Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 41
October 9, 2008

SANS Newsletters Home

Good news: We're getting our arms around the "Coolest jobs in Information Security" both to educate students who are considering jobs in security and to help people who want o see where they might take their careers. We've even identified the "Top Guns." If you want to see them (and even if you have already seen an earlier version) please go to http://www.surveymethods.com/EndUser.aspx?98BCD0CF99DECFC2 and help us rate them: Alan PS Novell and Opera are the tools with the most critical vulnerabilities this week.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 1
    • Third Party Windows Apps
    • 6 (#4)
    • Mac Os
    • 1
    • Linux
    • 5
    • HP-UX
    • 1
    • Cross Platform
    • 27 (#1, #2, #3)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 21
    • Web Application
    • 25

************************************************************************* TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/ cdi08/ - - Monterey (10/31-11/6) http://www.sans.org/ info/30738 - - Sydney Australia (10/27-11/1) http://www.sans.org/ sydney08/ - - Vancouver (11/17-11/22) http://www.sans.org/ vancouver08/ and in 100 other cites and on line any time: www.sans.org *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Mac Os
Linux
HP-UX
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Opera Multiple Vulnerabilities
  • Affected:
    • Opera versions prior to 9.60

  • Description: Opera is a popular cross-platform web browser and suite of internet applications. It contains multiple vulnerabilities in its handling of addresses and Java applets. A specially crafted address used in a redirection can result in a buffer overflow vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Full technical details for this vulnerability are publicly available. Additionally, a flaw in the handling of Java applets can result in an information-disclosure vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Multiple TCP Implementations Denial-of-Service
  • Affected:
    • Multiple TCP implementations

  • Description: TCP is the Transmission Control Protocol, one of the fundamental protocols of the Internet. Reports have surfaced indicating that several common implementations of the protocol suffer from a denial-of-service condition. No concrete details have been released for this vulnerability, but speculation has lead to various guesses and attempts. Current reports indicate that at least Microsoft WIndows, Apple Mac OS X, and Linux are vulnerable. It is unknown if firewalls can mitigate this vulnerability. Details of the vulnerability are expected to be revealed at the T2 security conference in mid-October.

  • Status: No confirmation.

  • References:
  • (4) HIGH: mIRC Private Message Handling Buffer Overflow
  • Affected:
    • mIRC versions 6.34 and prior

  • Description: mIRC is a popular Internet Relay Chat (IRC) client for Microsoft Windows. It contains a buffer overflow in its handling of the IRC "private message" (PRIVMSG) command. A specially crafted PRIVMSG command sent to a vulnerable client could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability. Private messages can be sent unsolicited in some networks.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 41, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.41.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Vista Local Denial of Service
  • Description: Microsoft Windows Vista is exposed to a local denial of service issue that arises due to an access violation in the exception handling routines of the operating system. Windows Vista Home Premium and Ultimate editions are affected.
  • Ref: http://www.securityfocus.com/bid/31570
  • 08.41.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Debian xsabre Insecure Temporary File Creation
  • Description: Debian xsabre is a game for the X11 windows system. Debian xsabre creates temporary files in an insecure manner. Specifically, the script "XRunSabre" writes to the file "/tmp/sabre.log" in an insecure fashion. Debian xsabre version 0.2.4b-23 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433996
  • 08.41.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ESET SysInspector "esiadrv.sys" Local Privilege Escalation
  • Description: ESET SysInspector is a diagnostic tool for the Windows NT operating system. ESET SysInspector is exposed to a local privilege escalation issue. This issue is a result of the application failing to sufficiently validate user-supplied pointers passed to input/output control (IOCTL) functions. ESET SysInspector version 1.1.1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31521/references
  • 08.41.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: mIRC "PRIVMSG" Buffer Overflow
  • Description: mIRC is a chat client for the IRC protocol. It is designed for Microsoft Windows based operating systems. mIRC is exposed to a buffer overflow issue that arises when the client handles a malformed "PRIVMSG" request from a server. mIRC version 6.34 is affected.
  • Ref: http://www.securityfocus.com/bid/31552
  • 08.41.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Vba32 Personal Antivirus Archive Parsing Denial of Service
  • Description: Vba32 Personal Antivirus is an antivirus application for the Microsoft Windows platform. The application is exposed to a denial of service issue due to an unspecified memory corruption error. An attacker can exploit this issue by supplying a malicious archive file. Vba32 Personal Antivirus versions in the 3.12.8 branch are affected.
  • Ref: http://www.securityfocus.com/bid/31560
  • 08.41.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: AyeView GIF Image Handling Denial of Service
  • Description: AyeView is an image viewer, converter and browser. It is available for Microsoft Windows platforms. AyeView is exposed to a remote denial of service issue. A specially-crafted GIF image may result in a crash when viewed in the application. AyeView version 2.20 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497045
  • 08.41.7 - CVE: CVE-2008-4384
  • Platform: Third Party Windows Apps
  • Title: iseemedia "LPControl.dll" LPViewer ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: iseemedia LPViewer is an ActiveX component included in the file "LPControl.dll". This ActiveX component was formerly developed by MGI Software and Roxio. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.kb.cert.org/vuls/id/848873
  • 08.41.8 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mail S/MIME Draft Message Encryption Weakness
  • Description: Apple Mail is an email client application for OS X. Apple Mail is exposed to a weakness related to its implementation of the S/MIME email encryption standard. When Mail is configured to store draft messages on an IMAP or Exchange email server in addition to using S/MIME encryption, draft messages are stored in an unencrypted format. Mail version 3.5 (929.4/929.2) is affected.
  • Ref: http://www.securityfocus.com/archive/1/497057
  • 08.41.9 - CVE: CVE-2007-6716
  • Platform: Linux
  • Title: Linux kernel "fs/direct-io.c" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue caused by a design error in the "fs/direct-io.c" driver. Specifically, the driver fails to properly zero-out the "dio" structure. Linux kernel versions prior to 2.6.23 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0885.html
  • 08.41.10 - CVE: CVE-2008-3832
  • Platform: Linux
  • Title: Fedora 8/9 Linux Kernel "utrace_control" NULL Pointer Dereference Denial of Service
  • Description: Fedora 8 and 9 Linux kernel is exposed to a local denial of service issue. This issue is due to a NULL-pointer dereference exception in the "utrace_control(2)" utility. An unprivileged local attacker can cause the kernel to crash by tracing the "init" process. Fedora 8 versions prior to kernel-2.6.26.5-28 and Fedora 9 versions prior to kernel-2.6.26.5-45 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3832
  • 08.41.11 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel LDT Selector Local Privilege Escalation and Denial of Service
  • Description: The Linux kernel is exposed to a local issue that may result in privilege escalation or a denial of service. This issue involves LDT (Local Descriptor Table) selectors in the VMI (Virtual Machine Interface). This issue occurs in the "vmi_write_ldt_entry()" function in the "arch/x86/kernel/vmi_32.c" source file. Linux kernel versions prior to 2.6.27-rc8-git5 running as a VMI guest are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1010
  • 08.41.12 - CVE: CVE-2008-3833
  • Platform: Linux
  • Title: Linux Kernel "generic_file_splice_write()" Local Privilege Escalation
  • Description: The Linux kernel is exposed to a local privilege escalation issue. This issue occurs because the "generic_file_splice_write()" function in the "fs/splice.c" source file fails to remove the S_ISUID and S_ISGID flags when splicing inodes. Linux kernel versions prior to 2.6.19-rc3 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=464450
  • 08.41.13 - CVE: CVE-2008-4477
  • Platform: Linux
  • Title: Debian mon "alert.d/test.alert" Insecure Temporary File Creation
  • Description: Debian mon is a tool for monitoring the availability of services running on a computer. Debian mon creates temporary files in an insecure manner. Specifically, the issue affects the "alert.d/test.alert" script.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496398
  • 08.41.14 - CVE: CVE-2008-3543
  • Platform: HP-UX
  • Title: HP-UX NFS/ONCplus Unspecified Remote Denial of Service
  • Description: HP-UX is a UNIX-based operating system. HP-UX is exposed to a remote denial of service issue due to an unspecified error related to NFS/ONCplus. The issue affects HP-UX B.11.31 running NFS/ONCplus version B.11.31_04 or earlier.
  • Ref: http://www.securityfocus.com/archive/1/497104
  • 08.41.15 - CVE: CVE-2008-2476
  • Platform: Cross Platform
  • Title: Multiple Vendors IPv6 Neighbor Discovery Protocol Implementation Address Spoofing
  • Description: Neighbor Discovery Protocol (NDP) is a protocol used in IPv6 to detect and locate routers and other "on-link" devices. Multiple vendors' IPv6 Neighbor Discovery Protocol (NDP) implementations are exposed to a security issue. The issue occurs when an affected router receives a neighbor solicitation request (ICMPv6 type 135 message) that is using a spoofed source IPv6 address and it is coming from a computer or device that is considered "on-link".
  • Ref: http://www.kb.cert.org/vuls/id/472363
  • 08.41.16 - CVE: CVE-2008-2439
  • Platform: Cross Platform
  • Title: Trend Micro OfficeScan and Worry-Free Business Security Multiple Vulnerabilities
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. Trend Micro OfficeScan and Worry-Free Business Security are exposed to multiple issues.
  • Ref: http://secunia.com/advisories/31343/
  • 08.41.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: vxFtpSrv CWD Command Buffer Overflow
  • Description: vxFtpSrv is an FTP server application available for Windows CE, Pocket PC and Windows Mobile. vxFtpSrv is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when handling excessively large amounts of data passed to the "CWD" FTP command. vxFtpSrv version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31532
  • 08.41.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Xerces-C++ "maxOccurs" XML Parsing Remote Denial of Service
  • Description: Xerces-C++ is a freely available XML parser implemented in C++. Xerces-C++ is exposed to a denial of service issue because it fails to handle specially crafted XML files when an overly large "maxOccurs" value is included in an XML schema. This issue occurs in the "ContentSpecNode::~ContentSpecNode()" function of the "ContentSpecNode.hpp" source file, and can be triggered when a "maxOccurs" value exceeds 200000. Xerces-C++ versions prior to 3.0.0 are affected.
  • Ref: http://xerces.apache.org/xerces-c/releases.html
  • 08.41.19 - CVE: Not Available10.0.12.10 are affected.
  • Platform: Cross Platform
  • Title: Adobe Flash Player SWF Version Null Pointer Dereference Denial of Service
  • Description: Adobe Flash Player Plugin is a web browser plugin for playing Flash media files. The application is exposed to a denial of service issue. Specifically, a NULL-pointer dereference error occurs when handling SWF files containing distinct version numbers. Adobe Flash Player Plugin versions 9.0.45.0, 9.0.112.0, 9.0.124.0 and
  • Ref: http://www.securityfocus.com/archive/1/496929
  • 08.41.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TCP/IP Protocol Stack Unspecified Remote Denial of Service
  • Description: The core TCP/IP protocol is exposed to a remote denial of service issue. The cause of this issue is unknown. Exploiting this issue allows remote attackers to trigger denial of service conditions. This issue affects multiple vendors' implementations of the TCP/IP stack.
  • Ref: https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html
  • 08.41.21 - CVE: CVE-2008-3626
  • Platform: Cross Platform
  • Title: Apple QuickTime "STSZ" Atoms Memory Corruption
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a memory corruption issue that arises when it handles specially crafted movie files. The problem occurs because of insufficient bounds checking of "STSZ" atoms. This issue affects QuickTime versions prior to 7.5.5 for OS X 10.4 and 10.5, for Microsoft Windows Vista, and for Windows XP SP2 and SP3. The issue also affects Apple TV versions from 1.0 up to and including 2.1.
  • Ref: http://www.securityfocus.com/archive/1/496162
  • 08.41.22 - CVE: CVE-2008-3629
  • Platform: Cross Platform
  • Title: Apple QuickTime PICT Denial of Service
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a denial of service issue. QuickTime versions prior to 7.5.5 are affected.
  • Ref: http://www.securityfocus.com/bid/31548
  • 08.41.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell eDirectory Multiple Buffer Overflow And Denial of Service Vulnerabilities
  • Description: Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server that also implements NCP (NetWare Core Protocol). Novell eDirectory is exposed to multiple issues. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application or cause denial of service conditions. eDirectory versions prior to 8.7.3 SP10 FTF1 are affected.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=3477912
  • 08.41.24 - CVE: CVE-2008-4422
  • Platform: Cross Platform
  • Title: libxml2 Denial of Service
  • Description: The libxml2 library is a freely available package that is used to parse and create XML content. The libxml2 library is exposed to a denial of service issue due to an error when handling files using entities in entity definitions. The libxml2 versions 2.7 prior to 2.7.2 are affected.
  • Ref: http://bugzilla.gnome.org/show_bug.cgi?id=554660#c1
  • 08.41.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RhinoSoft Serv-U FTP Server "sto con:1" Denial of Service
  • Description: Serv-U FTP Server is designed for use with Microsoft Windows operating systems. Serv-U FTP server is exposed to an unspecified denial of service issue. This issue occurs when handling a malformed "sto con:1" command. Serv-U FTP server version 7.2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31556
  • 08.41.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Serv-U FTP Server "rnto" Command Directory Traversal
  • Description: Serv-U FTP server is designed for use with Microsoft Windows operating systems. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. This issue occurs because the application fails to sanitize directory traversal strings (..) passed to the "rnto" command. Serv-U FTP server version 7.2.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31563
  • 08.41.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VMware Products In-Guest Privilege Escalation and Information Disclosure Vulnerabilities
  • Description: VMware is a set of server-emulation applications that are available for several platforms. Various VMware products are exposed to multiple issues that may allow attackers to gain elevated privileges in a guest operating system and disclose sensitive information. VirtualCenter versions prior to 2.5 Update 3 build 119838 are affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html
  • 08.41.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenNMS HTTP Response Splitting
  • Description: OpenNMS is an enterprise grade network management platform developed under the open source model. The application is exposed to an HTTP response splitting issue because it fails to sufficiently sanitize input to the "Location" item before using it in the HTTP headers. OpenNMS versions prior to 1.5.94 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497072
  • 08.41.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
  • Description: Dovecot is a mail-server application for Linux and UNIX-like operating systems. Dovecot ACL plugin is exposed to multiple issues. Attackers can exploit these issues to bypass certain mailbox restrictions and disclose potentially sensitive data; other attacks are also possible. Dovecot versions prior to 1.1.4 are affected.
  • Ref: http://www.dovecot.org/list/dovecot-news/2008-October/000085.html
  • 08.41.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Simple Machines Forum HTTP POST Request Filter Security Bypass
  • Description: Simple Machines Forum is online-community software. Simple Machines Forum (SMF) is exposed to a security bypass issue because it fails to sufficiently sanitize data contained in an HTTP POST request before displaying it onto a website. Simple Machine Forum version 1.1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/31594
  • 08.41.31 - CVE: CVE-2008-4421
  • Platform: Cross Platform
  • Title: MetaGauge Web Server Directory Traversal
  • Description: MetaGauge is a network monitoring and analysis tool for Microsoft Windows. MetaGauge includes an HTTP server to display gathered data. The included webserver is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. MetaGauge versions prior to 1.0.3.38 are exposed.
  • Ref: http://www.securityfocus.com/archive/1/497039
  • 08.41.32 - CVE: CVE-2008-4359
  • Platform: Cross Platform
  • Title: Lighttpd URI Rewrite/Redirect Information Disclosure
  • Description: Lighttpd is a freely available webserver application. Lighttpd is exposed to an information disclosure issue because it performs redirect operations on URIs prior to decoding them. This issue affects the "url.redirect" and "url.rewrite" configuration options. Lighttpd versions prior to 1.4.20 are affected.
  • Ref: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
  • 08.41.33 - CVE: CVE-2008-4360
  • Platform: Cross Platform
  • Title: Lighttpd "mod_userdir" Case Sensitive Comparison Security Bypass
  • Description: The "lighttpd" program is an open-source webserver application. The application is exposed to a security bypass issue that occurs in the "mod_userdir" module. This issue occurs on operating systems or file systems that perform case sensitive operations on filenames. "lighttpd" versions prior to 1.4.20 are affected.
  • Ref: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
  • 08.41.34 - CVE: CVE-2008-3834
  • Platform: Cross Platform
  • Title: D-Bus "dbus_signature_validate()" Type Signature Denial of Service
  • Description: D-Bus is a message bus system for applications to talk to one another. D-Bus is exposed to a local denial of service issue because the application fails to handle malformed signatures contained in messages. The issue occurs in the "dbus_signature_validate()" function of the "dbus-signature.c" source file when validating the type signature. D-BUS version 1.2.1 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3834
  • 08.41.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Internet Download Manager File Parsing Buffer Overflow
  • Description: Internet Download Manager is an application designed to increase the speed of downloading files from remote sites. It is designed to operate on Microsoft Windows operating systems. The application is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The vulnerability occurs when handling excessively large amounts of data within specially crafted files. Specifically, the "name" and "filename" values may be affected.
  • Ref: http://www.securityfocus.com/bid/31603
  • 08.41.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KDE Konqueror Font Color Assertion Denial of Service
  • Description: Konqueror is a browser included with the KDE desktop manager. KDE Konqueror is prone to a remote denial of service issue because it fails to handle specially crafted HTML "<font>" tags. Konqueror version 3.5.9 is affected.
  • Ref: http://www.securityfocus.com/bid/31605
  • 08.41.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Internet Shortcut Same Origin Policy Violation
  • Description: Mozilla Firefox is exposed to an issue that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy. Firefox versions 3.0.1 through 3.0.3 for Microsoft Windows are affected.
  • Ref: http://www.securityfocus.com/archive/1/497091
  • 08.41.38 - CVE: CVE-2008-3660
  • Platform: Cross Platform
  • Title: PHP FastCGI Module File Extension Denial of Service Vulnerabilities
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a denial of service issue because it fails to handle file requests with multiple dots preceding the file extension. PHP versions 4.4 prior to 4.4.9, and PHP versions 5.2 through 5.2.6 are affected.
  • Ref: http://www.openwall.com/lists/oss-security/2008/08/08/2
  • 08.41.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Skype Toolbars Extension for Firefox BETA Clipboard Security Weakness
  • Description: Skype Toolbars Extension for Firefox BETA provides Skype VOIP features to web browsers. The application is exposed to a security weakness that allows attackers to inject arbitrary content into a user's clipboard. This issue affects the "skype_tool.copy_num()" function, which permits arbitrary content to be appended to a user's clipboard by using the "+" operator. Skype Toolbars Extension for Firefox BETA version 2.2.0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/31613
  • 08.41.40 - CVE: CVE-2008-3826, CVE-2008-3828, CVE-2008-3829,CVE-2008-3830
  • Platform: Cross Platform
  • Title: Condor Prior to 7.0.5 Multiple Security Vulnerabilities
  • Description: Condor is a workload management system for UNIX and Windows operating platforms. Condor is exposed to multiple issues. It's exposed to a vulnerability related to the handling of user submitted jobs. A malicious user may submit a job such that it is run as an arbitrary non-root user. Condor versions prior to 7.0.5 are affected. Ref: http://www.cs.wisc.edu/condor/manual/ v7.0/8_3Stable_Release.html#sec:New-7-0-5
  • 08.41.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Flash Player Unspecified Clickjacking
  • Description: Adobe Flash Player is a software application for playing Flash media files. Adobe Flash Player is exposed to an issue that may allow an attacker to trick a victim into unknowingly clicking on a link or dialog.
  • Ref: http://www.adobe.com/support/security/advisories/apsa08-08.html
  • 08.41.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Celoxis Multiple Cross-Site Scripting Vulnerabilities
  • Description: Celoxis is a web-based project management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31514
  • 08.41.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: H-Sphere WebShell "actions.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: H-Sphere WebShell is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. H-Sphere WebShell version 4.3.10 is affected.
  • Ref: http://www.psoft.net/HSdocumentation/sysadmin/hsphere-webshell.html
  • 08.41.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WikyBlog Multiple Cross-Site Scripting Vulnerabilities
  • Description: WikyBlog is a wiki-blog application implemented in PHP and MySQL. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "key", "revNum", "to" and "user" parameters of the "index.php" script. WikyBlog version 1.7.1 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html
  • 08.41.45 - CVE: CVE-2008-2236
  • Platform: Web Application - Cross Site Scripting
  • Title: Blosxom "blosxom.cgi" Cross-Site Scripting
  • Description: Blosxom is a weblog application. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "flav" parameter of the "blosxom.cgi" script. Blosxom versions prior to 2.1.2 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=148044&amp;release_id=630149
  • 08.41.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Dreamcost HostAdmin "index.php" Cross-Site Scripting
  • Description: Dreamcost HostAdmin is a web hosting automation application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script. HostAdmin version 3.1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496935
  • 08.41.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenNMS "surveillanceView.htm" Cross-Site Scripting
  • Description: OpenNMS is a Java-based application for managing networks and systems. The application is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the "viewName" parameter of the "surveillanceView.htm" script. OpenNMS version 1.5.94 is affected.
  • Ref: http://www.opennms.org/documentation/ReleaseNotesUnStable.html
  • 08.41.48 - CVE: CVE-2008-4408
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki "useskin" Cross-Site Scripting
  • Description: MediaWiki is a PHP-based wiki application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "usekin" parameter. Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
  • 08.41.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Blue Coat WebFilter ICAP Patience Page Cross-Site Scripting
  • Description: Blue Coat WebFilter is a URI filtering application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the ICAP patience page, which is used to notify users that a requested object is being scanned. Blue Coat WebFilter versions 4.2, 5.2 and 5.3 are affected.
  • Ref: http://www.bluecoat.com/support/securityadvisories/icap_patience
  • 08.41.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AutoNessus "bulk_update.pl" Cross-Site Scripting
  • Description: AutoNessus is a Perl-based application that automates Nessus scans. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "remark" parameter of the "bulk_update.pl" script. AutoNessus versions prior to 1.2.2 are affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&amp;aid=2141884&amp;group_id=216367&amp;atid=1037394
  • 08.41.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Website Directory "index.php" Cross-Site Scripting
  • Description: Website Directory is a PHP-based application used for listing web sites in a gallery style. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "keyword" parameter of the "index.php" script when the "action" parameter is set to "search".
  • Ref: http://www.securityfocus.com/archive/1/496967
  • 08.41.52 - CVE: CVE-2008-4393
  • Platform: Web Application - Cross Site Scripting
  • Title: VeriSign Kontiki Delivery Management System "action" Parameter Cross-Site Scripting
  • Description: Kontiki Delivery Management System is used for faster delivery of high-quality contents. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "action" parameter. Kontiki Delivery Management System versions 5.0 and prior versions are affected.
  • Ref: http://seclists.org/fulldisclosure/2008/Oct/0054.html
  • 08.41.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nucleus CMS EUC-JP Cross-Site Scripting
  • Description: Nucleus CMS is a web-based content manager. The application is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Nucleus version 3.31 SP1 EUC-JP is affected.
  • Ref: http://japan.nucleuscms.org/item/47
  • 08.41.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPapp Knowledge Base "catid" Parameter SQL Injection
  • Description: ASPapp Knowledge Base is an ASP-based knowledge management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "content_by_cat.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31513
  • 08.41.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Discussion Forums 2k Multiple SQL Injection Vulnerabilities
  • Description: Discussion Forums 2k is a PHP-based forum application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Discussion Forums 2k version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31518
  • 08.41.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: noName CMS Multiple SQL Injection Vulnerabilities
  • Description: noName CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. noName CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31519
  • 08.41.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BMForum "plugins.php" SQL Injection
  • Description: BMForum is a forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tagname" parameter of the "plugins.php" script before using it in an SQL query. BMForum version 5.6 is affected.
  • Ref: http://www.securityfocus.com/bid/31522
  • 08.41.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eZoneScripts Link Trader Script "ratelink.php" SQL Injection
  • Description: eZoneScripts Link Trader Script is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lnkid" parameter of the "ratelink.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31526
  • 08.41.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenX "bannerid" SQL Injection
  • Description: OpenX is a web-based ad server. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bannerid" parameter of the "www/delivery/ac.php" script before using it in an SQL query. OpenX version 2.6.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497111
  • 08.41.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AdaptCMS Lite "check_user.php" SQL Injection
  • Description: AdaptCMS Lite is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user_name" parameter of the "includes/check_user.php" script before using it in an SQL query. AdaptCMS Lite version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31557
  • 08.41.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Full PHP Emlak Script "arsaprint.php" SQL Injection
  • Description: Full PHP Emlak Script is a web-based application. The application is exposed to an SQL injection issue that affects the "id" parameter of the "arsaprint.php" script.
  • Ref: http://www.securityfocus.com/bid/31558
  • 08.41.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IP Reg "login.php" SQL Injection
  • Description: IP Reg is an IPAM (IP Address Management) tool to keep track of assets, and nodes (IP addresses, MAC addresses, DNS aliases) within different subnets, over different locations or VLANs. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "user_name" parameter of the "login.php" script. IP Reg version 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31561
  • 08.41.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XAMPP for Windows "cds.php" SQL Injection
  • Description: XAMPP for Windows is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "cds.php" script file before using it in an SQL query. XAMPP version 1.6.8 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/31564
  • 08.41.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "triscoop_race_system" Module "raceid" Parameter SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue affecting the "triscoop_race_system" module because it fails to sufficiently sanitize user-supplied data to the "raceid" parameter of the "race_details.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31576
  • 08.41.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "recept" Module "kat_id" Parameter SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue affecting the "recept" module because it fails to sufficiently sanitize user-supplied data to the "kat_id" parameter of the "recept.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31578
  • 08.41.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "raidtracker_panel" Module "INFO_RAID_ID" Parameter SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue affecting the "raidtracker_panel" module because it fails to sufficiently sanitize user-supplied data to the "INFO_RAID_ID" parameter of the "infusions/raidtracker_panel/thisraidprogress.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31579
  • 08.41.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "manuals" Module "manual" Parameter SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue affecting the "manuals" module because it fails to sufficiently sanitize user-supplied data to the "manual" parameter of the "manuals.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31583
  • 08.41.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: geccBBlite "leggi.php" Parameter SQL Injection
  • Description: geccBBlite is PHP-based forum software. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "leggi.php" script before using it in an SQL query. geccBBlite version 2.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/6677
  • 08.41.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XAMPP for Windows "phonebook.php" SQL Injection
  • Description: XAMPP for Windows is a package bundle containing the Apache web server, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "phonebook.php" script file before using it in an SQL query. XAMPP version 1.6.8 for Windows is affected.
  • Ref: http://www.securityfocus.com/bid/31586
  • 08.41.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AmpJuke "index.php" SQL Injection
  • Description: AmpJuke is PHP-based application. It is used to manage and stream music files. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "special" parameter of the "index.php" script file before using it in an SQL query. AmpJuke version 0.7.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31592
  • 08.41.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Galerie "pic" Parameter SQL Injection
  • Description: Galerie is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pic" parameter of the "galerie.php" script file before using it in an SQL query. Galerie version 3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31593
  • 08.41.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Auto's "searchresults.php" SQL Injection
  • Description: PHP Auto's is a PHP-based application that is used to manage used car inventory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "searchresults.php" script before using it in an SQL query. PHP Auto's version 2.9.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31622
  • 08.41.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Select Development Solutions Multiple Products "view_cat.php" SQL Injection
  • Description: Multiple Select Development Solutions products are prone to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "v_cat" parameter of the "view_cat.php" script before using it in an SQL query. PHP Realtor version 1.5.0 and PHP Auto Dealer version 2.7.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31623
  • 08.41.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: YourOwnBux "usNick" Cookie Parameter SQL Injection
  • Description: YourOwnBux is PHP-based software for managing ad links. The application is exposed to an SQL injection vulnerability issue because it fails to sufficiently sanitize user-supplied data to the "usNick" cookie parameter of the "referrals.php" script. YourOwnBux version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31624
  • 08.41.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Crux Gallery "index.php" Local File Include
  • Description: Crux Gallery is a PHP-based photo gallery. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme" parameter of the "index.php" script. Crux Gallery version 1.32 is affected.
  • Ref: http://www.securityfocus.com/bid/31516
  • 08.41.76 - CVE: Not Available
  • Platform: Web Application
  • Title: MySQL Quick Admin "index.php" Local File Include
  • Description: MySQL Quick Admin is a web-based MySQL management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input submitted as the "language" cookie parameter to the "index.php" script. MySQL Quick Admin version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31517
  • 08.41.77 - CVE: Not Available
  • Platform: Web Application
  • Title: phpScheduleIt "reserve.php" Remote Code Execution
  • Description: phpScheduleIt is a web-based reservation and scheduling application implemented in PHP. The application is exposed to an issue that lets remote attackers execute arbitrary code. The problem occurs because the application performs an "eval()" function call on user-supplied input. phpScheduleIt version 1.2.10 is affected.
  • Ref: http://www.securityfocus.com/bid/31520
  • 08.41.78 - CVE: Not Available
  • Platform: Web Application
  • Title: RPortal "file_op" Parameter Remote File Include
  • Description: RPortal is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "file_op" parameter of the "index.php" script. RPortal version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496891
  • 08.41.79 - CVE: Not Available
  • Platform: Web Application
  • Title: phpscripts Ranking Script Cookie Authentication Bypass
  • Description: phpscripts Ranking Script is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.milw0rm.com/exploits/6649
  • 08.41.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Juniper ScreenOS HTML Injection
  • Description: ScreenOS is the operating system used by Juniper Netscreen firewall devices. ScreenOS is exposed to an HTML injection issue because its administrative web interface fails to sufficiently sanitize user-supplied input before using it in dynamically generated content. ScreenOS version 5.4.0r9.0 is affected.
  • Ref: http://www.layereddefense.com/netscreen01oct.html
  • 08.41.81 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki "$wgGroupPermissions" Configuration Security Bypass
  • Description: MediaWiki is a PHP-based wiki application. The application is exposed to a security bypass issue because the software fails to properly restrict access to certain functionality. This issue occurs because of weak comparisons for the "in_array" value in the "User::isAllowed()" function. This issue may be triggered when editing the "$wgGroupPermissions" attribute in the "LocalSettings.php" configuration file, which is generated during the installation process. MediaWiki versions prior to 1.13.2 are affected. Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-October/000078.html
  • 08.41.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Bux.to Clone Script Cookie Authentication Bypass
  • Description: Bux.to Clone Script is a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/31542
  • 08.41.83 - CVE: Not Available
  • Platform: Web Application
  • Title: OLIB7 WebView "infile" Parameter Local File Include
  • Description: OLIB7 WebView is a web-based application implemented Perl. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "infile" parameter. OLIB7 WebView version 2.5.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31544
  • 08.41.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Brilliant Gallery Module SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Brilliant Gallery is a PHP-based component for Drupal. It is used for managing images. The application is exposed to SQL injection and cross-site scripting issues. The SQL injection issues arise because the application inserts values from URLs directly into queries. The cross-site scripting issues arise because the application does not sanitize data supplied through unspecified parameters and scripts of the application. Brilliant Gallery 5.x versions prior to 5.x-4.2 are affected.
  • Ref: http://drupal.org/node/315919
  • 08.41.85 - CVE: Not Available
  • Platform: Web Application
  • Title: CCMS "skin" Parameter Multiple Local File Include Vulnerabilities
  • Description: CCMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. CCMS version 3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31566
  • 08.41.86 - CVE: CVE-2008-4279, CVE-2008-4278
  • Platform: Web Application
  • Title: Kwalbum "UploadItems" Parameter Arbitrary File Upload
  • Description: Kwalbum is a web-based photo application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the application fails to sanitize user-supplied input in the application's image-upload section. Kwalbum version 2.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31568
  • 08.41.87 - CVE: Not Available
  • Platform: Web Application
  • Title: pPIM "id" Parameter Local File Include
  • Description: pPIM is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "notes.php" script. pPIM version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31571
  • 08.41.88 - CVE: Not Available
  • Platform: Web Application
  • Title: JMweb "src" Parameter Multiple Local File Include Vulnerabilities
  • Description: JMweb is a PHP-based application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "src" parameter of the following scripts: "listen.php" and "download.php".
  • Ref: http://jesse-web.co.cc/?p=30
  • 08.41.89 - CVE: Not Available
  • Platform: Web Application
  • Title: FOSS Gallery Arbitrary File Upload
  • Description: FOSS Gallery is a web-based photo application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the application fails to enforce authentication in a proper manner. FOSS Gallery versions 1.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/497068
  • 08.41.90 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAbook Cookie Local File Include
  • Description: phpAbook is a PHP-based application for managing addresses and contacts. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input read from the "userInfo" parameter of a stored cookie before using it in the "include/config.inc.php" script. phpAbook versions up to and including 0.8.8b are affected.
  • Ref: http://www.securityfocus.com/bid/31581
  • 08.41.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Fastpublish CMS Local File Include and SQL Injection Vulnerabilities
  • Description: Fastpublish CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. Fastpublish CMS version 1.9999 d is affected.
  • Ref: http://www.securityfocus.com/bid/31582
  • 08.41.92 - CVE: Not Available
  • Platform: Web Application
  • Title: K9 Web Protection Authentication Bypass Vulnerabilities
  • Description: K9 Web Protection is a web-based application to filter content on home computers. The application is exposed to multiple authentication bypass issues. Specifically, an attacker can disable execution of JavaScript in the browser and access the following admin pages locally: http://127.0.0.1:2372/summary, http://127.0.0.1:2372/detail, http://127.0.0.1:2372/overrides, and http://127.0.0.1:2372/pwemail. K9 Web Protection version 4.0.230 Beta is affected.
  • Ref: http://seclists.org/fulldisclosure/2008/Oct/0070.html
  • 08.41.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Phorum Image Tag HTML Injection
  • Description: Phorum is a web-based forum application implemented in PHP. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input. Specifically, this issue occurs when processing specially crafted "IMG" tags. Phorum version 5.2.8 is affected.
  • Ref: http://www.securityfocus.com/bid/31589
  • 08.41.94 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Web Explorer Multiple Local File Include Vulnerabilities
  • Description: PHP Web Explorer is a PHP-based file explorer application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. PHP Web Explorer version 0.99b is affected.
  • Ref: http://www.securityfocus.com/archive/1/497046
  • 08.41.95 - CVE: Not Available
  • Platform: Web Application
  • Title: asiCMS "_ENV[asicms][path]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: asiCMS is a PHP-based web development framework. The application is exposed to multiple remote file include issses because it fails to sufficiently sanitize user-supplied input. asiCMS version 0.208 is affected.
  • Ref: http://www.securityfocus.com/bid/31601
  • 08.41.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Yerba "mod" Local File Include
  • Description: Yerba is a portal system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "mod" parameter before using it in the "index.php" script. Yerba versions up to and including 6.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497103
  • 08.41.97 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Quickr Denial of Service and Security Bypass Vulnerabilities
  • Description: IBM Lotus Quickr is web-based collaboration software designed for sharing documents and media. The application is exposed to a denial of service issue and security bypass issues. IBM Quickr versions prior to 8.1.0.1 are affected.
  • Ref: http://www-01.ibm.com/software/lotus/products/quickr/
  • 08.41.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Atarone Version 1.2.0 Multiple Input Validation Vulnerabilities
  • Description: Atarone is a PHP-based content manager. Since it fails to adequately sanitize user-supplied input, Atarone is exposed to multiple input validation issues. Atarone version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31610
  • 08.41.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Yerba SACphp 6.3 Multliple Remote Vulnerabilities
  • Description: SACphp is a module for the Yerba portal system. The application is exposed to multiple remote issues. Attackers can exploit these issues to gain unauthorized administrative access to the affected application, compromise the application, and obtain sensitive information. Yerba SACphp version 6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31619

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

It was the most interesting and educational training I've ever attended. I learned more in this week than in the past year.
-Michael McAndrews, Irwin Mortgage Corp.

Forensics 572

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"Just amazing content and instruction, it's really a 'must do' for any info sec professional."
- Mark Austin, PHH Mortgage