Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 42
October 16, 2008

SANS Newsletters Home

CA ArcServe once again joins Microsoft Windows and Office, and Apple in the spotlight for the most critical vulnerabilities discovered this past week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Windows
    • 8 (#1, #2, #3, #6, #8, #9)
    • Microsoft Office
    • 3 (#7)
    • Other Microsoft Products
    • 8
    • Third Party Windows Apps
    • 9 (#11)
    • Mac Os
    • 10 (#5)
    • Linux
    • 3
    • Unix
    • 2
    • Cross Platform
    • 29 (#4, #10)
    • Web Application - Cross Site Scripting
    • 2
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 21
    • Network Device
    • 3

*********** Sponsored By Rapid7 Inc. ***********

NeXpose Unified Vulnerability Management offers the broadest, deepest and most accurate vulnerability scanning across networks, databases and Web applications, helping companies understand the risk certain vulnerabilities can have on its IT environment and ensure its network complies with governmental regulations and corporate security policies. Get more information and a free 20 day evaluation. http://www.sans.org/ info/34243"> http://www.sans.org/ info/34243

************************************************************************* TRAINING UPDATE -- SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/ cdi08/ -- Monterey (10/31-11/6) http://www.sans.org/ info/30738 -- Sydney Australia (10/27-11/1) http://www.sans.org/ sydney08/ -- Vancouver (11/17-11/22) http://www.sans.org/ vancouver08/ and in 100 other cites and on line any time: www.sans.org

******************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (4) CRITICAL: Apple CUPS Remote Code Execution Vulnerability
  • Affected:
    • Apple CUPS versions prior to 1.3.9

  • Description: CUPS is the Common Unix Printing System, a cross-platform printer server and access system. The software was purchased by Apple, and it is an integral part of Apple Mac OS X, but it is available and installed by default on a number of Unix and Linux systems. It contains a flaw in its handling of certain input when processing HP-GL (HP Graphics Language) requests. A specially crafted print request containing malformed HP-GL data could trigger this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details for this vulnerability are available via source code analysis; a proof-of-concept is also publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-007)
  • Affected:
    • Apple Mac OS X versions 10.5.5 and prior
    • Apple Mac OS X Server versions 10.5.5 and prior

  • Description: Apple Mac OS X contains multiple vulnerabilities in a variety of components. Most of the vulnerabilities stem from older versions of third-party components installed as part of the operating system. However, vulnerabilities in the parsing of Microsoft Excel files and certain image file formats could trigger remote code execution vulnerabilities when the files are opened. The user may not be prompted before opening or viewing a malicious file. Vulnerabilities in third-party components range from remote code execution to cross-site scripting. Numerous local-only vulnerabilities are also addressed in this update. Note that this update also addresses the CUPS vulnerability, discussed above.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) CRITICAL: Computer Associates ARCServe Backup Multiple Vulnerabilities
  • Affected:
    • Computer Associates ARCServe Backup versions prior to r12.0 SP 1

  • Description: Computer Associates ARCServe Backup, a popular enterprise backup solution, contains multiple vulnerabilities. A flaw in the processing of Remote Procedure Call (RPC) requests can result in arbitrary command execution with the privileges of the vulnerable process. Additional vulnerabilities can lead to denials-of-service for a variety of subsystems. There are unconfirmed reports of an additional authentication bypass vulnerability. A working proof-of-concept for the remote command execution vulnerability is publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) HIGH: Microsoft Windows Internet Printing Service Remote Code Execution (MS08-062)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft WIndows Server 2008

  • Description: The Microsoft Windows Internet Printing Service is Microsoft's implementation of the Internet Printing Protocol (IPP). IPP is an open protocol used to access printers over a network. Microsoft IIS implements IPP as a service. This implementation contains an integer overflow vulnerability in its processing of IPP responses. A specially crafted request to an ISS server could cause it to connect to a malicious server, and thus exploit this vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that authentication is required to exploit this vulnerability in IIS's default configuration.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 42, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.42.1 - CVE: CVE-2008-4023
  • Platform: Windows
  • Title: Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution
  • Description: Lightweight Directory Access Protocol (LDAP) is a protocol that allows authorized users to view or update data in a meta directory. Active Directory is exposed to a remote code execution issue that arises because the application fails to handle specially crafted LDAP or LDAP over SSL (LDAPS) requests and fails to allocate memory in a proper manner.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-060.mspx
  • 08.42.2 - CVE: CVE-2008-4038
  • Platform: Windows
  • Title: Microsoft Windows SMB Buffer Underflow Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue. This is due to a buffer underflow condition in the SMB (Server Message Block) protocol implementation. The condition is caused by insufficient validation of particular file name lengths that are supplied by the client.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-063.mspx
  • 08.42.3 - CVE: CVE-2008-2250
  • Platform: Windows
  • Title: Microsoft Windows Kernel Window Creation Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue because the kernel fails to properly handle input passed from a parent window to a child window when a new window is created. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
  • 08.42.4 - CVE: CVE-2008-2252
  • Platform: Windows
  • Title: Microsoft Windows Kernel Memory Corruption Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. This issue occurs because the software fails to sufficiently validate user-supplied input passed from user mode to kernel mode.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
  • 08.42.5 - CVE: CVE-2008-2251
  • Platform: Windows
  • Title: Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. This issue occurs because the kernel fails to handle certain unspecified system calls from multiple threads.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-061.mspx
  • 08.42.6 - CVE: CVE-2008-3464
  • Platform: Windows
  • Title: Microsoft Windows AFD Driver Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that resides in the Ancillary Function Driver ("afd.sys"). The AFD component is responsible for managing the Winsock TCP/IP protocol. Since it is a system driver, it must run in kernel mode.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
  • 08.42.7 - CVE: CVE-2008-4036
  • Platform: Windows
  • Title: Microsoft Windows VAD Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue because of an error in how the system memory manager handles memory allocation in relation to Virtual Address Descriptors (VAD). A successful exploit will let a local attacker completely compromise an affected computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx
  • 08.42.8 - CVE: CVE-2008-1446
  • Platform: Windows
  • Title: Microsoft Windows Internet Printing Service Integer Overflow
  • Description: Microsoft Windows Internet Printing Protocol (IPP) is a standardized protocol for remotely managing print jobs. Microsoft Internet Printing Service is exposed to an integer overflow issue because the software fails to adequately handle malformed IPP data.
