Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 40
October 2, 2008

SANS Newsletters Home

No big packages with critical vulnerabilities this week, but notice more than 90 new web application vulnerabilities discovered this week. It's an epidemic. The colleges have discovered a cool way to teach secure coding so there's hope that we can turn the tide. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ----------------------- ------------------------------------
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 13 (#1, #3, #4, #5)
    • Mac Os
    • 2
    • Linux
    • 1
    • Cross Platform
    • 15 (#2)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 29
    • Web Application
    • 59
    • Network Device
    • 13

******************* Sponsored By SANS Forensics Summit ******************* Join other professionals at the Forensics & Incident Response Summit October 13-14. Discuss the latest processes and technologies for effective incident response and mitigation, forensic analysis, and recovery as a result of a data breach in any size organization. Hear what your peers are doing in this space and what the best tools are. http://www.sans.org/info/33789 *****************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** TRAINING UPDATE ******************************* - - - SANS CDI in Washington (12/10 -12/16) 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/cdi08/ - - - Monterey (10/31-11/6) http://www.sans.org/info/30738 - - - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/ - - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ - - - Las Vegas (1/24-2/3/2009) http://www.sans.org/securitywest09 and in 100 other cites and on line any time: www.sans.org *****************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: RealFlex/DATAC RealWin Buffer Overflow
  • Affected:
    • RealFlex RealWin versions 2.0 and prior

  • Description: RealFlex/DATAC RealWin is a Supervisory Control And Data Acquisition (SCADA) management application that runs on Microsoft Windows. SCADA protocols are used in industrial control and monitoring situations, including manufacturing plants and power generation facilities. RealWin contains a buffer overflow in its handling of certain SCADA messages. A specially crafted SCADA message sent to the software could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. This could be leveraged to additionally compromise any SCADA client devices controlled by the server. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users are advised to block all SCADA ports at the network perimeter, if possible.

  • References:
  • (2) HIGH: Trend Micro OfficeScan Multiple Vulnerabilities
  • Affected:
    • Trend Micro OfficeScan versions 8.0 Service Pack 1 Patch 1 and prior
    • Trend Micro Worry-Free Business Security versions 5.0 and prior

  • Description: Trend Micro Office Scan is a popular malware scanning tool for businesses. Its web interface contains multiple vulnerabilities in its handling of a variety of user inputs. A specially crafted request could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Nokia PC Suite Buffer Overflow
  • Affected:
    • Nokia PC Suite versions 7.0 and prior

  • Description: Nokia PC Suite is a suite of applications designed to provide connectivity between systems running Microsoft Windows and various Nokia mobile devices. It contains a buffer overflow in its handling of user requests. A specially crafted request sent to the service could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
  • (4) HIGH: Autodesk LiveUpdate and Express Viewer ActiveX Controsl Multiple Vulnerabilities
  • Affected:
    • Autodesk Revit Architecture 2009
    • Autodesk Design Review 2009

  • Description: Autodesk LiveUpdate is an update component provided with several Autodesk applications. Autodesk DWF Viewer is a component used to view Autodesk design files. These components' functionality is provided in ActiveX controls. These controls fail to properly sanitize their input, leading to remote command execution and arbitrary file download vulnerabilities. A specially crafted web page that instantiated this control could leverage these vulnerabilities to execute arbitrary commands with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "kill bit" mechanism using CLSIDs "89EC7921-729B-4116-A819- DF86A4A5776B" and "A662DA7E-CCB7-4743-B71A-D817F6D575DF". Note that this may affect normal application functionality.

  • References:
  • (5) HIGH: Novell ZENworks Desktop Management ActiveX Control Buffer Overflow
  • Affected:
    • Novell ZENworks Desktop Management versions 6.5 and prior

  • Description: Novell ZENworks is a popular enterprise systems management application. Part of its functionality on Microsoft Windows is provided by an ActiveX control. This control contains a buffer overflow vulnerability in its "CanUninstall" method. A specially crafted web page that instantiated this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "0F517994-A6FA-4F39-BD4B- EC2DF00AEEF1". Note that this may affect normal application functionality.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.40.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft WordPad ".doc" File Remote Denial of Service
  • Description: WordPad is a simple text editor supplied with most versions of Microsoft Windows. WordPad is exposed to a remote denial of service issue when handling a specially crafted .doc file. The problem occurs when converting Word 97 format files for use in Wordpad.
  • Ref: http://www.securityfocus.com/bid/31399
  • 08.40.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft GDI+ "GDIPLUS.dll" ICO File Divide-By-Zero Denial of Service
  • Description: Microsoft GDI+ (graphics device interface) enables applications to use graphics and formatted text on the video display and on printers. The GDI+ library "GDIPLUS.dll" is exposed to a denial of service issue. When processing a malformed ICO file, a divide-by-zero exception can occur, causing the affected application to crash.
  • Ref: http://www.securityfocus.com/bid/31432
  • 08.40.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: NMS DVD Burning SDK "NMSDVDX.dll" ActiveX Control Arbitrary File Overwrite
  • Description: Numedia Soft NMS DVD Burning SDK is exposed to an issue that lets attackers overwrite files. This issue affects the "LogMessage()" method of the "NMSDVDX.dll" ActiveX control library because it fails to sanitize user-supplied input. Numedia Soft NMS DVD Burning SDK version 1.013C is affected.
  • Ref: http://www.securityfocus.com/bid/31372
  • 08.40.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: K-Lite Mega Codec Pack "vsfilter.dll" Denial of Service
  • Description: K-Lite Mega Codec pack is a collection of codec and related tools for playing movie files. When the "vsfilter.dll" library of the pack is installed on the affected computer, Windows Explorer will crash when processing a malformed ".flv" file.
  • Ref: http://www.securityfocus.com/bid/31400
  • 08.40.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: CCProxy Server HTTP "CONNECT" Request Buffer Overflow
  • Description: CCProxy is a proxy server for Microsoft Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the issue occurs when an overly large string is provided as the hostname with the "CONNECT" HTTP request. CCProxy version 6.61 is affected.
  • Ref: http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html
  • 08.40.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DATAC RealWin SCADA Server Remote Stack Buffer Overflow
  • Description: DATAC RealWin is a SCADA (Supervisory Control And Data Acquisition) server for Microsoft Windows platforms. RealWin is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. RealWin SCADA server version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496759
  • 08.40.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service
  • Description: Microsoft Windows Mobile is an operating system for smart phones and PDAs. It includes various embedded versions of applications, including Office and Internet Explorer. Windows Mobile is exposed to a denial of service issue because it fails to adequately validate user-supplied input. Windows Mobile version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31420
  • 08.40.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Win FTP Server "LSTR" Command Remote Denial of Service
  • Description: Win FTP Server is an FTP server application for Windows. The server is exposed to a remote denial of service issue because it fails to properly handle malformed "LSTR" requests. An authenticated attacker sending an exceptionally long parameter to the "LSTR" command may cause the server to become unresponsive, creating a denial of service condition. Win FTP Server version 2.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31421
  • 08.40.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ZoneAlarm HTTP Proxy Remote Denial of Service
  • Description: ZoneAlarm Internet Security Suite is a security suite for Microsoft Windows platforms. ZoneAlarm Internet Security Suite is exposed to a remote denial of service issue that occurs when interacting with an HTTP proxy server. ZoneAlarm Internet Security Suite version 8.0.020 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496764
  • 08.40.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell ZENworks Desktop Management ActiveX Control "CanUninstall()" Buffer Overflow
  • Description: Novell Zenworks Desktop Management is a framework for the management of Desktop workstations in enterprise environments. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. ZENworks Desktop Management version 6.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496786
  • 08.40.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinZip "gdiplus.dll" Microsoft Module Unspecified Security
  • Description: WinZip is exposed to an unspecified issue that stems from an error in the Microsoft "gdiplus.dll" component included with the application. WinZip version 11.x (prior to 11.2 SR-1) on Windows 2000 systems is affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
  • 08.40.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Autodesk DWF Viewer Control "AdView.dll" Arbitrary File Download
  • Description: Autodesk DWF Viewer Control is exposed to an issue that can allow malicious files to be downloaded and saved to arbitrary locations on an affected computer. "AdView.dll" version 9.0.0.96 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496847
  • 08.40.13 - CVE: Not Available17.2.56 is affected.
  • Platform: Third Party Windows Apps
  • Title: Autodesk "LiveUpdate16.DLL" ActiveX Control Arbitrary Program Execution
  • Description: Autodesk develops multiple applications related to computer-aided design. The Autodesk LiveUpdate Module "LiveUpdate16.DLL" ActiveX control is exposed to an issue that lets attackers execute arbitrary local programs. "LiveUpdate61.DLL" version
  • Ref: http://www.securityfocus.com/archive/1/496847
  • 08.40.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GdPicture Pro "gdpicture4s.ocx" ActiveX Control Arbitrary File Overwrite
  • Description: GdPicture Pro SDK is prone to a vulnerability that lets attackers overwrite files. This issue affects the "SaveAsPDF()" method of the "gdpicture4s.ocx" ActiveX control library because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31504
  • 08.40.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Flip4Mac WMV Vulnerability
  • Description: Flip4Mac WMV is a collection of components used for handling Windows Media files within QuickTime applications. The application is exposed to an unspecified vulnerability within Filp4Mac's Importer. Flip4Mac WMV versions prior to 2.2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/31505
  • 08.40.16 - CVE: CVE-2008-3637
  • Platform: Mac Os
  • Title: Apple Mac OS X Java Applet HMAC Provider Handling Remote Code Execution
  • Description: Apple Mac OS X is exposed to an issue that lets attackers run arbitrary code because the application fails to properly handle Java applets containing malicious values in the Hash-based Message Authentication Code (HMAC) provider. This issue arises as the application fails to properly handle errors and uses an uninitialized variable in the HMAC provider for generating MD5 and SHA-1 hashes. Mac OS X versions 10.5.5 and earlier, Mac OS X Server versions 10.5.5 and earlier, Mac OS X 10. versions 4.11 and earlier, and Mac OS X Server versions 10.4.11 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31379
  • 08.40.17 - CVE: CVE-2008-3638
  • Platform: Mac Os
  • Title: Apple Mac OS X Java Plug-in "file://" URL Handling Remote Code Execution
  • Description: Apple Mac OS X Java plug-in is exposed to a remote code execution issue. Specifically, the Java plug-in fails to block Java applets from launching "file://" URLs. Mac OS X versions 10.5.5 and earlier, Mac OS X Server versions 10.5.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31380
  • 08.40.18 - CVE: CVE-2008-4210
  • Platform: Linux
  • Title: Linux Kernel "truncate()" Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue. This issue is a result of the "truncate()" and "ftruncate()" functions not appropriately clearing the "suid" and "sgid" bits from files modified. The Linux kernel versions prior to 2.6.22-rc1 are affected.
  • Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
  • 08.40.19 - CVE: CVE-2008-0016
  • Platform: Cross Platform
  • Title: Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow
  • Description: Mozilla Firefox is a web browser available for multiple platforms. SeaMonkey is an all-in-one application suite. Firefox and SeaMonkey are exposed to a stack-based buffer overflow issue that affects URI parsing. Firefox versions prior to 2.0.0.17 and prior to SeaMonkey 1.1.12 are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
  • 08.40.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "create_function()" Code Injection Weakness
  • Description: PHP is a scripting language commonly used for web applications. PHP includes the function "create_function()". This function is used to create anonymous functions from user-supplied data. PHP is exposed to a code injection weakness as it fails to sufficiently sanitize input to "create_function()". PHP version 5.2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496728
  • 08.40.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Veritas NetBackup Java Administration GUI Remote Privilege Escalation
  • Description: Symantec Veritas NetBackup Server and Symantec Veritas NetBackup Enterprise Server are network-enabled backup solutions that are available for various platforms. The applications are exposed to a remote privilege escalation issue that occurs in the Java administration GUI (jnbSA).
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.09.24a.html
  • 08.40.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Carriage Return Remote Denial of Service
  • Description: Google Chrome is a web browser. The application is exposed to a remote denial of service issue because it fails to handle user-supplied input. Google Chrome versions 0.2.149.29 and 0.2.149.30 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496688
  • 08.40.23 - CVE: CVE-2008-3524
  • Platform: Cross Platform
  • Title: Fedora initscripts Arbitrary File Deletion
  • Description: The initscripts package consists of scripts that are used to boot and shutdown a system cleanly. The Fedora initscripts package is exposed to a file deletion issue. Specifically, the issue occurs because the "/etc/rc.sysinit" deletes all files present in the "/var/lock" and "/var/run" directory at the time of booting a system. initscripts version 8.76.3 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458652
  • 08.40.24 - CVE: CVE-2008-2474
  • Platform: Cross Platform
  • Title: ABB PCU400 Unspecified Remote Buffer Overflow
  • Description: ABB PCU400 is used to control Supervisory Control And Data Acquisition (SCADA) systems. ABB PCU400 is exposed to a remote buffer overflow issue. PCU400 versions 4.4, 4.5 and 4.6 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/343971
  • 08.40.25 - CVE: CVE-2008-4070
  • Platform: Cross Platform
  • Title: Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow
  • Description: Mozilla SeaMonkey is an Internet application suite. Thunderbird is an email client. Both applications ship with a newsgroup client. The applications are exposed to a remote heap-based buffer overflow issue because they fail to properly bounds check user-supplied data. Mozilla Thunderbird versions prior to 2.0.0.17 and Mozilla SeaMonkey versions prior to 1.1.12 are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-46.html
  • 08.40.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Lighttpd Duplicate Request Header Denial of Service
  • Description: The "lighttpd" program is a freely available webserver application. The application is exposed to a remote denial of service issue. Specifically, the issue is caused by a memory leak when handling multiple duplicate request headers. lighttpd versions prior to 1.4.20 are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=238180
  • 08.40.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark Packet Capture File Denial of Service
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. Wireshark is exposed to a denial of service issue which occurs in the source file "wtap.c". Wireshark version 1.0.3 is affected.
  • Ref: http://shinnok.evonet.ro/vulns_html/wireshark.html
  • 08.40.28 - CVE: CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
  • Platform: Cross Platform
  • Title: JasPer 1.900.1 Multiple Vulnerabilities
  • Description: JasPer is an implementation of the image codec specified in the JPEG-2000 standard. JasPer is exposed to multiple issues. Successful exploits of the temporary file race condition may allow the attacker to overwrite or corrupt files within the context of the affected application. JasPer version 1.900.1 is affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=222819
  • 08.40.29 - CVE: CVE-2008-3827
  • Platform: Cross Platform
  • Title: MPlayer "stream_read" Function Remote Heap-Based Buffer Overflow
  • Description: MPlayer is a movie player application that supports multiple media formats. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. MPlayer version 1.0 rc2 is affected.
  • Ref: http://www.ocert.org/advisories/ocert-2008-013.html
  • 08.40.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FileAlyzer Version Information Remote Stack-Based Buffer Overflow
  • Description: FileAlyzer is an application that allows users to analyze files. The application is exposed to a remote stack-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. FileAlyzer version 1.6.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31474
  • 08.40.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox User Interface Dispatcher Null Pointer Dereference Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue. A malicious HTML web page containing multiple "dispatchEvent()" and "initUIEvent()" JavaScript function calls may result in a NULL-pointer dereference when viewed in a vulnerable browser. Firefox version 3.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31476
  • 08.40.32 - CVE: CVE-2008-3542
  • Platform: Cross Platform
  • Title: Hewlett-Packard Insight Diagnostics Unspecified Unauthorized Access
  • Description: Hewlett-Packard Insight Diagnostics is a tool for performing hardware diagnostics. Insight Diagnostics is exposed to an unspecified unauthorized access issue. A remote attacker may exploit this issue to gain unauthorized access to files. Insight Diagnostics versions prior to 7.9.1.2402 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496810
  • 08.40.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xen XenStore Domain Configuration Data Unsafe Storage
  • Description: Xen is an open-source hypervisor or virtual machine monitor. Xen allows domains to share information by reading and writing from the XenStore shared database. Xen is exposed to an issue that results in configuration information being stored in a location that is writable by guest domains. Xen version 3.3 is affected.
  • Ref: http://lists.xensource.com/archives/html/xen-devel/2008-09/msg009 92.html
  • 08.40.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Bitweaver Multiple Cross-Site Scripting Vulnerabilities
  • Description: Bitweaver is a web application framework and content management system. The application is expsoed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. Bitweaver version 2.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31395
  • 08.40.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Connectra NGX "index.php" Cross-Site Scripting
  • Description: Connectra NGX is a VPN appliance, with a web-based management interface application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the "index.php" script. Connectra NGX R62 HFA_01, Hotfix 601, Builds 006 and 014 are affected.
  • Ref: http://www.securityfocus.com/bid/31369
  • 08.40.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 freeCap CAPTCHA Unspecified Cross-Site Scripting Vulnerability
  • Description: freeCap CAPTCHA (sr_freecap) is a CAPTCA plugin for TYPO3. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. freeCap CAPTCHA versions prior to 1.0.4 are affected.
  • Ref: http://www.securityfocus.com/bid/31371
  • 08.40.37 - CVE: CVE-2008-4120
  • Platform: Web Application - Cross Site Scripting
  • Title: FlatPress Multiple Cross-Site Scripting Vulnerabilities
  • Description: FlatPress is a PHP-based web log application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. FlatPress versions prior to 0.804.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496740
  • 08.40.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenNMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: OpenNMS is a Java-based application for managing networks and systems. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. OpenNMS versions prior to 1.5.94 are affected.
  • Ref: http://bugzilla.opennms.org/show_bug.cgi?id=2631
  • 08.40.39 - CVE: CVE-2008-4119
  • Platform: Web Application - Cross Site Scripting
  • Title: Computer Associates Service Desk Web Forms Multiple Cross-Site Scripting Vulnerabilities
  • Description: Computer Associates Service Desk is a web-based application used to manage service requests, incidents, problems, and changes. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to certain parameters in multiple web forms. Ref: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36694#section3
  • 08.40.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WhoDomLite "wholite.cgi" Cross-Site Scripting
  • Description: WhoDomLite is a web-based Whois lookup script implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "dom" parameter of the "wholite.cgi" script. WhoDomLite version 1.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31436
  • 08.40.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Lyrics Script "search_results.php" Cross-Site Scripting
  • Description: Lyrics Script is a PHP-based song lyric management application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input passed to the "k" parameter of the "search_results.php" script.
  • Ref: http://www.securityfocus.com/bid/31437
  • 08.40.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Clickbank Portal "search.php" Cross-Site Scripting
  • Description: Clickbank Portal is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "search.php" script.
  • Ref: http://www.securityfocus.com/bid/31438
  • 08.40.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Siteman "search.php" Cross-Site Scripting
  • Description: Siteman is a content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "Search" form field in the "search.php" script. Siteman version 1.1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/31439
  • 08.40.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Membership Script Multiple Cross-Site Scripting Vulnerabilities
  • Description: Membership Script is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31441
  • 08.40.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Recipe Script "search.php" Cross-Site Scripting
  • Description: Recipe Script is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "keyword" parameter of the "search.php" script.
  • Ref: http://www.securityfocus.com/bid/31442
  • 08.40.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: XAMPP for Windows "adodb.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: XAMPP for Windows is a package bundle containing the Apache webserver, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect unspecified text boxes in the "adodb.php" script. XAMPP version 1.6.8 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/31472
  • 08.40.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CAcert "analyse.php" Cross-Site Scripting
  • Description: CAcert is an open-source certificate authority. Their source code is available for download and is implemented in PHP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input within certificates that are parsed by the "analyse.php" script. CAcert source code released on or before September 21, 2008 is affected.
  • Ref: http://www.securityfocus.com/bid/31481
  • 08.40.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Wordpress MU "wp-admin/wp-blogs.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: WordPress MU allows users to generate news pages and web-logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "s" and "ip_address" parameters of the "wp-admin/wp-blogs.php" script. Wordpress MU versions prior to 2.6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496852
  • 08.40.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: InterTech WCMS "etemplate.php" SQL Injection
  • Description: InterTech Web Content Management System (WCMS) is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "etemplate.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31350
  • 08.40.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jetik.net ESA "KayitNo" Parameter Multiple SQL Injection Vulnerabilities
  • Description: ESA is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the following "KayitNo" parameters: "diger.php" and "sayfalar.php". ESA version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31352
  • 08.40.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ Auction Pro Platinum Skin #2 "detail.php" SQL Injection
  • Description: AJ Auction Pro Platinum Skin #2 is a look and feel plugin for AJ Auction Pro Platinum. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "item_id" parameter of the "detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31362
  • 08.40.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jadu CMS for Government "recruit_details.php" SQL Injection
  • Description: Jadu CMS for Government is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "recruit_details.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31376
  • 08.40.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Ajax Checklist Module Multiple SQL Injection Vulnerabilities
  • Description: Ajax Checklist is a PHP-based component for Drupal. It is used to add dynamic checklists into nodes. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Ajax Checklist versions prior to 5.x-1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496727
  • 08.40.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Brilliant Gallery Module Multiple SQL Injection Vulnerabilities
  • Description: Brilliant Gallery is a PHP-based component for Drupal. It is used for image management. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. All versions of Brilliant Gallery are affected.
  • Ref: http://drupal.org/node/313054
  • 08.40.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasyRealtorPRO "site_search.php" Multiple SQL Injection Vulnerabilities
  • Description: EasyRealtorPRO is a web-based Real-Estate listing application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "item", "search_ordermethod", and "search_order" parameters of "site_search.php". EasyRealtorPRO version 2008 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496744
  • 08.40.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RPG.Board "index.php" SQL Injection
  • Description: RPG.Board is a web-based forum application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "showtopic" parameter of the "index.php" script before using it in an SQL query. RPG.Board version 0.8 Beta 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496760
  • 08.40.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ultimate Webboard "webboard.php" SQL Injection
  • Description: Ultimate Webboard is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Category" parameter of the "webboard.php" script before using it in an SQL query. Ultimate Webboard version 3.00 is affected.
  • Ref: http://www.securityfocus.com/bid/31424
  • 08.40.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PromoteWeb MySQL "go.php" SQL Injection
  • Description: PromoteWeb MySQL is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "go.php script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31425
  • 08.40.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 212cafe Board "view.php" SQL Injection
  • Description: 212cafe Board is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "qID" parameter of the "view.php" script before using it in an SQL query. 212cafe Board version 0.07 is affected.
  • Ref: http://www.securityfocus.com/bid/31426
  • 08.40.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Conkurent Real Estate Manager "cat_id" Parameter SQL Injection
  • Description: Conkurent Real Estate Manager is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "index.php" script before using it in an SQL query. Real Estate Manager version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31443
  • 08.40.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joovili "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Joovili is a PHP-based application for social networking. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Joovili version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31444
  • 08.40.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Uploader Pro "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: E-Uploader Pro is a web-based uploader script. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. E-Uploader Pro version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31445
  • 08.40.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BitmixSoft PHP-Lance "show.php" SQL Injection
  • Description: PHP-Lance is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "show.php" script before using it in an SQL query. PHP-Lance version 1.52 is affected.
  • Ref: http://www.securityfocus.com/bid/31446
  • 08.40.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyCard "gallery.php" SQL Injection
  • Description: MyCard is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "gallery.php" script before using it in an SQL query. MyCard version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31447
  • 08.40.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZEEWAYS ZEELYRICS "bannerclick.php" SQL Injection
  • Description: ZEELYRICS is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "bannerclick.php" script before using it in an SQL query. ZEELYRICS version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31449
  • 08.40.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ParsaGostar ParsaWeb Multiple SQL Injection Vulnerabilities
  • Description: ParsaWeb is a web-based content management system. It is written in ASP.NET. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "default.aspx" script and the "txtSearch" field in the "Search" section.
  • Ref: http://www.securityfocus.com/archive/1/496799
  • 08.40.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPcounter "index.php" SQL Injection
  • Description: PHPcounter is a web-hit-counter. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter of the "index.php" script before using it in an SQL query. PHPcounter versions 1.3.2 and earlier versions are affected.
  • Ref: http://www.securityfocus.com/bid/31451
  • 08.40.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VBGooglemap Hotspot Edition Multiple SQL Injection Vulnerabilities
  • Description: VBGooglemap Hotspot Edition is a modification for vBulletin which allows integration with Google Maps. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "mapid" parameter of the "vbgooglemaphse.php" and "mapa.php" scripts. VBGooglemap Hotspot Edition version 1.0.3 is affected.
  • Ref: http://www.vbulletin.org/forum/showthread.php?t=114149
  • 08.40.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pilot Group eTraining "news_read.php" SQL Injection
  • Description: eTraining is a web-based learning management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news_read.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31455
  • 08.40.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pro Chat Rooms Multiple SQL Injection Vulnerabilities
  • Description: Pro Chat Rooms is a web-based chat room application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "gud" parameter of the "index.php" and "admin.php" scripts. Pro Chat Rooms version 3.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31463
  • 08.40.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion Freshlinks Module "linkid" Parameter SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue affecting the "freshlinks" module because it fails to sufficiently sanitize user-supplied data to the "linkid" parameter of the "infusions/freslinks_panel/index.php" script before using it in an SQL query. Ref: http://beta.phpfusion-mods.com/forum/viewthread.php?forum_id=13&thread_id=563&pid=10554
  • 08.40.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PG Matchmaking "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: PG Matchmaking is matchmaking and online dating software. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the following scripts: "news_read.php" and "gifts_show.php".
  • Ref: http://www.securityfocus.com/bid/31477
  • 08.40.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SG Real Estate Portal Local File Include and SQL Injection Vulnerabilities
  • Description: SG Real Estate Portal is a PHP-based real-estate application. The application is exposed to multiple input validation issues. The attacker can exploit the issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SG Real Estate Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31489
  • 08.40.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Rianxosencabos CMS "id" Parameter SQL Injection
  • Description: Rianxosencabos CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Rianxosencabos CMS version 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/31502
  • 08.40.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: QuidaScript BookMarks Favourites Script "id" Parameter SQL Injection
  • Description: QuidaScript BookMarks Favourites Script is a PHP-based application for managing bookmarks. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "view_group.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31506
  • 08.40.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Freeway Multiple SQL Injection Vulnerabilities
  • Description: Freeway is an open-source ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Freeway versions prior to 1.4.3.210 are affected.
  • Ref: http://www.openfreeway.org/download/change-log.html
  • 08.40.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eZoneScripts Adult Banner Exchange Website "click.php" SQL Injection
  • Description: eZoneScripts Adult Banner Exchange Website is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "targetid" parameter of the "click.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31510
  • 08.40.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Vikingboard "upload/index.php" Local File Include
  • Description: Vikingboard is a PHP-based bulletin board application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "task" parameter of the "upload/index.php" script. Vikingboard version 0.2 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/31393
  • 08.40.79 - CVE: Not Available
  • Platform: Web Application
  • Title: osCMax "test.html" Arbitrary File Upload
  • Description: osCMax is a web-based e-commerce application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the "fckeditor" module fails to properly verify file extensions before uploading files onto the web server. osCMax version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31351
  • 08.40.80 - CVE: Not Available
  • Platform: Web Application
  • Title: WebPortal CMS "index.php" Remote Code Execution
  • Description: WebPortal CMS is a web-based content manager. The application is exposed to an issue that lets remote attackers execute arbitrary code. The problem occurs because the application performs an "eval()" function call on user-supplied input. WebPortal CMS version 0.7.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31353
  • 08.40.81 - CVE: Not Available
  • Platform: Web Application
  • Title: web-cp "sendfile.php" Information Disclosure
  • Description: web-cp is a web-based control panel application. web-cp is exposed to an information disclosure issue because it fails to sufficiently sanitize user-supplied input to the "filelocation" parameter of the "sendfile.php" script. web-cp version 0.5.7 is affected.
  • Ref: http://www.securityfocus.com/bid/31371
  • 08.40.82 - CVE: Not Available
  • Platform: Web Application
  • Title: emergecolab "index.php" Local File Include
  • Description: emergecolab is a PHP-based application for blended collaborative learning. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "sitecode" parameter of the "connect/index.php" script. emergecolab version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31372
  • 08.40.83 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPcounter "defs.php" Local File Include
  • Description: PHPcounter is a web-hit-counter. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "l" parameter of the "defs.php" script. PHPcounter version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31373
  • 08.40.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Simplenews "Newsletter Categories" HTML Injection
  • Description: The Simplenews module is a module for Drupal that allows users to send and publish newsletters to users. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Newsletter categories" before using it in dynamically generated content.
  • Ref: http://drupal.org/node/312944
  • 08.40.85 - CVE: Not Available
  • Platform: Web Application
  • Title: MailWatch "docs.php" Local File Include
  • Description: MailWatch is a web-based front end for MailScanner. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "doc" parameter of the "docs.php" script. MailWatch version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31378
  • 08.40.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Observer "query" Parameter Multiple Remote Command Execution Vulnerabilities
  • Description: Observer is a web-based network management application. Observer is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately validate user-supplied input to the "query" parameter of the "whois.php" and "netcmd.php" scripts. Observer versions 0.3.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31381
  • 08.40.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Barcode Generator "image.php" Local File Include
  • Description: Barcode Generator is a web-based front end for MailScanner. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "code" parameter of the "image.php" script. Barcode Generator versions 2.0.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31382
  • 08.40.88 - CVE: Not Available
  • Platform: Web Application
  • Title: ADN Forum Cookie Authentication Bypass
  • Description: ADN Forum is a web-based forum application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. ADN Forum versions 1.0b and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/496741
  • 08.40.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Plugin Manager Security Bypass
  • Description: Plugin Manager is a module for Drupal that provides an interface to install themes and modules. The module is exposed to an issue that may allow users to bypass authentication and uninstall or remove modules installed with Plugin Manager. Plugin Manager versions prior to 6.x-1.2 are affected.
  • Ref: http://drupal.org/node/312898
  • 08.40.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Stock "stock quote" Page Authentication Bypass
  • Description: Stock is a module for Drupal that allows users to query price quotes and trading volume for various stock markets. The Stock module for Drupal is exposed to an authentication bypass issue. The problem stems from a design flaw in the menu permission that permits normal users to change the heading text at the top of the "stock quotes" page.
  • Ref: http://drupal.org/node/312923
  • 08.40.91 - CVE: Not Available
  • Platform: Web Application
  • Title: AJ Auction Pro SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: AJ Auction Pro is a web-based application. The application is exposed to multiple issues because it fails to adequately sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31390
  • 08.40.92 - CVE: Not Available
  • Platform: Web Application
  • Title: phpOCS "index.php" Local File Include
  • Description: phpOCS is a PHP-based application for managing online communities. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "act" parameter of the "index.php" script. phpOCS version 0.1-beta3 is affected.
  • Ref: http://www.securityfocus.com/bid/31392
  • 08.40.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Lansuite "design" Parameter Local File Include
  • Description: Lansuite is a PHP-based LAN party administration application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "design" parameter of the "index.php" script. Lansuite version v3.4 beta r1363 is affected.
  • Ref: http://www.securityfocus.com/bid/31402
  • 08.40.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Libra File Manager "fileadmin.php" Local File Include
  • Description: Libra File Manager is a PHP-based bulletin board application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "folder" parameter of the "fileadmin.php" script. Libra File Manager version 1.18 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496742
  • 08.40.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP infoBoard Cookie Authentication Bypass
  • Description: PHP infoBoard is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. PHP infoBoard v7.0 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/31404
  • 08.40.96 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP infoBoard "idcat" Parameter SQL Injection and HTML Injection Vulnerabilities
  • Description: PHP infoBoard is a web-based application. PHP infoBoard is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input. PHP infoBoard version 7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31405
  • 08.40.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Mass Downloader Malformed Executable Denial of Service
  • Description: Mass Downloader is a download management application. The application is exposed to a remote denial of service issue that affects the "massdown.dll" library when downloading malicious executable files. Mass Downloader version 2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/31406
  • 08.40.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Vikingboard "register.php" SQL Column Truncation Unauthorized Access
  • Description: Vikingboard is a web-based application. Vikingboard is exposed to an unauthorized access issue that stems from an SQL column-truncation issue. Vikingboard version 0.2 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/31408
  • 08.40.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Atomic Photo Album
  • Description: Atomic Photo Album is a web-based application. The application is exposed to multiple issues because it fails to adequately sanitize user-supplied input. Atomic Photo Album version 1.1.0pre4 is affected.
  • Ref: http://www.securityfocus.com/bid/31409
  • 08.40.100 - CVE: Not Available
  • Platform: Web Application
  • Title: openEngine "cms/system/openengine.php" Remote File Include
  • Description: openEngine is a web-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "oe_classpath" parameter of the "cms/system/openengine.php" script. openEngine versions 2.0 beta4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31413
  • 08.40.101 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Tivoli Netcool/Webtop Privilege Escalation
  • Description: IBM Tivoli Netcool/Webtop is a web-based application used to deliver graphical maps, tables, and event lists to a remote operator. The application is exposed to a privilege escalation issue. IBM Tivoli Netcool/Webtop versions prior to 2.1.0 Fix Pack 5 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21888
  • 08.40.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Libra File Manager Security Bypass
  • Description: Libra File Manager is a PHP-based application for managing files. Libra File Manager is exposed to an issue that may allow attackers to obtain potentially sensitive information. Libra File Manager version 1.18 is affected.
  • Ref: http://www.securityfocus.com/bid/31415
  • 08.40.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Barcode Generator "LSTable.php" Remote File Include
  • Description: Barcode Generator is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "class_dir" parameter of the "class/LSTable.php" script. Barcode Generator version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31419
  • 08.40.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Libra File Manager Cookie Authentication Bypass
  • Description: Libra File Manager is a PHP-based application for managing files. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Libra File Manager version 1.18 is affected.
  • Ref: http://www.securityfocus.com/bid/31422
  • 08.40.105 - CVE: Not Available
  • Platform: Web Application
  • Title: openEngine "filepool.php" Remote File Include
  • Description: openEngine is a web-based content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "oe_classpath" parameter of the "cms/classes/openengine/filepool.php" script. openEngine version 2.0 beta2 is affected.
  • Ref: http://www.securityfocus.com/bid/31423
  • 08.40.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Atomic Photo Album Cookie Authentication Bypass
  • Description: Atomic Photo Album is a web-based application implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Atomic Photo Album version 1.1.0pre4 is affected.
  • Ref: http://www.securityfocus.com/bid/31427
  • 08.40.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Esqlanelapse Cookie Authentication Bypass
  • Description: Esqlanelapse is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Esqlanelapse version 2.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31428
  • 08.40.108 - CVE: Not Available
  • Platform: Web Application
  • Title: The Gemini Portal Cookie Authentication Bypass
  • Description: The Gemini Portal is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. The Gemini Portal version 4.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496761
  • 08.40.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Crux Gallery "index.php" Cookie Authentication Bypass
  • Description: Crux Gallery is a PHP-based photo gallery. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Crux Gallery version 1.32 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496763
  • 08.40.110 - CVE: Not Available
  • Platform: Web Application
  • Title: The Gemini Portal "lang" Parameter Multiple Local File Include Vulnerabilities
  • Description: The Gemini Portal is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "lang" parameter of the following scripts: "page/forums/bottom.php" and "page/forums/category.php". The Gemini Portal version 4.7 is affected.
  • Ref: http://www.securityfocus.com/bid/31433
  • 08.40.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Siteman "members.txt" Information Disclosure
  • Description: Siteman is a PHP-based content manager. Siteman is exposed to an information disclosure issue because it fails to restrict access to sensitive information. Specifically, the file "data/members.txt" is by default available for viewing by remote attackers. Siteman version 1.1.11 is affected.
  • Ref: http://www.securityfocus.com/bid/31440
  • 08.40.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Yoxel "itpm_estimate.php" Multiple PHP Code Injection Vulnerabilities
  • Description: Yoxel is a web-based application used to provide product management tools. The application is exposed to issues that let attackers inject arbitrary PHP code. The problem occurs because the application fails to validate user-supplied input to the "proj_id" parameter at multiple places in the "itpm_estimate.php" script. Yoxel versions 1.23beta and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31448
  • 08.40.113 - CVE: Not Available
  • Platform: Web Application
  • Title: PowerPortal 2 "path" Parameter Directory Traversal
  • Description: PowerPortal 2 is a web-based application. Pivot is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "path" parameter. PowerPortal version 2.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/31454
  • 08.40.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Camera Life Arbitrary File Upload
  • Description: Camera Life is a web-based photo management application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the application fails to sanitize user-supplied input in the image upload section of the application. Camera Life version 2.6.2b4 is affected.
  • Ref: http://www.securityfocus.com/bid/31456
  • 08.40.115 - CVE: Not Available
  • Platform: Web Application
  • Title: PlugSpace "index.php" Local File Include
  • Description: PlugSpace is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "navi" parameter of the "index.php" script. PlugSpace version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31457
  • 08.40.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla Image Browser Component "index.php" Directory Traversal
  • Description: Image Browser is a gallery component for the Joomla content management system. Image Browser is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "folder" parameter of the "index.php" script when the option parameter is set to "com_imagebrowser". Image Browser version 0.1.5 is affected. Ref: http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,3506/Itemid,35/
  • 08.40.117 - CVE: Not Available
  • Platform: Web Application
  • Title: LnBlog "showblog.php" Local File Include
  • Description: LnBlog is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "plugin" parameter of the "pages/showblog.php" script. LnBlog versions 0.9.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31459
  • 08.40.118 - CVE: Not Available
  • Platform: Web Application
  • Title: X7 Chat "mini.php" Local File Include
  • Description: X7 Chat is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "help_file" parameter of the "help/mini.php" script. X7 Chat versions 2.0.1A1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31460
  • 08.40.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Concord Consortium CoAST "header.php" Remote File Include
  • Description: CoAST is a web-based application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "sections_file" parameter of the "coast/header.php" script. CoAST version 0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/31461
  • 08.40.120 - CVE: Not Available
  • Platform: Web Application
  • Title: BbZL.PhP Cookie Authentication Bypass
  • Description: BbZL.PhP is a web-based application implemented in PHP. It is used to deploy web portals. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. BbZL.PhP version 0.92 is affected.
  • Ref: http://www.securityfocus.com/bid/31462
  • 08.40.121 - CVE: Not Available
  • Platform: Web Application
  • Title: BbZL.PhP "lien_2" Parameter Directory Traversal
  • Description: BbZL.PhP is a web-based application implemented in PHP. It is used to deploy web portals. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "lien_2" parameter. BbZL.PhP version 0.92 is affected.
  • Ref: http://www.securityfocus.com/bid/31464
  • 08.40.122 - CVE: Not Available
  • Platform: Web Application
  • Title: RPG.Board Cookie Authentication Bypass
  • Description: RPG.Board is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. RPG.Board version 0.0.8 Beta2 is affected.
  • Ref: http://www.securityfocus.com/bid/31466
  • 08.40.123 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPJabbers Post Comments Cookie Authentication Bypass
  • Description: PHPJabbers Post Comments is a PHP-based application that allows users to post comments onto a web site. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. PHPJabbers Post Comments version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31467
  • 08.40.124 - CVE: Not Available
  • Platform: Web Application
  • Title: Events Calendar "header_setup.php" Multiple Remote File Include Vulnerabilities
  • Description: Events Calendar is PHP-based application that allows users to inform customers about events. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "component" and "path[docroot]" parameters of the "header_setup.php" script. Events Calendar version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31471
  • 08.40.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Easy PHP Calendar Add New Event HTML Injection
  • Description: Easy PHP Calendar is a PHP-based calendar application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "details:" field of the "Add New Event" page. Easy PHP Calendar version 6.3.25 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496796
  • 08.40.126 - CVE: Not Available
  • Platform: Web Application
  • Title: ArabCMS "rss.php" Local File Include
  • Description: ArabCMS is a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "rss" parameter of the "rss.php" script. ArabCMS version 2.0 beta 1 is affected.
  • Ref: http://www.securityfocus.com/bid/31480
  • 08.40.127 - CVE: CVE-2008-2831
  • Platform: Web Application
  • Title: Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
  • Description: Marshal MailMarshal SMTP is a security application for handling email content; it is designed for use on Microsoft Windows. The Spam Quarantine Management (SQM) component of the application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input before using it in dynamically generated content. MailMarshal SMTP versions 6.0 up to and including 6.3 are affected.
  • Ref: http://www.dcsl.ul.ie/marshal.htm
  • 08.40.128 - CVE: Not Available
  • Platform: Web Application
  • Title: MySQL Command Line Client HTML Special Characters HTML Injection
  • Description: MySQL is an open-source SQL database application available for multiple operating platforms. The application is exposed to an HTML injection issue because the command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content. Ref: http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability/
  • 08.40.129 - CVE: Not Available
  • Platform: Web Application
  • Title: eFront Multiple Arbitrary File Upload Vulnerabilities
  • Description: eFront is a PHP-based eLearning and Human Capital Development application. The application is exposed to multiple issues that allow remote attackers to upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issues occur because the application fails to sufficiently sanitize file extensions before uploading files onto the web server. eFront version 3.5.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496851
  • 08.40.130 - CVE: Not Available
  • Platform: Web Application
  • Title: MiNBank "minsoft_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: MiNBank (Micronation Banking System) is a role-playing game that simulates economics. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "minsoft_path" parameter of the "utility/utgn_message.php" and "utility/utdb_access.php" scripts. MiNBank version 1.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31492
  • 08.40.131 - CVE: Not Available
  • Platform: Web Application
  • Title: moziloWiki Prior to 1.0.2 Multiple Vulnerabilities
  • Description: moziloWiki is a PHP-based wiki application. The application is exposed to multiple issues. An attacker may leverage these issues to view arbitrary local files within the context of the web server, to execute arbitrary script code in the browser of an unsuspecting user, or to hijack a valid user's session. moziloWiki versions prior to 1.0.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496841
  • 08.40.132 - CVE: Not Available
  • Platform: Web Application
  • Title: moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
  • Description: moziloCMS is a PHP-based content manager. The application is exposed to multiple issues. An attacker may leverage these issues to view arbitrary local files within the context of the web server, to execute arbitrary script code in the browser of an unsuspecting user, or to hijack a valid user's session. moziloCMS versions prior to 1.10.3 are affected.
  • Ref: http://www.majorsecurity.de/index_2.php?major_rls=major_rls55
  • 08.40.133 - CVE: Not Available
  • Platform: Web Application
  • Title: SG Real Estate Portal Cookie Authentication Bypass
  • Description: SG Real Estate Portal is a PHP-based real estate application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. SG Real Estate Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31500
  • 08.40.134 - CVE: Not Available
  • Platform: Web Application
  • Title: Hardkap Pritlog "filename" Parameter File Disclosure
  • Description: Pritlog is a content manager. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input to the "filename" parameter of the "index.php" script when the "viewEntry()" function is used. Pritlog versions up to and including 0.4 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496880
  • 08.40.135 - CVE: Not Available
  • Platform: Web Application
  • Title: A4Desk Event Calendar "v" Parameter Remote File Include
  • Description: A4Desk Event Calendar is a web-based calender. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "v" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/31507
  • 08.40.136 - CVE: Not Available
  • Platform: Web Application
  • Title: EC-CUBE SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: EC-CUBE is an open-source system for creating shopping web sites. The application is exposed to multiple unspecified input-validation issues. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://jvn.jp/en/jp/JVN36085487/index.html
  • 08.40.137 - CVE: CVE-2008-3812
  • Platform: Network Device
  • Title: Cisco IOS AIC HTTP Transit Packet Remote Denial of Service
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS when configured for IOS firewall AIC (Application Inspection Control) with an HTTP application-specific policy is exposed to a denial of service issue that occurs when handling malformed HTTP transit packets.
  • Ref: http://www.securityfocus.com/archive/1/496703
  • 08.40.138 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco uBR10012 Router Default SNMP Community
  • Description: Cisco uBR10012 routers are high-performance network devices. The routers are exposed to a weak default configuration issue. Specifically, a default Simple Network Management Protocol (SNMP) community "private" with read and write access to the device is created when the router is configured for linecard redundancy. Cisco uBR10012 routers are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
  • 08.40.139 - CVE: CVE-2008-3808, CVE-2008-3809
  • Platform: Network Device
  • Title: Cisco IOS Protocol Independent Multicast (PIM) Multiple Denial of Service Vulnerabilities
  • Description: Cisco IOS is exposed to multiple remote denial of service issues because the software fails to properly handle malformed Protocol Independent Multicast (PIM) datagrams. Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
  • 08.40.140 - CVE: CVE-2008-3813
  • Platform: Network Device
  • Title: Cisco IOS Layer 2 Tunneling Protocol Denial of Service
  • Description: Cisco IOS is exposed to a remote denial of service issue in the Layer 2 Tunneling Protocol (L2TP). When processing a specially crafted L2TP packet, an affected device will reload, effectively denying service to legitimate users.
  • Ref: http://www.securityfocus.com/archive/1/496698
  • 08.40.141 - CVE: CVE-2008-3810, CVE-2008-3811
  • Platform: Network Device
  • Title: Cisco IOS NAT Skinny Call Control Protocol Multiple Remote Denial of Service Vulnerabilities
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS is exposed to multiple denial of service issues that occur in the SCCP. Specifically, these issues occur when handling a series of fragmented SCCP messages.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
  • 08.40.142 - CVE: CVE-2008-3804
  • Platform: Network Device
  • Title: Cisco IOS MPLS Forwarding Infrastructure Remote Denial of Service
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) is exposed to a denial of service issue that occurs when handling malicious packets in the software path, including transit packets.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml
  • 08.40.143 - CVE: CVE-2008-3799, CVE-2008-3800, CVE-2008-3801,CVE-2008-3802
  • Platform: Network Device
  • Title: Cisco IOS SIP Multiple Denial of Service Vulnerabilities
  • Description: Session Initiation Protocol (SIP) is a signaling protocol used to manage voice and video calls across IP networks. Devices running Cisco IOS with SIP enabled are exposed to multiple issues that attackers can exploit to cause denial of service conditions. The problems occur when processing a valid SIP message. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml
  • 08.40.144 - CVE: CVE-2008-3805
  • Platform: Network Device
  • Title: Cisco IOS Remote IPC Denial of Service
  • Description: Multiple Cisco products running Cisco IOS (Internetwork Operating System) are exposed to a denial of service issue when handling maliciously crafted UDP-based IPC traffic. The affected devices have an interprocess communication (IPC) service listening on IP addresses in the 127.0.0.0/8 range on UDP port 1975.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml
  • 08.40.145 - CVE: CVE-2008-2739
  • Platform: Network Device
  • Title: Cisco IOS IPS SERVICE.DNS Remote Denial of Service
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS IPS is exposed to a denial of service issue when processing certain IPS signatures in the "SERVICE.DNS" signature engine. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01556.shtml
  • 08.40.146 - CVE: CVE-2008-3798
  • Platform: Network Device
  • Title: Cisco IOS SSL Session Termination Remote Denial of Service
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS is exposed to a denial of service issue when handling SSL connections. Specifically, this issue is triggered when affected devices try to terminate SSL sessions.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
  • 08.40.147 - CVE: CVE-2008-3803
  • Platform: Network Device
  • Title: Cisco IOS MPLS VPN Information Disclosure
  • Description: Cisco IOS (Internetwork Operating System) is an operating system commonly used on Cisco routers and network switches. Cisco IOS is exposed to an information disclosure issue. This issue occurs with Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite).
  • Ref: http://www.securityfocus.com/archive/1/496712
  • 08.40.148 - CVE: CVE-2008-3800, CVE-2008-3801
  • Platform: Network Device
  • Title: Cisco Unified Communications Manager SIP Service Multiple Denial of Service Vulnerabilities
  • Description: Cisco Unified Communications Manager (CUCM) is a software-based call processing component of the Cisco IP telephony solution. The application was formerly named Unified CallManager. CUCM is exposed to multiple denial of service issues that affect the Session Initiation Protocol (SIP) service.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml
  • 08.40.149 - CVE: Not Available
  • Platform: Network Device
  • Title: Nokia PC Suite Remote Buffer Overflow
  • Description: Nokia PC Suite is an application for connecting a Nokia device to a PC. Nokia PC Suite is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/bid/31475

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Intense, fast paced. Modern day Sherlock Holmes!
-Cody Drake, Allstate Ins. Co.

Securing the Internet of Things - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU