@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Microsoft Windows Media Player Remote Code Execution (MS08-054)
• (2) CRITICAL: Microsoft Windows GDI+ Multiple Vulnerabilities (MS08-052)
• (3) CRITICAL: Apple QuickTime Multiple Vulnerabilities
• (4) HIGH: Microsoft Office OneNote URL Handling Vulnerability
• (5) MODERATE: Microsoft Media Encoder Remote Code Execution (MS08-053)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 08.37.1 - Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite
• 08.37.2 - Microsoft GDI+ VML Heap-Based Buffer Overflow
• 08.37.3 - Microsoft GDI+ EMF Image Processing Memory Corruption
• 08.37.4 - Microsoft GDI+ GIF File Parsing Remote Code Execution
• 08.37.5 - Microsoft GDI+ WMF Image File Buffer Overflow
• 08.37.6 - Microsoft GDI+ BMP Integer Overflow
• 08.37.7 - Microsoft Windows Media Encoder 9 "wmex.dll" ActiveX Control Remote Buffer Overflow

Microsoft Office

• 08.37.8 - Microsoft Office OneNote URL Handler Remote Code Execution

Other Microsoft Products

• 08.37.9 - Microsoft Organization Chart Remote Code Execution

Third Party Windows Apps

• 08.37.10 - Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
• 08.37.11 - Apple Bonjour for Windows mDNSResponder Remote Forged DNS Response
• 08.37.12 - HP OpenView Select Identity Connectors Local Information Disclosure
• 08.37.13 - Apple Bonjour for Windows mDNSResponder NULL Pointer Dereference Denial of Service
• 08.37.14 - Peachtree Accounting "PAWWeb11.ocx" ActiveX Control Insecure Method

Linux

• 08.37.15 - gmanedit Multiple Buffer Overflow Vulnerabilities
• 08.37.16 - sSMTP "from_format()" Uninitialized Memory Information Disclosure
• 08.37.17 - XASTIR Insecure Temporary File Creation Vulnerabilities

BSD

• 08.37.18 - FreeBSD "mount(2)" and "nmount(2)" Multiple Stack-Based Buffer Overflow Vulnerabilities
• 08.37.19 - FreeBSD/amd64 Local Privilege Escalation Issue
• 08.37.20 - FreeBSD Malformed ICMPv6 Packet Remote Denial of Service
• 08.37.21 - NetBSD ICMPv6 MLD Packet Remote Denial of Service

Aix

• 08.37.22 - IBM AIX "swcons" Insecure File Creation

Cross Platform

• 08.37.23 - Google Chrome Malformed "href" Tag Remote Denial of Service
• 08.37.24 - Google Chrome Malformed "view-source" HTTP Header Remote Denial of Service
• 08.37.25 - Google Chrome Inspect Element Remote Denial of Service
• 08.37.26 - pam_mount "luserconf" Local Privilege Escalation
• 08.37.27 - Numark CUE 5 ".m3u" File Buffer Overflow
• 08.37.28 - Flock Infinite Loop Multiple Denial of Service Vulnerabilities
• 08.37.29 - ClamAV "chmunpack.c" Invalid Memory Access Denial Of Service
• 08.37.30 - Moodle Multiple Remote File Include Vulnerabilities
• 08.37.31 - Cisco Secure ACS EAP-Response Packet Parsing Denial of Service
• 08.37.32 - Google Chrome Arbitrary File Download
• 08.37.33 - Apple iPod Touch Prior to Version 2.1 Multiple Remote Vulnerabilities
• 08.37.34 - Wireshark 1.0.2 Multiple Vulnerabilities
• 08.37.35 - Dnsmasq DHCP Lease Multiple Remote Denial of Service Vulnerabilities
• 08.37.36 - Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
• 08.37.37 - Google Chrome Malformed Attachment Filename Remote Denial of Service
• 08.37.38 - Libpng Library "png_push_read_zTXt()" Off-By-One Denial of Service
• 08.37.39 - ClamAV Multiple Unspecified Memory Corruption Vulnerabilities
• 08.37.40 - GNU Emacs "python.el" Code Execution
• 08.37.41 - Simple Machines Forum Security Bypass
• 08.37.42 - Google Chrome Malformed "title" Tag Remote Denial of Service
• 08.37.43 - IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
• 08.37.44 - PHP Multiple Functions "safe_mode_exec_dir" and "open_basedir" Restriction Bypass Vulnerabilities
• 08.37.45 - Google Chrome "url_elider.cc" Buffer Overflow
• 08.37.46 - Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
• 08.37.47 - MySQL Empty Binary String Literal Remote Denial Of Service
• 08.37.48 - Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
• 08.37.49 - Apple iTunes Third Party Driver Local Privilege Escalation
• 08.37.50 - Apple iTunes Misleading Firewall Warning Weakness
• 08.37.51 - Maxthon Browser Remote Denial of Service

Web Application - Cross Site Scripting

• 08.37.52 - @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
• 08.37.53 - Celerondude Uploader "account.php" Cross-Site Scripting
• 08.37.54 - Pentasoft Avactis Shopping Cart Multiple Cross-Site Scripting Vulnerabilities
• 08.37.55 - Silentum LoginSys Multiple Cross-Site Scripting Vulnerabilities
• 08.37.56 - phpAdultSite CMS "results_per_page" Parameter Cross-Site Scripting
• 08.37.57 - Gallery 2.0 Multiple Cross-Site Scripting Vulnerabilities
• 08.37.58 - Movable Type Multiple Cross-Site Scripting Vulnerabilities
• 08.37.59 - High Norm Sound Master 2nd Unspecified Cross-Site Scripting
• 08.37.60 - PunBB "p" Parameter Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 08.37.61 - Multiple Vastal I-Tech Products Multiple SQL Injection Vulnerabilities
• 08.37.62 - EsFaq "questions.php" SQL Injection
• 08.37.63 - Vastal I-Tech Shaadi Zone "keyword_search_action.php" SQL Injection
• 08.37.64 - Vastal I-Tech Dating Zone "advanced_search_results.php" SQL Injection
• 08.37.65 - MemHT Portal "inc_statistics.php" SQL Injection
• 08.37.66 - Masir Camp "ordercode" Parameter SQL Injection
• 08.37.67 - eZoneScripts Living Local "listtest.php" SQL Injection
• 08.37.68 - ACG-PTP
• 08.37.69 - Words tag script "index.php" SQL Injection
• 08.37.70 - ACG-ScriptShop E-Gold Script Shop "cid" Parameter SQL Injection
• 08.37.71 - Zen Cart Multiple SQL Injection Vulnerabilities
• 08.37.72 - Agent Zone "view_ann.php" SQL Injection
• 08.37.73 - Alstrasoft Forum Pay Per Post Exchange "cat" Parameter SQL Injection
• 08.37.74 - Pligg "submit.php" Multiple SQL Injection Vulnerabilities
• 08.37.75 - eXtrovert software Thyme "pick_users.php" SQL Injection
• 08.37.76 - E-Php B2B Trading Marketplace Script "listings.php" SQL Injection
• 08.37.77 - UBB.threads "Forum[]" Array SQL Injection
• 08.37.78 - Hot Links SQL-PHP "report.php" SQL Injection
• 08.37.79 - Stash 1.0.3 Multiple SQL Injection Vulnerabilities
• 08.37.80 - Live TV Script "mid" Parameter SQL Injection
• 08.37.81 - Creator CMS "index.asp" SQL Injection
• 08.37.82 - CMS Buzz "id" Parameter SQL Injection
• 08.37.83 - AvailScript Classmate Script "viewprofile.php" SQL Injection
• 08.37.84 - AvailScript Job Portal Script "applynow.php" SQL Injection
• 08.37.85 - Libera CMS Cookie SQL Injection

Web Application

• 08.37.86 - devalcms Multiple Input Validation Vulnerabilities
• 08.37.87 - aspWebAlbum Multiple Input Validation Vulnerabilities
• 08.37.88 - AvailScript Article Script Multiple Input Validation Vulnerabilities
• 08.37.89 - Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
• 08.37.90 - XRMS CRM Multiple Input Validation Vulnerabilities
• 08.37.91 - QwicsitePro "pageid" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
• 08.37.92 - Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
• 08.37.93 - eZoneScripts Dating Website Remote File Upload
• 08.37.94 - WordPress Lost Password SQL Column Truncation Unauthorized Access
• 08.37.95 - AvailScript Photo Album Script Multiple Input Validation Vulnerabilities
• 08.37.96 - Jaw Portal "index.php" Multiple Local File Include Vulnerabilities

Network Device

• 08.37.97 - Samsung DVR SHR-2040 HTTPD Denial of Service
• 08.37.98 - Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities
• 08.37.99 - NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of Service
• 08.37.100 - Atheros Communications AR5416-AC1E Information Element Denial of Service
• 08.37.101 - NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service
• 08.37.102 - MicroTik RouterOS SNMP Security Bypass
• 08.37.103 - D-Link DIR-100 Security Bypass
• 08.37.104 - Sagem F@st 2404 Router "wancfg.cmd" Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 37, 2008

Week 37, 2008 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 08.37.1 - CVE: Not Available
• Platform: Windows
• Title: Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite
• Description: Microsoft Windows Image Acquisition allows graphics applications to communicate with various imaging devices. Microsoft Windows Image Acquisition Logger ActiveX control is exposed to an issue that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.
• Ref: http://support.microsoft.com/kb/240797

• 08.37.2 - CVE: CVE-2007-5348
• Platform: Windows
• Title: Microsoft GDI+ VML Heap-Based Buffer Overflow
• Description: Microsoft's GDI+ (Graphics Device Interface) enables applications to use graphics and formatted text on the video display and on printers. Microsoft GDI+ is exposed to a heap-based buffer overflow issue because the vector graphics link library improperly processes gradient sizes. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743

• 08.37.3 - CVE: CVE-2008-3012
• Platform: Windows
• Title: Microsoft GDI+ EMF Image Processing Memory Corruption
• Description: Microsoft GDI+ (Graphics Device Interface) enables applications to use graphics and formatted text on the video display and on printers. GDI+ is exposed to a remote memory corruption issue that occurs when an application that uses the library tries to process a specially-crafted EMF (Enhanced MetaFile) image file. Specifically, this issue occurs when the GDI+ library tries to allocate memory.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx

• 08.37.4 - CVE: CVE-2008-3013
• Platform: Windows
• Title: Microsoft GDI+ GIF File Parsing Remote Code Execution
• Description: Microsoft GDI+ (Graphics Device Interface) enables applications to use graphics and formatted text on the video display and on printers. GDI+ is exposed to a remote code execution vulnerability because the vector graphics link library improperly parses GIF image files.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-056/

• 08.37.5 - CVE: CVE-2008-3014
• Platform: Windows
• Title: Microsoft GDI+ WMF Image File Buffer Overflow
• Description: Microsoft GDI+ (Graphics Device Interface) enables applications to use graphics and formatted text on the video display and on printers. GDI+ is exposed to a buffer overflow issue because the vector graphics linked library improperly allocates memory when parsing WMF image files.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx

• 08.37.6 - CVE: CVE-2008-3015
• Platform: Windows
• Title: Microsoft GDI+ BMP Integer Overflow
• Description: Microsoft GDI+ (Graphics Device Interface) enables applications to use graphics and formatted text on the video display and on printers. GDI+ is exposed to an integer overflow issue that occurs because the software fails to perform adequate boundary checks on malformed headers contained in a BMP file.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-055/

• 08.37.7 - CVE: CVE-2008-3008
• Platform: Windows
• Title: Microsoft Windows Media Encoder 9 "wmex.dll" ActiveX Control Remote Buffer Overflow
• Description: Microsoft Windows Media Encoder 9 is a Windows application for capturing audio and video content. The application's ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx

• 08.37.8 - CVE: CVE-2008-3007
• Platform: Microsoft Office
• Title: Microsoft Office OneNote URL Handler Remote Code Execution
• Description: Microsoft Office OneNote is a notebook application designed for storing and managing notes and information. Office OneNote is exposed to a remote code execution issue. This issue occurs when users follow specially-crafted OneNote "onenote://" URIs that point to specially-crafted OneNote documents. This issue occurs when the affected software attempts to validate the URI.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-055.mspx

• 08.37.9 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Organization Chart Remote Code Execution
• Description: Microsoft Organization Chart is a chart creation tool. The application is expsoed to a remote code execution issue because of a memory access violation. This issue affects the "orgchart.exe" binary file, and can be triggered with a specially-crafted function. Microsoft Organization Chart version 2.00.19 is affected.
• Ref: http://www.securityfocus.com/bid/31059

• 08.37.10 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
• Description: Open-FTPD is an FTP server application available for Microsoft Windows. Open-FTPD is exposed to multiple remote denial of service issues because the application fails to perform adequate boundary checks on user-supplied data. Open-FTPD version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/30993

• 08.37.11 - CVE: CVE-2008-3630
• Platform: Third Party Windows Apps
• Title: Apple Bonjour for Windows mDNSResponder Remote Forged DNS Response
• Description: Apple Bonjour for Windows provides Zero Configuration Networking, Multicast DNS, and Network Service Discovery for Windows users. Apple Bonjour for Windows mDNSResponder is exposed to a remote issue that can allow attackers to spoof DNS responses because of a weakness in its DNS protocol implementation. Bonjour for Windows versions prior to 1.0.5, included in Apple iTunes 8.0, are affected.
• Ref: http://www.apple.com/support/downloads/bonjourforwindows105.html

• 08.37.12 - CVE: CVE-2008-3539
• Platform: Third Party Windows Apps
• Title: HP OpenView Select Identity Connectors Local Information Disclosure
• Description: HP OpenView Select Identity is the core of the OpenView Identity Managment solution. HP OpenView Select Identity Connectors running on Windows are exposed to an unspecified information disclosure issue.
• Ref: http://www.securityfocus.com/archive/1/496028

• 08.37.13 - CVE: CVE-2008-2326
• Platform: Third Party Windows Apps
• Title: Apple Bonjour for Windows mDNSResponder NULL Pointer Dereference Denial of Service
• Description: Apple Bonjour for Windows is used to provide service discovery and announcement on a local network. The mDNSResponder system service included with Bonjour is used for DNS service discovery. mDNSResponder is exposed to a denial of service issue related to domain name resolution. Bonjour for Windows version 1.0.4 is affected.
• Ref: http://www.apple.com/support/downloads/bonjourforwindows105.html

• 08.37.14 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Peachtree Accounting "PAWWeb11.ocx" ActiveX Control Insecure Method
• Description: Peachtree Accounting is a suite of accounting applications. The Peachtree Accounting "PAWWeb11.ocx" ActiveX control is exposed to an insecure method issue. Specifically, the issue affects the "ExecutePreferredApplication" function of the ActiveX control. Peachtree Accounting 2004 is affected. Ref: http://jbrownsec.blogspot.com/2008/09/peachtree-accounting-is-not-safe.html

• 08.37.15 - CVE: Not Available
• Platform: Linux
• Title: gmanedit Multiple Buffer Overflow Vulnerabilities
• Description: gmanedit (Gnome Manual Pages Editor) is a manual page editor that uses the GTK+ libraries. gmanedit is exposed to two buffer overflow issues because it fails to properly bounds check user-supplied input. gmanedit version 0.4.1 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835

• 08.37.16 - CVE: CVE-2008-3962
• Platform: Linux
• Title: sSMTP "from_format()" Uninitialized Memory Information Disclosure
• Description: sSMTP is is a simple MTA (MAil Transport Agent) application. sSMTP is exposed to an information disclosure issue that occurs in the "from_format()" function of the "ssmtp.c" source file. sSMTP version 2.6.2 is affected. Ref: http://linux.softpedia.com/get/Communications/Email/sSMTP-36989.shtml

• 08.37.17 - CVE: Not Available
• Platform: Linux
• Title: XASTIR Insecure Temporary File Creation Vulnerabilities
• Description: XASTIR (X Amateur Tracking and Information System) is an application for receiving and plotting APRS position packets. XASTIR creates temporary files in an insecure manner. This issue affects the "get-maptool.sh" and "getshapelib.sh" scripts. Apertium version 3.0.7 is affected.
• Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496390

• 08.37.18 - CVE: CVE-2008-3531
• Platform: BSD
• Title: FreeBSD "mount(2)" and "nmount(2)" Multiple Stack-Based Buffer Overflow Vulnerabilities
• Description: FreeBSD is exposed to multiple stack-based buffer overflow issues because the kernel fails to perform adequate boundary checks on user-supplied data. The issue occurs when user-defined input such as mountpoints, devices, or mount options are passed as arguments to the "mount(2)" and "nmount(2)" system calls. FreeBSD versions 7.0-RELEASE and 7.0-STABLE are affected.
• Ref: http://www.securityfocus.com/archive/1/495958

• 08.37.19 - CVE: CVE-2008-3890
• Platform: BSD
• Title: FreeBSD/amd64 Local Privilege Escalation Issue
• Description: FreeBSD/amd64 is a port of FreeBSD for 64-bit AMD and Intel processors. FreeBSD/amd64 is exposed to a local privilege escalation issue. The "gs" system register is used to access state data. FreeBSD/amd64 versions 6.3 and 7.0 are affected.
• Ref: http://www.securityfocus.com/archive/1/495969

• 08.37.20 - CVE: CVE-2008-3530
• Platform: BSD
• Title: FreeBSD Malformed ICMPv6 Packet Remote Denial of Service
• Description: FreeBSD is exposed to a remote denial of service issue that occurs when handling a malicious ICMPv6 "Packet Too Big" message. Specifically, the application fails to validate the proposed new MTU for a path to a specific destination.
• Ref: http://www.securityfocus.com/bid/31004

• 08.37.21 - CVE: Not Available
• Platform: BSD
• Title: NetBSD ICMPv6 MLD Packet Remote Denial of Service
• Description: NetBSD is exposed to a remote denial of service issue. The vulnerability occurs when processing a crafted MLD packet containing certain values in the "Maximum Response Delay" field. NetBSD 4.0 and NetBSD-current are affected.
• Ref: http://www.kb.cert.org/vuls/id/817940

• 08.37.22 - CVE: Not Available
• Platform: Aix
• Title: IBM AIX "swcons" Insecure File Creation
• Description: AIX "swcons" is a utility for temporarily redirecting system console output to a specified device or file. The utility is exposed to an issue that lets attackers create root-owned files that have insecure permissions. AIX versions 5.2, 5.3, and 6.1 are affected.
• Ref: http://www.securityfocus.com/bid/30999

• 08.37.23 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Malformed "href" Tag Remote Denial of Service
• Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because the application fails to handle specially-crafted HTML "href" tags. Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/bid/31034

• 08.37.24 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Malformed "view-source" HTTP Header Remote Denial of Service
• Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because it fails to handle specially-crafted HTTP "view-source" headers. Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/archive/1/496031

• 08.37.25 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Inspect Element Remote Denial of Service
• Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because it fails to handle specially-crafted HTML "imb" tags. An attacker can trigger this issue by enticing an unsuspecting user into visiting a malicious web page with an "img" link containing excessive data in the "src" field. Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/bid/31038

• 08.37.26 - CVE: Not Available
• Platform: Cross Platform
• Title: pam_mount "luserconf" Local Privilege Escalation
• Description: The "pam_mount" PAM (Pluggable Authentication Module) module allows users to mount volumes for their login session. The "pam_mount" module is exposed to a local privilege escalation issue that stems from a regression error. "pam_mount" versions 0.10 through 0.45 are affected. Ref: http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db

• 08.37.27 - CVE: Not Available
• Platform: Cross Platform
• Title: Numark CUE 5 ".m3u" File Buffer Overflow
• Description: Numark CUE 5 is a music mixing application. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed ".m3u" files. Numark CUE version 5 5.0 rev 2 is affected.
• Ref: http://www.securityfocus.com/bid/31042

• 08.37.28 - CVE: Not Available
• Platform: Cross Platform
• Title: Flock Infinite Loop Multiple Denial of Service Vulnerabilities
• Description: Flock is a web browser. Flock is exposed to multiple remote denial of service issues because it fails to properly handle unexpected input. These issues occur when an infinite loop is used to launch multiple sidebar panels or add multiple URI's designated as "favorites". Flock version 1.2.5 is affected.
• Ref: http://www.securityfocus.com/bid/31044

• 08.37.29 - CVE: CVE-2008-1389
• Platform: Cross Platform
• Title: ClamAV "chmunpack.c" Invalid Memory Access Denial Of Service
• Description: ClamAV is a multi-platform toolkit used for scanning email messages for viruses. ClamAV is exposed to a denial of service issue because of invalid memory access errors when processing malformed CHM files. The issue occurs in the "libclamav/chmunpack.c" source file. ClamAV versions prior to 0.94 are affected.
• Ref: http://www.securityfocus.com/archive/1/496009

• 08.37.30 - CVE: Not Available
• Platform: Cross Platform
• Title: Moodle Multiple Remote File Include Vulnerabilities
• Description: Moodle is an open-source application for managing online courseware. It is freely available under the GNU Public license for UNIX and variants and for Microsoft Windows. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Moodle version 1.8.4 is affected.
• Ref: http://www.securityfocus.com/bid/30995

• 08.37.31 - CVE: CVE-2008-2441
• Platform: Cross Platform
• Title: Cisco Secure ACS EAP-Response Packet Parsing Denial of Service
• Description: Cisco Secure ACS (Access Control Server) is an authentication, authorization, and accounting application. Cisco Secure ACS is exposed to a denial of service issue because it fails to properly validate user-supplied input. Specifically, it fails to correctly parse the length field of EAP-Response packets.
• Ref: http://www.securityfocus.com/archive/1/495952

• 08.37.32 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Arbitrary File Download
• Description: Google Chrome is a web browser. Google Chrome is exposed to a security issue because the application allows users to download arbitrary files without confirmation. This issue may allow attackers to perform social engineering or other attacks to trick users into downloading a malicious file.
• Ref: http://www.securityfocus.com/archive/1/496049

• 08.37.33 - CVE: CVE-2008-3631, CVE-2008-3612, CVE-2008-3632
• Platform: Cross Platform
• Title: Apple iPod Touch Prior to Version 2.1 Multiple Remote Vulnerabilities
• Description: Apple iPod touch is a portable music player that also contains the Safari browser. iPod touch is exposed to multiple remote issues. iPod touch versions prior to 2.1 are affected.
• Ref: http://www.securityfocus.com/bid/31092

• 08.37.34 - CVE: Not Available
• Platform: Cross Platform
• Title: Wireshark 1.0.2 Multiple Vulnerabilities
• Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. Wireshark is exposed to multiple issues when handling certain types of packets and protocols in varying conditions. Wireshark versions 0.9.7 up to and including 1.0.2 are affected.
• Ref: http://www.wireshark.org/security/wnpa-sec-2008-05.html

• 08.37.35 - CVE: CVE-2008-3350
• Platform: Cross Platform
• Title: Dnsmasq DHCP Lease Multiple Remote Denial of Service Vulnerabilities
• Description: Dnsmasq is a DNS server which includes an integrated DHCP server. Dnsmasq is exposed to multiple remote denial of service issues related to the following DHCP requests: a client attempting to renew a non-existent DHCP lease for an invalid subnet and a client without a current DHCP lease issuing a DHCPINFORM request. Dnsmasq version 2.43 is affected.
• Ref: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

• 08.37.36 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
• Description: Google Chrome is a web browser. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary-checks on user-supplied data. An attacker must trick an unsuspecting user into saving a malicious web page containing overly long strings in the "title" tag with the browser's "SaveAs" function. Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/archive/1/496042

• 08.37.37 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Malformed Attachment Filename Remote Denial of Service
• Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because the application fails to perform adequate boundary checks on the "filename" attribute of "Content-Disposition: attachment" HTTP headers. Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/bid/31031

• 08.37.38 - CVE: Not Available
• Platform: Cross Platform
• Title: Libpng Library "png_push_read_zTXt()" Off-By-One Denial of Service
• Description: The "libpng" library is a PNG reference library. The library is exposed to a remote denial of service issue because it fails to handle malicious PNG files. Specifically, this vulnerability resides in the "png_push_read_zTXt()" function of the "pngread.c" file. "libpng" library versions 1.2.30beta04 and 1.2.31 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624

• 08.37.39 - CVE: CVE-2008-3914, CVE-2008-3912, CVE-2008-3913
• Platform: Cross Platform
• Title: ClamAV Multiple Unspecified Memory Corruption Vulnerabilities
• Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to multiple unspecified memory corruption issues. Attackers may be able to exploit this issue to exhaust resources or possibly crash the affected application, denying service to legitimate users. ClamAV versions prior to 0.94 are affected.
• Ref: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

• 08.37.40 - CVE: Not Available22.1-17-17 are affected.
• Platform: Cross Platform
• Title: GNU Emacs "python.el" Code Execution
• Description: GNU Emacs is an opensource text editor. GNU Emacs is exposed to a local code execution issue in the following two circumstances: 1) a user runs the Emacs command "run-python" while his current working directory is world writable and 2) a user toggles the "eldoc-mode" and opens a Python source file present in a world writable directory. GNU Emacs versions prior to 23.0.60_20080624-22-6 and
• Ref: http://bugs.pardus.org.tr/show_bug.cgi?id=8128

• 08.37.41 - CVE: Not Available
• Platform: Cross Platform
• Title: Simple Machines Forum Security Bypass
• Description: Simple Machines Forum is online-community software. Simple Machines Forum is exposed to a security bypass issue because the application leaks the current state of the random number generator. Simple Machines Forum versions up to and including 1.1.5 are affected.
• Ref: http://www.simplemachines.org/community/index.php?topic=260145.0

• 08.37.42 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome Malformed "title" Tag Remote Denial of Service
• Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because it fails to handle specially-crafted HTML "title" tags. An attacker can trigger this issue by enticing an unsuspecting user into visiting a malicious web page with an overly long "title". Google Chrome version 0.2.149.27 is affected.
• Ref: http://www.securityfocus.com/archive/1/496078

• 08.37.43 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
• Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms, including Linux, AIX, Solaris, and Microsoft Windows. IBM DB2 Universal Database Server is exposed to multiple issues. IBM DB2 Universal Database Server versions prior to 8.2 Fixpak 17 are affected. Ref: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT

• 08.37.44 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP Multiple Functions "safe_mode_exec_dir" and "open_basedir" Restriction Bypass Vulnerabilities
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to Multiple "safe_mode_exec_dir" and "open_basedir" restriction bypass issues. PHP version 5.2.5 is affected.
• Ref: http://www.securityfocus.com/bid/31064

• 08.37.45 - CVE: Not Available
• Platform: Cross Platform
• Title: Google Chrome "url_elider.cc" Buffer Overflow
• Description: Google Chrome is a web browser. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue resides in the "url_elider.cc" source file. Google Chrome version 0.2.149.27 is affected.
• Ref: http://codereview.chromium.org/259/patch/1/2

• 08.37.46 - CVE: CVE-2008-3910
• Platform: Cross Platform
• Title: Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
• Description: Dns2tcp is a network tool designed to relay TCP connections through DNS traffic. The application is exposed to two buffer overflow issues because it fails to properly validate user-supplied input. Dns2tcp versions prior to 0.4.1 are affected.
• Ref: http://www.securityfocus.com/bid/31080

• 08.37.47 - CVE: CVE-2008-3963
• Platform: Cross Platform
• Title: MySQL Empty Binary String Literal Remote Denial Of Service
• Description: MySQL is an open-source SQL database available for multiple operating systems. MySQL is exposed to a remote denial of service issue because it fails to handle empty binary string literals. MySQL versions prior to 5.0.66, 5.1.26, and 6.0.6 are affected.
• Ref: http://bugs.mysql.com/bug.php?id=35658

• 08.37.48 - CVE: CVE-2008-3615, CVE-2008-3635, CVE-2008-3624,CVE-2008-3625, CVE-2008-3614, CVE-2008-3626, CVE-2008-3627,CVE-2008-3628, CVE-2008-3629
• Platform: Cross Platform
• Title: Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
• Description: Apple QuickTime is a media player that supports multiple file formats. QuickTime is exposed to multiple remote issues that may allow remote attackers to execute arbitrary code and carry out denial of service attacks.
• Ref: http://www.securityfocus.com/archive/1/496163

• 08.37.49 - CVE: CVE-2008-3636
• Platform: Cross Platform
• Title: Apple iTunes Third Party Driver Local Privilege Escalation
• Description: Apple iTunes is a media player for Microsoft Windows and Apple MAC OS/X. Apple iTunes is exposed to a local privilege escalation issue caused by an integer overflow issue that occurs in a third-party driver provided with iTunes. iTunes versions prior to 8.0 for Microsoft Windows XP and Microsoft Windows Vista are affected.
• Ref: http://www.securityfocus.com/bid/31089

• 08.37.50 - CVE: CVE-2008-3634
• Platform: Cross Platform
• Title: Apple iTunes Misleading Firewall Warning Weakness
• Description: Apple iTunes is a media player for Microsoft Windows and Apple Mac OS X. Apple iTunes is exposed to a security weakness because it contains a misleading firewall warning that conveys erroneous information to users. Apple iTunes versions prior to 8.0 are affected.
• Ref: http://www.securityfocus.com/bid/31090

• 08.37.51 - CVE: Not Available
• Platform: Cross Platform
• Title: Maxthon Browser Remote Denial of Service
• Description: Maxthon Browser is a Web browser that is based on the Microsoft Internet Explorer engine. Maxthon Browser includes tabbed browsing support. Maxthon Browser is exposed to a denial of service issue that can be triggered when the "window.sidebar.addPanel()" or "window.external.AddFavorite()" functions are called multiple times in a loop. Maxthon Browser version 2.1.4.443 is affected.
• Ref: http://www.securityfocus.com/bid/31098

• 08.37.52 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
• Description: @Mail and @Mail WebMail are PHP-based webmail applications. The applications are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input. These issues affect the following versions: @Mail WebMail 5.05 running on Microsoft Windows and @Mail 5.42 running on CentOS.
• Ref: http://www.securityfocus.com/bid/30992

• 08.37.53 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Celerondude Uploader "account.php" Cross-Site Scripting
• Description: Celerondue Uploader is a PHP-based application used for managing file content. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "username" parameter of the "account.php" script. Uploader version 6.1 is affected.
• Ref: http://www.securityfocus.com/bid/31010

• 08.37.54 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Pentasoft Avactis Shopping Cart Multiple Cross-Site Scripting Vulnerabilities
• Description: Avactis Shopping Cart is a PHP-based shopping cart application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Avactis Shopping Cart versions 1.8.1 and 1.8.0 are affected.
• Ref: http://www.avactis.com/forums/index.php?showtopic=3577

• 08.37.55 - CVE: CVE-2008-3101
• Platform: Web Application - Cross Site Scripting
• Title: Silentum LoginSys Multiple Cross-Site Scripting Vulnerabilities
• Description: Silentum LoginSys is a login system. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. Silentum LoginSys version 1.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/31055

• 08.37.56 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: phpAdultSite CMS "results_per_page" Parameter Cross-Site Scripting
• Description: phpAdultSite is a content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "results_per_page" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/archive/1/496075

• 08.37.57 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Gallery 2.0 Multiple Cross-Site Scripting Vulnerabilities
• Description: Gallery is a PHP-based photo gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Gallery version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/31060

• 08.37.58 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Movable Type Multiple Cross-Site Scripting Vulnerabilities
• Description: Movable Type is a web-log application written in Perl and PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input passed to unspecified scripts and parameters. Movable Type versions 3.36, 4.01 and 4.13 as well as Movable Type Community Solution 1.51 and Movable Type Enterprise 1.55 are affected. Ref: http://www.movabletype.org/2008/08/movable_type_42_rc5_and_security_updates.html

• 08.37.59 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: High Norm Sound Master 2nd Unspecified Cross-Site Scripting
• Description: The High Norm Sound Master 2nd is a multimedia application implemented in Perl. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. High Norm Sound Master 2nd version 1.0.0 is affected.
• Ref: http://jvn.jp/en/jp/JVN55010230/index.html

• 08.37.60 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PunBB "p" Parameter Multiple Cross-Site Scripting Vulnerabilities
• Description: PunBB is a PHP-based forum application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. PunBB versions prior to 1.2.20 are affected.
• Ref: http://punbb.informer.com/

• 08.37.61 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple Vastal I-Tech Products Multiple SQL Injection Vulnerabilities
• Description: Multiple Vastal I-Tech Products are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise one of the applications, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/31033

• 08.37.62 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: EsFaq "questions.php" SQL Injection
• Description: EsFaq is a web-based frequently-asked-questions application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idcat" parameter of the "questions.php" script before using it in an SQL query. EsFaq version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/31036

• 08.37.63 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Vastal I-Tech Shaadi Zone "keyword_search_action.php" SQL Injection
• Description: Vastal I-Tech Shaadi Zone is a matrimonial services application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tage" parameter of the "keyword_search_action.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31039

• 08.37.64 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Vastal I-Tech Dating Zone "advanced_search_results.php" SQL Injection
• Description: Vastal I-Tech Dating Zone is a dating application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "fage" parameter of the "advanced_search_results.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31043

• 08.37.65 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: MemHT Portal "inc_statistics.php" SQL Injection
• Description: MemHT Portal is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "$_COOKIE["stats_res"]" parameter of the "inc/inc_statistics.php" script before using it in an SQL query. MemHT Portal versions 3.9.0 and earlier are affected. Ref: http://www.memht.com/news_95_Important-fix-for-all-MemHT-Versions.html

• 08.37.66 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Masir Camp "ordercode" Parameter SQL Injection
• Description: Masir Camp is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ordercode" parameter before using it in an SQL query. Masir Camp versions 3.0 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/31046

• 08.37.67 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: eZoneScripts Living Local "listtest.php" SQL Injection
• Description: eZoneScripts Living Local is a PHP-based application for rental listings. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "r" parameter of the "Script/listtest.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31001

• 08.37.68 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ACG-PTP
• Description: ACG-PTP is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "index.php" script before using it in an SQL query. ACG-PTP version 1.0.6 is affected.
• Ref: http://www.securityfocus.com/bid/31005

• 08.37.69 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Words tag script "index.php" SQL Injection
• Description: Words tag script is a PHP-based application that allows users to develop word ad pages. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "word" parameter of the "index.php" script when the "command" parameter is set to "claim" before using it in an SQL query. Words tag script version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/31011

• 08.37.70 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ACG-ScriptShop E-Gold Script Shop "cid" Parameter SQL Injection
• Description: ACG-ScriptShop E-Gold Script Shop is a PHP-based application that allows users to list their applications for sale online. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31015

• 08.37.71 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Zen Cart Multiple SQL Injection Vulnerabilities
• Description: Zen Cart is a PHP-based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Zen Cart versions 1.2.0 through 1.3.8a are affected.
• Ref: http://www.gulftech.org/?node=research&article_id=00129-09042008

• 08.37.72 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Agent Zone "view_ann.php" SQL Injection
• Description: Agent Zone is PHP-based real estate application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ann_id" parameter of the "view_ann.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31032

• 08.37.73 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Alstrasoft Forum Pay Per Post Exchange "cat" Parameter SQL Injection
• Description: Alstrasoft Forum Pay Per Post Exchange is a web-based application enabling users to get paid for submitting forum posts. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31048

• 08.37.74 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Pligg "submit.php" Multiple SQL Injection Vulnerabilities
• Description: Pligg is a content management system implemented in PHP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. The parameters "id" and "category" of the script "submit.php" are affected. Pligg version 9.9.5 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-pligg

• 08.37.75 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: eXtrovert software Thyme "pick_users.php" SQL Injection
• Description: eXtrovert software Thyme is a web-based calendar application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pick_users.php" script before using it in an SQL query. Thyme version 1.3 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-thyme

• 08.37.76 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: E-Php B2B Trading Marketplace Script "listings.php" SQL Injection
• Description: E-Php B2B Trading Marketplace Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "listings.php" script before using it in an SQL query.
• Ref: http://www.ephpscripts.com/b2b-trading-portal.php

• 08.37.77 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: UBB.threads "Forum[]" Array SQL Injection
• Description: UBB.threads is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Forum[]" array parameter in the "index.php" script before using it in an SQL query. UBB.threads versions 7.3.1 released before September 2, 2008 and earlier are affected.
• Ref: http://www.gulftech.org/?node=research&article_id=00130-09082008

• 08.37.78 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Hot Links SQL-PHP "report.php" SQL Injection
• Description: Hot Links SQL-PHP is a link management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "report.php" script before using it in an SQL query. Hot Links SQL-PHP version 3 is affected.
• Ref: http://www.securityfocus.com/bid/31078

• 08.37.79 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Stash 1.0.3 Multiple SQL Injection Vulnerabilities
• Description: Stash is a PHP-based content manager for band web sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Stash version 1.0.3 is affected.
• Ref: http://www.securityfocus.com/archive/1/496142

• 08.37.80 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Live TV Script "mid" Parameter SQL Injection
• Description: Live TV Script is a PHP-based application for adding multimedia feeds to web pages. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mid" parameter of the "index.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31083

• 08.37.81 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Creator CMS "index.asp" SQL Injection
• Description: Creator CMS is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sideid" parameter of the "index.asp" script before using it in an SQL query. Creator CMS version 5.0 is affected.
• Ref: http://www.securityfocus.com/bid/31084

• 08.37.82 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: CMS Buzz "id" Parameter SQL Injection
• Description: CMS Buzz is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31097

• 08.37.83 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AvailScript Classmate Script "viewprofile.php" SQL Injection
• Description: AvailScript Classmate Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "viewprofile.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31100

• 08.37.84 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: AvailScript Job Portal Script "applynow.php" SQL Injection
• Description: AvailScript Job Portal Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "jid" parameter of the "applynow.php" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/31101

• 08.37.85 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Libera CMS Cookie SQL Injection
• Description: Libera CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "libera_staff_pass" cookie parameter before using it in an SQL query. Libera CMS versions 1.12 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/31102

• 08.37.86 - CVE: Not Available
• Platform: Web Application
• Title: devalcms Multiple Input Validation Vulnerabilities
• Description: devalcms is a content management system. davalcms is exposed to multiple input validation issues because the application fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/31037

• 08.37.87 - CVE: Not Available
• Platform: Web Application
• Title: aspWebAlbum Multiple Input Validation Vulnerabilities
• Description: aspWebAlbum is an ASP-based photo album application. Since it fails to adequately sanitize user-supplied input, aspWebAlbum is exposed to multiple input validation issues. aspWebAlbum version 3.2 is affected.
• Ref: http://www.securityfocus.com/bid/30996

• 08.37.88 - CVE: Not Available
• Platform: Web Application
• Title: AvailScript Article Script Multiple Input Validation Vulnerabilities
• Description: AvailScript Article Script is a PHP-based article management script. The application is exposed to a cross-site scripting issue and an SQL injection issue because the application fails to sufficiently sanitize user-supplied input to the "aIDS" parameter of the "article.php" script.
• Ref: http://www.securityfocus.com/bid/31095

• 08.37.89 - CVE: Not Available
• Platform: Web Application
• Title: Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
• Description: shop_v50 and shop_v52 are web-based applications. The applications are exposed to multiple cross-site scripting issues because they fail to sufficiently sanitize user-supplied input to unspecified parameters.
• Ref: http://www.securityfocus.com/bid/31006

• 08.37.90 - CVE: CVE-2008-3664
• Platform: Web Application
• Title: XRMS CRM Multiple Input Validation Vulnerabilities
• Description: XRMS CRM is a customer relationship management application. The application is exposed to multiple input validation issues. An unspecified SQL injection issue affects the "admin/users/self-2.php" script, and an HTML injection issue affects the user's "real name" field.
• Ref: http://www.securityfocus.com/archive/1/495981

• 08.37.91 - CVE: Not Available
• Platform: Web Application
• Title: QwicsitePro "pageid" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: QwicsitePro is a web-based content manager written in PHP. The application is exposed to a cross-site scripting issue and an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "pageid" parameter of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/31016

• 08.37.92 - CVE: Not Available
• Platform: Web Application
• Title: Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
• Description: Content Creation Kit (CCK) is a module for Drupal, an open source content manager that is available for a number of platforms. The module is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Content Creation Kit versions prior to 5.x-1.8 are affected.
• Ref: http://drupal.org/node/304093

• 08.37.93 - CVE: Not Available
• Platform: Web Application
• Title: eZoneScripts Dating Website Remote File Upload
• Description: eZoneScripts Dating Website is a web-based application. The application is exposed to an issue that allows an attacker to upload arbitrary script code and execute it in the context of the web server process. The attacker can upload arbitrary files using the application's "admin/upload_banner.php" script.
• Ref: http://www.securityfocus.com/bid/31028

• 08.37.94 - CVE: Not Available
• Platform: Web Application
• Title: WordPress Lost Password SQL Column Truncation Unauthorized Access
• Description: WordPress is a web-based publishing application. WordPress is exposed to an unauthorized access issue. The problem stems from an SQL column-truncation issue which allows the creation of accounts with names that differ only in trailing spaces. WordPress version 2.6.1 is affected.
• Ref: http://www.securityfocus.com/bid/31068

• 08.37.95 - CVE: Not Available
• Platform: Web Application
• Title: AvailScript Photo Album Script Multiple Input Validation Vulnerabilities
• Description: AvailScript Photo Album Script is a PHP-based image gallery. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues.
• Ref: http://www.securityfocus.com/bid/31085

• 08.37.96 - CVE: Not Available
• Platform: Web Application
• Title: Jaw Portal "index.php" Multiple Local File Include Vulnerabilities
• Description: Jaw Portal is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the following parameters of the "index.php" script: "flag" and "inc". Jaw Portal version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/31099

• 08.37.97 - CVE: Not Available
• Platform: Network Device
• Title: Samsung DVR SHR-2040 HTTPD Denial of Service
• Description: Samsung DVR SHR-2040 is a digital video recorder. Samsung DVR SHR-2040 is exposed to a denial of service issue because it fails to properly validate user-supplied input. Specifically, it fails to correctly handle maliciously crafted requests sent to its HTTPD service. SHR-2040 device with firmware version B3.03E-K1.53-V2.19_0705281908 is affected. Ref: http://www.sybsecurity.com/advisors/SYBSEC-ADV16-Samsung_DVR_SHR_2040_HTTPD_Remote_Denial_Of_Service

• 08.37.98 - CVE: CVE-2008-2732, CVE-2008-2733, CVE-2008-2734,CVE-2008-2735, CVE-2008-2736
• Platform: Network Device
• Title: Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities
• Description: Cisco PIX and ASA are security appliances. They are exposed to multiple remote issues. An attacker can exploit these issues to obtain sensitive information or cause the affected devices to reload. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml

• 08.37.99 - CVE: CVE-2008-1197
• Platform: Network Device
• Title: NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of Service
• Description: The NETGEAR WN802T wireless access point is exposed to a local denial of service issue because it fails to adequately verify user-supplied input. The device fails to correctly parse SSID (service set identifier) elements in association requests with wireless clients. The NETGEAR WN802T wireless access point running firmware version 1.3.16 on the Marvell 88W8361P-BEM1 chipset is affected.
• Ref: http://www.securityfocus.com/archive/1/495983

• 08.37.100 - CVE: CVE-2007-5474
• Platform: Network Device
• Title: Atheros Communications AR5416-AC1E Information Element Denial of Service
• Description: Atheros Communications AR5416-AC1E is a chipset included in wireless routers. AR5416-AC1E is exposed to a denial of service issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when parsing Atheros vendor specific information included in the association requests. Atheros AR5416-AC1E included in Linksys WRT35ON wireless router running firmware version 2.00.17 is affected.
• Ref: http://www.securityfocus.com/archive/1/495984

• 08.37.101 - CVE: CVE-2008-1144
• Platform: Network Device
• Title: NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service
• Description: The NETGEAR WN802T is a WiFi network access point. The WN802T is exposed to a denial of service issue because it fails to adequately handle long key lengths in EAPoL packets. An attacker who has authenticated in 802.11 open mode may exploit this issue under some configurations, causing the access point to restart or crash. NETGEAR WN802T firmware version 1.3.16 with the MARVELL 88W8361P-BEM1 chipset is affected.
• Ref: http://www.securityfocus.com/archive/1/495982

• 08.37.102 - CVE: Not Available
• Platform: Network Device
• Title: MicroTik RouterOS SNMP Security Bypass
• Description: MicroTik RouterOS is a router operating system and software used to create dedicated router devices. MicroTik RouterOS is exposed to a security bypass issue because the application fails to sufficiently sanitize SNMP requests. Microtik RouterOS versions up to and including 3.13 and 2.9.51 are affected.
• Ref: http://www.securityfocus.com/bid/31025

• 08.37.103 - CVE: Not Available
• Platform: Network Device
• Title: D-Link DIR-100 Security Bypass
• Description: D-Link DIR-100 is an Ethernet broadband router. It includes various security features including a web proxy service that allows network administrators to block users from accessing certain URLs. D-Link DIR-100 is affected by an issue that allows attackers to bypass security restrictions. This issue can allow users to bypass security restrictions and access sites that are blocked by an administrator. D-Link DIR-100 devices with firmware version 1.12 are affected.
• Ref: http://www.securityfocus.com/archive/1/496072

• 08.37.104 - CVE: Not Available
• Platform: Network Device
• Title: Sagem F@st 2404 Router "wancfg.cmd" Denial of Service
• Description: Sagem F@st 2404 is a high-speed wireless router. Sagem F@st 2404 is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability affects the "action" parameter of the "wancfg.cmd" script.
• Ref: http://www.securityfocus.com/archive/1/496075

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/