  • Ref: http://www.securityfocus.com/bid/31682
  • 08.42.9 - CVE: CVE-2008-3477
  • Platform: Microsoft Office
  • Title: Microsoft Excel Calendar Object Validation Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed compiled VBA projects containing Calendar objects. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
  • 08.42.10 - CVE: CVE-2008-3471
  • Platform: Microsoft Office
  • Title: Microsoft Excel BIFF File Format Parsing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to validate record values in Excel BIFF files.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-068/
  • 08.42.11 - CVE: CVE-2008-4019
  • Platform: Microsoft Office
  • Title: Microsoft Excel Formula Parsing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs when the application tries to process malformed formulas stored in spreadsheet cells.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-057.mspx
  • 08.42.12 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft PicturePusher "PipPPush.dll" ActiveX Control Arbitrary File Download
  • Description: Microsoft PicturePusher ActiveX control is for sharing images. The control is exposed to an issue that lets attackers download arbitrary files. This vulnerability leverages the "AddString" and "Post" attributes of the "PipPPush.dll" ActiveX control. "PipPPush.dll" version 7.00.0709 is affected. Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=774845&poid=
  • 08.42.13 - CVE: CVE-2008-3472
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Element Cross-Domain Security Bypass
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a cross-domain security bypass issue because it fails to enforce the same-origin policy. The issue occurs when handling an unspecified HTML element.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
  • 08.42.14 - CVE: CVE-2008-3473
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Event Handling Cross-Domain Security Bypass
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a cross-domain security bypass issue because it fails to enforce the same-origin policy. The issue occurs when handling unspecified events within a window object.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
  • 08.42.15 - CVE: CVE-2008-3475
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote memory corruption issue when handling an object that has not been properly initialized or has been deleted.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-069/
  • 08.42.16 - CVE: CVE-2008-3476
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote memory corruption issue when handling HTML objects that have not been properly initialized.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
  • 08.42.17 - CVE: CVE-2008-3466
  • Platform: Other Microsoft Products
  • Title: Microsoft Host Integration Server RPC Remote Code Execution
  • Description: Microsoft Host Integration Server is exposed to a remote code execution issue caused by an unspecified error in the Systems Network Architecture (SNA) service through a remote procedure call (RPC). Successfully exploiting this issue would allow an attacker to execute arbitrary code on an affected computer. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745
  • 08.42.18 - CVE: CVE-2008-3479
  • Platform: Other Microsoft Products
  • Title: Microsoft Message Queuing Service RPC Query Heap Corruption
  • Description: Microsoft Message Queuing (MSMQ) is a messaging protocol that allows applications running on disparate servers to communicate in a failsafe manner. The flaw occurs within an RPC function that fails to carry out sufficient sanity checks before using user-supplied data to calculate a heap allocation.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx
  • 08.42.19 - CVE: CVE-2008-3474
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Cross-Domain Information Disclosure
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a cross-domain information disclosure issue because it fails to enforce the same-origin policy.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-058.mspx
  • 08.42.20 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PC Tools Spyware Doctor Unspecified Denial of Service
  • Description: Spyware Doctor scans a PC for spyware. Spyware Doctor is exposed to an unspecified denial of service issue. This issue is triggered when attempting to remove certain threats from an infected system. Spyware Doctor version 6.0 is affected. Ref: http://www.symantec.com/security_response/writeup.jsp?docid=2003-050114-4908-99
  • 08.42.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Avaya one-X Desktop Edition SIP Remote Denial of Service
  • Description: Avaya one-X Desktop Edition is a softphone application that enables SIP-based (Session Initiation Protocol) endpoints on computers running the Microsoft Windows operating system. The application is exposed to a remote denial of service issue that occurs in SIP. Avaya one-X Desktop Edition version 2.1 is affected. Ref: http://www.voipshield.com/research-details.php?id=124&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.42.22 - CVE: CVE-2008-3814
  • Platform: Third Party Windows Apps
  • Title: Cisco Unity Remote Administration Authentication Bypass
  • Description: Cisco Unity is a voice and messaging platform for Microsoft Windows. Cisco Unity is exposed to an authentication bypass issue in its web administration interface. This issue occurs when the Unity server is configured to use anonymous authentication.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20081008-unity.shtml
  • 08.42.23 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Cisco Unity 7.0 Multiple Remote Vulnerabilities
  • Description: Cisco Unity is a voice and messaging platform for Microsoft Windows. Cisco Unity is affected to multiple remote issues. Multiple unspecified denial of service issues are reported in the Unity server. Cisco Unity version 7.0 is affected. Ref: http://www.voipshield.com/research-details.php?id=129&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.42.24 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinFTP Server "NLIST" Command Remote Denial of Service
  • Description: WinFTP Server is a multithreaded FTP server for Microsoft Windows. The application is exposed to a remote denial of service issue. Specifically, in the "PASV" mode, if an attacker supplies maliciously crafted data to the "NLIST" command, the issue is triggered. WinFTP version 2.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31686
  • 08.42.25 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lenovo Rescue and Recovery "tvtumon.sys" Heap Overflow
  • Description: Lenovo Rescue and Recovery is an application for Microsoft Windows. Lenovo Rescue and Recovery is exposed to a heap-based overflow issue that resides in the "tvtumon.sys" device driver. Lenovo Rescue and Recover version 4.20 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497277
  • 08.42.26 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: RaidenFTPD "MLST" Command Remote Denial of Service
  • Description: RaidenFTPD is an FTP server for Microsoft Windows. RaidenFTPD is exposed to a remote denial of service issue that occurs in the handling of the "MLST" command when used in conjunction with the "CWD" command and malicious arguments. RaidenFTPD version 2.4 build 3620 is affected.
  • Ref: http://www.securityfocus.com/bid/31741
  • 08.42.27 - CVE: CVE-2008-4385
  • Platform: Third Party Windows Apps
  • Title: Husdawg System Requirements Lab ActiveX Control Unspecified Remote Code Execution
  • Description: Husdawg System Requirements Lab ActiveX control is a browser component that is used to analyze hardware and software on the computer it runs. The control is exposed to a remote code execution issue due to unspecified errors.
  • Ref: http://www.microsoft.com/technet/security/advisory/956391.mspx
  • 08.42.28 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Titan FTP Server "SITE WHO" Command Remote Denial of Service
  • Description: Titan FTP Server is an FTP server application available for Microsoft Windows. Titan FTP Server is exposed to a remote denial of service issue that occurs when handling malformed data passed to the "SITE WHO" FTP server command. Titan FTP Server version 6.26 build 630 is affected.
  • Ref: http://www.securityfocus.com/bid/31757
  • 08.42.29 - CVE: CVE-2008-4211
  • Platform: Mac Os
  • Title: Apple OS X QuickLook Excel File Integer Overflow
  • Description: Apple OS X QuickLook is a file preview feature. The application is exposed to an integer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31707
  • 08.42.30 - CVE: CVE-2008-4212
  • Platform: Mac Os
  • Title: Apple Mac OS X "hosts.equiv" Security Bypass
  • Description: Apple Mac OS X is an operating system for Apple computers. Apple Mac OS X is exposed to a security bypass issue that may allow remote attackers unexpected access to affected computers. Attackers may exploit this issue to login as the root user without authentication from specific trusted hosts.
  • Ref: http://www.securityfocus.com/bid/31708
  • 08.42.31 - CVE: CVE-2008-3645
  • Platform: Mac Os
  • Title: Apple Mac OS X "configd" EAPOLController Plugin Local Heap Based Buffer Overflow
  • Description: Apple Mac OS X is exposed to a local heap-based buffer overflow issue because it fails to adequately bounds check user-supplied input. This issue affects the Inter-Process Communication (IPC) component of the EAPOLController plugin of the "configd" daemon.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.32 - CVE: CVE-2008-3642
  • Platform: Mac Os
  • Title: Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow
  • Description: Apple Mac OS X is exposed to a remote buffer overflow issue that occurs in ColorSync. This issue occurs because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed image files that contain an embedded ICC profile.
  • Ref: http://www.securityfocus.com/bid/31715
  • 08.42.33 - CVE: CVE-2008-4214
  • Platform: Mac Os
  • Title: Apple Script Editor Unspecified Insecure Temporary File Creation
  • Description: Apple Script Editor is an editor for Apple Script code for the Mac OS X operating system. Apple Script Editor is exposed to an insecure temporary file creation issue related to application scripting dictionary files.
  • Ref: http://www.securityfocus.com/bid/31716
  • 08.42.34 - CVE: CVE-2008-4215
  • Platform: Mac Os
  • Title: Apple Mac OS X Server Weblog Access Control List Security Bypass
  • Description: Apple Mac OS X Server is an operating system for Apple computers. Apple Mac OS X Server Weblog is exposed to a security bypass issue because it may fail to properly save ACLs (Access Control Lists). Mac OS X Server versions 10.4 through 10.4.11 is affected.
  • Ref: http://www.securityfocus.com/bid/31718
  • 08.42.35 - CVE: CVE-2008-3647
  • Platform: Mac Os
  • Title: Apple PSNormalizer PostScript Buffer Overflow
  • Description: PSNormalizer is an application for processing PostScript files. The application is exposed to a buffer overflow issue that arises when the application handles specially-crafted PostScript files. Specifically, the issue is caused by PSNormalizer's handling of the bounding-box comment in PostScript files.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.36 - CVE: CVE-2008-3643
  • Platform: Mac Os
  • Title: Apple Finder Denial of Service
  • Description: Apple Finder is responsible for the overall user-management of files, disks, network volumes and the launching of other applications on Mac systems. The application is exposed to a denial of service issue. Specifically, this vulnerability occurs when the application attempts to create an icon for maliciously crafted files which are located on the desktop. Mac OS X versions v10.5.5 and Mac OS X Server v10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.37 - CVE: CVE-2008-3646
  • Platform: Mac Os
  • Title: Apple Mac OS X 10.5 Postfix Security Bypass
  • Description: Apple Mac OS X Postfix is an open-source email server. The application is exposed to a security bypass issue that arises because Postfix remains accessible from the network for a period of one minute after a local command-line tool is used to send mail. Mac OS X v10.5 is affected.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.38 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X 10.5 "launchd" Unspecified Security Bypass
  • Description: Apple Mac OS X "launchd" is an open-source email server. An application's request to execute in a sandbox may fail due to an unspecified issue in "launchd". Mac OS X v10.5 is affected.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.39 - CVE: CVE-2008-4394
  • Platform: Linux
  • Title: Gentoo "sys-apps/portage" Search Path Local Privilege Escalation
  • Description: Gentoo "sys-apps/portage" is a package manager for installing, compiling, and updating packages through the Gentoo rsync tree. Gentoo sys-app/portage is exposed to a local privilege escalation issue. This issue occurs because the application fails to change the current working directory when using the "emerge" command line tool.
  • Ref: http://www.securityfocus.com/bid/31670
  • 08.42.40 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel SCTP INIT-ACK AUTH Extension Remote Denial of Service
  • Description: The Linux kernel is exposed to a remote denial of service issue because it fails to handle mismatched SCTP AUTH extension settings between peers. This issue occurs when certain INIT-ACK packets are received, indicating that the peer doesn't support AUTH. Linux kernel versions prior to 2.6.27-rc6-git6 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1039
  • 08.42.41 - CVE: Not Available
  • Platform: Linux
  • Title: Debian chm2pdf Insecure Temporary File Creation
  • Description: Debian chm2pdf is a python script for converting CHM files into PDF files. The application creates temporary directories in an insecure manner. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. chm2pdf version 0.9.1 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959
  • 08.42.42 - CVE: CVE-2008-3641
  • Platform: Unix
  • Title: CUPS "HP-GL/2" Filter Remote Code Execution
  • Description: CUPS, Common UNIX Printing System, is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to a remote code execution issue due to an error in the "HP-GL/2" filter. CUPS versions prior to 1.3.9 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-067/
  • 08.42.43 - CVE: Not Available
  • Platform: Unix
  • Title: CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to multiple issues because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. CUPS versions prior to 1.3.9 are affected.
  • Ref: http://www.securityfocus.com/bid/31689
  • 08.42.44 - CVE: CVE-2008-3545
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager "ovtopmd" Variant Unspecified Denial of Service
  • Description: HP OpenView Network Node Manager is a fault management application for IP networks. The application is exposed to an unspecified denial of service issue affecting the "ovtopmd" component. HP OpenView Network Node Manager versions 7.01, 7.51, and 7.53 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497187
  • 08.42.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hero DVD Player ".m3u" File Buffer Overflow
  • Description: Hero DVD Player is a media file player. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue occurs in the "Mplayer.exe" file when it fails to handle malformed ".m3u" files. Hero DVD Player version 3.0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/31627
  • 08.42.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser Remote Code Execution and Security Bypass Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to the multiple security issues. Opera versions prior to 9.60 are affected.
  • Ref: http://www.opera.com/support/search/view/901/
  • 08.42.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nortel MCS 5100 UFTP Multiple Denial of Service Vulnerabilities
  • Description: Nortel Multimedia Communications Server (MCS) 5100 is exposed to multiple denial of service issues. These issues result from a failure to handle certain UNIStem File Transfer Protocol (UFTP) data. MCS 5100 versions in the 3.0 series are affected. Ref: http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=774845&poid=
  • 08.42.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avaya IP Softphone Remote Denial of Service
  • Description: Avaya IP Softphone is a commercially available IP telephony application. Avaya IP Softphone is exposed to a denial of service issue that occurs when handling large amounts of data. This issue occurs when the application binds to a group of five consecutive TCP ports. Avaya IP Softphone version 6.0 SP4 is affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm
  • 08.42.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avaya Communication Manager Web Server Configuration Unauthorized Access
  • Description: Avaya Communication Manager is a messaging application. Avaya Communication Manager is exposed to an unauthorized access issue caused by a configuration error in the application's web server. Ref: http://www.voipshield.com/research-details.php?id=123&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.42.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Cached Java Applet Privilege Escalation
  • Description: Opera is a web browser application available for various operating systems. A security bypass issue may allow attackers to execute cached Java applets. As a result, the applet can run in the local context. Opera versions prior to 9.60 are affected.
  • Ref: http://www.opera.com/support/search/view/902/
  • 08.42.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DFFFrameworkAPI "DFF_config[dir_include]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: DFFFrameworkAPI is an application programming interface for developing price comparison shopping sites. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31644
  • 08.42.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Graphviz Graph Parser Remote Stack Buffer Overflow
  • Description: Graphviz is graph visualization software. Graphviz is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs in the "push_subg()" function in the "lib/graph/parser.y" source file. Graphviz version 2.20.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497150
  • 08.42.53 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Drupal EveryBlog Module Multiple Unspecified Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. The EveryBlog module is used for creating blogs. The EveryBlog module for Drupal is exposed to multiple issues. EveryBlog up to and including version 2.0 is affected.
  • Ref: http://drupal.org/node/318746
  • 08.42.54 - CVE: Not Available
  • Platform: Cross Platform
  • Title: YaCy Multiple Unspecified Vulnerabilities
  • Description: YACY is a peer-to-peer search engine application implemented in Java. It is freely available under the GNU public license. The application is exposed to multiple issues due to unspecified errors. YaCy versions prior to 0.61 are affected. Ref: http://freshmeat.net/projects/yacy/?branch_id=51198&release_id=286006
  • 08.42.55 - CVE: CVE-2008-4397, CVE-2008-4398, CVE-2008-4399,CVE-2008-4400
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
  • Description: Computer Associates ARCserve Backup products provide backup and restore protection for Windows, NetWare, Linux, and UNIX servers as well as Windows, Mac OS X, Linux, UNIX, AS/400, and VMS clients. The application is exposed to multiple remote issues. Ref: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
  • 08.42.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System Web Proxy Server FTP Subsystem Heap Based Buffer Overflow
  • Description: Sun Java System Web Proxy Server is a proxy server developed by Sun Microsystems. Sun Java System Web Proxy Server is exposed to a heap-based buffer overflow issue because the application fails to check user-supplied data before copying it into an insufficiently sized buffer. Specifically the issue affects the FTP subsystem. Sun Java System Web Proxy Server versions 4.0 up to and including 4.0.7 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1
  • 08.42.57 - CVE: CVE-2008-1678
  • Platform: Cross Platform
  • Title: OpenSSL "zlib" Compression Memory Leak Remote Denial of Service
  • Description: OpenSSL is an open-source cryptography library. This library is exposed to a remote denial of service issue. Attackers can leverage this issue to crash an application which uses this library by consuming available memory, denying service to legitimate users. This issue is caused by a memory leak in the "zlib_stateful_init()" function of the "crypto/comp/c_zlib.c" source file. OpenSSL versions 0.9.8f through 0.9.8h are affected.
  • Ref: http://support.apple.com/kb/HT3216
  • 08.42.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KDE Konqueror JavaScript "load" Function Denial of Service
  • Description: KDE Konqueror is a web browser included with the KDE desktop manager. Konqueror is exposed to a remote denial of service issue because it fails to handle specially-crafted JavaScript code. Specifically, the "load" function containing an empty argument can cause the application to crash. Konqueror version 3.5.9 is affected.
  • Ref: http://www.securityfocus.com/bid/31696
  • 08.42.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NoticeWare Email Server NG "PASS" Command Remote Denial of Service
  • Description: NoticeWare Email Server NG is an email server for the Microsoft Windows platform. The application is exposed to a remote denial of service issue. Specifically, if an attacker supplies an excessive amount of data to the "PASS" POP3 command, the server may crash. NoticeWare Email Server NG version 5.1.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31697
  • 08.42.60 - CVE: CVE-2008-3271
  • Platform: Cross Platform
  • Title: Apache Tomcat "RemoteFilterValve" Security Bypass
  • Description: Apache Tomcat is a Java based web server application for multiple operating systems. Tomcat uses Valve components to process remote requests. An issue exists with valves derived from the "RemoteFilterValve" class. Tomcat versions 4.1.0 through 4.1.32 and 5.5.0 are affected.
  • Ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
  • 08.42.61 - CVE: CVE-2008-3905
  • Platform: Cross Platform
  • Title: Ruby "resolv.rb" Predictable Transaction ID and Source Port DNS Spoofing
  • Description: Ruby is an object-oriented scripting language. Ruby is exposed to a DNS-spoofing issue because the software fails to securely implement random values when performing DNS queries. Specifically, this issue occurs because "resolv.rb" uses sequential DNS transaction IDs and fixed source port values for DNS requests. Ref: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
  • 08.42.62 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nokia Web Browser for S60 Infinite Array Sort Denial of Service
  • Description: Nokia Web Browser for S60 is a web-browser application for phones, PDAs, and other mobile devices manufactured by Nokia. Nokia Browser is exposed to a denial of service issue when handling malicious HTML files. In particular, this issue occurs when attempting to process a malicious JavaScript function embedded in a HTML file.
  • Ref: http://www.securityfocus.com/archive/1/497224
  • 08.42.63 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GuildFTPd "LIST" Command Heap Overflow
  • Description: GuildFTPd is a Windows based FTP server. GuildFTPd is exposed to a heap-based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. GuildFTPd versions 0.999.8.11 and v0.999.14 are affected.
  • Ref: http://www.securityfocus.com/bid/31729
  • 08.42.64 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XM Easy Personal FTP Server "NSLT" Command Remote Denial of Service
  • Description: XM Easy Personal FTP Server is an FTP server for Microsoft Windows. XM Easy Personal FTP Server is exposed to a remote denial of service issue that occurs in the handling of the "NLST" command with the "-l" argument. XM Easy Personal FTP Server version 5.6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31739
  • 08.42.65 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Database Server "CREATE ANY DIRECTORY" Privilege Escalation
  • Description: Oracle Database Server is an enterprise database server system available for multiple operating platforms. Oracle is exposed to a privilege escalation issue. A database user with the "CREATE ANY DIRECTORY" privilege may create a directory pointing to the existing database password file. Oracle Database versions 10.1, 10.2 and 11g are affected. Ref: http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba/
  • 08.42.66 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Websense Reporter "CreateDbInstall.log" Local Information Disclosure
  • Description: Websense Reporter is a reporting system that works with Websense Enterprise. The application is exposed to a local information disclosure issue because it fails to securely store sensitive data. Specifically, the SQL administrator's login and password are stored in plain-text in the "CreateDbInstall.log" log file. Websense Reporter version 6.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31746
  • 08.42.67 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox ".url" Shortcut Processing Information Disclosure
  • Description: Mozilla Firefox is exposed to an information disclosure issue when processing ".url" shortcut files in HTML elements. An attacker can exploit the issue to disclose sensitive information such as browser cache files, cookie data or local file system details. Mozilla Firefox versions 3.0.1, 3.0.2 and 3.0.3 are affected.
  • Ref: http://liudieyu0.blog124.fc2.com/blog-entry-6.html
  • 08.42.68 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM ENOVIA Security Bypass
  • Description: IBM ENOVIA is Product Lifecycle Management software from IBM. The application is exposed to an unspecified security bypass issue. ENOVIA versions prior to V5R18 SP5 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27012567
  • 08.42.69 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Solstice AdminSuite "sadmind" "adm_build_path()" Remote Stack Buffer Overflow
  • Description: Sun Solstice AdminSuite is a set of remote tools used for system administration. Sun Solstice AdminSuite is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/497311
  • 08.42.70 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Etype Eserv FTP "ABOR" Command Remote Stack-Based Buffer Overflow
  • Description: Etype Eserv is a server which handles multiple protocols, including FTP. Eserv is developed for Microsoft Windows. Eserv is exposed to a remote stack-based buffer overflow issue that results from a failure to handle excessively long parameters to the "ABOR" command. Eserv version 3.26 is affected.
  • Ref: http://www.securityfocus.com/bid/31753
  • 08.42.71 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player XSPF Playlist Memory Corruption
  • Description: VLC is a cross-platform media player. VLC is exposed to a heap-based memory corruption issue because it fails to perform adequate checks on user-supplied input. This occurs within the "demux/playlist/xspf.c" source file when parsing XSPF playlist files. VLC media player versions prior to 0.9.3 are affected.
  • Ref: http://www.securityfocus.com/bid/31757
  • 08.42.72 - CVE: CVE-2008-0019
  • Platform: Cross Platform
  • Title: Oracle Weblogic Server Apache Connector Stack-Based Buffer Overflow
  • Description: Oracle Weblogic Server Apache Connector is an Apache module used to proxy requests from the Apache web server to Oracle Weblogic Server. Oracle Weblogic Server Apache Connector is exposed to a stack-based buffer overflow issue because the application fails to bounds check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://www.iss.net/threats/304.html
  • 08.42.73 - CVE: CVE-2008-4020
  • Platform: Web Application - Cross Site Scripting
  • Title: Microsoft Office CDO Protocol Cross-Site Scripting
  • Description: Collaboration Data Objects (CDO) is an API provided by Microsoft. Microsoft Office is exposed to a cross-site scripting issue that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner. Office XP Service Pack 3 is affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-056.mspx
  • 08.42.74 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: EEB-CMS "index.php" Cross-Site Scripting
  • Description: EEB-CMS is a PHP based application used for content management. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "content" parameter of the "index.php" script. EEB-CMS version 0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/31732
  • 08.42.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre News Manager "news_detail.php" SQL Injection
  • Description: Pre News Manager is a PHP based news-publishing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nid" parameter of the "news_detail.php" script before using it in an SQL query. Pre News Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497185
  • 08.42.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: GForge Multiple SQL Injection Vulnerabilities
  • Description: GForge is a PHP-based application for managing source code. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/31674
  • 08.42.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TorrentTrader Classic Edition "completed-advance.php" SQL Injection
  • Description: TorrentTrader Classic Edition is a PHP-based torrent tracker. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "completed-advance.php" script before using it in an SQL query. TorrentTrader Classic Edition versions up to and including 1.04 are affected.
  • Ref: http://www.securityfocus.com/bid/31626
  • 08.42.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Built2Go Real Estate Listings "event_detail.php" SQL Injection
  • Description: Built2Go Real Estate Listings is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "event_id" parameter of the "event_detail.php" script file before using it in an SQL query. Built2Go Real Estate Listings version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31628
  • 08.42.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Brain Book Software AdMan "editCampaign.php" SQL Injection
  • Description: Brain Book Software AdMan is an advertisement management server. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "campaignId" parameter of the "editCampaign.php" script before using it in an SQL query. AdMan version 1.1.20070907 is affected.
  • Ref: http://www.securityfocus.com/bid/31646
  • 08.42.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HispaH Text Link ADS "index.php" SQL Injection
  • Description: HispaH Text Link ADS is a PHP-based advertisement application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "idcat" parameter of the "index.php" script when the "action" parameter is set to "buy".
  • Ref: http://www.securityfocus.com/bid/31649
  • 08.42.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomtracker "id" Parameter SQL Injection
  • Description: Joomtracker is a PHP based component for bit torrent tracking for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Joomtracker version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31676
  • 08.42.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IranMC Arad Center "news.php" SQL Injection
  • Description: IranMC Arad Center is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31677
  • 08.42.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Stash "news.php" SQL Injection
  • Description: Stash is a PHP-based content manager for band web sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "post" parameter of the "admin/news.php" script before using it in an SQL query. Stash version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31687
  • 08.42.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ayco Okul Portali "default.asp" SQL Injection
  • Description: Ayco Okul Portali is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "linkid" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31704
  • 08.42.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easynet4u Forum Host "forum.php" SQL Injection
  • Description: Easynet4u Forum Host is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum" parameter of the "forum.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31709
  • 08.42.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easynet4u Faq Host "faq.php" SQL Injection
  • Description: Easynet4u Faq Host is a PHP based frequently asked questions script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "faq" parameter of the "faq.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31710
  • 08.42.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Mad4Joomla Mailforms Component SQL Injection
  • Description: Mad4Joomla Mailforms is a PHP-based component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "jid" parameter of the "com_mad4joomla" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31712
  • 08.42.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ignite Gallery "gallery" Parameter SQL Injection
  • Description: Ignite Gallery is a PHP-based image gallery component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Ignite Gallery version 0.8.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31714
  • 08.42.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easynet4u Link Host "directory.php" SQL Injection
  • Description: Easynet4u Link Host is a PHP-based application for managing links. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "directory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31717
  • 08.42.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Real Estate Classifieds "index.php" SQL Injection
  • Description: Real Estate Classifieds is a PHP-based application for managing property listings. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31723
  • 08.42.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Absolute Poll Manager "xlacomments.asp" SQL Injection
  • Description: Absolute Poll Manager XE is a web-based survey application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "p" parameter of the "xlacomments.asp" script before using it in an SQL query. Absolute Poll Manager XE version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31724
  • 08.42.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OwnBiblio Joomla! Component "catid" Parameter SQL Injection
  • Description: OwnBiblio is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "index.php" script when the "option" parameter is set to "com_ownbiblio". OwnBiblio version 1.5.3 is affected.
  • Ref: http://www.milw0rm.com/exploits/6730
  • 08.42.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NewLife Blogger "nlb3" Cookie SQL Injection
  • Description: NewLife Blogger is a PHP-based multi-user blogging system. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "nlb3" cookie parameter in the "system/nlb_user.class.php" script before using it in an SQL query. NewLife Blogger versions 3.0 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31728
  • 08.42.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: "com_jeux" Joomla! Component "id" Parameter SQL Injection
  • Description: "com_jeux" is a PHP-based component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "option" parameter is set to "com_jeux".
  • Ref: http://packetstormsecurity.org/0810-exploits/joomlajeux-sql.txt
  • 08.42.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: IndexScript "sug_cat.php" SQL Injection
  • Description: IndexScript is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "parent_id" parameter of the "sug_cat.php" script before using it in an SQL query. IndexScript version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31744
  • 08.42.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ParsBlogger "links.asp" SQL Injection
  • Description: ParsBlogger is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "links.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31745
  • 08.42.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS xhresim Module "index.php" SQL Injection
  • Description: xhresim is a PHP based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "no" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31749
  • 08.42.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Webscene eCommerce "productlist.php" SQL Injection
  • Description: Webscene eCommerce is a PHP based ecommerce and shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "level" parameter of the "productlist.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/497324
  • 08.42.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Multiple Remote Access Validation Vulnerabilities and Weaknesses
  • Description: Drupal is a PHP-based content manager. Drupal is exposed to multiple issues. Exploiting these issues can allow an attacker to upload arbitrary files, obtain sensitive information, or perform unauthorized actions on affected sites. Drupal versions prior to 5.11 and 6.5 are affected.
  • Ref: http://drupal.org/node/318706
  • 08.42.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Proxim Tsunami MP.11 2411 Wireless Access Point "system.sysName.0" SNMP HTML Injection
  • Description: The Proxim Tsunami MP.11 2411 is a wireless access point that includes a web-based administration interface. The Tsunami MP.11 2411 is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Tsunami MP.11 Model 2411 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497182
  • 08.42.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Kusaba "paint_save.php" Remote Code Execution
  • Description: Kusaba is a PHP-based image board application. The application is exposed to a remote code execution issue that occurs in the "paint_save.php" script. Specifically, the application fails to sufficiently sanitize content contained in images before uploading them onto the web server. Kusaba version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31668
  • 08.42.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Avaya Communication Manager Web Administration Multiple Security Vulnerabilities
  • Description: Avaya Communication Manager is a messaging application. Avaya Communication Manager is exposed to multiple remote security issues because it fails to adequately sanitize user-supplied input. These issues affect the Web Administration Interface and can be triggered with specially-crafted HTTP POST requests. Ref: http://www.voipshield.com/research-details.php?id=121&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.42.103 - CVE: Not Available
  • Platform: Web Application
  • Title: WebBiscuits Modules Controller Multiple Local and Remote File Include Vulnerabilities
  • Description: WebBiscuits Modules Controller is a web-based application. The application is exposed to multiple input validation issues. An attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. WebBiscuits Modules Controller version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31655
  • 08.42.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Multiple Modules Security Bypass Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms, including Microsoft Windows and UNIX/Linux variants. Multiple Drupal Modules are exposed to security bypass issues that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges.
  • Ref: http://www.securityfocus.com/bid/31660
  • 08.42.105 - CVE: CVE-2008-4411
  • Platform: Web Application
  • Title: HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting
  • Description: HP System Management Homepage (SMH) provides a web-based management interface for ProLiant and Integrity servers. SMH is exposed to a cross-site scripting issue because it fails to adequately sanitize user-supplied input. SMH for Linux and Windows versions prior to 2.1.15.210 are affected.
  • Ref: http://www.securityfocus.com/bid/31663
  • 08.42.106 - CVE: Not Available
  • Platform: Web Application
  • Title: ModSecurity Transformation Caching Security Bypass
  • Description: ModSecurity is an Apache module that provides firewall protection for web applications. Some versions of ModSecurity include a Transformation Caching feature. ModSecurity is exposed to a security bypass issue related to Transformation Caching. Remote attackers may be able to take advantage of this issue to bypass certain firewall rules. ModSecurity versions 2.5.0 through 2.5.5 are affected.
  • Ref: http://blog.modsecurity.org/2008/08/transformation.html
  • 08.42.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Kusaba "load_receiver.php" Remote Code Execution
  • Description: Kusaba is a PHP-based image board application. The application is exposed to a remote code execution issue that occurs in the "load_receiver.php" script. Specifically, the application fails to sufficiently sanitize content contained in images before uploading them onto the web server. Kusaba version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31685
  • 08.42.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Camera Life SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Camera Life is a web-based photo gallery application. Since it fails to adequately sanitize user-supplied input, the application is exposed to multiple issues. An SQL injection issue affects the "id" parameter in the "album.php" script. A cross-site scripting issue affects the "name" parameter in the "topic.php" script. Camera Life version 2.6.2b4 is affected.
  • Ref: http://www.securityfocus.com/bid/31689
  • 08.42.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Scriptsez Easy Image Downloader "main.php" Local File Include
  • Description: Scriptsez Easy Image Downloader is a PHP-based image listing and download script. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "main.php" script when the "action" parameter is set to "download".
  • Ref: http://www.securityfocus.com/bid/31695
  • 08.42.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Scriptsez Mini Hosting Panel "members.php" Local File Include
  • Description: Scriptsez Mini Hosting Panel is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "dir" parameter of the "members.php".
  • Ref: http://www.securityfocus.com/bid/31701
  • 08.42.111 - CVE: Not Available
  • Platform: Web Application
  • Title: My PHP Indexer "index.php" Directory Traversal
  • Description: My PHP Indexer is a web-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "d" and "f" parameters of the "index.php" script. My PHP Indexer version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31726
  • 08.42.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Globsy "globsy_edit.php" Arbitrary File Overwrite
  • Description: Globsy is a web-based application. Since it fails to verify user-supplied input, the software is exposed to an issue that could permit an attacker to overwrite arbitrary files. Globsy versions up to and including 1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/31727
  • 08.42.113 - CVE: Not Available
  • Platform: Web Application
  • Title: LokiCMS "index.php" Information Disclosure
  • Description: LokiCMS is a web-based content manager. The application is exposed to an information disclosure issue because it fails to sufficiently sanitize user-supplied input to the "page" parameter of the "index.php" script. LokiCMS versions 0.3.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31730
  • 08.42.114 - CVE: Not Available
  • Platform: Web Application
  • Title: mini-pub Multiple Information Disclosure Vulnerabilities
  • Description: mini-pub is a PHP based web publisher. The application is exposed to multiple information disclosure issues because it fails to validate user-supplied input. mini-pub versions 0.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31733
  • 08.42.115 - CVE: Not Available
  • Platform: Web Application
  • Title: mini-pub "cat.php" Remote Command Execution
  • Description: mini-pub is a PHP-based web publisher application. mini-pub is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input to the "sFileName" parameter of the "cat.php" script. mini-pub version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31734
  • 08.42.116 - CVE: Not Available
  • Platform: Web Application
  • Title: SlimCMS "redirect.php" Security Bypass
  • Description: SlimCMS is a web-based content management system implemented in PHP. The application is exposed to an issue that allows an attacker to add an arbitrary new user to the system. This issue is caused by a failure to sufficiently sanitize user-supplied input to the "redirect.php" script. SlimCMS version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31736
  • 08.42.117 - CVE: Not Available
  • Platform: Web Application
  • Title: LokiCMS "admin.php" Local File Include
  • Description: LokiCMS is a PHP based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter before using it in the "admin.php" script. LokiCMS version 0.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31743
  • 08.42.118 - CVE: Not Available
  • Platform: Web Application
  • Title: WP Comment Remix 1.4.3 SQL Injection and HTML Injection Vulnerabilities
  • Description: WP Comment Remix is a comments plugin for WordPress. The application is exposed to multiple input validation issues. The attacker may leverage the HTML injection issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. WP Comment Remix version 1.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497313
  • 08.42.119 - CVE: Not Available
  • Platform: Web Application
  • Title: SezHoo "SezHooTabsAndActions.php" Parameter Remote File Include
  • Description: SezHoo is a MediaWiki extension that establishes reputations for authors of wiki articles. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "IP" parameter of the "SezHooTabsAndActions.php" script. SezHoo version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31756
  • 08.42.120 - CVE: Not Available
  • Platform: Network Device
  • Title: Nortel Networks Multimedia Communications Server Authentication Bypass
  • Description: Nortel Networks Multimedia Communications Server is an appliance that provides IP telephony, instant messaging, and conferencing capabilities. The device is exposed to an unspecified authentication bypass issue that can allow attackers to perform unauthorized actions such as spoofing and redirecting calls. Nortel Networks Multimedia Communications Server version 5100 3.0.13 is affected. Ref: http://www.voipshield.com/research-details.php?id=119&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.42.121 - CVE: CVE-2008-4441
  • Platform: Network Device
  • Title: Linksys WAP4400N Marvell Wireless Chipset Driver Remote Denial of Service
  • Description: Linksys WAP4400N wireless access points are exposed to a denial of service issue because they fail to adequately verify user-supplied input. This issue presents itself when the wireless driver attempts to process malformed association request packets.
  • Ref: http://www.securityfocus.com/archive/1/497285
  • 08.42.122 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Telecom Italia Routers Authentication Bypass
  • Description: AGA, AGB, AG2P-AG3, AGPV-AGPF are wireless routers developed by Telecom Italia. Multiple Telecom Italia Routers are exposed to an authentication bypass issue that may allow attackers to gain access to the router's administration interface and unauthorized access to certain services. This issue occurs when handling specially crafted IP packets.
  • Ref: http://www.securityfocus.com/archive/1/497312

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU