Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 35
August 28, 2008

SANS Newsletters Home

A nice week! Nothing extremely critical.                                   Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform                        Number of Updates and Vulnerabilities
    • - ------------------------        -------------------------------------
    • Windows                                          1
    • Third Party Windows Apps                         6 (#1, #2, #3)
    • Linux                                            3 (#6)
    • BSD                                              1
    • Solaris                                          3
    • Unix                                             1
    • Cross Platform                                  13 (#4, #5)
    • Web Application - Cross Site Scripting          14
    • Web Application - SQL Injection                 32
    • Web Application                                 32
    • Network Device                                   1
Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
BSD
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************* Sponsored By SANS Forensics Summit  ***********************

Join other professionals at the Forensics & Incident Response Summit October 13-14. Discuss the latest processes and technologies for effective incident response and mitigation, forensic analysis, and recovery as a result of a data breach in any size organization. Hear what your peers are doing in this space and what the best tools are. http://www.sans.org/info/32243

*************************************************************************

TRAINING UPDATE: SANS NETWORK SECURITY 2008 - LAS VEGAS September 28-October 6. Fifty courses including the much sought after new penetration testing and secure coding courses. A big exhibit; a big evening program. By far the best value on security education.  Discount deadline September 3. http://www.sans.org/ns2008 ADDITIONAL TRAINING UPDATE - - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE - - and in 100 other cites and on line any time: www.sans.org *************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) HIGH: JustSystems Ichitaro Remote Code Execution Vulnerability
  • Affected:
    • JustSystems Ichitaro versions 2008 and possibly prior

  • Description: JustSystems Ichitaro is the second most popular word processing application in Japan, and is popular throughout Asia. It contains a remote code execution vulnerability in its handling of documents. A specially crafted document could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, such documents may be opened by the vulnerable application upon receipt, without first prompting the user. According to reports, this flaw is being actively exploited in the wild.

  • Status: Vendor confirmed, no updates available.

  • References:
  • (2) HIGH: Novell iPrint Client ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Novell iPrint Client ActiveX Control versions 5.06 and prior

  • Description: Novell iPrint is a popular network document printing solution. Part of its client's functionality is implemented as an ActiveX control. This control contains multiple vulnerabilities in its handling of a variety of parameters and methods. A specially crafted web page that instantiates this control could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Additional vulnerabilities range from arbitrary file overwrites to information disclosure. Technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available. However, it is thought that the available updates to not address all issues. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism. Note that this will affect normal application functionality.

  • References:
  • (3) HIGH: Anzio Web Print Object Buffer Overflow
  • Affected:
    • Anzio Web Print Object ActiveX Control versions prior to 3.2.30

  • Description: The Anzio Web Print Object (WePO) is a popular "push" printing solution. Its functionality is provided by an ActiveX control. This control contains a buffer overflow in its handling of its "mainurl" parameter. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability. A simple proof-of-concept is also publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control using Microsoft's "kill bit" mechanism using CLSID "4CE8026D-5DBF-48C9-B6E9-14A2B1974A3D". Note that this will affect normal application functionality.

  • References:
  • (4) MODERATE: LibTIFF Decoding Buffer Underflow
  • Affected:
    • LibTIFF versions 3.x

  • Description: LibTIFF is a decoding and manipulation library for the Tagged Image File Format (TIFF), a popular image format. It contains a flaw in its decoding of compressed TIFF data. A specially crafted TIFF file could trigger this flaw, leading to a buffer underflow condition. It is believed that this flaw could potentially lead to remote code execution with the privileges of the vulnerable process, though this is not confirmed. Full technical details for this vulnerability are publicly available via source code analysis.

  • Status: Vendor has not confirmed, no updates available. Some distributors have patched their systems.

  • References:
  • (5) MODERATE: OpenOffice.org Memory Allocation Remote Code Execution
  • Affected:
    • OpenOffice.org versions 2.4.1 and prior

  • Description: OpenOffice.org is a popular cross-platform free office suite, installed by default on numerous Linux- and Unix-based operating systems. It is also available for Microsoft Windows and Mac OS X. It contains a flaw in its handling of certain constructs in OpenOffice.org documents. A specially crafted document could trigger this flaw, leading to a misallocation of memory. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that only  OpenOffice.org on 64-bit platforms is vulnerable. Note that, depending upon configuration, documents may be opened by the vulnerable application upon receipt, without first prompting the user. Full technical details for this vulnerability are available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) LOW: Red Hat Enterprise and Fedora Linux Distributions Possible Package Compromise
  • Affected:
    • Red Hat Enterprise Linux versions 4 and 5
    • Fedora Linux

  • Description: Red Hat, a major north American Linux vendor, and Fedora, a popular free Linux distribution sponsored by Red Hat, suffered a security breach. The attacker was able to sign and possibly modify several packages for these operating systems, including the OpenSSH server package. It is not currently believed that the attacker was able to inject these packages into the automated update stream, but Red Hat is advising users to double-check their systems to ensure that no tainted packages were installed. Details on how to verify systems is available in the links below.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 35, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.35.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Media Services "nskey.dll" ActiveX Control Remote Buffer Overflow
  • Description: Windows Media Services (WMS) is a steaming media server from Microsoft. The Microsoft Windows Media Services ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. "nskey.dll" version 4.1.00.3917 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.35.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RhinoSoft Serv-U SFTP Remote Denial of Service
  • Description: RhinoSoft Serv-U is an FTP server for Windows platform. The application is exposed to a remote denial of service issue that arises when the application creates directories and logs SFTP commands during SFTP sessions. Serv-U versions prior to 7.2.0.1 are affected.
  • Ref: http://www.serv-u.com/releasenotes/
  • 08.35.3 - CVE: CVE-2008-3480
  • Platform: Third Party Windows Apps
  • Title: Anzio Web Print Object ActiveX Control Remote Buffer Overflow
  • Description: Anzio Web Print Object is an ActiveX object that allows users to push print jobs from files to a user's printer without displaying it in HTML. Anzio Web Print Object ActiveX control is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied input. Ref: http://www.coresecurity.com/content/anzio-web-print-object-buffer-overflow
  • 08.35.4 - CVE: CVE-2008-2431, CVE-2008-2432
  • Platform: Third Party Windows Apps
  • Title: Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
  • Description: Novell iPrint Client ActiveX control is a client application for printing over the Internet. The control is exposed to multiple remote buffer overflow issues because it fails to properly bounds check user-supplied input. iPrint Client versions 4.36 and 5.04 are affected.
  • Ref: http://secunia.com/secunia_research/2008-30/advisory/
  • 08.35.5 - CVE: CVE-2007-1682
  • Platform: Third Party Windows Apps
  • Title: SoftArtisans XFile FileManager ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: SoftArtisans XFile is an application that allows users to transfer files. FileManager is an ActiveX component of XFile. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. SoftArtisans XFile versions prior to 2.4.0 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/914785
  • 08.35.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystems Ichitaro Document Handling Unspecified Code Execution
  • Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to an unspecified code execution issue. Attackers may exploit this issue by enticing a victim to open a crafted ".JTD" document. Ichitaro 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/30828
  • 08.35.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP OpenVMS "SMGSHR.EXE" Local Buffer Overflow
  • Description: OpenVMS is a mainframe-like operating system originally developed by Digital. It is maintained and distributed by HP. OpenVMS is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://mail.openvms.org:8100/Lists/alerts/Message/837.html
  • 08.35.8 - CVE: Not Available
  • Platform: Linux
  • Title: Red Hat OpenSSH Backdoor
  • Description: OpenSSH is a free implementation of the Secure Shell protocol suite. It is available for various operating systems. OpenSSH running on Red Hat operating systems are exposed to a backdoor issue; as the attackers have managed to sign and deploy rogue OpenSSH packages to the software repository. OpenSSH running on the following operating systems are affected: Red Hat Enterprise Linux 4 i386, x86_64 and Red Hat Enterprise Linux 5 x86_64. Ref: http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
  • 08.35.9 - CVE: Not Available
  • Platform: Linux
  • Title: Samba Group Mappings File Insecure Permissions Local Security Issue
  • Description: Samba is exposed to a local security issue because it sets insecure permissions for a certain configuration file. Specifically, the "group_mapping.tdb" file is recreated with the permissions set to "0666" if the file was previously deleted. Samba version 3.2.0 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073
  • 08.35.10 - CVE: CVE-2008-3526
  • Platform: Linux
  • Title: Linux Kernel "sctp_setsockopt_auth_key()" Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue because it fails to properly handle user-supplied input. This issue occurs because of inadequate checks in the "sctp_setsockopt_auth_key()" function of the "net/sctp/socket.c" source file. Linux kernel versions prior to 2.6.24-rc1 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/861
  • 08.35.11 - CVE: Not Available
  • Platform: BSD
  • Title: NetBSD PPPoE Discovery Packet Remote Denial of Service
  • Description: NetBSD is exposed to a remote denial of service issue that occurs because of insufficient length checks to tags within PPPoE (Point-to-Point Protocol over Ethernet) discovery packets. An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
  • Ref: http://www.securityfocus.com/bid/30838
  • 08.35.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFSv4 Client Kernel Module Local Denial of Service
  • Description: Sun Solaris is an operating system developed by Sun Microsystems. Sun Solaris is exposed to a local denial of service issue that affects the NFSv4 client kernel module.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240546-1
  • 08.35.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS Kernel Module Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a local denial of service issue. A local unprivileged attacker can exploit this issue to cause a system panic that will result in a denial of service condition. Solaris 10 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241066-1
  • 08.35.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris NFS RPC Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a local denial of service issue in the NFS Remote Procedure Calls (RPC) zones implementation.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240866-1
  • 08.35.15 - CVE: CVE-2008-2327
  • Platform: Unix
  • Title: LibTIFF "tif_lzw.c" Remote Integer Underflow
  • Description: LibTIFF is a library for reading and manipulating Tag Image File Format (TIFF) files. It is freely available for UNIX and UNIX-like operating systems as well as Microsoft Windows. The library is exposed to an integer underflow issue because it fails to bounds check user-supplied input before copying it into an insufficiently sized memory buffer. LibTIFF versions 3.7.2 and 3.8.2 are affected.
  • Ref: http://security-tracker.debian.net/tracker/CVE-2008-2327
  • 08.35.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avaya SES Authentication Bypass Vulnerability and Information Disclosure Weakness
  • Description: SIP Enablement Services server is a Session Initiation Protocol (SIP) management application for SIP routers produced by Avaya. The application is exposed to an authentication bypass issue because it fails to protect access to the router's system-update section of the interface. Avaya SES versions 5.0 and CM 5.0 on S8300C with SES enabled are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
  • 08.35.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser 9.51 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to multiple security issues. Opera versions prior to 9.52 are affected.
  • Ref: http://www.opera.com/support/search/view/896/
  • 08.35.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: llcon Protocol Message Remote Denial of Service
  • Description: llcon is a client/server communication application that enables musicians to play together over the Internet. The application is exposed to a denial of service issue because the application fails to handle malformed protocol messages. llcon version 2.1.1 is affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929
  • 08.35.19 - CVE: CVE-2008-3217
  • Platform: Cross Platform
  • Title: PowerDNS Source Port Randomization Remote Cache Poisoning
  • Description: A remote DNS cache-poisoning issue affects PowerDNS because it fails to use a secure random number generator when selecting UDP source ports. Attackers may leverage this issue to manipulate cache data, potentially facilitating man in the middle, site impersonation, or denial of service attacks. PowerDNS versions prior to 3.1.6 are affected.
  • Ref: http://doc.powerdns.com/changelog.html
  • 08.35.20 - CVE: CVE-2008-3281
  • Platform: Cross Platform
  • Title: libxml2 Recursive Entity Remote Denial of Service
  • Description: The libxml2 library is a freely available package that is used to parse and create XML content. The libxml2 library is exposed to a denial of service issue because it fails to handle recursive entities contained in XML files.
  • Ref: http://www.securityfocus.com/bid/30783
  • 08.35.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
  • Description: Vim is a text editor available for multiple operating platforms. The application is exposed to multiple command execution issues because it fails to sufficiently sanitize user-supplied data. Vim version 7.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495703
  • 08.35.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-lib 1.1.14 and Prior Multiple Remote Vulnerabilities
  • Description: The "xine" application is a media player; xine-lib is the core library for applications that use xine. Attackers can exploit these issues to execute arbitrary code in the context of applications that use the library or cause a denial of service condition. xine-lib versions 1.1.14 and earlier are affected.
  • Ref: http://www.ocert.org/analysis/2008-008/analysis.txt
  • 08.35.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libmodplug "s3m" Remote Buffer Overflow
  • Description: The libmodplug library allows various media players to play various media formats. The library is exposed to a remote buffer overflow issue that occurs because it fails to perform adequate boundary checks on user-supplied data. libmodplug version 0.8.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30801
  • 08.35.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ruby REXML Remote Denial of Service
  • Description: Ruby is an object-oriented scripting language. REXML is a module used to create and parse XML content. Ruby is exposed to a remote denial of service issue in its REXML module. Ruby versions up to and including 1.9.0-3 are affected. Ref: http://weblog.rubyonrails.com/2008/8/23/dos-vulnerabilities-in-rexml
  • 08.35.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendor "inet_net_pton()" Function Integer Overflow Weakness
  • Description: The "inet_net_pton()" function is used to convert a string representation of an IP addresses into a network-format binary representation. OpenBSD version 4.3, Mac OS X version 10.5 and ISC BIND version 9.5.0-P2 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064051.html
  • 08.35.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player "mmstu.c" MMS Protocol Handling Buffer Overflow
  • Description: VLC is a cross-platform media player that can be used to serve streaming data. VLC is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This occurs within the "modulesaccessmmsmmstu.c" source file when parsing MMS protocol data. VLC media player version 0.8.6i is affected. Ref: http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048504.html
  • 08.35.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DriveCrypt Incorrect BIOS API Usage Security
  • Description: DriveCrypt is an application that allows users to encrypt data contained in a storage device. DriveCrypt is exposed to a security issue that may allow attackers to cause a denial of service condition, allowing attackers to gain access to plain text passwords. DriveCrypt Plus Pack version 3.9 is affected.
  • Ref: http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html
  • 08.35.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GPicView Multiple Local Security Vulnerabilities
  • Description: GPicView is an open source image viewer. GPicView is affected by multiple local security issues. An attacker may leverage these issues to overwrite arbitrary files with the privileges of the user running the application. GPicView version 0.1.9 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968
  • 08.35.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NOAH Unspecified Cross-Site Scripting
  • Description: NOAH (The Nordicwind Document Management System) is a central repository document management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input. NOAH versions prior to 3.2.2 are affected.
  • Ref: http://www.nordicwind.ca/noah/bugs/inputval.html
  • 08.35.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: vBulletin "$newpm[title]" Parameter Cross-Site Scripting
  • Description: vBulletin is Internet forum software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "$newpm[title]" parameter before displaying it on a private message presented to users. vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/495631
  • 08.35.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BandSite CMS Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: BandSite CMS is a PHP-based content manager. The application is exposed to multiple remote issues. A cross-site scripting issue exists because the application fails to sufficiently sanitize user-supplied input to the "type" parameter of the "merchandise.php" script. An information disclosure issue affects the "phpmydump.php" script. BandSite CMS version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30788
  • 08.35.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TimeTrex Time and Attendance Module Multiple Cross-Site Scripting Vulnerabilities
  • Description: TimeTrex is payroll and time management software. The application is expsoed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "username" and "password" parameters of the "Login.php" script. TimeTrex version 2.2.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495678
  • 08.35.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DxShopCart "search.php" Cross-Site Scripting
  • Description: DxShopCart is an e-commerce application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "search" form field in the "search.php" script. DxShopCart version 4.30mc is affected.
  • Ref: http://www.securityfocus.com/bid/30790
  • 08.35.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Accellion File Transfer Multiple Cross-Site Scripting Vulnerabilities
  • Description: Accellion File Transfer is a file transfer appliance. Accellion File Transfer is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the following HTML pages: "administrator forgot password" and "forgot password". Accellion File Transfer version FTA_7_0_135 is affected. Ref: http://zebux.free.fr/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt
  • 08.35.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PicturesPro Photo Cart Search Cross-Site Scripting
  • Description: PicturesPro Photo Cart is a web-based shopping cart system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the search function in the "index.php" script. Photo Cart version 3.9 is affected.
  • Ref: http://www.securityfocus.com/bid/30798
  • 08.35.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GMOD GBrowse Unspecified Cross-Site Scripting
  • Description: GBrowse (Generic Genome Browser) is used to display genomic annotations as interactive web pages. It is implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input. GBrowse versions prior to 1.69 are affected.
  • Ref: http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released
  • 08.35.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities
  • Description: AN Guestbook (ANG) is a web-based guest book application. It is implemented in PHP and MySQL. AN Guestbook is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. AN Guestbook versions prior to 0.7.6 are affected.
  • Ref: http://www.securityfocus.com/bid/30830
  • 08.35.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Civic Website Manager Multiple Cross-Site Scripting Vulnerabilities
  • Description: Civic Website Manager is a web-based content management application. Civic Website Manager is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. These issues affect the "Calendar" component. Civic Website Manager versions prior to 1.0.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=234663&release_id=621954
  • 08.35.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: mysql-lists Unspecified Cross-Site Scripting
  • Description: mysql-lists is an application provided by AquaGardenSoft. mysql-lists is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. mysql-lists version 1.2 is affected.
  • Ref: http://jvn.jp/en/jp/JVN27417220/index.html
  • 08.35.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Smart Survey "surveyresults.asp" Cross-Site Scripting
  • Description: Smart Survey is a customer feedback application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "sid" parameter of the "surveyresults.asp" script. Smart Survey version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30841
  • 08.35.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MatterDaddy Market "admin/login.php" Cross-Site Scripting
  • Description: Matterdaddy Market is a web-based classifieds system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "msg" parameter of the "admin/login.php" script. MatterDaddy Market version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30848
  • 08.35.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Educe ASP Search Engine "search.asp" Cross-Site Scripting
  • Description: ASP Search Engine is an indexing and search application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "look_for" parameter of the "search.asp" script. ASP Search Engine version 1.5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/30849
  • 08.35.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Active PHP Bookmarks "id" Parameter SQL Injection
  • Description: Active PHP Bookmarks is a bookmark-management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view_group.php" script before using it in an SQL query. Active PHP Bookmarks version 1.1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/30757
  • 08.35.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Programs Rating Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Programs Rating Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "details.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30759
  • 08.35.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Forced Matrix Script
  • Description: YourFreeWorld Forced Matrix Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr1.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30760
  • 08.35.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Classifieds Script "category" Parameter SQL Injection
  • Description: YourFreeWorld Classifieds Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category" parameter of the "view.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30761
  • 08.35.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Ad-Exchange Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Ad-Exchange Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30762
  • 08.35.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Viral Marketing Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Viral Marketing Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30764
  • 08.35.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld URL Rotator Script "id" Parameter SQL Injection
  • Description: YourFreeWorld URL Rotator Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30766
  • 08.35.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Stylish Text Ads Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Stylish Text Ads Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr1.php" script before using it in an SQL query.
  • Ref: http://www.yourfreeworld.com/script/textads.asp
  • 08.35.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Short Url & Url Tracker Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Short Url & Url Tracker Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.yourfreeworld.com/script/shorturl.asp
  • 08.35.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: itMedia Multiple SQL Injection Vulnerabilities
  • Description: itMedia is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "op" parameter of the "galerija.php", "ponuda.php" and "slike.php" scripts before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30740
  • 08.35.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SFS Affiliate Directory "id" Parameter SQL Injection
  • Description: SFS Affiliate Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "directory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30741
  • 08.35.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Ad Board Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Ad Board Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "trr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30742
  • 08.35.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: K Web CMS "sayfala.asp" SQL Injection
  • Description: K Web CMS is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sayfala.asp" script file before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30745
  • 08.35.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SunShop Shopping Cart "class.ajax.php" Multiple SQL Injection Vulnerabilities
  • Description: SunShop Shopping Cart is a web-based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "_POST[id]" variable in the "class.ajax.php" source file before using it in an SQL query. SunShop Shopping Cart versions prior to 4.1.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/495578
  • 08.35.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Papoo "suchanzahl" Parameter SQL Injection
  • Description: Papoo is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "suchanzahl" parameter of the "index.php" script. Papoo versions prior to 3.7.2 are affected.
  • Ref: http://www.papoo.de/cms-news-und-infos/security/patch1-10808.html
  • 08.35.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourFreeWorld Banner Management Script "id" Parameter SQL Injection
  • Description: YourFreeWorld Banner Management Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30756
  • 08.35.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Scripts4Profit DXShopCart "pid" Parameter SQL Injection
  • Description: DXShopCart is a web-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "product_detail.php" script before using it in an SQL query. DXShopCart version 4.30mc is affected.
  • Ref: http://www.securityfocus.com/bid/30772
  • 08.35.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBazar "adid" Parameter SQL Injection
  • Description: phpBazar is a classified ads script. phpBazar is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "classified.php" script before using it in an SQL query. phpBazar versions 2.0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/30773
  • 08.35.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simasy CMS "id" Parameter SQL Injection
  • Description: Simasy CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30774
  • 08.35.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuidaScript FAQ Management Script "catid" Parameter SQL Injection
  • Description: QuidaScript FAQ Management Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30775
  • 08.35.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: webEdition CMS "we_objectID" Parameter SQL Injection
  • Description: webEdition CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "we_objectID" parameter of an unspecified script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30778
  • 08.35.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PicturesPro Photo Cart Multiple SQL Injection Vulnerabilities
  • Description: PicturesPro Photo Cart is a web-based shopping cart system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Photo Cart version 3.9 is affected.
  • Ref: http://www.securityfocus.com/bid/30786
  • 08.35.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CustomCMS CCMS Gaming "print.php" SQL Injection
  • Description: CCMS Gaming is a commercially available web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "print.php" script before using it in an SQL query. CustomCMS CCMS Gaming version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30787
  • 08.35.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MiaCMS "com_content" SQL Injection
  • Description: MiaCMS is a commercially available web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_content" component before using it in an SQL query. MiaCMS versions up to and including 4.6.5 are affected.
  • Ref: http://www.securityfocus.com/bid/30805
  • 08.35.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Web Directory Script "listing_view.php" SQL Injection
  • Description: Web Directory Script is a web-based classifieds management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter of the "listing_view.php" script before using it in an SQL query. Web Directory Script version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30807
  • 08.35.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Matterdaddy Market Multiple SQL Injection Vulnerabilities
  • Description: Matterdaddy Market is a web-based classifieds system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Matterdaddy Market version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/30809
  • 08.35.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BtiTracker and xbtit "scrape.php" SQL Injection
  • Description: BtiTracker and xbtit are tracking systems for BitTorrent. The applications are exposed to an SQL injection issue because both fail to sufficiently sanitize user-supplied data to the "info_hash" parameter of the "scrape.php" script before using it in an SQL query.  Affected are: BtiTracker versions up to and including 1.4.7, and xbtit versions up to and including 2.0.542.
  • Ref: http://www.securityfocus.com/bid/30811
  • 08.35.70 - CVE: CVE-2008-2429
  • Platform: Web Application - SQL Injection
  • Title: Calendarix Multiple SQL Injection Vulnerabilities
  • Description: Calendarix is a web-based calendar. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the following scripts and parameters before using it in an SQL query: "cal_search.php": "catsearch" and "cal_cat.php": "catview". Calendarix version 0.8.20071118 is affected.
  • Ref: http://secunia.com/secunia_research/2008-28/advisory/
  • 08.35.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities
  • Description: Crafty Syntax Live Help is a web-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "department" parameter of the "is_xmlhttp.php" script and an unspecified parameter of the "is_flush.php" script. Crafty Syntax Live Help version 2.14.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495729
  • 08.35.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Z-Breaknews "single.php" SQL Injection
  • Description: Z-Breaknews is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "single.php" script before using it in an SQL query. Z-Breaknews version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30831
  • 08.35.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kolifa.net Download Script "indir.php" SQL Injection
  • Description: Kolifa.net Download Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "indir.php" script before using it in an SQL query. Kolifa.netDownload Script version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30839
  • 08.35.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iFdate "members_search.php" SQL Injection
  • Description: iFdate is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Search Name/Nickname" form field of the "members_search.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30850
  • 08.35.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Interleave Information Disclosure Vulnerabilities
  • Description: Interleave is a PHP-based workflow application. Interleave is exposed to multiple information disclosure issues. An unprivileged attacker may exploit these issues to obtain sensitive information.
  • Ref: http://dev.crm-ctt.com/CHANGELOG
  • 08.35.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Vanilla 1.1.4 HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: Vanilla is a web-based discussion forum. Since it fails to properly sanitize user-supplied input, the application is prone to multiple input validation issues. Vanilla version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495577
  • 08.35.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Aurora Password Manager System Tray Icon Information Disclosure
  • Description: Aurora Password Manager is an application for storing web site and email passwords, credit card numbers, and other sensitive data. The application is exposed to an information disclosure issue because it fails to restrict access to sensitive data in certain circumstances. Aurora Password Manager version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30749
  • 08.35.78 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "get_edit_post_link()" & "get_edit_comment_link()" Multiple Eavesdropping Vulnerabilities
  • Description: WordPress is a web-based publishing application. WordPress is exposed to an eaves dropping issue because the "get_edit_post_link()" and "get_edit_comment_link()" functions fail to use SSL when transmitting data. WordPress versions prior to 2.6.1 are affected.
  • Ref: http://www.securityfocus.com/bid/30750
  • 08.35.79 - CVE: CVE-2008-0174
  • Platform: Web Application
  • Title: GE Fanuc Proficy Information Portal HTTP Basic Authentication Information Disclosure
  • Description: GE-Fanuc's Proficy Information Portal is a web-based reporting application for the SCADA environment. The application is exposed to an information disclosure issue because the application transmits user authentication credentials using HTTP basic authentication. GE Fanuc Proficy Information Portal version 2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487075
  • 08.35.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Folder Lock Weak Password Encryption Local Information Disclosure
  • Description: Folder Lock is an application used to password-protect files and folders. The application is exposed to an information disclosure issue because it stores credentials in an insecure manner. Folder Lock version 5.9.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495612
  • 08.35.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Pars4U Videosharing SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Pars4U Videosharing is a web-based application for sharing videos online. Since it fails to sufficiently sanitize user-supplied input, Pars4U Videosharing is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30779
  • 08.35.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Fujitsu Web-Based Admin View Directory Traversal
  • Description: Fujitsu Web-Based Admin View is an operational management tool for Solaris. Web-Based Admin View is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server. Web-Based Admin View version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30780
  • 08.35.83 - CVE: Not Available
  • Platform: Web Application
  • Title: FAR-PHP "index.php" Local File Include
  • Description: FAR-PHP is a PHP-based content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "c" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/495628
  • 08.35.84 - CVE: Not Available
  • Platform: Web Application
  • Title: EasySite Multiple Local File Include Vulnerabilities
  • Description: EasySite is a content management application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. EasySite version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30784
  • 08.35.85 - CVE: Not Available
  • Platform: Web Application
  • Title: tinyCMS "templater.php" Local File Include
  • Description: tinyCMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "config[template]" parameter of the "modules/ZZ_Templater/templater.php" script. tinyCMS version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30785
  • 08.35.86 - CVE: CVE-2008-3736, CVE-2008-3737, CVE-2008-3738,CVE-2008-3739
  • Platform: Web Application
  • Title: LacoodaST and La!cooda WIZ Multiple Remote Vulnerabilities
  • Description: LacoodaST and La!cooda WIZ are task management applications. The applications are exposed to multiple issues. An attacker can predefine a victim user's session ID. LacoodaST versions 2.1.3 and earlier and La!cooda WIZ versions 4.1.0 and earlier are affected.
  • Ref: http://jvn.jp/en/jp/JVN83428818/index.html
  • 08.35.87 - CVE: CVE-2008-2433
  • Platform: Web Application
  • Title: Trend Micro Web Management Authentication Bypass
  • Description: Trend Micro Web Management is a web-based configuration console used to manage settings for many of Trend Micro's security products. The application is exposed to an authentication bypass issue because of insufficient entropy used when creating session tokens. Affected are: Trend Micro OfficeScan versions 7.0, 7.3 and 8.0; Worry-Free Business Security version 5.0; and Trend Micro Client/Server/Messaging Suite versions 3.5 and 3.6. Ref: http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt
  • 08.35.88 - CVE: Not Available
  • Platform: Web Application
  • Title: ACG-PTP "index.php" Multiple HTML Injection Vulnerabilities
  • Description: ACG-PTP is a web application implemented in PHP. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data to the "index.php" script. ACG-PTP version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/30793
  • 08.35.89 - CVE: Not Available
  • Platform: Web Application
  • Title: One-News Multiple Input Validation Vulnerabilities
  • Description: One-News is a news-based web application. The application is exposed to multiple input validation issues. Multiple HTML injection issues affect the following scripts and parameters: "add.php": "title", "content" and "index.php":"itemnum", "author", "comment". An SQL injection issue affects the "q" parameter of the "index.php" script. Beta 2 of One-News is affected.
  • Ref: http://www.securityfocus.com/archive/1/495679
  • 08.35.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Five Star Review SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Five Star Review is a web-based application. Since it fails to sufficiently sanitize user-supplied input, Five Star Review is exposed to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30808
  • 08.35.91 - CVE: Not Available
  • Platform: Web Application
  • Title: GNU ed File Processing "strip_escapes()" Heap Overflow
  • Description: GNU ed is a line-oriented text editor. The application is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. GNU ed versions prior to 1.0 are affected.
  • Ref: http://lists.gnu.org/archive/html/bug-ed/2008-07/msg00000.html
  • 08.35.92 - CVE: Not Available
  • Platform: Web Application
  • Title: NoName Script Multiple Remote Vulnerabilities
  • Description: NonName Script is a web-based script. NoName Script is exposed to multiple issues. A directory traversal issue affects the "action" parameter of the "index.php" file. Two cross-site request forgery issues may allow attackers to modify profile information of purposely logout an admin user by tricking the victim into following a specially crafted HTTP request. An SQL injection issue affects the "file_id" parameter of the "index.php" script. NoName Script versions 1.1 BETA and earlier are affected.
  • Ref: http://www.milw0rm.com/exploits/6291
  • 08.35.93 - CVE: Not Available
  • Platform: Web Application
  • Title: AWStats Totals "sort" Parameter Remote Command Execution Vulnerabilities
  • Description: AWStats Totals is a script used to display summary information from AWStats. AWStats Totals is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately validate user-supplied input to the "sort" parameter of the "awstatstotals.php" script. AWStats Totals versions 1.14 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/495770
  • 08.35.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple PHP Blog 0.5.0 Multiple Remote Vulnerabilities
  • Description: Simple PHP Blog is PHP-based weblog application. The application is exposed to multiple remote issues. Simple PHP Blog version 0.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30857
  • 08.35.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Pluck "index.php" Multiple Local File Include Vulnerabilities
  • Description: Pluck is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the following parameters of the "index.php" script: "file", "blogpost" and "cat". Pluck version 4.5.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495706
  • 08.35.96 - CVE: Not Available
  • Platform: Web Application
  • Title: ezContents CMS Multiple Local File Include Vulnerabilities
  • Description: ezContents CMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. ezContents CMS version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495705
  • 08.35.97 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Ultimate Webboard "admindel.php" Multiple Input Validation Vulnerabilities
  • Description: PHP-Ultimate Webboard is a web-based bulletin board application implemented in PHP. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input to the "qno" and "ano" parameters of the "admindel.php" script when the "action" parameter is set to "delete" and the "mode" parameter is set to "question". PHP-Ultimate Webboard version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30822
  • 08.35.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Bluemoon inc. PopnupBlog "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Bluemoon inc. PopnupBlog is a module for the XOOPS CMS. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. PopnupBlog version 3.30 is affected. Ref: http://lostmon.blogspot.com/2008/08/popnupblog-indexphp-multiple-variables.html
  • 08.35.99 - CVE: CVE-2008-3687
  • Platform: Web Application
  • Title: Xen "XSM:Flask" Module Multiple Local Buffer Overflow Vulnerabilities
  • Description: Xen is an open-source hypervisor or virtual machine monitor. Xen is exposed to multiple local buffer overflow issues because it fails to perform adequate boundary checks on user-supplied inputs. Xen version 3.2.0 is affected.
  • Ref: http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a
  • 08.35.100 - CVE: CVE-2008-3338
  • Platform: Web Application
  • Title: TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
  • Description: TIBCO Hawk is used to monitor and manage distributed applications and systems in an enterprise environment. TIBCO Hawk is exposed to multiple buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.tibco.com/mk/hawk_advisory_20080729.jsp
  • 08.35.101 - CVE: Not Available
  • Platform: Web Application
  • Title: K-Rate Multiple Input Validation Vulnerabilities
  • Description: K-Rate is a PHP-based picture rating application. Since it fails to adequately sanitize user-supplied input, the application is prone to multiple input validation issues.
  • Ref: http://www.securityfocus.com/bid/30842
  • 08.35.102 - CVE: Not Available
  • Platform: Web Application
  • Title: ZoneMinder Multiple Input Validation Security Vulnerabilities
  • Description: ZoneMinder is a freely available application designed to control and record video from security cameras. It contains a web-based administrative application. ZoneMinder is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. ZoneMinder version 1.23.3  is affected.
  • Ref: http://www.securityfocus.com/archive/1/495745
  • 08.35.103 - CVE: Not Available
  • Platform: Web Application
  • Title: HP System Management Homepage (SMH) "message.php" Cross-Site Scripting
  • Description: HP System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. SMH is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "message.php" script.
  • Ref: http://www.securityfocus.com/archive/1/495744
  • 08.35.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Thickbox Gallery "conf/admins.php" Information Disclosure
  • Description: Thickbox Gallery is PHP-based photo gallery application. Thickbox Gallery is exposed to an information disclosure issue that occurs in the "conf/admins.php" script. Thickbox Gallery version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/30845
  • 08.35.105 - CVE: Not Available
  • Platform: Web Application
  • Title: CMME Multiple Remote Security Vulnerabilities
  • Description: CMME (Content Management Made Easy) is a PHP-based content manager. The application is exposed to multiple issues. An attacker may leverage these issues to obtain potentially sensitive information, to create arbitrary directories within the web root, and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. CMME version 1.12 is affected.
  • Ref: http://www.securityfocus.com/bid/30854
  • 08.35.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Kyocera Mita Scanner File Utility File Transfer Directory Traversal
  • Description: Kyocera Mita Scanner File Utility is an application that allows users to save scanned images on a PC or AT compatible PC. Kyocera Mita Scanner File Utility is exposed to a directory traversal issue because the application fails to sanitize user-supplied input. Kyocera Mita Scanner File Utility version 3.3.0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495772
  • 08.35.107 - CVE: Not Available
  • Platform: Network Device
  • Title: Intel System Management Mode Local Privilege Escalation
  • Description: Intel BIOS is exposed to an unspecified privilege escalation isue. System Management Mode is a privileged mode of execution in which all normal operations, including the operating system, are suspended. Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr

(c) 2008.  All rights reserved.  The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only.  In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/

This course was definitely mind stimulating. The information learned here has opened my eyes to many new ideas for my network.
-David R. Franklin, 101st Airborne Division

Forensics 526

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU