@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 08.34.1 - Microsoft Visual Studio "Msmask32.ocx" ActiveX Control Remote Buffer Overflow

Third Party Windows Apps

• 08.34.2 - FlashGet FTP "PWD" Response Remote Buffer Overflow
• 08.34.3 - Symantec Storage Foundation for Windows Security Update Circumvention
• 08.34.4 - Maya Studio eo-video Playlist File Buffer Overflow
• 08.34.5 - Ipswitch WS_FTP Client Format String
• 08.34.6 - Ipswitch WS_FTP Server Message Response Buffer Overflow

Linux

• 08.34.7 - Red Hat Network Satellite Server "manzier.pxt" User Information Disclosure
• 08.34.8 - HP Linux Imaging and Printing System Privilege Escalation And Denial of Service Vulnerabilities
• 08.34.9 - Yelp Invalid URI Format String
• 08.34.10 - Openwsman Multiple Remote Security Vulnerabilities
• 08.34.11 - Red Hat yum-rhn-plugin RHN Updates Denial of Service
• 08.34.12 - Linux Kernel "dccp_setsockopt_change()" Remote Denial of Service

Unix

• 08.34.13 - Sympa "sympa.pl" Insecure Temporary File Creation

Cross Platform

• 08.34.14 - Sun Java System Web Proxy Server FTP Subsystem Denial of Service
• 08.34.15 - Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
• 08.34.16 - HAVP "sockethandler.cpp" Client Connect Infinite Loop Denial of Service
• 08.34.17 - xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
• 08.34.18 - xine-lib OGG Processing Remote Denial of Service
• 08.34.19 - MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
• 08.34.20 - Neon Digest Authentication Null Pointer Exception Denial of Service
• 08.34.21 - GnuTLS "gnutls_handshake()" Function Remote Denial of Service
• 08.34.22 - VLC Media Player "demuxtta.c" TTA File Handling Buffer Overflow
• 08.34.23 - ESET Smart Security "easdrv.sys" Local Privilege Escalation
• 08.34.24 - EchoVNC Remote Buffer Overflow
• 08.34.25 - Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
• 08.34.26 - OllyDBG "ollydbg.ini" Debug Argument Local Buffer Overflow
• 08.34.27 - SWIMAGE Encore Master Password Information Disclosure
• 08.34.28 - VMware Workstation "hcmon.sys" Local Denial of Service

Web Application - Cross Site Scripting

• 08.34.29 - Navboard Multiple Local File Include and Cross-Site Scripting Vulnerabilities
• 08.34.30 - Openfire "login.jsp" Cross-Site Scripting
• 08.34.31 - Mambo Multiple Cross-Site Scripting Vulnerabilities
• 08.34.32 - FlexCMS "inc-core-admin-editor-previouscolorsjs.php" Cross-Site Scripting
• 08.34.33 - AWStats "awstats.pl" Cross-Site Scripting
• 08.34.34 - Ovidentia "index.php" Cross-Site Scripting
• 08.34.35 - Sun Java System Portal Server Portlets Cross-Site Scripting

Web Application - SQL Injection

• 08.34.36 - PHP Realty "dpage.php" SQL Injection
• 08.34.37 - PHP-Fusion "readmore.php" SQL Injection
• 08.34.38 - E-Shop Shopping Cart Script "search_results.php" SQL Injection
• 08.34.39 - ZEEJOBSITE "bannerclick.php" SQL Injection
• 08.34.40 - FipsCMS "forum/neu.asp" SQL Injection
• 08.34.41 - phpArcadeScript "cat" Parameter SQL Injection
• 08.34.42 - Quick Poll "code.php" SQL Injection
• 08.34.43 - PromoProducts "view_product.php" Multiple SQL Injection Vulnerabilities
• 08.34.44 - PHPBasket "pro_id" Parameter SQL Injection
• 08.34.45 - NewsHOWLER Cookie Data SQL Injection
• 08.34.46 - cyberBB Multiple SQL Injection Vulnerabilities

Web Application

• 08.34.47 - Gelato CMS "classes/imgsize.php" Local File Include
• 08.34.48 - Meet#Web "root_path" Parameter Multiple Remote File Include Vulnerabilities
• 08.34.49 - Ventrilo "type 0" Packet NULL Pointer Dereference Denial of Service
• 08.34.50 - Freeway Multiple Input Validation Vulnerabilities
• 08.34.51 - Cardinal CMS "upload.php" Arbitrary File Upload
• 08.34.52 - Nukeviet "admin/login.php" Cookie Authentication Bypass
• 08.34.53 - YapBB "class_yapbbcooker.php" Remote File Include
• 08.34.54 - CyBoards PHP Lite Multiple Remote Vulnerabilities
• 08.34.55 - dotCMS "id" Parameter Multiple Local File Include Vulnerabilities
• 08.34.56 - mUnky "index.php" Remote Code Execution
• 08.34.57 - Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery and Security Bypass Vulnerabilities
• 08.34.58 - PHPizabi "id" Parameter Local File Include
• 08.34.59 - XNova Project XNova "todofleetcontrol.php" Remote File Include
• 08.34.60 - VidiScript Remote File Upload
• 08.34.61 - PHP Live Helper Multiple Input Validation Vulnerabilities
• 08.34.62 - Freeway "language" Parameter Multiple Local File Include Vulnerabilities

Network Device

• 08.34.63 - Nokia 6131 Multiple Vulnerabilities

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 34, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 08.34.1 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Visual Studio "Msmask32.ocx" ActiveX Control Remote Buffer Overflow
• Description: Microsoft Visual Studio is a suite of software development tools. The MaskedEdit ActiveX control is a part of this suite. The application is exposed to a stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. "Msmask32.ocx" version 6.0.81.69 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 08.34.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: FlashGet FTP "PWD" Response Remote Buffer Overflow
• Description: FlashGet is a freeware download manager for Microsoft Windows. The application is exposed to a stack-based buffer overflow issue because it fails to properly validate the "PWD" response in FTP connections before copying it into an insufficiently sized buffer. FlashGet version 1.9 is affected.
• Ref: http://www.securityfocus.com/bid/30685

• 08.34.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Symantec Storage Foundation for Windows Security Update Circumvention
• Description: Symantec Storage Foundation for Windows is a networked storage management tool. The application is exposed to a security update circumvention issue in the Volume Manager Scheduler Service. Storage Foundation for Windows versions 5.0, 5.0 RP1, and 5.1 are affected.
• Ref: http://www.securityfocus.com/archive/1/495487

• 08.34.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Maya Studio eo-video Playlist File Buffer Overflow
• Description: eo-video is a media player for Microsoft Windows platforms. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue arises when the application handles a playlist (.eop) file with a large string value in the "<name>" field. eo-video version 1.36 is affected.
• Ref: http://www.securityfocus.com/bid/30717

• 08.34.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Ipswitch WS_FTP Client Format String
• Description: Ipswitch WS_FTP client is an FTP implementation that is available for Microsoft Windows operating systems. The application is exposed to a format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.
• Ref: http://www.securityfocus.com/bid/30720

• 08.34.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Ipswitch WS_FTP Server Message Response Buffer Overflow
• Description: Ipswitch WS_FTP is an FTP implementation that is available for Microsoft Windows operating systems. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary-checks on user-supplied data.
• Ref: http://www.securityfocus.com/bid/30728

• 08.34.7 - CVE: CVE-2008-2369
• Platform: Linux
• Title: Red Hat Network Satellite Server "manzier.pxt" User Information Disclosure
• Description: Red Hat Network Satellite Server is a server application that allows users to perform Red Hat Network updates on computers that are not directly attached to the Internet. The application is exposed to an information disclosure issue because it ships with a hard-coded authentication key.
• Ref: http://rhn.redhat.com/errata/RHSA-2008-0630.html

• 08.34.8 - CVE: CVE-2008-2940, CVE-2008-2941
• Platform: Linux
• Title: HP Linux Imaging and Printing System Privilege Escalation And Denial of Service Vulnerabilities
• Description: HP Linux Imaging and Printing System (HPLIP) is a Linux based application to print, scan, and fax with HP inkjet and laser based printers. The application is exposed to the multiple issues: a privilege escalation issue occurs in the alert-mailing functionality of the application; and a local denial of service issue exists in the "hpssd" message parser. HPLIP version 1.6.7 is affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2008-0818.html

• 08.34.9 - CVE: CVE-2008-3533
• Platform: Linux
• Title: Yelp Invalid URI Format String
• Description: Yelp is a Gnome's help program. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function. Yelp version 2.23.1 is affected.
• Ref: http://bugzilla.gnome.org/show_bug.cgi?id=546364

• 08.34.10 - CVE: CVE-2008-2234, CVE-2008-2233
• Platform: Linux
• Title: Openwsman Multiple Remote Security Vulnerabilities
• Description: Openwsman is a system management platform that implements the Web Services Management protocol (WS-Management). The application is exposed to multiple remote security issues. Two buffer overflow issues affect the basic HTTP authentication decoding mechanism, and an SSL session replay vulnerability may affect some clients.
• Ref: http://www.securityfocus.com/bid/30694

• 08.34.11 - CVE: CVE-2008-3270
• Platform: Linux
• Title: Red Hat yum-rhn-plugin RHN Updates Denial of Service
• Description: The yum-rhn-plugin allows the yum package manager to access the Red Hat Network (RHN) for package updates. The plugin is exposed to a denial of service issue because it fails to adequately validate SSL certifcates against configured trusted CA certificates when communicating with an RHN server.
• Ref: http://rhn.redhat.com/errata/RHSA-2008-0815.html

• 08.34.12 - CVE: CVE-2008-3276
• Platform: Linux
• Title: Linux Kernel "dccp_setsockopt_change()" Remote Denial of Service
• Description: The Linux kernel is exposed to a remote denial of service issue because it fails to properly handle user-supplied input. This issue occurs because of inadequate checks in the "dccp_setsockopt_change()" function of the "net/dccp/proto.c" source file. Linux kernel versions since 2.6.17-rc1 are affected.
• Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/814

• 08.34.13 - CVE: Not Available
• Platform: Unix
• Title: Sympa "sympa.pl" Insecure Temporary File Creation
• Description: Sympa is open-source mailing list software. Sympa creates temporary files in an insecure manner. The issue occurs because sympa.pl creates files in an insecure manner when the "--make_alias_file" option is used. Sympa version 5.4.3 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969

• 08.34.14 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java System Web Proxy Server FTP Subsystem Denial of Service
• Description: Sun Java System Web Proxy Server is a proxy server for enterprises. The application is exposed to a denial of service issue caused by an unspecified error in the FTP subsystem. Sun Java System Web Proxy Server versions 4.0 through 4.0.5 for SPARC, x86, Linux, Windows and HP-UX platforms are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240327-1

• 08.34.15 - CVE: CVE-2008-2936, CVE-2008-2937
• Platform: Cross Platform
• Title: Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
• Description: Postfix is exposed to multiple local issues. Successfully exploiting these issues will allow attackers to gain access to sensitive information or execute arbitrary commands with superuser privileges. Postfix versions prior to 2.5.4 Patchlevel 4 are affected.
• Ref: http://rhn.redhat.com/errata/RHSA-2008-0839.html

• 08.34.16 - CVE: CVE-2008-3688
• Platform: Cross Platform
• Title: HAVP "sockethandler.cpp" Client Connect Infinite Loop Denial of Service
• Description: HAVP (HTTP Anti Virus Proxy) is an HTTP proxy intended to be used with ClamAV to provide anti-virus scanning. The application is exposed to a remote denial of service issue because unresponsive servers can trigger an infinite loop. HAVP version 0.88 is affected. Ref: https://sourceforge.net/mailarchive/message.php?msg_name=487CDF51.5060201%40endian.com

• 08.34.17 - CVE: Not Available
• Platform: Cross Platform
• Title: xine-lib 1.1.14 Multiple Remote Buffer Overflow Vulnerabilities
• Description: The "xine" application is a media player; "xine-lib" is the core library for applications that use xine. The library is exposed to multiple remote buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. "xine-lib" versions prior to 1.1.15 are affected. Ref: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=268c1c1639d7

• 08.34.18 - CVE: CVE-2008-3231
• Platform: Cross Platform
• Title: xine-lib OGG Processing Remote Denial of Service
• Description: The "xine" application is a media player; "xine-lib" is the core library for applications that use xine. The issue occurs when processing specially-crafted OGG media files. "xine-lib" versions prior to 1.1.15 are affected.
• Ref: http://www.openwall.com/lists/oss-security/2008/07/13/3

• 08.34.19 - CVE: Not Available
• Platform: Cross Platform
• Title: MicroWorld Technologies MailScan Multiple Remote Vulnerabilities
• Description: MailScan is an AntiVirus/AntiSpam solution for mail servers and is available for Microsoft Windows. The application is exposed to multiple remote issues that occur in the web-based administration console ("Server.exe") listening on TCP port 10043 by default. MailScan version 5.6.a espatch1 is affected.
• Ref: http://www.securityfocus.com/archive/1/495502

• 08.34.20 - CVE: Not Available
• Platform: Cross Platform
• Title: Neon Digest Authentication Null Pointer Exception Denial of Service
• Description: Neon is an HTTP and WebDAV client library. The library is exposed to a remote denial of service issue that occurs in the digest authentication mechanism. This issue occurs in the "merge_paths()" function of the "src/ne_uri.c" source file. Neon versions 0.28.0 through 0.28.2 are affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571

• 08.34.21 - CVE: CVE-2008-2377
• Platform: Cross Platform
• Title: GnuTLS "gnutls_handshake()" Function Remote Denial of Service
• Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. The application is exposed to a remote denial of service issue that affects the "gnutls_handshake()" function and arises due to a design error.
• Ref: http://www.gnu.org/software/gnutls/

• 08.34.22 - CVE: Not Available
• Platform: Cross Platform
• Title: VLC Media Player "demuxtta.c" TTA File Handling Buffer Overflow
• Description: VLC is a cross-platform media player that can be used to serve streaming data. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This occurs within the "demuxtta.c" source file. VLC media player version 0.8.6i is affected.
• Ref: http://www.orange-bat.com/adv/2008/adv.08.16.txt

• 08.34.23 - CVE: Not Available
• Platform: Cross Platform
• Title: ESET Smart Security "easdrv.sys" Local Privilege Escalation
• Description: ESET Smart Security is security software which integrates anti-virus, anti-spam and a firewall. ESET Smart Security is exposed to a local privilege escalation issue in the "easdrv.sys" driver. The problem occurs because the driver fails to check input and output pointers with the ProbeForRead or ProbeForWrite functions. ESET Smart Security version 3.0.667.0 is affected.
• Ref: http://www.eset.com/smartsecurity/

• 08.34.24 - CVE: Not Available
• Platform: Cross Platform
• Title: EchoVNC Remote Buffer Overflow
• Description: EchoVNC is a VNC client that allows remote users to access desktops as if they are local users. It uses EchoServer as a packet relay server. EchoVNC is affected by a remote buffer overflow issue because the application fails to properly validate user-supplied data before copying it into insufficiently sized buffers. EchoVNC for Linux versions prior to 1.1.2 is affected.
• Ref: http://www.securityfocus.com/bid/30722

• 08.34.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Attachmate Reflection for Secure IT Multiple Unspecified Security Vulnerabilities
• Description: Attachmate Reflection for Secure IT is a set of Secure Shell clients and servers for Windows and UNIX platforms. The application is exposed to multiple security vulnerabilities that stem from unspecified errors. Secure IT UNIX Client and Server 7.0 versions prior to Service Pack 1 (SP1) are affected. Ref: http://support.attachmate.com/techdocs/2374.html#Security_Updates_in_7.0_SP1

• 08.34.26 - CVE: Not Available
• Platform: Cross Platform
• Title: OllyDBG "ollydbg.ini" Debug Argument Local Buffer Overflow
• Description: OllyDBG is a debugging application. OllyDBG is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue affects the "Argument" data supplied to "ollydbg.ini", and may be triggered when the application processes data in excess of 262 bytes. OllyDBG v1.10 is affected.
• Ref: http://www.securityfocus.com/bid/30733

• 08.34.27 - CVE: Not Available
• Platform: Cross Platform
• Title: SWIMAGE Encore Master Password Information Disclosure
• Description: SWIMAGE Encore is an application for automating server, remote desktop and client deployments. This product consists of a server application and a client application (Conductor.exe). An information disclosure issue exists because the application fails to securely remove authentication credentials from memory.
• Ref: http://www.kb.cert.org/vuls/id/778427

• 08.34.28 - CVE: Not Available
• Platform: Cross Platform
• Title: VMware Workstation "hcmon.sys" Local Denial of Service
• Description: VMware Workstation is virtualization software that supports multiple operating platforms. VMware Workstation is exposed to a local denial of service issue because the application fails to handle pointer data sent from usermode with "METHOD_NEITHER". VMware Workstation version 6.0.0.45731 is affected.
• Ref: http://www.securityfocus.com/bid/30737

• 08.34.29 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Navboard Multiple Local File Include and Cross-Site Scripting Vulnerabilities
• Description: Navboard is a PHP-based forum application. The application is exposed to multiple input validation issues. Multiple local file include issues affect the "module" parameter of the "admin_modules.php" and "modules.php" scripts. A cross-site scripting issue affects the "module" parameter of the "modules.php" script. Navboard version 16 is affected.
• Ref: http://www.securityfocus.com/bid/30687

• 08.34.30 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Openfire "login.jsp" Cross-Site Scripting
• Description: Openfire is a freely available instant-messaging server available for various platforms. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "type" parameter of the "login.jsp" script. Openfire version 3.5.2 is affected.
• Ref: http://www.igniterealtime.org/issues/browse/JM-629

• 08.34.31 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Mambo Multiple Cross-Site Scripting Vulnerabilities
• Description: Mambo is a PHP-based content manager. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Mambo version 4.6.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/495507

• 08.34.32 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: FlexCMS "inc-core-admin-editor-previouscolorsjs.php" Cross-Site Scripting
• Description: FlexCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "PreviousColorsString" parameter of the "inc-core-admin-editor-previouscolorsjs.php" script. FlexCMS version 2.5 is affected.
• Ref: http://www.securityfocus.com/archive/1/495508

• 08.34.33 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: AWStats "awstats.pl" Cross-Site Scripting
• Description: AWStats is Perl-based application that provides statistics on server traffic. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "awstats.pl" script. AWStats version 6.8 is affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&amp;aid=2001151&amp;group_id=13764&amp;atid=113764

• 08.34.34 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Ovidentia "index.php" Cross-Site Scripting
• Description: Ovidentia is a content manager. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "field" parameter of the "index.php" script. Ovidentia version 6.6.5 is affected.
• Ref: http://www.securityfocus.com/archive/1/495562

• 08.34.35 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Sun Java System Portal Server Portlets Cross-Site Scripting
• Description: Sun Java System Portal Server is a Java-based framework for developing web applications. Some unspecified Portlets bundled with Sun Java System Portal Server are exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Sun Java System Portal Server versions 7.0 and 7.1 are affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239308-1

• 08.34.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP Realty "dpage.php" SQL Injection
• Description: PHP Realty is a real estate classified advertising application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "docID" parameter of the "dpage.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/30678

• 08.34.37 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHP-Fusion "readmore.php" SQL Injection
• Description: PHP-Fusion is a content management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "news_id" parameter of the "readmore.php" script before using it in an SQL query. PHP-Fusion version 4.01 is affected.
• Ref: http://www.securityfocus.com/bid/30680

• 08.34.38 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: E-Shop Shopping Cart Script "search_results.php" SQL Injection
• Description: E-Shop Shopping Cart Script is an e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "search_results.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/30692

• 08.34.39 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ZEEJOBSITE "bannerclick.php" SQL Injection
• Description: ZEEJOBSITE is PHP-based job recruitment application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "bannerclick.php" script before using it in an SQL query. ZEEJOBSITE version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/30711

• 08.34.40 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: FipsCMS "forum/neu.asp" SQL Injection
• Description: fipsCMS is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kat" parameter of the "forum/neu.asp" script file before using it in an SQL query. fipsCMS version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/30712

• 08.34.41 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpArcadeScript "cat" Parameter SQL Injection
• Description: phpArcadeScript is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query. phpArcadeScript version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/30714

• 08.34.42 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Quick Poll "code.php" SQL Injection
• Description: Quick Poll is voting software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "code.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/30724

• 08.34.43 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PromoProducts "view_product.php" Multiple SQL Injection Vulnerabilities
• Description: PromoProducts is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "sub_cat" and "product_id" parameters of the "view_product" script before using it in an SQL query.
• Ref: http://packetstormsecurity.org/0808-exploits/promoproducts-sql.txt

• 08.34.44 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHPBasket "pro_id" Parameter SQL Injection
• Description: PHPBasket is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pro_id" parameter of the "product.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/30726

• 08.34.45 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: NewsHOWLER Cookie Data SQL Injection
• Description: NewsHOWLER is a PHP-based news posting application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data contained in cookies before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/30732

• 08.34.46 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: cyberBB Multiple SQL Injection Vulnerabilities
• Description: cyberBB is a web-based forum application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/30734

• 08.34.47 - CVE: Not Available
• Platform: Web Application
• Title: Gelato CMS "classes/imgsize.php" Local File Include
• Description: Gelato CMS is a content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "img" parameter of the "classes/imgsize.php" script. Gelato CMS version 0.95 is affected.
• Ref: http://www.securityfocus.com/bid/30672

• 08.34.48 - CVE: Not Available
• Platform: Web Application
• Title: Meet#Web "root_path" Parameter Multiple Remote File Include Vulnerabilities
• Description: Meet#Web is a PHP-based content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "root_path" parameter. Meet#Web version 0.8 is affected.
• Ref: http://www.securityfocus.com/bid/30673

• 08.34.49 - CVE: Not Available
• Platform: Web Application
• Title: Ventrilo "type 0" Packet NULL Pointer Dereference Denial of Service
• Description: Ventrilo is a voice chat application. The application is exposed to a denial of service issue when handling packets sent to TCP port 3784. This issue occurs when handling a "type 0" packet containing an incorrect version followed by a packet containing malicious data. Ventrilo version 3.0.2 is affected.
• Ref: http://www.securityfocus.com/archive/1/495448

• 08.34.50 - CVE: Not Available
• Platform: Web Application
• Title: Freeway Multiple Input Validation Vulnerabilities
• Description: Freeway is an open source e-commerce platform. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. Freeway version 1.4.1.171 is affected.
• Ref: http://sourceforge.net/project/shownotes.php?release_id=619467

• 08.34.51 - CVE: Not Available
• Platform: Web Application
• Title: Cardinal CMS "upload.php" Arbitrary File Upload
• Description: Cardinal CMS is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "/html/news_fckeditor/editor/filemanager/upload/php/upload.php" script. Cardinal CMS version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/30677

• 08.34.52 - CVE: Not Available
• Platform: Web Application
• Title: Nukeviet "admin/login.php" Cookie Authentication Bypass
• Description: Nukeviet is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. This issue affects the "admin/login.php" script. Nukeviet version 2.0 Beta is affected.
• Ref: http://www.securityfocus.com/bid/30681

• 08.34.53 - CVE: Not Available
• Platform: Web Application
• Title: YapBB "class_yapbbcooker.php" Remote File Include
• Description: YapBB is a bulletin board. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "cfgIncludeDirectory" parameter of the "include/class_yapbbcooker.php" script. YapBB version 1.2 Beta2 is affected.
• Ref: http://www.securityfocus.com/bid/30686

• 08.34.54 - CVE: Not Available
• Platform: Web Application
• Title: CyBoards PHP Lite Multiple Remote Vulnerabilities
• Description: CyBoards PHP Lite is a web-based message board application. The application is exposed to multiple issues. An attacker may exploit these issues to execute arbitrary server-side script code on an affected computer in the context of the web server process. CyBoards PHP Lite version 1.21 is affected.
• Ref: http://www.securityfocus.com/bid/30688

• 08.34.55 - CVE: Not Available
• Platform: Web Application
• Title: dotCMS "id" Parameter Multiple Local File Include Vulnerabilities
• Description: dotCMS is a Java-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.dot" and "/macros/macros_detail.dot" scripts. dotCMS version 1.6 is affected.
• Ref: http://www.securityfocus.com/bid/30703

• 08.34.56 - CVE: Not Available
• Platform: Web Application
• Title: mUnky "index.php" Remote Code Execution
• Description: mUnky is a web-based content management application. The application is exposed to a remote code execution issue because it fails to properly sanitize user-supplied data.
• Ref: http://www.securityfocus.com/archive/1/495503

• 08.34.57 - CVE: Not Available
• Platform: Web Application
• Title: Harmoni Versions Prior to 1.6.0 Cross-Site Request Forgery and Security Bypass Vulnerabilities
• Description: Harmoni is an application framework implemented in PHP. Harmoni is exposed to multiple remote issues. An attacker can exploit these issues to gain unauthorized access to the affected application, create new user accounts and delete arbitrary content within the context of the affected application. Other attacks are also possible. Harmoni versions prior to 1.6.0 are affected.
• Ref: http://www.securityfocus.com/bid/30706

• 08.34.58 - CVE: Not Available
• Platform: Web Application
• Title: PHPizabi "id" Parameter Local File Include
• Description: PHPizabi is a social-networking platform. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script when the "L" parameter is set to "blogs.search". PHPizabi version 0.848b C1 HFP3 is affected.
• Ref: http://www.securityfocus.com/bid/30707

• 08.34.59 - CVE: Not Available
• Platform: Web Application
• Title: XNova Project XNova "todofleetcontrol.php" Remote File Include
• Description: XNova is a PHP-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "xnova_root_path" parameter of the "todofleetcontrol.php" script. XNova versions 0.8 SP1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/30715

• 08.34.60 - CVE: Not Available
• Platform: Web Application
• Title: VidiScript Remote File Upload
• Description: VidiScript is PHP-based video sharing software. The application is exposed to an issue that allows an attacker to upload arbitrary script code and execute it in the context of the web server process. If successful, the attacker may gain unauthorized access or escalate privileges; other attacks are also possible.
• Ref: http://www.securityfocus.com/bid/30721

• 08.34.61 - CVE: Not Available
• Platform: Web Application
• Title: PHP Live Helper Multiple Input Validation Vulnerabilities
• Description: PHP Live Helper is a customer support application. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. PHP Live Helper versions prior to 2.1.0 are affected.
• Ref: http://www.securityfocus.com/archive/1/495542

• 08.34.62 - CVE: Not Available
• Platform: Web Application
• Title: Freeway "language" Parameter Multiple Local File Include Vulnerabilities
• Description: Freeway is an open source e-commerce application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "language" parameter. Freeway version 1.4.1.171 is affected.
• Ref: http://www.securityfocus.com/archive/1/495549

• 08.34.63 - CVE: Not Available
• Platform: Network Device
• Title: Nokia 6131 Multiple Vulnerabilities
• Description: Nokia 6131 is a mobile telephone device. Nokia 6131 is exposed to multiple remote issues. A URI spoofing issue arises when an NFC Data Exchange Format (NDEF) Smart Poster displays a URI together with descriptive text. A remote denial of service issue affects the NDEF record parser. A remote denial of service issue affects the NDEF telephone and SMS URI handler.
• Ref: http://www.securityfocus.com/archive/1/495545

(c) 2008. &nbsp;All rights reserved. &nbsp;The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. &nbsp;In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/