Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 38
September 19, 2008

SANS Newsletters Home

Apple Macs and Apple Quicktime top the list of software with critical vulnerabilities this week. Red Hat IPA and LANDesk round it out. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 1
    • Third Party Windows Apps
    • 7 (#4, #6, #7)
    • Mac Os
    • 2 (#1, #8)
    • Linux
    • 8 (#3, #5)
    • Cross Platform
    • 14 (#2)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 26
    • Web Application
    • 27
    • Network Device
    • 3

******************** Sponsored By Sourcefire, Inc. *********************

Best of Open Source Security (BOSS) Conference

February 8-10, 2009 -- Flamingo -Las Vegas

Be sure to register the first IT security conference dedicated to promoting open source security (OSS) technologies and the commercial products that embrace them.

This long overdue conference will bring together passionate OSS advocates and vendors under the same roof to share ideas and experiences.

For more information, visit http://www.sans.org/info/33239

***********************************************************************

TRAINING SCHEDULE UPDATE - - SANSFire 2008 in Washington DC (7/22-7/31) SANS' biggest summer program http://www.sans.org/info/26774 - - Amsterdam (6/16-6/21) and Brussels (6/16-6/21) http://www.sans.org/secureeurope08 - - Singapore (6/30-7/5) http://www.sans.org/singapore08/ Plus 100 other cites and on line any time: www.sans.org *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************ SPONSORED LINK ******************************* 1) Get real-world forensic techniques from industry-recognized experts at the Forensics & Incident Response Summit October 13-14 in Las Vegas. http://www.sans.org/info/33244 *************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-006)
  • Affected:
    • Apple Mac OS X versions prior to 10.5.5

  • Description: Apple Mac OS X contains multiple vulnerabilities in various subsystems. The impact of these vulnerabilities ranges from remote code execution to information disclosure and denials-of-service. Most of the remote code execution vulnerabilities stem from file parsing vulnerabilities; however one flaw in the included ClamAV distribution may be triggered by malicious emails. Various other local-only and privilege escalation vulnerabilities are addressed in this update.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Apple QuickTime Memory Corruption
  • Affected:
    • Apple QuickTime versions 7.5.5 and prior
    • Apple iTunes versions 8.0 and prior

  • Description: QuickTime is Apple's streaming media framework for Apple Mac OS X and Microsoft Windows. iTunes is Apple's music and media management application, based on QuickTime. QuickTime contains a flaw in its parsing of certain file constructs. A specially crafted QuickTime file could trigger this flaw, leading to memory corruption. It is believed, though not confirmed, that this could be leveraged to allow remote code execution with the privileges of the current user. This flaw could also be executed via a malicious web page if the user has the QuickTime browser plugin installed; this plugin is installed by default along with the QuickTime framework. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Apple has not confirmed, no updates available.

  • References:
  • (3) CRITICAL: Red Hat Enterprise IPA Password Disclosure Vulnerability
  • Affected:
    • Red Hat Enterprise IPA v1 EL5

  • Description: Red Hat Enterprise IPA is an identity management suite for enterprises. It contains a flaw in its installation procedure that stores the master Kerberos password in such a way that it may be retrieved by an anonymous Lightweight Directory Access Protocol (LDAP) request. Kerberos is a password management and authentication protocol. If the master Kerberos password is compromised, it would be possible to retrieve or change the passwords of users managed by Kerberos. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: LANDesk Management Suite Heal Packet Buffer Overflow
  • Affected:
    • LANDesk Management Suite versions 8.8 and prior

  • Description: LANDesk is a popular system management application. It contains a flaw in its QIP Server service component. This component, which listens for requests from the network, contains a buffer overflow in its handling of QIP "heal" packets. A specially crafted packet could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 1275 at the network perimeter.

  • References:
  • (5) HIGH: Red Hat Directory Server Multiple Vulnerabilities
  • Affected:
    • Red Hat Directory Server adminutil versions prior to 1.1.7-1.fc9

  • Description: Red Hat Directory Server is Red Hat's Lightweight Directory Access Protocol (LDAP) server. It contains a flaw in its handling of parameters to some of the CGI scripts used to manage the server. A specially crafted request to one of these scripts could result in a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (usually 'nobody'). It is not known if authentication is required to reach the vulnerable CGI applications. Various other denial-of-service and related vulnerabilities have also been addressed.

  • Status: Vendor confirmed, updates available.

  • References:
  • (7) HIGH: Data Dynamics ActiveReports ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Data Dynamics ActiveReports ActiveX Control versions 2.5.0.1314 and prior

  • Description: Data Dynamics ActiveReports is a popular report development system for Microsoft Visual Basic. It contains multiple vulnerabilities in various methods. A malicious web page that instantiated this control could call one of these methods. Successfully exploiting one of these vulnerabilities would allow an attacker to overwrite arbitrary files with the privileges of the current user. This could be leveraged to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "8569D715-FF88-44BA-8D1D-AD3E59543DDE".

  • References:
  • (8) MODERATE: Adobe Illustrator File Parsing Remote Code Execution
  • Affected:
    • Adobe Illustrator for Mac version CS2

  • Description: Adobe Illustrator is a popular vector graphics drawing program. It contains a flaw in its parsing of its native "Ai" file format. A specially crafted Ai file could trigger this flaw, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that only the versions of Adobe Illustrator for the Apple Macintosh are affected; Microsoft Windows versions are not affected. Depending upon configuration, malicious files may be opened by the vulnerable program upon receipt, without first prompting the user.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 38, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.38.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows WRITE_ANDX SMB Processing Remote Denial of Service
  • Description: Microsoft Windows is exposed to a remote denial of service issue because it fails to adequately handle specially crafted Server Message Block (SMB) packets. This issue occurs when the "srv.sys" driver handles malformed WRITE_ANDX SMB packets.
  • Ref: http://www.securityfocus.com/archive/1/496354
  • 08.38.2 - CVE: CVE-2008-2437
  • Platform: Third Party Windows Apps
  • Title: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. Trend Micro OfficeScan is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.securityfocus.com/archive/1/496281
  • 08.38.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow
  • Description: ZoneAlarm Security Suite is a security suite for Microsoft Windows platforms. ZoneAlarm Anti-Virus is included. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. The issue arises when the application attempts to scan a number of nested directories with long names. ZoneAlarm Security Suite version 7.0.483.000 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496226
  • 08.38.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft SQL Server 2000 "sqlvdir.dll" ActiveX Buffer Overflow
  • Description: Microsoft SQL Server is an implementation of an SQL relational database developed by Microsoft. It is commercially available for Microsoft Windows. The application's "sqlvdir.dll" ActiveX control is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. The issue occurs when passing excessive amounts of data to the "Control()" method. Microsoft SQL Server 2000 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.38.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Baidu Hi "CSTransfer.dll" Remote Stack Buffer Overflow
  • Description: Baidu Hi is an instant messaging application available for Microsoft Windows. Baidu Hi is exposed to a remote stack-based buffer overflow issue because it fails to bounds check user-supplied data. This issue occurs in the "CSTransfer.dll" library.
  • Ref: http://www.securityfocus.com/archive/1/496322
  • 08.38.6 - CVE: CVE-2008-2468
  • Platform: Third Party Windows Apps
  • Title: LANDesk Intel QIP Service "qipsrvr.exe" Buffer Overflow
  • Description: LANDesk Intel QIP Service is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-06
  • 08.38.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ComponentOne VSFlexGrid ActiveX Control "Archive()" Buffer Overflow
  • Description: ComponentOne VSFlexGrid is a grid component designed to display, edit, format, and organize tabular data. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.38.8 - CVE: CVE-2008-1093
  • Platform: Third Party Windows Apps
  • Title: Acresso FLEXnet Connect "GetRules.asp" Remote Code Execution
  • Description: Acresso FLEXnet Connect is used to provide software updates for other products. It is available for Microsoft Windows. FLEXnet Connect is exposed to a remote code execution issue because it fails to adequately verify the authenticity of downloaded content.
  • Ref: http://www.kb.cert.org/vuls/id/837092
  • 08.38.9 - CVE: CVE-2008-2305, CVE-2008-2329, CVE-2008-2330,CVE-2008-2331, CVE-2008-3613, CVE-2008-2332, CVE-2008-3608,CVE-2008-3609, CVE-2008-3610, CVE-2008-3611, CVE-2008-3616,CVE-2008-2312, CVE-2008-3617, CVE-2008-3618, CVE-2008-3619,CVE-2008-3621, CVE-2008-3622
  • Platform: Mac Os
  • Title: Apple Mac OS X 2008-006 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security vulnerabilities that have been addressed in Security Update 2008-006. The security update addresses a total of 17 new vulnerabilities that affect the Apple Type Services, Directory Services, Finder, ImageIO, Kernel, Login Windows, SearchKit, System Configuration, System Preferences, Time Machine, VideoConference, and Wiki Server components of Mac OS X. The advisory also contains security updates for 17 previously reported issues.
  • Ref: http://support.apple.com/kb/HT3137
  • 08.38.10 - CVE: CVE-2008-2932
  • Platform: Linux
  • Title: Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow
  • Description: Red Hat Directory Server is a centralization server based on the Lightweight Directory Access Protocol (LDAP). The server is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The problem occurs in the HTTP unescaping functions in the "adminutil" library used in the Directory Server's CGI scripts. The issue was introduced in adminutils version 1.1.6.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=454662
  • 08.38.11 - CVE: CVE-2008-3274
  • Platform: Linux
  • Title: Red Hat Enterprise IPA Master Kerberos Password Information Disclosure
  • Description: Red Hat Enterprise IPA is an integrated solution that manages Identity, Policies and Audits. Red Hat Enterprise IPA is exposed to an information disclosure issue because the application allows anonymous users to gain access to the master Kerberos password. Red Hat Enterprise IPA version 1 for Red Hat Enterprise Linux 5 Server is affected.
  • Ref: http://www.securityfocus.com/bid/31111
  • 08.38.12 - CVE: CVE-2008-3792
  • Platform: Linux
  • Title: Linux Kernel "SCTP" Module Multiple Vulnerabilities
  • Description: Linux Kernel "SCTP" module is exposed to multiple issues. Successful exploitation will allow local attackers to disclose sensitive information or cause kernel crashes and deny service to legitimate users. Linux Kernel versions 2.6.26.3 and earlier are affected.
  • Ref: http://www.trapkit.de/advisories/TKADV2008-007.txt
  • 08.38.13 - CVE: CVE-2008-3535
  • Platform: Linux
  • Title: Linux Kernel "iov_iter_advance()" Page Fault Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue caused by an error in the "iov_iter_advance()" function in the file "mm/filemap.c". This issue occurs due to an off-by-one error in the affected function. Linux kernel versions 2.6 prior to version 2.6.27-rc2 are affected.
  • Ref: http://lkml.org/lkml/2008/7/30/446
  • 08.38.14 - CVE: CVE-2008-3915
  • Platform: Linux
  • Title: Linux kernel NFSv4 ACL Buffer Overflow
  • Description: The Linux kernel is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs in the "init_state()" function when decoding NFSv4 ACL's. Linux kernel versions prior to 2.6.26.4 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
  • 08.38.15 - CVE: CVE-2008-3534
  • Platform: Linux
  • Title: Linux Kernel "shmem_delete_inode()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle a specific sequence of file create, remove, and overwrite operations. The problem occurs in the "shmem_delete_inode()" function of "mm/shmem.c" in the tmpfs implementation and is related to the allocation of "useless pages" and improper maintenance of the "i_blocks" count. Linux kernel versions prior to 2.6.21.1 are affected.
  • Ref: http://lkml.org/lkml/2008/7/26/71
  • 08.38.16 - CVE: CVE-2008-1514
  • Platform: Linux
  • Title: Linux Kernel s390 ptrace Denial of Service
  • Description: The Linux kernel is exposed to a denial of service issue when process traces are performed on 32-bit computers. Local attackers can leverage the issue to crash the kernel and deny service to legitimate users. Linux kernel versions prior to 2.6.27-rc6 for the s390 architecture are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=438147
  • 08.38.17 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "add_to_page_cache_lru()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because of an error in the "splice()" system call. The problem occurs in the file "fs/splice.c". Specifically when a call to "add_to_page_cache_lru()" fails, the memory page in question will not be locked. Linux kernel versions prior to 2.6.22.2 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
  • 08.38.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Unreal Engine Failed Memory Allocation Remote Denial of Service
  • Description: Unreal Engine is a platform to develop 3D games. The engine is exposed to a remote denial of service issue because of an error in memory allocation. This issue affects Unreal Engine 3; other versions may also be affected.
  • Ref: http://www.securityfocus.com/archive/1/496280
  • 08.38.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Epic Games Unreal Engine Multiple Format String Vulnerabilities
  • Description: Unreal Engine is a platform to develop 3D games. Unreal Engine is exposed to multiple remote format string issues. Two of the issues occur when format-string characters are provided to the following commands and parameters: "DLMGR": "CLASS" and "WELCOME": "LEVEL".
  • Ref: http://www.securityfocus.com/archive/1/496297
  • 08.38.20 - CVE: CVE-2008-3873
  • Platform: Cross Platform
  • Title: Adobe Flash Player Clipboard Security Weakness
  • Description: Adobe Flash Player is an application for playing Flash media files. Adobe Flash Player is exposed to a security weakness that may allow attackers to inject arbitrary content into a user's clipboard.
  • Ref: http://blogs.zdnet.com/security/?p=1733
  • 08.38.21 - CVE: CVE-2008-3529
  • Platform: Cross Platform
  • Title: libxml XML Entity Name Heap Buffer Overflow
  • Description: libxml is a library for manipulating XML files. libxml is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the "xmlParseAttValueComplex()" function in "parser.c" does not perform adequate bounds checks. The vulnerability occurs when parsing overly long XML entity names.
  • Ref: http://www.securityfocus.com/bid/31126
  • 08.38.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IntegraMOD Backup Directory Information Disclosure
  • Description: IntegraMOD is a distribution of phpBB that incorporates various third-party modules. The application is exposed to an information disclosure issue because the application fails to restrict access to the backup folder. IntegraMOD version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31149
  • 08.38.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avant Browser JavaScript Engine Integer Overflow
  • Description: Avant Browser is a web browser application available for Microsoft Windows. Avant Browser is exposed to an integer overflow issue that occurs in the JavaScript engine. This issue occurs when handling specially crafted strings. Avant Browser version 11.7 Build 9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496301
  • 08.38.24 - CVE: CVE-2008-3950
  • Platform: Cross Platform
  • Title: Apple iPhone and iPod touch Safari WebKit "alert()" Function Remote Denial of Service
  • Description: Apple iPhone is a mobile phone that runs on the ARM architecture. Apple iPod touch is a portable music player that also contains the Safari browser. Apple iPhone and iPod touch are exposed to a remote denial of service issue that occurs in the WebKit library used by the Safari web browser. iPhone versions 1.1.4 and 2.0 and iPod touch versions 1.1.4 and 2.0 are affected. Ref: http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service
  • 08.38.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Kolab Groupware Server Apache Log File User Password Information Disclosure
  • Description: Kolab Groupware Server is a Groupware solution for managing emails, appointments and contacts. Kolab Groupware Server is exposed to an information disclosure issue because the application stores user passwords in the Apache log file.
  • Ref: https://qa.mandriva.com/show_bug.cgi?id=43434
  • 08.38.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Personal FTP Server "RETR" Command Remote Denial of Service
  • Description: Personal FTP Server is an FTP server available for Microsoft Windows. The application is exposed to a remote denial of service issue occurs when multiple "RETR" commands with overly long filenames are requested from the server. Personal FTP Server version 6.0f is affected.
  • Ref: http://www.securityfocus.com/bid/31173
  • 08.38.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Python "move-faqwiz.sh" Insecure Temporary File Creation
  • Description: Python is an interpreted dynamic object-oriented programming language that is available for many operating systems. Python creates temporary files in an insecure manner. The issue occurs because the "Tools/faqwiz/move-faqwiz.sh" script creates files in an insecure manner. Python version 2.3.4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899
  • 08.38.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server "FileServing" Feature Unspecified Vulnerability
  • Description: IBM WebSphere Application Server is a utility designed to facilitate the creation of various enterprise web applications. IBM WebSphere Application Server is exposed to an unspecified issue that affects the "FileServing" feature in the "Servlet Engine/Web Container" component. WebSphere Application Server versions prior to 6.1.0.19 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61019
  • 08.38.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Management Center Remote Denial of Service
  • Description: Sun Management Center provides management capabilities for Sun enterprise servers. This application is exposed to a denial of service issue due to an unspecified error. Sun Management Center versions 3.6.1 and 4.0 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241686-1
  • 08.38.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: pdnsd "src/dns_query.c" Remote Denial of Service
  • Description: pdnsd is a DNS proxy server. pdnsd is exposed to a remote denial of service issue that occurs when the application receives crafted DNS response packets with multiple "answer" sections. Specifically, the issue occurs in the "p_exec_query()" function of the "src/dns_query.c" file. pdnsd versions prior to 1.2.7-par are affected.
  • Ref: http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
  • 08.38.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Unreal Engine "UnChan.cpp" Failed Assertion Remote Denial of Service
  • Description: Unreal Engine is a platform to develop 3D games. The engine is exposed to a remote denial of service issue when the "Closing" flag in the "UnChan.cpp" source file is set.
  • Ref: http://aluigi.org/adv/unreaload-adv.txt
  • 08.38.32 - CVE: CVE-2008-3824
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting
  • Description: Horde Application Framework is an application framework used with other Horde Project products. Horde Application Framework is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Horde Framework prior to versions 3.1.9 and 3.2.2 are affected.
  • Ref: http://www.ocert.org/advisories/ocert-2008-012.html
  • 08.38.33 - CVE: CVE-2008-3823
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting
  • Description: Horde Application Framework is an application framework used with other Horde Project products. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, the filenames of MIME attachments to webmail messages are not properly sanitized before being displayed to the user. Horde Framework versions 3.2 through 3.2.1 are affected. Ref: http://www.nruns.com/security_advisory_horde_xss_in_filename_mime_attachments.php
  • 08.38.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: NooMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: NooMS is a PHP-based content management system. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input passed to the following scripts and parameters: "smileys.php":"page_id" and "search.php":"q". NooMS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496236
  • 08.38.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DeluxeBB "tools.php" Cross-Site Scripting
  • Description: DeluxeBB is a web-based bulletin board. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "tools.php" script. DeluxeBB version 1.2 is affected.
  • Ref: http://www.deluxebb.com/community/topic.php?tid=858
  • 08.38.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pro2col Stingray FTS
  • Description: Stingray FTS is a hardware-based file transfer system. It includes web-based tools for users and administrators. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "login.jsp" script.
  • Ref: http://www.securityfocus.com/archive/1/496302
  • 08.38.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dynamic MP3 Lister "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Dynamic MP3 Lister is a PHP-based application that allows users to share MP3 files. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Dynamic MP3 Lister version 2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31151
  • 08.38.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Paranews Multiple Cross-Site Scripting Vulnerabilities
  • Description: Paranews is a PHP-based news script application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input passed to the "page" and "id" parameters of the "news.php" script when the "pn_go" parameter is set to "details". Paranews version 3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31152
  • 08.38.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Horde Turba Contact Manager "/imp/test.php" Cross-Site Scripting
  • Description: Turba Contact Manager is a Horde contact manager application implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "user" parameter of the "/imp/test.php" script. Turba Contact Manager version H3 2.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31168
  • 08.38.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Opera Web Browser Unicode Whitespace Cross-Site Scripting Weakness
  • Description: Opera Web Browser is exposed to a weakness that can facilitate cross-site scripting attacks. This issue occurs due to the processing of Unicode characters flagged with the "white_space" property. Opera versions prior to 9.52 are affected. Ref: http://lookout.net/2008/08/26/advisory-attack-of-the-mongolian-space-evaders-and-other-medieval-xss-vectors/
  • 08.38.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sports Clubs Web Panel "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Sports Clubs Web Panel is a PHP-based content manager for band web sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Sports Clubs Web Panel version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31142
  • 08.38.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPortfolio "photo.php" SQL Injection
  • Description: PHPortfolio is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "photo.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31143
  • 08.38.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vastal I-Tech phpVID "group.php" SQL Injection
  • Description: phpVID is a web-based, video-sharing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "group.php" script before using it in an SQL query. phpVID version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31108
  • 08.38.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zanfi CMS lite "index.php" SQL Injection
  • Description: Zanfi CMS lite is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31116
  • 08.38.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Hot Links SQL-PHP "news.php" SQL Injection
  • Description: Hot Links SQL-PHP is a PHP-based link manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news.php" script before using it in an SQL query. Hot Links SQL-PHP versions 3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31118
  • 08.38.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Php CMS "article.php" SQL Injection
  • Description: E-Php CMS is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "es_id" parameter of the "article.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31119
  • 08.38.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zanfi Autodealers CMS AutOnline "pageid" Parameter SQL Injection
  • Description: Autodealers CMS AutOnline is a web-based content manager. The application is prone to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageid" parameter of the "index.php' script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31120
  • 08.38.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Zanfi Autodealers CMS AutOnline "id" Parameter SQL Injection
  • Description: Autodealers CMS AutOnline is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31137
  • 08.38.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Powie PHP Forum "showprofil.php" SQL Injection
  • Description: Powie PHP Forum (pForum) is a web forum. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "showprofil.php" script file before using it in an SQL query. Powie PHP Forum version 1.30 is affected.
  • Ref: http://www.securityfocus.com/bid/31150
  • 08.38.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuicO "photo.php" SQL Injection
  • Description: QuicO is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "photo.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31154
  • 08.38.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebPortal CMS "download.php" SQL Injection
  • Description: WebPortal CMS is a web-based content manager. The application is expsoed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter of the "download.php" script before using it in an SQL query. WebPortal CMS version 0.7.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31156
  • 08.38.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vbLOGIX Tutorials "main.php" SQL Injection
  • Description: vbLOGIX Tutorials is a tutorial management tool. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "main.php" script file before using it in an SQL query. vbLOGIX Tutorials version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31157
  • 08.38.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iBoutique "index.php" SQL Injection
  • Description: iBoutique is an e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script when the "mod" parameter is set to "products" before using it in an SQL query. iBoutique version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31159
  • 08.38.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pNews "newskom.php" SQL Injection
  • Description: pNews is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsid" parameter of the "newskom.php" script before using it in an SQL query. pNews version 2.03 is affected.
  • Ref: http://www.securityfocus.com/bid/31160
  • 08.38.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: pLink "linkto.php" SQL Injection
  • Description: pLink is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "linkto.php" script before using it in an SQL query. pLink version 2.07 is affected.
  • Ref: http://www.securityfocus.com/bid/31163
  • 08.38.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FoT Video scripti "izle.asp" SQL Injection
  • Description: FoT Video scripti is an ASP-based video script application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "oyun" parameter of the "izle.asp" script before using it in an SQL query. FoT Video scripti version 1.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/31166
  • 08.38.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpSmartCom Local File Include and SQL Injection Vulnerabilities
  • Description: phpSmartCom is a PHP-based virtual community application. The application is exposed to a local file include issue and an SQL injection issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script. phpSmartCom version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31167
  • 08.38.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DownlineGoldmine Multiple Products "tr.php" SQL Injection
  • Description: Multiple DownlineGoldmine products are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "id" parameter of the "tr.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31169
  • 08.38.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Kasseler CMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Kasseler CMS is a content manager application. Kasseler CMS is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect "nid", "vid", "fid", "tid", "uname" and "module" parameters of the "index.php" script. Kasseler CMS versions 1.1.0 and 1.2.0 Lite are affected.
  • Ref: http://www.securityfocus.com/bid/31170
  • 08.38.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phsdev phsBlog "sid" Parameter SQL Injection
  • Description: phsBlog is a PHP-based blogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query. phsBlog version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31172
  • 08.38.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ruby on Rails ":offset" and ":limit" Parameters SQL Injection Vulnerabilities
  • Description: Ruby on Rails is a content manager application. Ruby on Rails is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in SQL queries. These issues affect the ":offset" and ":limit" parameters. Ruby on Rails versions prior to 2.1.1 are affected. Ref: http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
  • 08.38.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LinksCaffePRO "index.php" SQL Injection
  • Description: LinksCaffePRO is a classified advertisement application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idd" parameter of the "index.php" script before using it in an SQL query. LinksCaffePRO version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31187
  • 08.38.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Link Bid Script "upgrade.php" SQL Injection
  • Description: Link Bid Script is a PHP-based bid for position directory application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ucat" parameter of the "upgrade.php" script before using it in an SQL query. Link Bid Script version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31191
  • 08.38.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Real Estate Website "search.php" SQL Injection
  • Description: Pre Real Estate Website is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "search.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31192
  • 08.38.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phsdev phsBlog "upload/index.php" SQL Injection
  • Description: phsBlog is a PHP-based web-log from phsdev. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sql_cid" parameter of the "upload/index.php" script before using it in an SQL query. phsBlog version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31171
  • 08.38.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iScripts EasyIndex "detaillist.php" SQL Injection
  • Description: iScripts EasyIndex is a PHP-based business directory application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "produid" parameter of the "detaillist.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31202
  • 08.38.67 - CVE: CVE-2007-0373
  • Platform: Web Application
  • Title: Joomla! Multiple Remote Vulnerabilites and Weaknesses
  • Description: Joomla! is a PHP-based content manager. Joomla! is exposed to multiple remote issues and a weakness. Remote attackers can exploit these issues to send unsolicited spam email, redirect victims to attacker-controlled web sites and conduct phishing-style attacks. Joomla! versions prior to 1.5.7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496237
  • 08.38.68 - CVE: CVE-2008-3965, CVE-2008-3966, CVE-2008-3967
  • Platform: Web Application
  • Title: MyBB Prior to 1.4.1 Multiple Unspecified Vulnerabilities
  • Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board application. The application is exposed to multiple unspecified issues. MyBB versions prior to 1.4.1 are affected.
  • Ref: http://community.mybboard.net/showthread.php?tid=36022
  • 08.38.69 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple Tor World CGI Scripts Remote Script Execution
  • Description: Tor World is a company that provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts are exposed to a remote script execution issue because it fails to adequately sanitize user-supplied input.
  • Ref: http://jvn.jp/en/jp/JVN18616622/index.html
  • 08.38.70 - CVE: Not Available
  • Platform: Web Application
  • Title: LedgerSMB Versions Prior to 1.2.15 Multiple Remote Vulnerabilities
  • Description: LedgerSMB is an accounting application implemented in Perl. LedgerSMB is a fork of SQL-Ledger. The application is exposed to multiple remote issues. LedgerSMB versions prior to 1.2.15 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496181
  • 08.38.71 - CVE: Not Available
  • Platform: Web Application
  • Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: myPHPNuke is a web-based content manager written in PHP. The application is exposed to multiple input validation issues. A cross-site scripting issue affects the "sid" parameter of the "print.php" script. An SQL injection issue affects the "sid" parameter of the "print.php" script. myPHPNuke verions prior to 1.8.8_8rc2 are affected.
  • Ref: http://www.securityfocus.com/bid/31112
  • 08.38.72 - CVE: Not Available
  • Platform: Web Application
  • Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: myPHPNuke is a web-based content manager. The application is exposed to multiple input validation issues. A cross-site scripting issue affects the "sid" parameter of the "print.php" script. A SQL injection issue affects the "sid" parameter of the "print.php" script. myPHPNuke versions prior to 1.8.8_8rc2 are affected.
  • Ref: http://www.securityfocus.com/bid/31114
  • 08.38.73 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Random Password Generation Insufficient Entropy Weakness
  • Description: WordPress is a web-based publishing application. WordPress is exposed to a weakness in the generation of new random passwords. Specifically, when the password for an existing account is reset, a confirmation code and a new password are generated in sequence. WordPress version 2.6.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496287
  • 08.38.74 - CVE: Not Available
  • Platform: Web Application
  • Title: Ananta "connectors.php" Arbitrary File Upload
  • Description: Ananta is a PHP-based content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the "fckeditor" module fails to properly verify file extensions before uploading files onto the web server. Specifically, the "admin/editor/filemanager/connectors/php/connectors.php" script is vulnerable. Ananta version 1.0b6 is affected.
  • Ref: http://www.securityfocus.com/bid/31122
  • 08.38.75 - CVE: Not Available
  • Platform: Web Application
  • Title: PhpWebGallery Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: PhpWebGallery is a photo gallery application. PhpWebGallery is exposed to multiple input validation issues. PhpWebGallery version 1.3.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496228
  • 08.38.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Photo Gallery Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Easy Photo Gallery is a PHP-based photo gallery application. The application is exposed to multiple input validation issues. Easy Photo Gallery version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496220
  • 08.38.77 - CVE: Not Available
  • Platform: Web Application
  • Title: minb Multiple Arbitrary File Upload Vulnerabilities
  • Description: minb is a PHP-based content manager. The application is exposed to multiple issues that allow remote attackers to upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issues occur because the application fails to sufficiently sanitize file extensions before uploading files onto the web server. minb version 0.1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496234
  • 08.38.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Sports Clubs Web Panel "index.php" Local File Include
  • Description: Sports Clubs Web Panel is a PHP-based content manager used for managing sports clubs. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script. Sports Clubs Web Panel version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31128
  • 08.38.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Grafitti Forums SQL Injection and HTML Injection Vulnerabilities
  • Description: Grafitti Forums is a web-based forum application. Since it fails to adequately sanitize user-supplied input, Brim is exposed to multiple input validation issues. Grafitti Forums version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31130
  • 08.38.80 - CVE: Not Available
  • Platform: Web Application
  • Title: D-iscussion Board "index.php" Local File Include
  • Description: D-iscussion Board is a PHP-based forum application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "topic" parameter of the "index.php" script. D-iscussion Board version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31135
  • 08.38.81 - CVE: Not Available
  • Platform: Web Application
  • Title: DotNetNuke Multiple Security Bypass and Information Disclosure Vulnerabilities
  • Description: DotNetNuke is a framework to develop web sites. The application is exposed to multiple issues. DotNetNuke versions 2.0 up to and including 4.8.4 are affected.
  • Ref: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno2 3/tabid/1176/Default.aspx
  • 08.38.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Answers Module "answer" Field HTML Injection
  • Description: Answers is a PHP-based question and answer component for Drupal. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "answer" field before using it in dynamically generated content. Answers version 5.x-1.x-dev is affected.
  • Ref: http://www.securityfocus.com/bid/31146
  • 08.38.83 - CVE: Not Available
  • Platform: Web Application
  • Title: YourOwnBux Cookie Authentication Bypass
  • Description: YourOwnBux is PHP-based software for managing ad links. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. YourOwnBux version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31147
  • 08.38.84 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCMS Portal Edition Multiple Input Validation Vulnerabilities
  • Description: WebCMS Portal Edition is a PHP-based content management system. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues in the script "index.php". Specifically there is an SQL injection issue affecting the "id_doc" parameter, and a cross-site scripting vulnerability affecting the "patron" parameter.
  • Ref: http://www.securityfocus.com/bid/31153
  • 08.38.85 - CVE: Not Available
  • Platform: Web Application
  • Title: SkaLinks "register.php" Account Creation Access Validation
  • Description: SkaLinks is a PHP-based link manager application. The application is exposed to an access validation issue that attackers can leverage to create unauthorized administrative user accounts. This issue occurs as a result of authentication not being required to access the "admin/register.php" script. SkaLinks version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31158
  • 08.38.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy Photo Gallery "useradmin.php" Access Validation
  • Description: Easy Photo Gallery is a PHP-based photo gallery application. The application is exposed to an access validation issue that attackers can leverage to create user accounts (including administrative accounts) and delete arbitrary user accounts. This issue occurs as a result of authentication not being required to access the "useradmin.php" script. Easy Photo Gallery version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31161
  • 08.38.87 - CVE: Not Available
  • Platform: Web Application
  • Title: TalkBack "comments.php" Local File Include
  • Description: TalkBack is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "comments.php" script. TalkBack version 2.3.6 is affected.
  • Ref: http://www.securityfocus.com/bid/31164
  • 08.38.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Free PHP VX Guestbook Cookie Authentication Bypass and Information Disclosure Vulnerabilities
  • Description: Free PHP VX Guestbook is a guestbook application. Free PHP VX Guestbook is exposed to two issues. An authentication bypass issue exists because the application fails to adequately verify user-supplied input used for cookie-based authentication. An information disclosure issue affects the "admin/backupdb.php" script. Free PHP VX Guestbook version 1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/31174
  • 08.38.89 - CVE: Not Available
  • Platform: Web Application
  • Title: CzarNews "recook" Cookie Authentication Bypass
  • Description: CzarNews is a news manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. CzarNews version 1.20 is affected.
  • Ref: http://www.securityfocus.com/bid/31182
  • 08.38.90 - CVE: Not Available
  • Platform: Web Application
  • Title: SPAW Editor "theme.class.php" Unspecified Input Validation
  • Description: SPAW Editor is a web based editor control. SPAW Editor is exposed to an unspecified input validation issue in the file "theme.class.php". Specifically, adequate checks are not performed on the theme name. SPAW Editor versions prior to 2.0.8.1 are affected. Ref: http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/
  • 08.38.91 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyAdmin "server_databases.php" Remote Command Execution
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. phpMyAdmin is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately validate user-supplied input to the "sort_by" parameter of the "server_database.php" script. phpMyAdmin versions prior to 2.11.9.1 are affected.
  • Ref: http://fd.the-wildcat.de/pma_e36a091q11.php
  • 08.38.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Fantastico De Luxe "fantasticopath" Parameter Local File Include
  • Description: Fantastico De Luxe is a module for cPanel. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "fantasticopath" parameter of the "fantastico/includes/xml.php" script. Fantastico De Luxe versions prior to 2.10.4 r19 are affected.
  • Ref: http://www.netenberg.com/forum/index.php?topic=6768.0
  • 08.38.93 - CVE: Not Available
  • Platform: Web Application
  • Title: OSADS Alliance Database "includes/functions.php" Unspecified
  • Description: OSADS Alliance Database is a web-based application. The application is exposed to an unspecified issue in the file "includes/functions.php". OSADS Alliance Database versions prior to 2.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654
  • 08.38.94 - CVE: Not Available
  • Platform: Network Device
  • Title: Nokia E90 Communicator Remote Denial of Service
  • Description: Nokia E90 Communicator is a 3G mobile phone device. Nokia E90 Communicator is exposed to a denial of service issue because the device fails to handle multiple 802.11 frames. Specifically, the issue occurs when affected devices receive 10 consecutive "deauthenticate" frames. Nokia E90 Communicator devices running Symbian OS S60 3rd Edition are affected.
  • Ref: http://www.securityfocus.com/bid/31175
  • 08.38.95 - CVE: Not Available
  • Platform: Network Device
  • Title: Accellion File Transfer Appliance Error Report Message Open Email Relay
  • Description: Accellion File Transfer is a file transfer appliance. The appliance is exposed to an open email relay issue that occurs in the "error reporting" page. This issue occurs because the device fails to validate the URL address before sending an email to an unsuspecting victim. Accellion File Transfer Appliance versions prior to FTA_7_0_189 are affected. Ref: http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt
  • 08.38.96 - CVE: Not Available
  • Platform: Network Device
  • Title: Beetel 220BX Series DSL Modem Provided by Airtel Multiple Security Vulnerabilities
  • Description: Beetel 220BX series DSL modems are provided for broadband connectivity by Airtel in India. The device is exposed to multiple security issues.
  • Ref: http://www.securityfocus.com/archive/1/496383

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/

Best IT Security return on Investment.
-Mario Chiock, Schlumberger

SANS Technology Institute

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP