of various browsers. Google Notebook is exposed to three unspecified cross-site scripting issues. An attacker can create a malformed block note containing malicious script code and invite an unsuspecting victim to share it.
  • Ref: http://www.securityfocus.com/archive/1/495179
  • 08.33.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kshop "kshop_search.php" Cross-Site Scripting
  • Description: Kshop is an ecommerce module for the Xoops content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "search" parameter of the "kshop_search.php" script. Kshop version 2.22 is affected.
  • Ref: http://lostmon.blogspot.com/2008/08/kshop-module-search-variable- and-field.html
  • 08.33.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: KAPhotoservice Multiple Cross-Site Scripting Vulnerabilities
  • Description: KAPhotoservice is a web-based application for ordering photo prints. The application is exposed to multiple cross-site scripting issues. The application fails to properly sanitize user-supplied input to the following scripts and parameters: "search.asp": "filename" and "order.asp": "page".
  • Ref: http://www.securityfocus.com/bid/30567
  • 08.33.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Quate CMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: Quate CMS is a PHP-based content manager. Quate CMS is exposed to multiple cross-site scripting issues because it fails to adequately sanitize user-supplied input to the "page_area" and "page_header" parameters of the "/admin/includes/themes/default/header.php" script. Quate CMS version 0.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30570
  • 08.33.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Domain Group Network GooCMS "index.php" Cross-Site Scripting
  • Description: GooCMS is a web content management system. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "s" parameter of the "index.php" script. GooCMS version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/30635
  • 08.33.56 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Datafeed Studio "search.php" Cross-Site Scripting
  • Description: Datafeed Studio is a web-based application for managing merchant datafeeds. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "q" parameter of the "search.php" script. Datafeed Studio version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30660
  • 08.33.57 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IDevSpot PhpLinkExchange "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: PhpLinkExchange is a web application used to maintain a link exchange directory. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "catid" and "id" parameters of the "index.php" script. PhpLinkExchange version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/30665
  • 08.33.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 CMS "download.php" SQL Injection
  • Description: e107 CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "download.php" script before using it in an SQL query. e107 CMS version 0.7.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495247
  • 08.33.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Discuz! "index.php" SQL Injection
  • Description: Discuz! is web-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "searchid" parameter of the "index.php" script before using it in an SQL query. Discuz! version 6.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30583
  • 08.33.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LiteNews "index.php" SQL Injection
  • Description: LiteNews is a news script application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. LiteNews version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30575
  • 08.33.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Kleinanzeigen Module "lid" Parameter SQL Injection
  • Description: Kleinanzeigen is a classifieds module for the PHP-Nuke content manager. The module is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/495166
  • 08.33.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Quicksilver Forums "index.php" SQL Injection
  • Description: Quicksilver Forums is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forums[]" parameter of the "index.php" script before using it in an SQL query. Quicksilver Forums version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30623
  • 08.33.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vacation Rental Script "index.php" SQL Injection
  • Description: Vacation Rental Script is a web-based property management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Vacation Rental Script version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30626
  • 08.33.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Battle.net Clan Script "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Battle.net Clan Script is a clan management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "showmember" and "thread" parameters of the "index.php" script before using them in an SQL query. Battle.net Clan Script version 1.5.2 is affected.
  • Ref: http://sourceforge.net/projects/haudenschilt/
  • 08.33.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZeeScripts ZeeBuddy "bannerclick.php" SQL Injection
  • Description: ZeeBuddy is a web-based property management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "bannerclick.php" script before using it in an SQL query. ZeeBuddy version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30628
  • 08.33.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: psipuss Multiple SQL Injection Vulnerabilities
  • Description: psipuss is a web-based image manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. psipuss version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30629
  • 08.33.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenImpro "image.php" SQL Injection
  • Description: OpenImpro is a web-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "image.php" script before using it in an SQL query. OpenImpro version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30631
  • 08.33.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ovidentia "index.php" SQL Injection
  • Description: Ovidentia is a web-based content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "item" parameter of the "index.php" script before using it in an SQL query. Ovidentia version 6.6.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495313
  • 08.33.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IceBB "index.php" SQL Injection
  • Description: IceBB is web-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "skin" parameter of the "index.php" script before using it in an SQL query. IceBB versions prior to 1.0-rc10 are affected.
  • Ref: http://forums.xaos-ia.com/?topic=765
  • 08.33.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: bBlog "builtin.help.php" SQL Injection
  • Description: bBlog is a weblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mod" parameter of the "bblog_plugins/builtin.help.php" script before using it in an SQL query. bBlog version 0.7.6 is affected.
  • Ref: http://www.securityfocus.com/bid/30658
  • 08.33.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! "com_user" Component SQL Injection
  • Description: "com_user" is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "token" parameter of the "controller.php" script before using it in an SQL query. Joomla! version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/30667
  • 08.33.72 - CVE: Not Available
  • Platform: Web Application
  • Title: RMSOFT MiniShop "search.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: RMSOFT MiniShop is a web-based shopping cart module for multiple CMS applications. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. MiniShop version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30616
  • 08.33.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Yogurt Social Network Scrapbook HTML Injection
  • Description: Yogurt Social Network is a social networking module for multiple CMS applications. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the description field of a scrapbook entry before using it in dynamically generated content. Yogurt Social Network version 3.2 rc1 is affected.
  • Ref: http://lostmon.blogspot.com/2008/08/yogurt-social-network-multipl e-scripts.html
  • 08.33.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Contenido Multiple Unspecified Remote File Include Vulnerabilities
  • Description: Contenido is a PHP-based content manager. The application is exposed to multiple unspecified remote file include issues because it fails to sufficiently sanitize user-supplied input. Contenido versions prior to 4.8.7 are affected.
  • Ref: http://forum.contenido.org/viewtopic.php?t=22129
  • 08.33.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Free Hosting Manager Administrator Cookie Authentication Bypass
  • Description: Free Hosting Manager is a web-based account management application implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Free Hosting Manager versions 1.2 and 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/30580
  • 08.33.76 - CVE: Not Available
  • Platform: Web Application
  • Title: IntelliTamper HTML "Location" Header Parsing Buffer Overflow
  • Description: IntelliTamper is a spider application for scanning web sites. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. IntelliTamper version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/30622
  • 08.33.77 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Ring Administrator Cookie Authentication Bypass
  • Description: PHP-Ring is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. PHP-Ring version 0.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30624
  • 08.33.78 - CVE: Not Available
  • Platform: Web Application
  • Title: txtSQL "startup.php" Remote File Include
  • Description: txtSQL is a web-based application framework that includes a flat-file database management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "CFG[txtsql][class]" parameter of the "startup.php" script. txtSQL version 2.2 Final is affected.
  • Ref: http://www.securityfocus.com/bid/30625
  • 08.33.79 - CVE: Not Available
  • Platform: Web Application
  • Title: pPIM Multiple Remote Vulnerabilities
  • Description: pPIM is a web-based application. The application is exposed to multiple issues. pPIM versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30627
  • 08.33.80 - CVE: Not Available
  • Platform: Web Application
  • Title: LoveCMS Multiple Security Bypass Vulnerabilities
  • Description: LoveCMS is a web-based content manager. The application is exposed to multiple security bypass issues because it fails to properly control access to some pages. LoveCMS version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30562
  • 08.33.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery Multiple Remote Vulnerabilities
  • Description: Gallery is PHP-based software for managing photos. The application is exposed to multiple remote issues. Gallery versions prior to 1.5.8 are affected.
  • Ref: http://www.securityfocus.com/bid/30563
  • 08.33.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Chupix CMS Contact Module "index.php" Multiple Local File Include Vulnerabilities
  • Description: Contact is a phonebook module for Chupix CMS. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "module" parameter of the "index.php" and the "admin/index.php" scripts. Contact version 0.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30564
  • 08.33.83 - CVE: Not Available
  • Platform: Web Application
  • Title: phpKF-Portal Multiple Local File Include Vulnerabilities
  • Description: phpKF-Portal is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. phpKF-Portal version 1.10 is affected.
  • Ref: http://www.securityfocus.com/bid/30566
  • 08.33.84 - CVE: Not Available
  • Platform: Web Application
  • Title: com_uchat component Mambo and Joomla! Component Multiple Remote File Include Vulnerabilities
  • Description: The com_uchat component is a chat component for the Mambo and Joomla! content managers. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. com_uchat version 0.9.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30571
  • 08.33.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple WebmasterSite Products Remote Command Execution
  • Description: Multiple WebmasterSite products are exposed to a remote shell command execution vulnerability because the applications fail to sufficiently sanitize user-supplied data. Attackers may require valid authentication credentials for the affected applications to access the user profile in order to exploit this issue.
  • Ref: http://www.securityfocus.com/bid/30572
  • 08.33.86 - CVE: Not Available
  • Platform: Web Application
  • Title: DD-WRT Site Survey SSID Script Injection
  • Description: DD-WRT is a set of Linux-based firmware for wireless routers. The firmware includes a web-based administrative interface. The web interface is exposed to a script injection issue because it fails to adequately sanitize user-supplied data to the "Site Survey" section of the administrative web interface. DD-WRT versions prior to 24-sp1 are affected.
  • Ref: http://www.dd-wrt.com/dd-wrtv3/community/developmentnews/1-common /24-dd-wrtv24sp1.html
  • 08.33.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Linkspider Multiple Remote File Include Vulnerabilities
  • Description: Linkspider is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "$_SERVER["DOCUMENT_ROOT"]" parameter of the "links.php" and "links.inc.php" scripts. Linkspider version 1.08 is affected.
  • Ref: http://www.securityfocus.com/bid/30632
  • 08.33.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Harmoni "Username" Field HTML Injection
  • Description: Harmoni is an application framework. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "username" field before using it in dynamically generated content. Harmoni versions prior to 1.4.7 are affected.
  • Ref: http://www.securityfocus.com/bid/30637
  • 08.33.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Kayako SupportSuite Multiple Input Validation Vulnerabilities
  • Description: Kayako SupportSuite is a web-based support application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify data, or exploit latent vulnerabilities in the underlying database. Kayako SupportSuite versions prior to 3.30 are affected.
  • Ref: http://www.securityfocus.com/archive/1/495309
  • 08.33.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Datafeed Studio "patch.php" Remote File Include
  • Description: Datafeed Studio is a PHP-based application that allows users to convert datafeeds into dynamic websites. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "INSTALL_FOLDER" parameter of the "admin/bin/patch.php" script.
  • Ref: http://www.securityfocus.com/bid/30659
  • 08.33.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Bugzilla "--attach_path" Directory Traversal
  • Description: Bugzilla is a web-based bug tracking application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Bugzilla versions 2.22.1 through 2.22.4 and versions 2.23.3 and later are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=437169
  • 08.33.92 - CVE: Not Available
  • Platform: Network Device
  • Title: Nokia Series 40 Multiple Unspecified Unauthorized Access Vulnerabilities
  • Description: Nokia Series 40 is a operating platform for mobile devices. Series 40 is exposed to fourteen unspecified issues that can be leveraged to gain unauthorized access to affected devices.
  • Ref: http://www.securityfocus.com/archive/1/495224
  • 08.33.93 - CVE: Not Available
  • Platform: Network Device
  • Title: McAfee Encrypted USB Manager Remote Security Bypass
  • Description: McAfee Encrypted USB Manager is an application to securely store data on a McAfee Encrypted USB drive. The application is exposed to a security-bypass issue. Specifically, the issue occurs when the password "Re-use Threshold" policy is set to a non-zero value. McAfee Encrypted USB Manager version 3.1.0.0 is affected.
  • Ref: http://www.mcafee.com/apps/downloads/security_updates/hotfixes.as p?region=us&segment=enterprise
  • 08.33.94 - CVE: CVE-2008-3174, CVE-2008-2926
  • Platform: Network Device
  • Title: Computer Associates "kmxfw.sys" Local Code Execution and Remote Denial of Service Vulnerabilities
  • Description: Multiple Computer Associate products are affected by two issues. An arbitrary code execution issue occurs because the "kmxfw.sys" driver fails to properly verify IOCTL requests; and a denial of service issue occurs due to an unspecified error in the "kmxfw.sys" driver.
  • Ref: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560
  • 08.33.95 - CVE: Not Available
  • Platform: Network Device
  • Title: Alcatel-Lucent OmniSwitch Products HTTP Header Remote Buffer Overflow
  • Description: Alcatel-Lucent OmniSwitch series is a product family of switches. Alcatel-Lucent OmniSwitch products are exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitc h.htm
  • 08.33.96 - CVE: Not Available
  • Platform: Network Device
  • Title: NXP Semiconductors MIFARE Classic Smartcard Multiple Unspecified Security Vulnerabilities
  • Description: The MIFARE Classic smartcard is a contactless proximity card based on the ISO/IEC 14443 RFID standard. The card has been implemented for storing and tracking electronic fares in several major transit systems. The application is exposed to multiple unspecified security issues.
  • Ref: https://www.defcon.org/html/defcon-16/dc-16-speakers.html#Anderson

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/

Years of experience downloaded into your brain in 6 days.
-Chris Koutras, Titan Corp

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU