Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 36
September 4, 2008

SANS Newsletters Home

Novell and RedHat users have substantial challenges to deal with this week. But look through the 52 new Cross Platform vulnerabilities and the 41 Web application vulnerabilities in Part II just to verify whether your software is included. That will remind you to establish a patching regimen for your non-standard software. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Third Party Windows Apps
    • 10 (#5)
    • Linux
    • 15
    • Solaris
    • 1
    • Novell
    • 3 (#1, #3, #4)
    • Cross Platform
    • 52 (#2, #6, #7)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 14
    • Web Application
    • 18
    • Network Device
    • 2

**************** Sponsored By The SANS Forensics Summit ****************

The Forensics & Incident Response Summit October 13-14 is a user-to-user, non-commercial conference on What Works in Forensics & Incident Response. It is the only place where you can learn methods for ensuring practical and accurate incident response and computer forensics for incidents, and hear users share the lessons they've learned. http://www.sans.org/info/32684

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Solaris
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** Sponsored Links: ************************** 1) Join Control System Security peers to learn current issues - Process Control and SCADA Summit September 8-9. http://www.sans.org/info/32689

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Red Hat Directory Server Multiple Vulnerabilities
  • Affected:
    • Red Hat Directory Server versions prior to 7.1 service pack 7

  • Description: Red Hat Directory Server is Red Hat's Lightweight Directory Access Protocol (LDAP) directory server. It contains multiple buffer overflow and cross-site-scripting vulnerabilities in its web interface. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (usually root). Additionally, several vulnerabilities in the processing of LDAP requests can lead to denial-of-service conditions. Red Hat Directory Server is the commercialized version of the Fedora Directory Server, which is open source. Therefore, technical details for these vulnerabilities may be publicly available via source code analysis. Note that Red Hat Directory Server is available for multiple operating systems.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Novell Forum Arbitrary Tcl Command Injection
  • Affected:
    • Novell Forum versions 8.0 and prior

  • Description: Novell Forum is a popular team conferencing solution. It contains an input validation vulnerability in its handling of user input. A specially crafted request can bypass input validation and allow the injection of arbitrary Tcl programming language commands. These commands would be executed within the context of the vulnerable process, and allow arbitrary code execution with the privileges of the vulnerable process. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
  • Affected:
    • Novell iPrint Client versions prior to 5.08

  • Description: Novell iPrint is a popular enterprise printing solution. Part of its client's functionality is provided by an ActiveX control. This control contains a buffer overflow in its handling of several methods. A specially crafted web page that instantiates this control and calls these methods could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism. Note that this will affect normal application functionality.

  • References:
  • (7) MODERATE: libpurple Multiple Vulnerabilities
  • Affected:
    • libpurple versions prior to those distributed with Pidgin 2.4.3

  • Description: Libpurple is a library implementing the Microsoft Network (MSN) Messenger protocol, which is used for instant messaging. Libpurple's implementation of this protocol is used by numerous clients, including Pidgin and Audium. The library contains multiple integer overflows in its processing of messages; a specially crafted message could trigger one of these overflows, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that Pidgin is installed by default on numerous Linux, Unix, and Unix-like operating systems, and Audium is a popular instant messaging application for Apple Mac OS X. Other applications using this library may also be vulnerable. Because this library is open source, full technical details are publicly available via source code analysis.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 36, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.36.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PureMessage for Microsoft Exchange RTF Multiple Denial of Service Vulnerabilities
  • Description: PureMessage for Microsoft Exchange is an email scanning and filtering product for Microsoft Exchange. PureMessage for Microsoft Exchange is exposed to multiple remote denial of service issues because it fails to properly process certain messages. PureMessage for Microsoft Exchange version 3.0 is affected.
  • Ref: http://www.sophos.com/support/knowledgebase/article/44385.html
  • 08.36.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ultra Office Control "Save()" Method Arbitrary File Overwrite
  • Description: Ultra Office Control is an ActiveX control that allows users to open, view and edit Microsoft Office documents in a web browser. Ultra Office Control is exposed to an issue that lets attackers overwrite files. Ultra Office Control version 2.0.2008.501 is affected. Ref: http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1219827906.ff.php
  • 08.36.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ultra Office Control "HttpUpload()" Method Buffer Overflow
  • Description: Ultra Office Control is an ActiveX control that allows users to open, view and edit Microsoft Office documents in a web browser. Ultra Office Control is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. Ultra Office Control version 2.0.2008.501 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Arbitrary Command Execution
  • Description: Friendly Technologies provides tools to facilitate network connectivity between Internet Service Providers and their customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is exposed to an issue that lets attackers execute arbitrary commands.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Remote Buffer Overflow
  • Description: Friendly Technologies provides tools to facilitate network connectivity between Internet Service Providers and their customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Najdi.si Toolbar "najdisitoolbar.dll" ActiveX Control Remote Buffer Overflow
  • Description: Najdi.si Toolbar is an ActiveX control that contains a built in search engine. Najdi.si Toolbar is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied date. Najdi.si Toolbar version 2.0.4.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495837
  • 08.36.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LogMeIn "RACtrl.dll" ActiveX Control Multiple Remote Stack-Based Buffer Overflow Vulnerabilities
  • Description: LogMeIn "RACtrl.dll" ActiveX control is a remote access utility. LogMeIn "RACtrl.dll" ActiveX control is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.8 - CVE: CVE-2008-3691, CVE-2008-3692, CVE-2008-3693,CVE-2008-3694, CVE-2008-3695, CVE-2008-3696
  • Platform: Third Party Windows Apps
  • Title: VMware Multiple ActiveX Controls Multiple Unspecified Security Vulnerabilities
  • Description: Multiple VMware ActiveX controls are exposed to multiple unspecified vulnerabilities. Please refer to the link below for further information.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Information Disclosure
  • Description: Friendly Technologies provides tools to facilitate network connectivity between Internet Service Providers and their customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is exposed to an issue that lets attackers read arbitrary local files.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Friendly Technologies "fwRemoteCfg.dll" ActiveX Control Registry Key Manipulation
  • Description: Friendly Technologies provides tools to facilitate network connectivity between Internet Service Providers and their customers. Friendly Technologies "fwRemoteCfg.dll" ActiveX control is exposed to a registry-key-manipulation issue.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.36.11 - CVE: Not Available
  • Platform: Linux
  • Title: APTonCD Insecure Temporary File Creation
  • Description: APTonCD is a tool for creating a removable repository of packages obtained with APT-GET. APTonCD creates temporary files in an insecure manner. The issue occurs because the "/usr/share/aptoncd/xmlfile.py" script creates files in an insecure manner. APTonCD version 0.1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.12 - CVE: Not Available
  • Platform: Linux
  • Title: Aegis "aegis.cgi" Insecure Temporary File Creation
  • Description: Aegis is a transaction-based application for software configuration management. Aegis creates temporary files in an insecure manner. The issue occurs because the "aegis.cgi" script creates files in an insecure manner. Aegis version 4.2.4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
  • 08.36.13 - CVE: CVE-2008-2930
  • Platform: Linux
  • Title: Red Hat Directory Server Crafted Search Pattern Denial of Service
  • Description: Red Hat Directory Server is an LDAPv3-compliant identity-management solution. Red Hat Directory Server is exposed to a denial of service issue because the server fails to handle specially crafted search patterns. Red Hat Directory Server versions 7.1 and 8 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
  • 08.36.14 - CVE: CVE-2008-3283
  • Platform: Linux
  • Title: Red Hat Directory Server LDAP Memory Leak Multiple Remote Denial of Service Vulnerabilities
  • Description: Red Hat Directory Server is an LDAPv3-compliant authentication solution. Directory Server is exposed to multiple remote denial of service vulnerabilities due to memory leaks. An attacker may exploit these issues during the authentication / bind phases of an LDAP session, or by making LDAP search requests. Directory Server versions 7.1, 8 EL4, and 8 EL5 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
  • 08.36.15 - CVE: CVE-2008-2928
  • Platform: Linux
  • Title: Red Hat Directory Server Accept Language HTTP Headers Buffer Overflow
  • Description: Red Hat Directory Server is a centralization server based on the Lightweight Directory Access Protocol (LDAP). The server is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Red Hat Directory Server version 7.1 is affected. It also affects adminutil packages shipped in Red Hat Directory Server 8 and Fedora Directory Server, prior to adminutil version 1.1.7.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
  • 08.36.16 - CVE: Not Available
  • Platform: Linux
  • Title: gdrae Insecure Temporary File Creation
  • Description: gdrae is a standalone graphical user interface (GUI) application that allows users to query the Real Academia Espanola dictionary. gdrae creates temporary files in an insecure manner. The issue occurs because the "gdrae" script creates files in an insecure manner. gdrae version 0.1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.17 - CVE: Not Available
  • Platform: Linux
  • Title: cman "fence_egenera" Insecure Temporary File Creation
  • Description: cman is a component of the cluster2 Cluster Manager system. cman creates temporary files in an insecure manner. The issue occurs because the "/usr/sbin/fence_egenera" script creates files in an insecure manner. The "cman" component of cluster2 2.03.07 is vulnerable; other versions may also be affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496410
  • 08.36.18 - CVE: Not Available
  • Platform: Linux
  • Title: Debian Feta "to-upgrade" Plugin Insecure Temporary File Creation
  • Description: Debian Feta is a front end to multiple package management tools including dpkg, APT, and debconf. Feta creates temporary files in an insecure manner. The issue occurs because the "plugins/to-upgrade" script creates files in an insecure manner. Debian Feta version 1.4.16 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496397
  • 08.36.19 - CVE: Not Available
  • Platform: Linux
  • Title: Debian dhis-server Insecure Temporary File Creation
  • Description: Debian dhis-server is an open source server application. It provides dynamic host information services. dhis-server creates temporary files in an insecure manner. The issue occurs because the "dhis-dummy-log-engine" script creates files in an insecure manner. Debian dhis-server version 5.3 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496388
  • 08.36.20 - CVE: Not Available
  • Platform: Linux
  • Title: Debian FML "libexec/mead.pl" Insecure Temporary File Creation
  • Description: Debian FML is a front end to multiple package management tools including dpkg, APT, and debconf. FML creates temporary files in an insecure manner. The issue occurs because the "libexec/mead.pl" script creates files in an insecure manner. Debian FML version 4.0.3 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
  • 08.36.21 - CVE: Not Available
  • Platform: Linux
  • Title: LinuxTrade Insecure Temporary File Creation Vulnerabilities
  • Description: LinuxTrade is a stock streamer application for Linux. LinuxTrade creates temporary files in an insecure manner. The issues affect the following scripts: "bin/linuxtrade.bwkvol", "bin/linuxtrade.wn" and "bin/moneyam.helper". LinuxTrade version 3.65 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496372
  • 08.36.22 - CVE: Not Available
  • Platform: Linux
  • Title: Debian "linux-patch-openswan" Insecure Temporary File Creation Vulnerabilities
  • Description: Debian "linux-patch-openswan" is a package which contains the patches for the Linux kernel to implement necessary kernel support to use Openswan. The issue occurs because the "/usr/src/kernel-patches/all/openswan/packaging/utils/maysnap" and "/usr/src/kernel-patches/all/openswan/packaging/utils/maytest" scripts create files in an insecure manner. Debian "linux-patch-openswan" version 2.4.12+dfsg-1.1 is affected.
  • Ref: http://packages.debian.org/sid/linux-patch-openswan
  • 08.36.23 - CVE: Not Available
  • Platform: Linux
  • Title: Dreambox Web Interface URI Remote Denial of Service
  • Description: Dreambox is a Linux-based DVB satellite and digital cable decoder. Dreambox is exposed to a remote denial of service issue that occurs in the devices web interface. This issue occurs when handling URIs larger than 512 bytes. Dreambox version DM500C is affected.
  • Ref: http://www.securityfocus.com/archive/1/495837
  • 08.36.24 - CVE: Not Available
  • Platform: Linux
  • Title: Ogle DVD Player Insecure Temporary File Creation Vulnerabilities
  • Description: Ogle DVD Player is a multimedia application for Linux. Ogle creates temporary files in an insecure manner. Ogle version 0.9.2 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.25 - CVE: Not Available
  • Platform: Linux
  • Title: Postfix "epoll" Linux Event Handler Local Denial of Service
  • Description: Postfix is an open source mail transfer agent. The application uses "epoll" input/output event handlers for the Linux 2.6 kernel. Postfix is exposed to a local denial of service issue because of an "epoll" file descriptor leak when it executes non-Postfix commands from a user's "$HOME/.forward" file. Postfix versions 2.4 and later for Linux kernel 2.6 platforms are affected.
  • Ref: http://www.securityfocus.com/archive/1/495894
  • 08.36.26 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Kernel Covert Channel Creation Security Bypass
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The Solaris kernel is exposed to a security bypass issue that allows two processes to establish a covert communication channel. This issue occurs because of issues in unspecified system calls.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240706-1
  • 08.36.27 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
  • Description: Novell eDirectory is an X.500-compatible directory service product for centrally managing access to resources on multiple servers and computers within a given network. Novell eDirectory is exposed to four heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. Novell eDirectory versions prior to 8.8 SP3 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=3426981
  • 08.36.28 - CVE: CVE-2008-2436
  • Platform: Novell
  • Title: Novell iPrint Client "IppCreateServerRef()" Remote Buffer Overflow
  • Description: Novell iPrint Client is a client application for printing over the Internet. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input. iPrint Client versions 4.36, 5.04 and 5.06 are affected.
  • Ref: http://secunia.com/secunia_research/2008-33/advisory/
  • 08.36.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Honeyd Insecure Temporary File Creation
  • Description: Honeyd is honeypot software that simulates virtual hosts on IP addresses that are not in use. It is available for various UNIX/Linux derivatives. Honeyd creates temporary files in an insecure manner. The issue occurs because the "test.sh" script creates files in an insecure manner. Honeyd version 1.5c is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496365
  • 08.36.30 - CVE: CVE-2008-3538
  • Platform: Cross Platform
  • Title: HP Enterprise Discovery Unspecified Remote Privilege Escalation
  • Description: HP Enterprise Discovery is an application suite that automatically discovers and keeps track of all networked devices and software on an enterprise network. The application is exposed to an unspecified remote privilege escalation issue.
  • Ref: http://www.securityfocus.com/archive/1/495786
  • 08.36.31 - CVE: CVE-2008-3282
  • Platform: Cross Platform
  • Title: OpenOffice "rtl_allocateMemory()" Remote Code Execution
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to a remote code execution issue because of errors in memory allocation. OpenOffice version 2.41 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0835.html
  • 08.36.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 CLR Stored Procedures Deployment Unspecified Security Issue
  • Description: IBM DB2 is a Database Management System. IBM DB2 is exposed to an unspecified security issue that occurs when deploying CLR stored procedures from IBM Database Add-ins for Visual Studio. IBM DB2 versions prior to 9.5 Fixpak 2 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21293566
  • 08.36.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sharity Unspecified Security Issue
  • Description: Sharity is a daemon that enables UNIX machines to connect to Windows, CIFS, and Samba servers. The application is exposed to an unspecified issue. Sharity versions 3.0 to 3.4 are affected.
  • Ref: http://www.obdev.at/products/sharity/releasenotes.html
  • 08.36.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tiger "genmsgidx" Insecure Temporary File Creation
  • Description: Tiger is a security tool for performing security audits and may also be used as an intrusion detection system. Tiger creates temporary files in an insecure manner. The issue occurs because the "genmsgidx" script creates files in an insecure manner. Tiger version 3.2.2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
  • 08.36.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citadel Insecure Temporary File Creation
  • Description: Citadel is an open-source server application. It is designed to provide email and communications services. Citadel creates temporary files in an insecure manner. The issue occurs because the "migrate_aliases.sh" script creates files in an insecure manner. Citadel version 7.37 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496359
  • 08.36.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: R "javareconf" Insecure Temporary File Creation
  • Description: R is a free software environment for statistical computing and graphics. R creates temporary files in an insecure manner. The issue occurs because the "javareconf" script creates files in an insecure manner. R version 2.7.2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496363
  • 08.36.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Acoustica Mixcraft ".mx4" Image File Name Buffer Overflow
  • Description: Acoustica Mixcraft is multi-track audio and MIDI recording software. Acoustica Mixcraft is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Acoustica Mixcraft version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30879
  • 08.36.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: aview "asciiview" Insecure Temporary File Creation
  • Description: aview is an ascii-art image (pnm) browser and animation (fli/flc) player. aview creates temporary files in an insecure manner. The issue occurs because the "asciiview" script creates files in an insecure manner. aview version 1.3.0 RC1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496415
  • 08.36.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AudioLink Insecure Temporary File Creation
  • Description: AudioLink is a tool for searching music on local storage media. AudioLink creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/audiolink" script creates files in an insecure manner. AudioLink version 0.05 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496433
  • 08.36.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Amanda CDRW-Taper Insecure Temporary File Creation
  • Description: Amanda CDRW-Taper is an application that allows users to backup data onto a CD-RW or DVD-RW. Amanda CDRW-Taper creates temporary files in an insecure manner. The issue occurs because the "/usr/sbin/amlabel-cdrw" script creates files in an insecure manner. Amanda CDRW-Taper version 0.4 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CDcontrol Insecure Temporary File Creation
  • Description: CDcontrol is a tool used for writing to multiple CD writers in parallel. CDcontrol creates temporary files in an insecure manner. The issue occurs because the "/usr/lib/cdcontrol/writtercontrol" script creates files in an insecure manner. CDcontrol version 1.90 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496438
  • 08.36.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Crossfire crossfire-maps Insecure Temporary File Creation
  • Description: Crossfire is a multiplayer role-playing game. The crossfire-maps package provides maps for the game. crossfire-maps creates temporary files in an insecure manner. The issue occurs because the "/usr/share/games/crossfire/maps/Info/combine.py" script creates files in an insecure manner. Crossfire crossfire-maps version 0.11.0-1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: The ARB software Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: The ARB software is an application consisting of various tools for sequence database handling and data analysis. The ARB software creates temporary files in an insecure manner. This issue occurs because the "usr/lib/arb/SH/arb_fastdnaml" and "/usr/lib/arb/SH/dszmconnect.pl" scripts create files in an insecure manner. The ARB software version 0.0.20071207 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apertium Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: Apertium is a shallow-transfer machine translation engine. The following programs included with Apertium create temporary files in an insecure manner: "/usr/bin/apertium-gen-deformat", "/usr/bin/apertium-gen-reformat" and "/usr/bin/apertium". Apertium version 3.0.7 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496390
  • 08.36.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Caudium Insecure Temporary File Creation
  • Description: Caudium is an open source Web server application written in Pike and C. Caudium creates temporary files in an insecure manner. The issue occurs because the "/usr/share/caudium/configvar" script creates files in an insecure manner. Caudium version 1.4.12 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DigitalDJ Insecure Temporary File Creation
  • Description: DigitalDJ is a front-end application for MP3 players. DigitalDJ creates temporary files in an insecure manner. The issue occurs because the "fest.pl" script creates files in an insecure manner. DigitalDJ version 0.7.5 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496399
  • 08.36.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GpsDrive Insecure Temporary File Creation
  • Description: GpsDrive is a GPS navigation application. GpsDrive creates temporary files in an insecure manner. The issue occurs because the "gpsdrive-2.10~pre4/scripts/geo-code" script creates files in an insecure manner. GpsDrive version 2.10pre4 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NetCitadel Firewall Builder Insecure Temporary File Creation
  • Description: Firewall Builder is a firewall configuration and management tool. Firewall Builder creates temporary files in an insecure manner. The issue occurs because the "fwb_install" script creates files in an insecure manner. Firewall Builder version 2.1.19 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496406
  • 08.36.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian dist Insecure Temporary File Creation Vulnerabilities
  • Description: Debian dist is a set of tools used for the construction and maintenance of portable software. Debian dist creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/patcil" and "/usr/bin/patdiff" scripts create files in an insecure manner. dist version 3.5-17-1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian lustre-tests Insecure Temporary File Creation
  • Description: lustre-tests is a test suite for the Lustre filesystem. lustre-tests creates temporary files in an insecure manner. The issue occurs because the "/usr/lib/lustre/tests/runiozone" script creates files in an insecure manner. Debian lustre-tests versions 1.6.5 and 1.6.5.1 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496371
  • 08.36.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Liquidsoap Insecure Temporary File Creation
  • Description: Liquidsoap is an open-source audio software. Liquidsoap creates temporary files in an insecure manner. The issue occurs because the "/var/lib/liguidsoap/liguidsoap.py" script creates files in an insecure manner. Liquidsoap version 0.3.6 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
  • 08.36.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: LMbench Insecure Temporary File Creation Vulnerabilities
  • Description: LMbench is a set of tools for performance analysis. LMbench creates temporary files in an insecure manner. This issue affects the following scripts: "scripts/rccs" and "scripts/STUFF". LMbench version 3.0 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496427
  • 08.36.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian konwert-filters "filters/any-UTF8" Insecure Temporary File Creation
  • Description: Debian konwert-filters is a set of filters used by "konwert" for charset conversion. konwert-filters creates temporary files in an insecure manner. The issue occurs because the "filters/any-UTF8" script creates files in an insecure manner. Debian konwert-filters version 1.8-11.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496371
  • 08.36.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MAFFT Insecure Temporary File Creation
  • Description: MAFFT is a multiple sequence alignment application. MAFFT creates temporary files in an insecure manner. The issue occurs because the "mafft-homologs" script creates files in an insecure manner. MAFFT version 6.240 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496366
  • 08.36.55 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian lazarus-src "create_lazarus_export_tgz.sh" Insecure Temporary File Creation
  • Description: lazarus-src are the class libraries for Free Pascal that emulate Delphi. lazarus-src creates temporary files in an insecure manner. The issue occurs because the "tools/install/create_lazarus_export_tgz.sh" script creates files in an insecure manner. lazarus-src version 0.9.24-0-9 is affected.
  • Ref: http://packages.debian.org/lenny/lazarus-src
  • 08.36.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenOffice "senddoc" Insecure Temporary File Creation
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice creates temporary files in an insecure manner. The issue occurs because the "/usr/lib/openoffice/program/senddoc" script creates files in an insecure manner. OpenOffice version 2.4.1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.57 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mgetty "faxspool" Insecure Temporary File Creation
  • Description: Mgetty is an application that allows users to send and receive faxes. Mgetty creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/faxspool" script creates files in an insecure manner. Mgetty version 1.1.36 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Plait Insecure Temporary File Creation
  • Description: Plait is a command-line jukebox and music player. Plait creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/plaiter" and "/usr/bin/plait" scripts create files in an insecure manner. Plait version 1.5.2 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MySpell Insecure Temporary File Creation
  • Description: MySpell is a spell checker. The application creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/i2myspell" script creates files in an insecure manner. MySpell version 3.1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.60 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NetMRG "rrdedit" Insecure Temporary File Creation
  • Description: NetMRG is a tool for network monitoring and reporting. NetMRG creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/rrdedit" script creates files in an insecure manner. NetMRG version 0.20 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.61 - CVE: Not Available
  • Platform: Cross Platform
  • Title: QEMU "qemu-make-debian-root" Insecure Temporary File Creation
  • Description: QEMU is a processor emulator used to virtualize computer systems and to run guest operating systems within a host. QEMU creates temporary files in an insecure manner. The issue occurs because the "/usr/sbin/qemu-make-debian-root" script creates files in an insecure manner. QEMU version 0.9.1 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.62 - CVE: Not Available
  • Platform: Cross Platform
  • Title: newsgate "mkmailpost" Insecure Temporary File Creation
  • Description: newsgate is a collection of tools for manipulating mail messages and news articles. The application creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/mkmailpost" script creates files in an insecure manner. newsgate version 1.6 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.36.63 - CVE: CVE-2008-3697
  • Platform: Cross Platform
  • Title: VMware ISAPI Extension Remote Denial of Service
  • Description: ISAPI (Internet Server Application Programming Interface) is an API that extends the functionality of Internet Information Server (IIS). VMware ISAPI extensions are exposed to a remote denial of service issue because they fail to properly handle malformed requests.
  • Ref: http://www.securityfocus.com/bid/30935
  • 08.36.64 - CVE: CVE-2008-3698
  • Platform: Cross Platform
  • Title: VMware OpenProcess Local Privilege Escalation
  • Description: VMware is a set of server emulation applications that is available for several platforms. VMware OpenProcess is exposed to a local privilege escalation issue.
  • Ref: http://www.securityfocus.com/bid/30936
  • 08.36.65 - CVE: CVE-2008-2101
  • Platform: Cross Platform
  • Title: VMware Consolidated Backup (VCB) User Password Information Disclosure
  • Description: VMware Consolidated Backup (VCB) is a backup utility for virtual machines. The application is exposed to an information disclosure issue. The problem occurs when VCB is started from the command line, and the password is specified with the "-p" parameter.
  • Ref: http://www.securityfocus.com/bid/30937
  • 08.36.66 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP TCP/IP Services for OpenVMS Finger Client Format String
  • Description: The HP OpenVMS finger client is used as a client application for communications as part of the finger protocol. It is shipped with HP TCP/IP Services for OpenVMS. The finger client is exposed to a format-string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. HP TCP/IP Services for OpenVMS version 5.x is affected.
  • Ref: http://h71000.www7.hp.com/doc/tcpip56.html
  • 08.36.67 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Radiance Insecure Temporary File Creation Vulnerabilities
  • Description: Radiance is a suite of tools for analysis and visualization of lighting. Radiance creates temporary files in an insecure manner. The issue occurs because the following scripts create files in an insecure manner: "optics2rad", "pdelta", "dayfact" and "raddepend". Radiance version 3R9 is affected.
  • Ref: http://www.securityfocus.com/bid/30953
  • 08.36.68 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian rancid-util "getipacctg" Insecure Temporary File Creation
  • Description: Debian rancid-util is a toolkit for managing router configurations. The software creates temporary files in an insecure manner. The issue occurs because the "getipacctg" script creates files in an insecure manner. Debian rancid-util version 2.3.2~a8-1 is affected.
  • Ref: http://packages.debian.org/sid/rancid-util
  • 08.36.69 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian rccp Insecure Temporary File Creation
  • Description: Debian rccp is a text front-end to DCTC and is used to connect to Direct Connect peer file-sharing network via text console. Debian rccp creates temporary files in an insecure manner. The issue occurs because the "/usr/lib/rccp/delqueueask" script creates files in an insecure manner. Debian rccp version 0.9-2 is affected.
  • Ref: http://packages.debian.org/etch/rccp
  • 08.36.70 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Parallels Plesk Shortnames Open Email Relay
  • Description: Parallels Plesk is a control panel application for hosting providers. The application is exposed to an open email relay issue because it fails to properly restrict login authentication if the "SHORTNAMES" option is enabled. Parallels Plesk version 8.6.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495881
  • 08.36.71 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WordNet Multiple Buffer Overflow Vulnerabilities
  • Description: WordNet is a lexical database of English words. WordNet is exposed to multiple buffer overflow issues because it fails to properly bounds check user-supplied input. WordNet version 3.0 is affected
  • Ref: http://www.securityfocus.com/archive/1/495883
  • 08.36.72 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Newsbeuter Crafted URI Remote Arbitrary Shell Command Injection
  • Description: Newsbeuter is an open-source RSS feed reader for text terminals. Newsbeuter is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input. This issue affects Newsbeuter version 1.0. Ref: http://newsbeuter.wordpress.com/2008/09/01/newsbeuter-11-released-contains-security-fix-please-upgrade/
  • 08.36.73 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SNG Insecure Temporary File Creation
  • Description: SNG (Scriptable Network Graphics) is a language designed to represent the contents of a PNG in an editable form. The script creates temporary files in an insecure manner. The issue occurs because the "/usr/bin/sng_regress" script creates files in an insecure manner. SNG version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30965
  • 08.36.74 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cadsoft Video Disk Recorder Insecure Temporary File Creation
  • Description: Cadsoft Video Disk Recorder is software designed for recording video. The script creates temporary files in an insecure manner. The issue occurs because the "vdrleaktest" script creates files in an insecure manner. Cadsoft Video Disk Recorder version 1.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30966
  • 08.36.75 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian realtimebattle-common Insecure Temporary File Creation
  • Description: Debian realtimebattle-common is a game application. Debian realtimebattle-common creates temporary files in an insecure manner. Specifically, the issue affects the "Robots/perl.robot" script. Debian realtimebattle-common version 1.0.8-7 is affected.
  • Ref: http://packages.debian.org/sid/realtimebattle-common
  • 08.36.76 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian scilab-bin Insecure Temporary File Creation Vulnerabilities
  • Description: Debian scilab-bin is a matrix-based scientific software package resembling Matlab and Xmath. Debian scilab-bin creates temporary files in an insecure manner. Debian scilab-bin version 4.1.2-5 is affected.
  • Ref: http://packages.debian.org/unstable/math/scilab-bin
  • 08.36.77 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Debian scratchbox2 Insecure Temporary File Creation Vulnerabilities
  • Description: Debian scratchbox2 is a transparent cross compiling environment. Debian scratchbox2 creates temporary files in an insecure manner. Debian scratchbox2 version 1.99.0.24-1 is affected.
  • Ref: http://packages.debian.org/sid/scratchbox2
  • 08.36.78 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Siemens Gigaset WLAN Camera Insecure Default Password
  • Description: Siemens Gigaset WLAN Camera is a video camera with wireless support. The application is reportedly exposed to an insecure default password issue. An attacker may log in via telnet as the user "root" and a blank password. Siemens Gigaset WLAN Camera firmware version 1.27 is affected.
  • Ref: http://www.securityfocus.com/bid/30973
  • 08.36.79 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Remote Denial of Service
  • Description: Google Chrome is a web-browser client. The application is exposed to a remote denial of service issue because the application fails to gracefully handle certain user-supplied data. Google Chrome version 0.2.149.27 is affected.
  • Ref: http://evilfingers.com/advisory/google_chrome_poc.php
  • 08.36.80 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AVTECH PageR Enterprise Directory Traversal
  • Description: AVTECH PageR Enterprise is network device management software. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the application's web interface. AVTECH PageR Enterprise version 4.3.7 is affected.
  • Ref: http://www.ddifrontline.com/company/secops.php
  • 08.36.81 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: IBM Lotus Quickr is web-based collaboration software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Lotus Quickr version 8.1 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013341
  • 08.36.82 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AbleSpace "adv_cat.php" Cross-Site Scripting
  • Description: AbleSpace is a community and dating script. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "find_str" parameter of the "adv_cat.php" script. AbleSpace version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30864
  • 08.36.83 - CVE: CVE-2008-2929
  • Platform: Web Application - Cross Site Scripting
  • Title: Red Hat Directory Server Multiple Cross-Site Scripting Vulnerabilities
  • Description: Red Hat Directory Server is a directory service based on LDAP (Lightweight Directory Access Protocol). The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input of "%" escaped characters.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0596.html
  • 08.36.84 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Advanced Electron Forum "username" Parameter Cross-Site Scripting
  • Description: Advanced Electron Forum (AEF) is a PHP-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "username" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/30894
  • 08.36.85 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Blogn Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Blogn is a web-log application written in PHP. Blogn is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input to unspecified parameters. Blogn versions prior to 1.9.7 are affected.
  • Ref: http://www.securityfocus.com/bid/30920
  • 08.36.86 - CVE: CVE-2008-3101
  • Platform: Web Application - Cross Site Scripting
  • Title: vtiger CRM Multiple Cross-Site Scripting Vulnerabilities
  • Description: vtiger CRM is a PHP-based Customer Relationship Management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. vtiger CRM version 5.0.4 is affected. Ref: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5
  • 08.36.87 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: GenPortal "buscarCat.php" Cross-Site Scripting
  • Description: GenPortal is a web application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "palBuscar" parameter of the "buscarCat.php" script.
  • Ref: http://www.securityfocus.com/bid/30957
  • 08.36.88 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IDevSpot BizDirectory "page" Parameter Cross-Site Scripting
  • Description: IDevSpot BizDirectory is a PHP-based directory for business listings. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script. BizDirectory version 2.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495930
  • 08.36.89 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Open Media Collectors Database Multiple Cross-Site Scripting Vulnerabilities
  • Description: Open Media Collectors Database (OpenDb) is a PHP-based inventory application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. OpenDb version 1.0.6 is affected.
  • Ref: http://sourceforge.net/project/showfiles.php?group_id=37089&packa ge_id=29402&release_id=573315
  • 08.36.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourOwnBux "memberstats.php" SQL Injection
  • Description: YourOwnBux is ad link management software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "memberstats.php" script before using it in an SQL query. YourOwnBux versions 3.1 and 3.2 beta are affected.
  • Ref: http://www.securityfocus.com/bid/30868
  • 08.36.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpMyRealty Multiple SQL Injection Vulnerabilities
  • Description: phpMyRealty is a PHP-based application for managing real-estate listings. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to multiple SQL injection issues. phpMyRealty versions 1.0.7 and 1.0.9 are affected.
  • Ref: http://www.securityfocus.com/bid/30862
  • 08.36.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SourceWorkshop Web directory script "index.php" SQL Injection
  • Description: Web directory script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "site" parameter of the "index.php" script before using it in an SQL query. Web directory script version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/30941
  • 08.36.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyioSoft EasyClassifields "index.php" SQL Injection
  • Description: EasyClassifields is PHP-based software for managing classified ads. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "go" parameter of the "index.php" script before using it in an SQL query. EasyClassifields version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30943
  • 08.36.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Websens CMSbright "page.php" SQL Injection
  • Description: CMSbright is PHP-based software for managing web content. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_rub_page" parameter of the "page.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30946
  • 08.36.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: myPHPNuke "printfeature.php" SQL Injection
  • Description: MyPHPNuke is a web-based content management system (CMS) written in PHP. The application is exposed to an SQL injection issue that affects the "artid" parameter of the "printfeature.php" script. myPHPNuke versions prior to 1.8.8_8rc2 are affected
  • Ref: http://sourceforge.net/projects/myphpnuke/
  • 08.36.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Reciprocal Links Manager "site" Parameter SQL Injection
  • Description: Reciprocal Links Manager is a link exchange management script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "site" parameter of the "index.php" script before using it in an SQL query. Reciprocal Links Manager version 1.1 is affected.
  • Ref: http://www.sourceworkshop.com/reciprocal_links_manager.html
  • 08.36.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Coupon Script "index.php" SQL Injection
  • Description: PHP Coupon Script is a coupon advertisement script written in PHP. PHP Coupon Script is prone to an SQL injection vulnerability that affects the "id" parameter of the "index.php" script. PHP Coupon Script version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30961
  • 08.36.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Full PHP Emlak Script "landsee.php" SQL Injection
  • Description: Full PHP Emlak Script is a web-based application. The application is exposed to an SQL injection issue that affects the "id" parameter of the "landsee.php" script. Attackers may exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/30962
  • 08.36.99 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ HYIP Acme "comment.php" SQL Injection
  • Description: AJ HYIP Acme is an HYIP manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "comment.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30974
  • 08.36.100 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ HYIP Acme "readarticle.php" SQL Injection
  • Description: AJ HYIP Acme is an HYIP manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "readarticle.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/30978
  • 08.36.101 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CS-Cart "core/user.php" SQL Injection
  • Description: CS-Cart is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cs_cookies[customer_user_id]" parameter of the "core/user.php" script before using it in an SQL query. CS-Cart version 1.3.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495907
  • 08.36.102 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Spice Classifieds "index.php" SQL Injection
  • Description: Spice Classifieds is a PHP-based classifieds application. Spice Classifieds is exposed to an SQL injection issue that affects the "cat_path" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/30985
  • 08.36.103 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eliteCMS "page" Parameter SQL Injection
  • Description: eliteCMS is a web-based content manager. The application is exposed to an SQL injection issue that affects the "page" parameter of the "index.php" script. eliteCMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/30990
  • 08.36.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Mono "System.Web" HTTP Header Injection
  • Description: Mono is a multiplatform open-source implementation of the Microsoft .NET architecture. Mono is exposed to an issue that allows the injection of arbitrary HTTP headers because it fails to sanitize input. This issue is reported in the in the "System.Web" module. Mono versions 2.0 and earlier are affected.
  • Ref: https://bugzilla.novell.com/show_bug.cgi?id=418620
  • 08.36.105 - CVE: Not Available
  • Platform: Web Application
  • Title: BitlBee Unspecified Security Bypass
  • Description: BitlBee is an application that enables users to use Instant Messaging (IM) over Internet Relay Chat (IRC). BitlBee is exposed to an unspecified security bypass issue. BitlBee versions prior to 1.2.2 are affected.
  • Ref: http://bitlbee.org/main.php/changelog.html
  • 08.36.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Ampache Insecure Temporary File Creation
  • Description: Ampache is a PHP-based audio file manager. Ampache creates temporary files in an insecure manner. The issue occurs because the "gather-messages.sh" script creates files in an insecure manner. Ampache version 3.4.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496369
  • 08.36.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Carmosa PHPCart "phpcart.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Carmosa PHPCart is a web application used to provide shopping cart functionality to a site. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "quantity", "name" and "address" parameters of the "phpcart.php" script. PHPCart version 4.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495806
  • 08.36.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Carmosa PHPCart Order Modification Data Integrity
  • Description: Carmosa PHPCart is a web application used to provide shopping cart functionality to a site. Carmosa PHPCart is exposed to a data integrity issue because it fails to sufficiently validate user-supplied input data. PHPCart version 4.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495806
  • 08.36.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Debian freeradius-dialupadmin Insecure Temporary File Creation Vulnerabilities
  • Description: Debian freeradius-dialupadmin is a set of PHP scripts for administering a FreeRADIUS server. Debian freeradius-dialupadmin creates temporary files in an insecure manner. The issues affect the following scripts: "bin/backup_radacct", "bin/clean_radacct", "bin/monthly_tot_stats", "bin/tot_stats", and "bin/truncate_radacct". Debian freeradius-dialupadmin version 2.0.4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496389
  • 08.36.110 - CVE: Not Available
  • Platform: Web Application
  • Title: impose+ Insecure Temporary File Creation
  • Description: impose+ is a set of PostScript tools. impose+ creates temporary files in an insecure manner. The issue occurs because the "impose" script creates files in an insecure manner. impose+ version 0.2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496435
  • 08.36.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Novell Forum Unspecified Tcl Command Injection
  • Description: Novell Forum is a web-based forum application. Novell Forum is exposed to a command injection issue because it fails to adequately sanitize user-supplied input. Novell Forum versions 8.0 and earlier are affected.
  • Ref: http://download.novell.com/Download?buildid=6k-5X-UPnrM~
  • 08.36.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board Multiple Remote Security Vulnerabilities
  • Description: Invision Power Board is a web forum application. Invision Power Board is exposed to multiple issues. Invision Power Board version 2.3.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/495838
  • 08.36.113 - CVE: Not Available
  • Platform: Web Application
  • Title: dotProject Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: dotProject is an open-source, PHP-based project management tool. The application is prone to multiple input validation issues. dotProject version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/30924
  • 08.36.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Acoustica Beatcraft ".bcproj" Instrument Title Buffer Overflow
  • Description: Acoustica Beatcraft is a drum machine application. Acoustica Beatcraft is exposed to a buffer overflow issue because it fails to bounds check user supplied data before copying it into an insufficiently sized buffer. Acoustica Beatcraft version 1.02 Build 19 is affected.
  • Ref: http://www.securityfocus.com/bid/30938
  • 08.36.115 - CVE: Not Available
  • Platform: Web Application
  • Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: MyPHPNuke is a web-based content management system (CMS). The application is exposed to multiple input validation issues. Attackers may exploit the SQL injection issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. myPHPNuke versions prior to 1.8.8_8rc2 are affected.
  • Ref: http://www.securityfocus.com/bid/30942
  • 08.36.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Brim SQL Injection and HTML Injection Vulnerabilities
  • Description: Brim is a personal information manager implemented in PHP. Since it fails to adequately sanitize user-supplied input, Brim is exposed to multiple input validation issues. Brim version 2.0.0 is affected.
  • Ref: http://www.brim-project.org/
  • 08.36.117 - CVE: Not Available
  • Platform: Web Application
  • Title: WeBid Multiple Input Validation Vulnerabilities
  • Description: WeBid is a web-based application implemented in PHP. Since it fails to adequately sanitize user-supplied input, the application is exposed to multiple input validation issues. WeBid version 0.5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30945
  • 08.36.118 - CVE: Not Available
  • Platform: Web Application
  • Title: WeBid "config.php" Arbitrary File Upload
  • Description: WeBid is a web-based application implemented in PHP. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the form of file extensions. WeBid version 0.5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/30950
  • 08.36.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Novell IDM Cross Site Scripting and HTML Injection Vulnerabilities
  • Description: Novell User Application and Identity Manager Roles Based Provisioning Module are user management applications provided by Novell. These applications are exposed to multiple remote issues.
  • Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/ readme_5033840.html
  • 08.36.120 - CVE: Not Available
  • Platform: Web Application
  • Title: AlcoveBook sgml2x Insecure Temporary File Creation
  • Description: AlcoveBook sgml2x is a script designed to help applying a DSSSL stylesheet to an SGML or XML document. The script creates temporary files in an insecure manner. The issue occurs because the "bin/rlatex" script creates files in an insecure manner. AlcoveBook sgml2x version 1.0.0 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496368
  • 08.36.121 - CVE: Not Available
  • Platform: Web Application
  • Title: Kyocera Command Center Directory Traversal
  • Description: Kyocera Command Center is a web-based administration tool embedded in products such as printers. Command Center is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs in the application's HTTP server. Kyocera Command Center included with the FS-1118MFP printer is affected. Ref: http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt
  • 08.36.122 - CVE: CVE-2008-3536, CVE-2008-3537
  • Platform: Network Device
  • Title: HP OpenView Network Node Manager Multiple Denial of Service Vulnerabilities
  • Description: HP OpenView Network Node Manager (NNM) is an automated network topology application for network administration and analysis. HP OpenView NNM is exposed to multiple unspecified denial of service vulnerabilities affecting the "ovalarmsrv" program. Ref: https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11-15-1191155_4000_100
  • 08.36.123 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE HTTP POST Request Denial of Service
  • Description: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is a wireless solution for enterprises. The device is exposed to a denial of service issue because it fails to handle specially crafted HTTP POST requests. Specifically, the issue affects the web management interface.
  • Ref: http://seclists.org/fulldisclosure/2008/Sep/0058.html

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/

Consistently some of the best training available. It is apparent that SANS updates their course content and SANS instructors are established experts in the field.
-Ryan Macfarlane, FBI

SANS San Diego 2013

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd