Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 4
January 21, 2008

SANS Newsletters Home

Another critical Excel vulnerability (unpatched) this week will enable another wave of successful spear phishing attacks (with email attachments that people think are being checked by their virus checker, when the virus checkers may be impotent against these new attacks). Add another series of critical Apple QuickTime vulnerabilities, a critical Citrix vulnerability and a critical vulnerability in Cisco Unified Communications Manager's handling of cryptographic certificates, and you have another bad week for the defenders.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 1 (#1)
    • Other Microsoft Products
    • 1 (#10)
    • Third Party Windows Apps
    • 10 (#3, #6, #7, #8, #9)
    • Linux
    • 4
    • Apple
    • 2 (#2, #12)
    • Cisco
    • 1 (#4)
    • BSD
    • 3
    • Solaris
    • 3
    • Cross Platform
    • 23 (#5, #11)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 22
    • Web Application
    • 17
    • Network Device
    • 3

******************** Sponsored By Rapid7 Inc. ************************

"In 2007, there were over 10,000 vulnerabilities, exploits cost US companies $256 billion, and 58 million people had their personal and financial information exposed to hackers. Is your organization vulnerable? Find out today, Take the Rapid7 Vulnerability Challenge. Try NeXpose free for 20 days. You WILL find network, database and Web application vulnerabilities!"

http://www.sans.org/info/22614

************************* SECURITY TRAINING UPDATE *********************

Where can you find Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, Pen Testing and SANS' other top-rated courses? - - Orlando (SANS2008) (4/18-4/25) http://www.sans.org/sans2008 (Our biggest training program) - - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php - - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/prague08 - - Washington DC (VA) (3/24-3/31) http://www.sans.org/tysonscorner08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Linux
BSD
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** SPONSORED LINK ****************************

1) Discover the latest security management trends from Jon Oltsik's ESG research in this HP-hosted webinar. http://www.sans.org/info/22619

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Excel File Handling Remote Code Execution
  • Affected:
    • Microsoft Office 2000/2002/2003
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Excel contains a flaw in its handling of certain Excel files. A specially crafted Excel file could trigger an unspecified vulnerability in Excel, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, content is not opened upon receipt without user interaction. Further technical details are not publicly available for this vulnerability, but this vulnerability is being actively exploited in the wild.

  • Status: Microsoft confirmed, no updates available.

  • References:
  • (3) CRITICAL: Citrix Presentation Server IMA Buffer Overflow
  • Affected:
    • Citrix Presentation Server versions 4.5 and prior
    • Citrix Metaframe Presentation Server versions 3.0 and prior
    • Citrix Access Essentials versions 2.0 and prior
    • Citrix Desktop Server version 1.0

  • Description: The Citrix Presentation Server is an application sharing system. It contains a flaw in its Independent Management Architecture (IMA) component. A specially crafted user request could trigger a buffer overflow during the request's processing. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: Citrix confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP ports 2512 and 2513 at the network perimeter, if possible.

  • References:
  • (4) CRITICAL: Cisco Unified Communications Manager CTLProvider Heap Overflow
  • Affected:
    • Cisco Unified Communications Manager versions 4.1(3) and prior

  • Description: Cisco Unified Communications Manager (CUCM) is Cisco's telephony management platform. It contains a flaw in its "CTLProvider" component. This component manages cryptographic certificates. A specially crafted request to this component could trigger a heap overflow. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. No authentication is required to exploit this vulnerability. Some technical details are publicly available for this vulnerability. Note that successfully exploiting this vulnerability could lead to a disruption in telephony service, including emergency services.

  • Status: Cisco confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 2444 at the network perimeter, if possible.

  • References:
  • (6) HIGH: Crystal Reports Report Viewer ActiveX Control Buffer Overflow
  • Affected:
    • Crystal Reports Report Viewer ActiveX Control

  • Description: Crystal Reports is a popular enterprise report generation application. It provides remote users the capability of viewing generated reports via a web browser. This functionality is provided by an ActiveX control. This control contains a buffer overflow in its "SelectedSession" method. A specially crafted web page that instantiates this control could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Complete technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "3D58C9F3-7CA5-4C44-9D62-C5B63E059050"

  • References:
  • (7) HIGH: Macrovision FLEXNet Connect ActiveX Control Multiple Insecure Methods
  • Affected:
    • Macrovision FLEXNet ActiveX Control

  • Description: Macrovision FLEXNet Connect allows software distributors and vendors the ability to automatically deliver software and notify users of updates. Part of its functionality is provided by an ActiveX control. This control contains multiple insecure methods. A malicious webpage that instantiated this control could use its "AddFile" or "DownloadAndExecute" methods to automatically download and execute arbitrary files to a victim's system. This could be leveraged to overwrite sensitive files or execute arbitrary code with the privileges of the current user. Multiple proofs-of-concept and full technical details are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism for CLSIDs "1DF951B1-8D40-4894-A04C-66AD824A0EEF" and "FCED4482-7CCB-4E6F-86C9-DCB22B52843C".

  • References:
  • (8) HIGH: AOL Nullsoft Winamp Multiple Vulnerabilities
  • Affected:
    • AOL Nullsoft Winamp versions prior to 5.52

  • Description: AOL Nullsoft Winamp is a popular media player for Microsoft Windows. It contains multiple vulnerabilities in its handling of Ultravox media streams. A specially crafted stream could trigger one of these vulnerabilities, leading to a buffer overflow. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the current user. Note that Ultravox streams may open without user intervention upon receipt, depending on system configuration. Some technical details are publicly available for this vulnerability.

  • Status: AOL confirmed, updates available.

  • References:
  • (9) HIGH: Skype Cross-Site Scripting Vulnerability
  • Affected:
    • Skype versions 3.5.x and 3.6.x

  • Description: Skype is a popular cross platform voice and video conferencing system. It allows users the ability to add video and other web content to chat sessions. The web content added to these sessions runs with full Microsoft Internet Explorer "local zone" privileges on Microsoft Windows. This allows attackers to execute arbitrary scripts with the privileges of the current user. This can be leveraged to full arbitrary command and code execution. A proof-of-concept and video demonstration of this vulnerability is publicly available. Note that this vulnerability depends on the presence of cross site scripting vulnerabilities in associated web sites.

  • Status: Skype has released a temporary fix for this vulnerability.

  • References:
  • (10) MODERATE: Microsoft Visual Basic DSR File Handling Buffer Overflow
  • Affected:
    • Microsoft Visual Basic Enterprise Edition versions 6 and prior

  • Description: Microsoft Visual Basic contains a flaw in its handling of DSR files. DSR files are used to define form data and other information In Visual Basic applications. A specially crafted DSR file could trigger a buffer overflow in Visual Basic, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that DSR files may be opened without user interaction upon receipt, depending upon configuration. A proof-of-concept for this vulnerability is publicly available.

  • Status: Microsoft has not confirmed, no updates available.

  • References:
  • (11) MODERATE: Multiple Oracle Products Multiple Unspecified Vulnerabilities (CPU Jan 2008)
  • Affected:
    • Oracle Database
    • Oracle Application Server
    • Oracle Collaboration Suite
    • Oracle E-Business Suite
    • Oracle PeopleSoft Enterprise PeopleTools

  • Description: Oracle has released its Critical Patch Update (CPU) for January of 2008. This update addresses several flaws in various Oracle products. The various vulnerabilities are of unspecified severity and impact, though it is believed that at least some of them can lead to remote code execution with the privileges of the vulnerable process. No further details are publicly available for these issues. Some vendors who ship products based on Oracle products have also issued advisories.

  • Status: Oracle confirmed, updates available.

  • References:
  • (12) LOW: Apple iPhone/iPod Touch Mobile Safari Multiple Vulnerabilities
  • Affected:
    • Apple iPhone versions prior to 1.1.3
    • Apple iPod Touch versions prior to 1.1.3

  • Description: The Apple iPhone contains multiple vulnerabilities in its embedded web browser based on Safari, known as Mobile Safari. A specially crafted URL passed to the application could trigger a memory corruption vulnerability and allow an attacker to execute arbitrary code on the iPhone. Additionally, Mobile Safari fails to properly handle cross-domain scripting issues, exposing users to a Cross-Site Scripting attack. No other technical details are believed to be publicly available for these vulnerabilities.

  • Status: Apple confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.4.1 - CVE: CVE-2008-0081
  • Platform: Microsoft Office
  • Title: Microsoft Excel Header Parsing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. The application is exposed to a remote code execution issue due to an unspecified error. Please refer to the link below for further details.
  • Ref: http://www.microsoft.com/technet/security/advisory/947563.mspx
  • 08.4.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Interdev SLN File Buffer Overflow
  • Description: Microsoft Visual Interdev is an integrated development environment (IDE) for Microsoft Visual Studios. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling malformed solution (".sln") files. Microsoft Visual InterDev version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27250
  • 08.4.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DVRHOST PDVRATL.dll ActiveX Control Heap-Based Buffer Overflow
  • Description: DVRHOST is a hosted content management service for storing DVR (Digital Video Recorder) files. The application utilizes ActiveX controls for user interaction. The "PdvrAtl.PdvrOcx.1" ActiveX control is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. PDVRATL.DLL version 1.0.1.25 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=568160
  • 08.4.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: QVOD Player QvodInsert.dll ActiveX Control Remote Buffer Overflow
  • Description: QVOD Player "QvodInsert.dll" ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "URL" property of the control. QVOD Player versions prior to 2.1.5 build 0053 are affected.
  • Ref: http://www.securityfocus.com/bid/27269
  • 08.4.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: StreamAudio ProxyManager "InternalTuneIn()" ActiveX Control Buffer Overflow
  • Description: StreamAudio is a radio broadcast application for streaming media. The StreamAudio ProxyManager ActiveX control is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. StreamAudio ccpm_0237.dll is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.4.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File Download Vulnerabilities
  • Description: Macrovision FLEXnet Connect allows users to deliver applications, patches, updates, and messages to computers. The application is exposed to multiple file access issues.
  • Ref: http://www.securityfocus.com/bid/27277
  • 08.4.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cisco VPN Client for Windows Local Denial of Service
  • Description: Cisco VPN Client is a freely-available IPsec client application that is used to connect to Cisco VPN servers. It is available for multiple platforms including Microsoft Windows, Apple Mac OS X, Unix, and Linux. The application is exposed to a local denial of service issue due to a failure of the software's IPsec driver to handle certain IOCTLs. Cisco VPN Client version 5.0.02.0090 of the "cvpndrva.sys" driver is affected.
  • Ref: http://www.securityfocus.com/bid/27289
  • 08.4.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RTS Sentry Digital Surveillance PTZCamPanel ActiveX Control Buffer Overflow
  • Description: RTS Sentry Digital Surveillance is a DVR (Digital Video Recorder) system. The application uses ActiveX controls for user interaction. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. CamPanel.dll version 2.1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27303
  • 08.4.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BitTorrent and uTorrent Peers Window Remote Denial of Service
  • Description: BitTorrent and uTorrent are Torrent applications available for Microsoft Windows. The applications are exposed to a remote denial of service issue because they fail to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. The issue occurs when the version number of another user's client is displayed in the "Peers" window. BitTorrent versions prior to 6.0, and uTorrent versions prior to 1.7.5 and 1.8-alpha-7834 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486426
  • 08.4.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Crystal Reports EnterpriseControls.dll ActiveX Control Buffer Overflow
  • Description: Crystal Reports is a commercially available data-reporting application. The "EnterpriseControls.dll" ActiveX control allows a browser to display reports created by Crystal Reports. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. EnterpriseControls.dll version 11.5.0.313, which is contained in Crystal Reports XI Release 2, is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.4.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Digital Data Communications RtspVaPgCtrl ActiveX Control Buffer Overflow
  • Description: Digital Data Communications "RtspVaPgCtrl" ActiveX control is used for interacting with Level1 IP camera devices via Internet Explorer. The "RtspVaPgCtrl" ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "MP4Prefix" attribute of the control. RtspVapgDecoder.dll version 1.1.0.29 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.4.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities
  • Description: CORE FORCE is a security framework for the Microsoft Windows 2000 and XP platforms. The application is exposed to multiple local kernel buffer overflow issues because the application fails to adequately verify user-supplied input. CORE FORCE versions up to and including 0.95.167 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486513
  • 08.4.13 - CVE: CVE-2008-0001
  • Platform: Linux
  • Title: Linux Kernel VFS Unauthorized File Access
  • Description: The Linux kernel is exposed to an unauthorized file access issue affecting the VFS (Virtual Filesystem) module. This issue occurs because of changes to the codebase that resulted in using incorrect flags to track open files within Virtual filesystems. Specifically, the open flag "flag" was used instead of the "acc_mode" flag.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
  • 08.4.14 - CVE: Not Available
  • Platform: Linux
  • Title: paramiko Random Number Generator Weakness
  • Description: paramiko is a python module that implements the SSH2 protocol. The application is exposed to a random number generator weakness due to an insecure use of the PyCrypto's RandomPool class. Specifically, the issue arises because the module uses a single instance of the RandomPool class to generate random numbers and it does not implement any mechanisms to ensure that numbers generated by different processes or threads are independent.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
  • 08.4.15 - CVE: CVE-2008-0171, CVE-2008-0172
  • Platform: Linux
  • Title: Boost Library Regular Expression Remote Denial of Service Vulnerabilities
  • Description: The Boost library is a collection of peer-reviewed C++ libraries. The library is exposed to a remote denial of service issue because it fails to adequately verify user-supplied input on regular expressions. boost versions 1.33.1 and 1.34.1 are affected.
  • Ref: http://www.securityfocus.com/bid/27325
  • 08.4.16 - CVE: CVE-2008-0302
  • Platform: Linux
  • Title: apt-listchanges Unsafe Paths Library Import Local Shell Code Execution
  • Description: The "apt-listchanges" tool is used to notify users about changes in a software package's history. The tool is exposed to an issue that allows arbitrary shell code to run. This issue occurs because the tool uses unsafe paths when importing its Python libraries. apt-listchanges versions prior to 2.82 are affected.
  • Ref: http://www.securityfocus.com/bid/27331
  • 08.4.17 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD "rtlabel_id2name()" Local Denial of Service
  • Description: OpenBSD is exposed to a local denial of service issue when the kernel handles a specially-crafted IOCTL request. Specifically, when attackers issue specially-crafted IOCTL requests to the SIOCGIFRTLABEL command, a NULL-pointer may be dereferenced in the kernel. This is due to a failure of the kernel to properly handle NULL return values from the "rtlabel_id2name()" function. OpenBSD versions 4.2 onwards are affected.
  • Ref: http://marc.info/?l=openbsd-security-announce&m=120007327504064&w=2
  • 08.4.18 - CVE: CVE-2008-0122
  • Platform: BSD
  • Title: FreeBSD "inet_network()" Off-by-One Buffer Overflow
  • Description: FreeBSD is exposed to an off-by-one buffer overflow issue because the "inet_network()" libc library function fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.securityfocus.com/bid/27283
  • 08.4.19 - CVE: CVE-2008-0216, CVE-2008-0217
  • Platform: BSD
  • Title: FreeBSD pty Handling Multiple Local Information Disclosure Vulnerabilities
  • Description: FreeBSD is exposed to multiple issues due to errors in the pty handling mechanisms. FreeBSD versions 5.0 and higher are affected.
  • Ref: http://www.securityfocus.com/bid/27284
  • 08.4.20 - CVE: Not Available
  • Platform: Solaris
  • Title: libxml2 "xmlCurrentChar()" UTF-8 Parsing Remote Denial of Service
  • Description: The libxml2 library is a freely-available package that is used to parse and create XML content. The application is exposed to a denial of service issue because of an infinite-loop flaw. libxml2 versions prior to 2.6.31 are affected. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1&searchclause=
  • 08.4.21 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "libdevinfo(3LIB)" Unauthorized File Access
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to an unauthorized file access issue that exists in the "libdevinfo(3LB)" library, which is being used by the "login(1)" command. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103165-1&searchclause=
  • 08.4.22 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "dotoprocs()" Local Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. The application is exposed to a local denial of service issue that occurs in the "dotprocs()" function. Sun Solaris 10.0 _x86 and Sun Solaris 10.0 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103188-1
  • 08.4.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Malformed GIF File Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. This issue occurs because the application fails to handle malformed GIF files. Please refer to the link below for further details.
  • Ref: http://www.securityfocus.com/archive/1/486163
  • 08.4.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MPlayer Multiple Unspecified Remote Denial of Service Vulnerabilities
  • Description: MPlayer is a multi-media player available for multiple operating platforms. The application is exposed to multiple unspecified denial of service issues when handling certain malformed media files. MPlayer version 1.0rc2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486163
  • 08.4.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GStreamer Multiple Unspecified Remote Denial of Service Vulnerabilities
  • Description: GStreamer is a library for use with multi-media applications. The application is exposed to multiple unspecified denial of service issues when handling certain malformed MPEG and MPEG-2 media files. GStreamer version 0.10.15 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486163
  • 08.4.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xine-lib Multiple Unspecified Remote Denial of Service Vulnerabilities
  • Description: The "xine-lib" library allows various media players to play various media formats. It is available for UNIX, Linux, Mac OS X, and other UNIX-like operating systems. The application is exposed to multiple unspecified denial of service issues when handling certain malformed media files.
  • Ref: http://www.securityfocus.com/archive/1/486163
  • 08.4.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple Safari KHTML WebKit Remote Denial of Service
  • Description: Apple Safari is a web browser available for multiple operating systems. The application is exposed to a remote denial of service issue that occurs in the KHTML Webkit when validating malformed data. Apple Safari 2 running on Mac OS X is affected.
  • Ref: http://www.s21sec.com/avisos/s21sec-039-en.txt
  • 08.4.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fortinet FortiGate CRLF Characters URL Filtering Bypass
  • Description: Fortinet FortiGate is a series of antivirus firewall devices. The application is exposed to an issue that can allow attackers to bypass the device's URL filtering. This issue occurs when an attacker submits an HTTP request with each line terminated by a CRLF character, or if there is no hostname in the HTTP/1.0 request. Ref: http://lists.immunitysec.com/pipermail/dailydave/2008-January/004814.html
  • 08.4.29 - CVE: CVE-2007-5655
  • Platform: Cross Platform
  • Title: TIBCO SmartSockets Untrusted Pointer Multiple Remote Code Execution Vulnerabilities
  • Description: SmartSockets is a message-passing framework used to transport messages over disparate channels. The application is exposed to multiple remote code execution issues because the application uses attacker-supplied values from requests as pointers. The values are used in certain memory operations and can potentially corrupt memory.
  • Ref: http://www.securityfocus.com/archive/1/486368
  • 08.4.30 - CVE: CVE-2007-5656
  • Platform: Cross Platform
  • Title: SmartSockets RTServer Multiple Remote Unspecified Untrusted Loop Bounds Vulnerabilities
  • Description: SmartSockets is a message-passing framework used to transport messages over disparate channels. RTServer is the server component of the framework. The application is exposed to multiple remote unspecified issues due to untrusted loop bounds. The server processes requests with several loop iterations, with memory operations occuring within the loops. The number of iterations is determined from within the requests. SmartSockets version 6.8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486370
  • 08.4.31 - CVE: CVE-2007-5658
  • Platform: Cross Platform
  • Title: TIBCO SmartSockets Request Heap Buffer Overflow
  • Description: TIBCO SmartSockets is a message passing framework. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue exists in the code that processes requests. Specifically, the two values used to allocate memory can be controlled by an attacker.
  • Ref: http://www.securityfocus.com/archive/1/486367
  • 08.4.32 - CVE: CVE-2007-5657
  • Platform: Cross Platform
  • Title: TIBCO SmartSockets Multiple Pointer Offset Remote Code Execution Vulnerabilities
  • Description: TIBCO SmartSockets is a real-time communication system designed for enterprises. The application is exposed to multiple remote code execution issues when the application processes requests and user-supplied input is used to offset valid pointers that are later used for memory operations. SmartSockets version 6.8.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486369
  • 08.4.33 - CVE: CVE-2008-0035
  • Platform: Cross Platform
  • Title: Apple Safari for iPhone and iPod Touch "Foundation" Unspecified Memory Corruption
  • Description: Apple iPhone is a mobile phone that contains a stripped-down version of the Apple Safari Browser called Mobile Safari. iPhone runs on the ARM architecture. Apple iPod Touch is a portable music player that also contains the Safari browser. The "Foundation" component of the Safari browser is exposed to an unspecified memory corruption issue. iPhone versions 1.0 to 1.1.2 and iPod Touch versions 1.1 to 1.1.2 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307302
  • 08.4.34 - CVE: CVE-2008-0034
  • Platform: Cross Platform
  • Title: Apple iPhone Passcode Lock Security Bypass
  • Description: Apple iPhone is exposed to a security bypass issue that can be leveraged to launch arbitrary iPhone applications. This issue affects the Passcode Lock feature due to the way that it handles emergency calls. iPhone versions prior to 1.1.3 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307301
  • 08.4.35 - CVE: CVE-2008-0031
  • Platform: Cross Platform
  • Title: Apple QuickTime Sorenson 3 Video Files Remote Code Execution
  • Description: Apple QuickTime is a media player for Mac OS X and Microsoft Windows. The application is exposed to a remote code execution issue when handling specially-crafted Sorenson 3 video files. QuickTime versions prior to 7.4 running on the following operating systems are affected: Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, Microsoft Windows XP and Microsoft Windows Vista.
  • Ref: http://docs.info.apple.com/article.html?artnum=307301
  • 08.4.36 - CVE: CVE-2008-0033
  • Platform: Cross Platform
  • Title: Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue. Specifically, this issue occurs when parsing Image Descriptor (IDSC) atoms in a malicious movie file. Apple QuickTime versions prior to 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
  • 08.4.37 - CVE: CVE-2008-0036
  • Platform: Cross Platform
  • Title: Apple QuickTime Compressed PICT Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a buffer overflow issue. Specifically, the issue occurs when parsing compressed PICT files. Apple QuickTime versions prior to 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307301
  • 08.4.38 - CVE: CVE-2008-0032
  • Platform: Cross Platform
  • Title: Apple QuickTime "Macintosh Resource" Records Remote Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue. Specifically, this issue occurs when the application is handling Macintosh Resource records in a malicious movie file. Apple QuickTime versions prior to 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
  • Ref: http://www.securityfocus.com/archive/1/486396
  • 08.4.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OSC Radiator Radius Packet Remote Denial of Service
  • Description: OSC Radiator is a Radius server available for various platforms. The application is exposed to a remote denial of service issue that presents itself when the server tries to process a malicious Radius packet. OSC Radiator versions prior to 4.0 are affected.
  • Ref: http://www.open.com.au/radiator/history.html
  • 08.4.40 - CVE: CVE-2008-0027
  • Platform: Cross Platform
  • Title: Cisco Unified Communications Manager CTL Provider Heap Buffer Overflow
  • Description: Cisco Unified Communications Manager (formerly known as CallManager) is the call-processing component of the Cisco Unified Communications System. The Certificate Trust List (CTL) is used by IP phone devices to verify the identity of CUCM servers. The CTL Provider service is exposed to a heap-based buffer overflow issue. The service is enabled during initial configuration of the CUCM server, or when changes are made to the CTL. The service listens on TCP port 2444 by default. Unified CallManager versions 4.0 and 4.1 prior to 4.1(3)SR5c, and Unified Communications Manager versions 4.2 prior to 4.2(3)SR3 and 4.3 prior to 4.3(1)SR1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486415
  • 08.4.41 - CVE: CVE-2008-0285
  • Platform: Cross Platform
  • Title: ngIRCd PART Command Parsing Denial of Service
  • Description: ngIRCd is an IRC daemon available for various platforms including Windows and UNIX. The application is exposed to a denial of service issue because it fails to handle certain PART commands properly. ngIRCd versions prior to 0.10.4 and 0.11.0-pre2 are affected.
  • Ref: http://ngircd.barton.de/doc/ChangeLog
  • 08.4.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities
  • Description: MiniWeb is an HTTP server implemented in C. The application is exposed to multiple remote issues. MiniWeb version 0.8.19 is affected.
  • Ref: http://www.securityfocus.com/bid/27319
  • 08.4.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Informix Dynamic Server Multiple Unspecified File Creation Vulnerabilities
  • Description: IBM Informix Dynamic Server is an application server that runs on various platforms. The application is exposed to multiple unspecified issues caused by unspecified file creation errors that affect "SQLIDEBUG" and "ONEDCU". Informix Dynamic Server version 10.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27328
  • 08.4.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Presentation Server IMA Service Buffer Overflow
  • Description: Citrix Presentation Server provides remote application access using the ICA protocol. It uses the IMA (Independent Management Architecture) service for inter-server and management communications. The application is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. Citrix MetaFrame and Presentation Server version 4.5 (and earlier), Citrix Access Essentials version 2.0 (and earlier), and Citrix Desktop Server 1.0 (and earlier) are affected.
  • Ref: http://support.citrix.com/article/CTX114487
  • 08.4.45 - CVE: CVE-2007-5760, CVE-2007-5758, CVE-2007-6427,CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
  • Platform: Cross Platform
  • Title: X.Org X Server Multiple Local Privilege Escalation and Information Disclosure Vulnerabilities
  • Description: The X.Org X Server is an open-source X Window System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to multiple local privilege escalation issues.
  • Ref: http://www.securityfocus.com/archive/1/486516
  • 08.4.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F5 BIG-IP "SearchString" Multiple Cross-Site Scripting Vulnerabilities
  • Description: F5 BIG-IP is a device that runs multiple software modules used to serve applications, manage security and monitor network traffic as well as other uses. The device's web interface is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. BIG-IP firmware version 9.4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27272
  • 08.4.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Running Management "index.php" Cross-Site Scripting
  • Description: PHP Running Management is a PHP web-based application for runners. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "message" parameter of the "index.php" script. PHP Running Management versions prior to 1.0.3 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=568237&group_id=103505
  • 08.4.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dansie Search Engine "search.pl" Cross-Site Scripting
  • Description: Dansie Search Engine is a Perl script that provides search functionality. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "keywords" parameter of the "search.pl" script. Dansie Search Engine version 2.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27269
  • 08.4.49 - CVE: CVE-2007-4389
  • Platform: Web Application - Cross Site Scripting
  • Title: 2Wire Routers Cross-Site Request Forgery
  • Description: 2Wire routers are network devices designed for home and small-office setups. The application is exposed to a cross-site request forgery issue. An attacker can exploit this issue to perform DNS poisoning attacks through the "NAME" and "ADDR" parameters. Ref: http://www.securityfocus.com/archive/1/archive/1/476595/100/0/threaded
  • 08.4.50 - CVE: CVE-2008-0123
  • Platform: Web Application - Cross Site Scripting
  • Title: Moodle "install.php" Cross-Site Scripting
  • Description: Moodle is an open-source course manager designed for online courseware and e-learning. It is freely available under the GNU Public license for Unix and variants and for Microsoft Windows. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "dbname" parameter of the "install.php" script. Moodle versions prior to 1.8.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486198
  • 08.4.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: pMachine Pro Multiple Cross-Site Scripting Vulnerabilities
  • Description: pMachine Pro is a website management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "L_PREF_GROUP[S100]", "L_PREF_GROUP[S110]", "L_PREF_NAME[810]" and "L_PREF_NAME[850]" parameters of the "pm/language/spanish/preferences.php" script. pMachine Pro version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27282
  • 08.4.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: cPanel "dohtaccess.html" Cross-Site Scripting
  • Description: cPanel is a web-hosting control panel. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter of the "/cpanelpro/dohtaccess.html" script.
  • Ref: http://www.securityfocus.com/archive/1/486404
  • 08.4.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Sametime Client Chat Message Cross-Site Scripting
  • Description: IBM Lotus Sametime Client is a commercially available instant-messaging and web-conferencing application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Lotus Sametime Client application versions 7.5 and 7.5.1 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21292938
  • 08.4.54 - CVE: CVE-2008-0173
  • Platform: Web Application - SQL Injection
  • Title: GForge Multiple Unspecified SQL Injection Vulnerabilities
  • Description: Gforge is a web-based tool for collaborative development. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries.
  • Ref: http://www.securityfocus.com/bid/27266
  • 08.4.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ImageAlbum "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: ImageAlbum is a web-based photo album application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the "id" parameter. ImageAlbum version 2.00b2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486162
  • 08.4.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ajchat "directory.php" SQL Injection
  • Description: Ajchat is an instant messaging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "s" parameter of the "directory.php" script before using it in an SQL query. Ajchat version 0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/27241
  • 08.4.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TaskFreak! "index.php" SQL Injection
  • Description: TaskFreak! is a web-based task manager application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sContext" parameter of the "index.php" script before using it in an SQL query. TaskFreak! version 0.81 is affected.
  • Ref: http://www.securityfocus.com/bid/27257
  • 08.4.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Agares Media phpAutoVideo "articleblock.php" SQL Injection
  • Description: phpAutoVideo is a web-based video site application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "articlecat" parameter of the "includes/articleblock.php" script before using it in an SQL query. phpAutoVideo version 2.21 is affected.
  • Ref: http://www.securityfocus.com/bid/27258
  • 08.4.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Matteo Binda ASP Photo Gallery Multiple SQL Injection Vulnerabilities
  • Description: ASP Photo Gallery is a web-based photo gallery application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. ASP Photo Gallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27262
  • 08.4.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TutorialCMS "activate.php" SQL Injection
  • Description: TutorialCMS is a content management system. The application is prone to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "userName" parameter of the "activate.php" script before using it in an SQL query. TutorialCMS version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/27263
  • 08.4.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BinN S.Builder "full_text.php" SQL Injection
  • Description: BinN S.Builder is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nid" parameter of the "full_text.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27264
  • 08.4.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X7 Chat Index.PHP SQL Injection
  • Description: X7 Chat is a free, open-source, web-based chat application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "day" parameter of the "index.php" script before using it in an SQL query. X7 Chat version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27277
  • 08.4.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Xforum "liretopic.php" SQL Injection
  • Description: Xforum is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "topic" parameter of the "liretopic.php" script before using it in an SQL query. Xforum version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/27278
  • 08.4.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RichStrong CMS "showproduct.asp" SQL Injection
  • Description: RichStrong CMS is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "showproduct.asp" script before using it in an SQL query.
  • Ref: http://www.milw0rm.com/exploits/4910
  • 08.4.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Article Dashboard "admin/login.php" Multiple SQL Injection Vulnerabilities
  • Description: Article Dashboard is an application that facilitates the publication of articles on a web site; it is implemented in PHP with a MySQL database. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the "user" or "pass" parameters of the "admin/login.php" script before using it in SQL queries.
  • Ref: http://www.securityfocus.com/archive/1/486323
  • 08.4.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LulieBlog "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: LulieBlog is a web-based blog application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input to the "id" parameter of the following scripts: "comment_accepter.php", "comment_refuser.php" and "article_suppr.php". LulieBlog version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27290
  • 08.4.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple FaScript Packages "show.php" SQL Injection
  • Description: FaScript is a set of PHP-based web applications. Multiple FaScript packages are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "id" parameter of the "show.php" script before using it in an SQL query. FaMp3 version 1, FaPersian Petition, and FaPersianHack version 1 are affected.
  • Ref: http://www.securityfocus.com/bid/27302
  • 08.4.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FaName "page.php" SQL Injection
  • Description: FaName is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "page.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27303
  • 08.4.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pixelpost "index.php" SQL Injection
  • Description: Pixelpost is a PHP-based photoblog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data in the "parent_id" parameter of the "index.php" script before using it in an SQL query. Pixelpost version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27242
  • 08.4.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RichStrong CMS "showproduct.asp" SQL Injection
  • Description: RichStrong CMS is a content management system implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "showproduct.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27310
  • 08.4.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: aliTalk Multiple SQL Injection and Access Validation Vulnerabilties
  • Description: aliTalk is a web-based instant messaging application. The application is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. aliTalk version 1.9.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27315
  • 08.4.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Residence "visualizza_tabelle.php" SQL Injection
  • Description: PHP-Residence is a web-based application for tracking house, apartment, and hotel-room rentals. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the search input parameter of the "visualizza_tabelle.php" script before using it in an SQL query. PHP-Residence version 0.7.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27320
  • 08.4.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBB "moderation.php" Multiple SQL Injection Vulnerabilities
  • Description: MyBB is a PHP-based bulletin board application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to parameters of the "moderation.php" script before using it in an SQL query. MyBB versions prior to 1.2.11 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486433
  • 08.4.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPEcho CMS "index.php" SQL Injection
  • Description: PHPEcho CMS is an PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. PHPEcho CMS version 2.0-rc3 is affected.
  • Ref: http://www.securityfocus.com/bid/27326
  • 08.4.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Site2Nite Real Estate Web "default.asp" Multiple SQL Injection Vulnerabilities
  • Description: Site2Nite Real Estate Web is an ASP-based bulletin board for real-estate listings. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "txtPassword" and "txtUserNam" parameters of the "default.asp" script before using it in an SQL query.
  • Ref: http://support.citrix.com/article/CTX114487
  • 08.4.76 - CVE: Not Available
  • Platform: Web Application
  • Title: FreeSeat Unspecified Security Bypass
  • Description: FreeSeat is a web-based PHP application for managing bookings. The application is exposed to a security bypass issue due to an unspecified error in the "seat locking" functionality. FreeSeat versions prior to 1.1.5d are affected. Ref: https://sourceforge.net/project/shownotes.php?release_id=568374&group_id=160239
  • 08.4.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Member Area System "view_func.php" Remote File Include
  • Description: Member Area System is commercially available web-based PHP application that is designed for adult webmasters. It is a content management application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "i" and "l" parameters of the "view_func.php" script. Member Area System version 1.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486172
  • 08.4.78 - CVE: Not Available
  • Platform: Web Application
  • Title: 0DayDB "delete.php' Authentication Bypass
  • Description: 0DayDB is a collection of tools for running a "warez" web site. The application is exposed to an authentication bypass issue because the application fails to validate user authentication credentials before granting access to the "delete.php" script. 0DayDB version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27255
  • 08.4.79 - CVE: Not Available
  • Platform: Web Application
  • Title: minimal Gallery Multiple Information Disclosure Vulnerabilities
  • Description: minimal Gallery is an image gallery. The application is exposed to multiple issues. minimal Gallery version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/27265
  • 08.4.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Garment Center "index.cgi" Local File Include
  • Description: Garment Center is a web-based application implemented in Perl. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/27273
  • 08.4.81 - CVE: Not Available
  • Platform: Web Application
  • Title: BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
  • Description: Bugtracker.NET is a web-based bug tracker written in ASP.NET and C# with a Microsoft SQL or MSDE database. The application is exposed to multiple HTML injection issues because it fails to sanitize user-supplied input to various unspecified form fields when submitting a new bug report. BugTracker.NET versions prior to 2.7.2 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=568160
  • 08.4.82 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP F1 Max's File Uploader "index.php" Arbitrary File Upload
  • Description: Max's File Uploader is a PHP-based application that allows users to upload files onto a web server. The application is exposed to an arbitrary file upload issue because the application fails to sufficiently sanitize user-supplied input. The issue exists in the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/486335
  • 08.4.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Micro News "admin.php" Authentication Bypass
  • Description: Micro News is a PHP-based application for posting news items to web sites. The application is exposed to an authentication bypass issue because it fails to perform authentication checks in the "admin.php" script.
  • Ref: http://www.securityfocus.com/archive/1/486349
  • 08.4.84 - CVE: Not Available
  • Platform: Web Application
  • Title: ARIA "effect.php" Local File Include
  • Description: ARIA is a PHP-based ERP (Enterprise Resource Planning) application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "/arias/help/effect.php" script. ARIA version 0.99-6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486406
  • 08.4.85 - CVE: Not Available
  • Platform: Web Application
  • Title: MailBee WebMail Pro "download_view_attachment.aspx" Local File Include
  • Description: MailBee WebMail Pro is a webmail client implemented in ASP and PHP. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "temp_filename" parameter of the "download_view_attachment.aspx" script.
  • Ref: http://www.securityfocus.com/bid/27312
  • 08.4.86 - CVE: Not Available
  • Platform: Web Application
  • Title: BLOG:CMS Multiple Input Validation Vulnerabilities
  • Description: BLOG:CMS is a freely available PHP-based blog and content management application. The application fails to properly sanitize user-supplied input. BLOG:CMS version 4.2.1.b is affected.
  • Ref: http://www.securityfocus.com/archive/1/486400
  • 08.4.87 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Multiple Remote PHP Code Execution Vulnerabilities
  • Description: MyBB is a bulletin board application written in PHP. The application is exposed to multiple remote PHP code execution issues due to the application using user-supplied input in an "eval()" function call. Specifically, input to the "sortby" parameter of the "search.php" and "forumdisplay.php" scripts is not properly sanitized. MyBB version 1.2.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486434
  • 08.4.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Gradman "agregar_info.php" Local File Include
  • Description: Gradman a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "tabla" parameter of the "agregar_info.php" script. Gradman version 0.1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486444
  • 08.4.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Galaxyscripts Mini File Host "upload.php" Local File Include
  • Description: Galaxyscripts Mini File Host is a file hosting script. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "language" parameter of the "upload.php" script. Mini File Host versions 1.2 and prior are affected.
  • Ref: http://www.securityfocus.com/bid/27327
  • 08.4.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Clever Copy Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Clever Copy is a scalable website portal and news-posting system. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Clever Copy version 3.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486492
  • 08.4.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Skype Web Content Zone Remote Code Execution
  • Description: Skype is an application that provides VoIP, instant messaging, file transfer, video conferencing, and other utilities. The application is exposed to an issue that allows arbitrary code to run. Skype version 3.6.0.244 is affected. Ref: http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx
  • 08.4.92 - CVE: Not Available
  • Platform: Web Application
  • Title: AuraCMS "stat.php" Remote Script Code Execution
  • Description: AuraCMS is a web-based content manager. The application is exposed to a remote script code execution issue because it fails to properly sanitize user-supplied input to the "X-Forwarded-For" HTTP request header. Specifically the issue exists in the "stat.php" script and can be used by remote attackers to include and execute arbitrary script code in the context of the affected application. AuraCMS version 1.62 is affected.
  • Ref: http://www.securityfocus.com/bid/27342
  • 08.4.93 - CVE: Not Available
  • Platform: Network Device
  • Title: 8E6 R3000 Internet Filter URI Security Bypass
  • Description: The 8e6 R3000 Internet Filter is an appliance for filtering internet traffic. The appliance is exposed to an issue that allows attackers to bypass URI filters. Specifically HTTP requests that are split into multiple packets will not be adequately filtered. R3000 Internet Filter version 2.0.05.33 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486398
  • 08.4.94 - CVE: Not Available
  • Platform: Network Device
  • Title: Funkwerk X2300 DNS Request Denial of Service
  • Description: Funkwerk X2300 is a packet-routing device. The application is exposed to a denial of service issue when processing malicious DNS requests. Funkwerk X2300 firmware 7.4.1 prior to Patch 9 are affected. Ref: http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/readme_741p9_en.pdf
  • 08.4.95 - CVE: Not Available
  • Platform: Network Device
  • Title: OKI C5510MFP Printer Unauthorized Access
  • Description: The OKI C5510MFP Printer is a multi-function networked printing device. The printer is exposed to an unauthorized access issue because it obtains configuration details and administrator passwords in an insecure manner.
  • Ref: http://www.securityfocus.com/archive/1/486511

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

SANS Technology Institute

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd