The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 44
October 30, 2008

SANS Newsletters Home

The Microsoft RPC problem is the big one - lots of exploits. If you haven't fixed it, might be good to act quickly. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Windows
    • 1 (#1)
    • Third Party Windows Apps
    • 6
    • Linux
    • 4
    • Solaris
    • 1
    • Unix
    • 2
    • Novell
    • 1
    • Cross Platform
    • 28 (#2, #3, #4, #5)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 25
    • Web Application
    • 37

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/ cdi08/ - - Monterey (10/31-11/6) http://www.sans.org/ info/30738 - - Sydney Australia (10/27-11/1) http://www.sans.org/ sydney08/ - - Vancouver (11/17-11/22) http://www.sans.org/ vancouver08/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

SPONSORED LINKS 1) Learn about data leakage, PCI compliance, identity theft, botnets, crimeware, security trends, and more. Register Today http://www.sans.org/ info/34779

2) Sign up for SANS Webcast: Keeping Trusted Endpoints Honest: Using IDS/IPS for Post-Connect NAC Tuesday, November 4, 2008 at 1:00 PM EST Sponsored By StillSecure http://www.sans.org/ info/34784

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Solaris
Unix
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
  • Affected:
    • OpenOffice.org versions prior to 2.4.2

  • Description: OpenOffice.org is a popular open source office suite. It is installed by default on numerous Unix- and Linux-based operating systems, and is commonly installed on Microsoft Windows and Apple Mac OS X systems. It contains multiple flaws in its handling of Windows Metafile (WMF) and Enhanced Metafile (EMF) image files. A specially crafted WMF or EMF image could trigger one of several heap-based buffer overflows in OpenOffice.org. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, malicious documents may be opened upon receipt without first prompting the user. Details on these vulnerabilities is available via source code analysis. The commercial fork of OpenOffice.org, StarOffice, is presumed vulnerable as well.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Opera Multiple Vulnerabilities
  • Affected:
    • Opera versions prior to 9.62

  • Description: Opera is a popular cross-platform web browser. It contains multiple vulnerabilities in its handling of JavaScript URLs and history entries. Entries placed in the browser's history are not properly sanitized, nor are JavaScript URLs. A specially crafted web page could trigger this vulnerability to execute arbitrary JavaScript code in a higher security context than would otherwise be allowed. Some technical details for these vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
  • Affected:
    • Adobe PageMaker versions 7.0.1 and prior

  • Description: Adobe PageMaker is a popular desktop publishing application. It contains multiple buffer overflows in its handling of PMD (PageMaker) files. A specially crafted PMD file could trigger one of these buffer overflows, allowing an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, malicious files may be opened upon receipt without first prompting the user. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available. A third vulnerability is confirmed, but unpatched.

  • References:
  • (5) MODERATE: Sun Java Web Start Remote Command Execution
  • Affected:
    • Sun Java Web Start

  • Description: Sun Java Web Start is part of Sun's Java Runtime Environment, and allows Java applications to be launched from a web browser. It contains an input validation error in its handling of Web Start requests. A specially crafted web page could exploit this vulnerability to exploit arbitrary commands with the privileges of the current user. Technical details for this vulnerability are publicly available, but are unconfirmed. The Sun Java Runtime Environment is installed by default on numerous Unix- and Linux-based operating systems as well as Apple Mac OS X. It is often installed on Microsoft Windows systems.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.44.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Multiple EMC NetWorker Products "nsrexecd.exe" RPC Request Denial of Service
  • Description: EMC NetWorker is a centralized data-protection system available for multiple operating systems. Multiple EMC NetWorker products are exposed to a denial of service issue because they fail to adequately bounds check user-supplied data. This issue stems from a failure to handle malicious Remote Procedure Call (RPC) requests.
  • Ref: http://www.securityfocus.com/archive/1/497666
  • 08.44.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: freeSSHd SFTP "rename" Remote Denial of Service
  • Description: freeSSHd is an SSH server for Microsoft Windows. The application is exposed to a denial of service issue because it fails to handle excessively large arguments passed by a remote user. Specifically, this issue presents itself when attackers send excessively long arguments to a "rename" command via SFTP. freeSSHd version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497746
  • 08.44.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SilverSHielD "opendir()" Remote Denial of Service
  • Description: SilverSHielD is an SSH/SFTP server for Microsoft Windows. The application is exposed to a denial of service issue because it fails to handle specially-crafted data passed to the "opendir()" function. SilverSHielD version 1.0.2.34 is affected.
  • Ref: http://www.securityfocus.com/bid/31884
  • 08.44.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple File Corruption Vulnerabilities
  • Description: VImpX is an ActiveX control that imports data into various databases. DB Software Laboratory "VImpX.ocx" ActiveX control is exposed to multiple file corruption issues. VImpX version 4.8.8.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.44.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: TUGZip ZIP File Remote Buffer Overflow
  • Description: TUGZip is a file archiving application for Microsoft Windows platforms. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. TUGZip version 3.00 is affected.
  • Ref: http://www.securityfocus.com/bid/31913
  • 08.44.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: PumpKIN Mode Field Remote Denial of Service
  • Description: PumpKIN is a TFTP server available for Microsoft Windows. PumpKIN is exposed to a remote denial of service issue when processing packets with overly long mode field values. PumpKIN version 2.7.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31922
  • 08.44.7 - CVE: CVE-2008-4554
  • Platform: Linux
  • Title: Linux Kernel "do_splice_from()" Local Security Bypass
  • Description: The Linux kernel is exposed to a local security bypass issue because the "do_splice_from()" function in "fs/splice.c" fails to reject file descriptors that have the "O_APPEND" flag set. Linux kernel versions prior to 2.6.27 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=466707
  • 08.44.8 - CVE: Not Available
  • Platform: Linux
  • Title: Netpbm "pamperspective" Utility Buffer Overflow
  • Description: Netpbm is a collection of utilities for manipulating images. The "pamperspective" application is used to manipulate the perspective of images. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Netpbm versions prior to 10.35.48 stable are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1090
  • 08.44.9 - CVE: Not Available
  • Platform: Linux
  • Title: eCryptfs Password Information Disclosure
  • Description: eCryptfs is a Linux cryptographic file system. The software is exposed to an information disclosure issue. Specifically, this issue arises because the "ecryptfs-setup-private" program passes the "login" and "mount" passwords directly to "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" in plain text via the command line. Ref: http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
  • 08.44.10 - CVE: CVE-2008-3911
  • Platform: Linux
  • Title: Linux Kernel "proc_do_xprt()" Local Buffer Overflow
  • Description: The Linux kernel is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "proc_do_xprt()" function in the "net/sunrpc/sysctl.c" source file. Linux kernel versions 2.6.24-git13 through 2.6.26.4 are affected.
  • Ref: http://lkml.org/lkml/2008/8/30/140
  • 08.44.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
  • Description: Sun Integrated Lights-Out Manager (ILOM) is a product for managing and monitoring systems. ILOM is exposed to an authentication bypass issue caused by an unspecified error. Attackers can exploit this vulnerability to gain access to the service processor (SP) through the web interface.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1
  • 08.44.12 - CVE: CVE-2008-3863
  • Platform: Unix
  • Title: GNU Enscript "src/psgen.c" Stack-Based Buffer Overflow
  • Description: GNU Enscript is a freely available, open-source program for transforming ASCII files into PostScript documents. The utility is used mainly on UNIX and Linux operating systems. GNU Enscript is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. GNU Enscript versions 1.6.1 and 1.6.4 (beta) are affected.
  • Ref: http://secunia.com/secunia_research/2008-41/
  • 08.44.13 - CVE: Not Available
  • Platform: Unix
  • Title: "imlib2" Library Multiple Unspecified Vulnerabilities
  • Description: The "imlib2" library is used to view and render various types of images. It is available for UNIX, Linux, and other UNIX-like operating systems. The application is exposed to multiple issues caused by unspecified errors. "imlib2" versions prior to 1.4.2 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=2&release_id=634778
  • 08.44.14 - CVE: Not Available
  • Platform: Novell
  • Title: Novell eDirectory NCP Unspecified Remote Memory Corruption
  • Description: Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server that also implements NCP (NetWare Core Protocol). Novell eDirectory is exposed to an unspecified remote memory corruption issue related to the NetWare Core Protocol (NCP). eDirectory versions 8.7.3 SP10 prior to 8.7.3 SP10 FTF1 are affected. Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
  • 08.44.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
  • Description: The MIFARE Classic smartcard is a contactless proximity card based on the ISO/IEC 14443 RFID standard. The card has been implemented for storing and tracking electronic fares in several major transit systems. The issue occurs because the tag nonce directly manipulates the internal state of the LFSR. If an attacker can access a segment of the key stream, they can recover the current state of the LFSR.
  • Ref: http://www.securityfocus.com/archive/1/497640
  • 08.44.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms, including Linux, AIX, Solaris, and Microsoft Windows. The application is exposed to multiple issues. DB2 versions prior to 9.1 Fixpak 6 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013892
  • 08.44.17 - CVE: CVE-2008-4579
  • Platform: Cross Platform
  • Title: fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File Creation Vulnerabilities
  • Description: The "fence" program is a component of the cluster2 Cluster Manager system. The application creates temporary files in an insecure manner. Specifically, the following programs are affected: "fence_apc" and "fence_apc_snmp". The "fence" component of cluster 2 2.03.08 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467386
  • 08.44.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java System LDAP JDK Search Feature Information Disclosure
  • Description: Sun Java System LDAP JDK is a directory SDK for Java. Sun Java System LDAP JDK is exposed to an information disclosure issue because it fails to restrict access to potentially sensitive information.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242246-1
  • 08.44.19 - CVE: CVE-2008-3862
  • Platform: Cross Platform
  • Title: Trend Micro OfficeScan CGI Parsing Buffer Overflow
  • Description: Trend Micro OfficeScan is an integrated enterprise-level security product that protects against viruses, spyware, worms, and blended threats. OfficeScan is exposed to a buffer overflow issue because the application fails to properly bounds check user-supplied data when parsing CGI requests before copying the data into an insufficiently sized memory buffer. OfficeScan version 7.3 with Patch 4 build 1362 and OfficeScan version 8.0 SP1 Patch 1 is affected. Ref: http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
  • 08.44.20 - CVE: CVE-2007-4349
  • Platform: Cross Platform
  • Title: HP OpenView Products Shared Trace Service RPC Request Handling Denial of Service
  • Description: Multiple HP OpenView products are exposed to a denial of service issue. This issue affects the OpenView Shared Trace Service and is caused by an access violation when the software handles a specially crafted sequence of RPC requests. HP OpenView Reporter version 3.70 and HP Performance Agent version 4.70 is affected.
  • Ref: http://secunia.com/secunia_research/2007-83/
  • 08.44.21 - CVE: CVE-2008-3816
  • Platform: Cross Platform
  • Title: Cisco PIX and ASA Appliance IPv6 Denial of Service
  • Description: Cisco ASA and PIX are security appliances. Multiple Cisco security appliances are prone to a denial of service issue when configured for IPv6. An attacker can exploit this issue by sending specially crafted IPv6 packets to cause the affected devices to reload, denying service to legitimate users. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
  • 08.44.22 - CVE: CVE-2008-3815
  • Platform: Cross Platform
  • Title: Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
  • Description: Cisco PIX and ASA are security appliances. Cisco PIX and ASA are exposed to an authentication bypass issue when configured to use IPSec or SSL based remote access VPN with Microsoft Windows NT Domain authentication. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml
  • 08.44.23 - CVE: CVE-2008-3817
  • Platform: Cross Platform
  • Title: Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service
  • Description: Cisco ASA security appliances are exposed to a remote denial of service issue. The hardware Crypto Accelerator included with these appliances is exposed to a denial of service issue. Ref: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
  • 08.44.24 - CVE: CVE-2008-4686
  • Platform: Cross Platform
  • Title: VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
  • Description: VLC is a cross-platform media player. VLC media player is exposed to multiple integer overflow issues because it fails to perform adequate boundary checks on integer values. VLC media player version 0.9.4 is affected. Ref: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
  • 08.44.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser History Search Input Validation
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The browser is exposed to an input validation issue because of the way it stores data used for the History Search feature. Opera Web Browser versions prior to 9.61 are affected.
  • Ref: http://www.opera.com/support/search/view/903/
  • 08.44.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities
  • Description: GoodTech SSH Server is a server that facilitates secure connections from remote users. The application is exposed to multiple buffer overflow issues because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. GoodTech SSH Server version 6.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497745
  • 08.44.27 - CVE: CVE-2008-2469
  • Platform: Cross Platform
  • Title: "libspf2" DNS TXT Record Handling Remote Buffer Overflow
  • Description: The "libspf2" library is used to implement the Sender Policy Framework (SPF). The library is exposed to a remote buffer overflow issue that arises due to a lack of bounds checking when handling specially-crafted DNS TXT records. "libspf2" library versions prior to 1.2.8 are affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
  • 08.44.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WebSVN Multiple Remote Input Validation Vulnerabilities
  • Description: WebSVN is an online SVN repository viewer. The application is exposed to multiple remote input validation issues. The command execution vulnerability affects the WebSVN 1.0 branch; the remaining issues affect WebSVN version 2.0.
  • Ref: http://www.gulftech.org/?node=research&article_id=00132-10202008
  • 08.44.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KVIrc URI Handler Remote Format String
  • Description: KVIrc is an IRC client available for various operating systems. KVIrc is exposed to a remote format string issue because it fails to sufficiently sanitize user-supplied input before including it in the format specifier argument of a formatted printing function. KVIrc version 3.4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31912
  • 08.44.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Web Start Remote Command Execution
  • Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch either from a desktop or from a web page. Sun Java Web Start is exposed to a remote command execution issue that occurs when a Java Web Start application containing specially-crafted content is handled.
  • Ref: http://www.securityfocus.com/archive/1/497799
  • 08.44.31 - CVE: CVE-2006-7234
  • Platform: Cross Platform
  • Title: Lynx ".mailcap" and ".mime.type" Files Local Code Execution
  • Description: Lynx is an open-source, text based web client available for multiple platforms. Lynx is exposed to a local code execution issue because it insecurely reads ".mailcap" and ".mime.type" files from the application's current working-directory. Lynx versions prior to 2.8.6rel.4 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=214205
  • 08.44.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libpng Library "png_handle_tEXt()" Memory Leak Denial of Service
  • Description: The "libpng" library is a PNG reference library. The library is exposed to a remote denial of service issue because it fails to handle malicious PNG files. Specifically, this vulnerability resides in the "png_handle_tEXt()" function of the "pngrutil.c" file and is caused by memory leak error. "libpng" version 1.2.32 is affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624
  • 08.44.33 - CVE: CVE-2008-4641
  • Platform: Cross Platform
  • Title: jhead "DoCommand()" Arbitrary Command Execution
  • Description: The "jhead" tool is used for manipulating Exif JPEG headers. The "jhead" tool is exposed to an arbitrary command execution issue. Specifically, the issue occurs in the "DoCommand()" function of the "jhead.c" file when processing filenames that contain shell meta characters. jhead versions 2.84 and earlier are affected.
  • Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
  • 08.44.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Blender "BPY_interface.c" Remote Command Execution
  • Description: Blender is an open-source suite for creating 3D content; it is available for various operating systems. Blender is exposed to a remote command execution issue because it may include Python files from an unsafe location. Blender version 2.48a is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
  • 08.44.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Perl File::Find::Object Module Format String
  • Description: File::Find::Object is a Perl module used to search directory trees for specific files. File::Find::Object is exposed to a format string issue in its handling of certain loop conditions. File::Find::Object versions prior to 0.1.1 are affected.
  • Ref: http://search.cpan.org/src/SHLOMIF/File-Find-Object-0.1.1/Changes
  • 08.44.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citrix Web Interface Security Bypass
  • Description: Citrix Web Interface is an application deployment system that provides users with access to Citrix Presentation Server applications through a standard browser. A security bypass issue may allow attackers to take over a previously terminated session. Citrix Web Interface versions 5.0 and 5.0.1 are affected.
  • Ref: http://support.citrix.com/article/CTX118768
  • 08.44.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Questwork QuestCMS Multiple Remote Vulnerabilities
  • Description: QuestCMS is a content management system. The application is exposed to multiple issues. Exploiting these issues could allow an attacker to view arbitrary local files within the context of the web server, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/31945
  • 08.44.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Android Web Browser Unspecified Remote Code Execution
  • Description: Android is a software stack for mobile devices that includes an operating system, middleware, and key applications. Android Web Browser is exposed to an unspecified remote code execution issue. Ref: http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?_r=1&oref=slogin
  • 08.44.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MyKtools Database Disclosure
  • Description: MyKtools is a collection of database administration tools. The application is exposed to an information disclosure issue. Specifically, attackers may be able to download the application's backed up databases through the "mykdownload.php" script. MyKtools version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31950
  • 08.44.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Products Unspecified Library MP4 File Remote Denial of Service
  • Description: Multiple Products are exposed to a denial of service issue that occurs in an unspecified library when handling malformed MP4 files. Successful exploits may allow remote attackers to cause denial of service conditions on computers or affected device running the affected library.
  • Ref: http://www.securityfocus.com/archive/1/497856
  • 08.44.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Microsoft Internet Explorer " " Address Bar URI Spoofing
  • Description: Internet Explorer is a browser for the Windows operating system. The application is affected by a URI spoofing issue because it fails to adequately handle specific combinations of the Non-Breaking Space " " character. Internet Explorer 6 is affected by this issue.
  • Ref: http://www.securityfocus.com/archive/1/497825
  • 08.44.42 - CVE: CVE-2008-2237, CVE-2008-2238
  • Platform: Cross Platform
  • Title: OpenOffice WMF and EMF File Handling Multiple Heap-Based Buffer Overflow Vulnerabilities
  • Description: OpenOffice is a suite of office applications for multiple operating platforms. OpenOffice is exposed to multiple issues. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files. OpenOffice 2 versions prior to 2.4.2 are affected.
  • Ref: http://www.openoffice.org/security/bulletin.html
  • 08.44.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Multiple Vendor Web Browser FTP Client Cross-Site Scripting
  • Description: Multiple vendors' web browsers are exposed a cross-site scripting issue that arises because the software fails to handle specially crafted files served using the FTP protocol. Specifically, the issue arises because the affected browsers fail to properly verify file types of files downloaded by built-in FTP clients and render the files.
  • Ref: http://www.securityfocus.com/bid/31855
  • 08.44.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Jetbox CMS "liste" Parameter Cross-Site Scripting
  • Description: Jetbox CMS is a PHP based content management system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "liste" parameter of the "/admin/postlister/index.php" script. Jetbox CMS version 2.1 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-jetbox2.html
  • 08.44.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MiniPortail "search.php" Cross-Site Scripting and Local File Include Vulnerabilities
  • Description: MiniPortail is a web portal application. MiniPortail is exposed to multiple issues: a cross-site scripting issue affects the "search.php" script and a local file include issue affects the "lng" parameter of the "search.php" script. MiniPortail version 2.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31895
  • 08.44.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ClipShare Pro "fullscreen.php" Cross-Site Scripting
  • Description: ClipShare Pro is a PHP based script for sharing videos. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "title" parameter of the "fullscreen.php" script. ClipShare Pro version 4.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31898
  • 08.44.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kayako eSupport "html-tidy-logic.php" Cross-Site Scripting
  • Description: Kayako eSupport is a PHP based helpdesk and support system. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "jsMakeSrc" parameter of the "includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php" script. Kayako eSupport version 3.20.02 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/31908
  • 08.44.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: iPei Guestbook "pg" Parameter Cross-Site Scripting
  • Description: iPei Guestbook is a PHP based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "pg" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/archive/1/497783
  • 08.44.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin "pmd_pdf.php" Cross-Site Scripting
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. phpMyAdmin is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "db" parameter of the "pmd_pdf.php" script.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1101
  • 08.44.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyBB "moderation.php" Cross-Site Scripting
  • Description: MyBB is a PHP based bulletin board. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "url" parameter in the "moderation.php" script. MyBB version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497817
  • 08.44.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP-Nuke Nuke League Module "tid" Parameter Cross-Site Scripting
  • Description: PHP-Nuke Nuke League module is a plugin for PHP-nuke. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "tid" parameter of the "League" module.
  • Ref: http://www.securityfocus.com/bid/31952
  • 08.44.52 - CVE: CVE-2008-4342
  • Platform: Web Application - Cross Site Scripting
  • Title: KKE Info Media Kmita Catalogue "search.php" Cross-Site Scripting
  • Description: Kmita Catalogue is a web-application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "q" parameter of the "search.php" script. Kmita Catalogue V2 is affected.
  • Ref: http://www.kkeim.com/products/kmita.html?code=kmitac
  • 08.44.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Extrakt Framework "index.php" Cross-Site Scripting
  • Description: Extrakt Framework is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "plugins[file][id]" parameter of the "index.php" script. Extrakt Framework version 0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/31971
  • 08.44.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dizi Portali "diziler.asp" SQL Injection
  • Description: Dizi Portali is an ASP based web portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter in "diziler.asp" before using the data in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31849
  • 08.44.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phPhotoGallery "index.php" SQL Injection
  • Description: phPhotoGallery is a web-based gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "index.php" script before using it in an SQL query. phPhotoGallery version 0.92 is affected.
  • Ref: http://www.securityfocus.com/bid/31850
  • 08.44.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bahar Download Script "aspkat.asp" SQL Injection
  • Description: Bahar Download Script is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kid" parameter of the "aspkat.asp" script before using it in an SQL query. Bahar Download Script version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31852
  • 08.44.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ShopMaker "product.php" SQL Injection
  • Description: ShopMaker is a web-based gallery. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "product.php" script before using it in an SQL query. ShopMaker version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31854
  • 08.44.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KBase Joomla! Component "id" Parameter SQL Injection
  • Description: KBase is a PHP based component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "option" parameter is set to "com_kbase". KBase version 1.2 is affected.
  • Ref: http://www.jmds.eu/joomla-1.5-addons/view-category.html
  • 08.44.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Daily Message Component "id" Parameter SQL Injection
  • Description: Daily Message is a component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_dailymessage" component before using it in an SQL query. Daily Message version 1.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31870
  • 08.44.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dorsa CMS "ShowPage.aspx" SQL Injection
  • Description: Dorsa CMS is a web-based content management system. It is implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PageIDF" parameter when the "page_" parameter is set to "news" before using it in an SQL query. The affected parameters are used in the "ShowPage.aspx" script.
  • Ref: http://www.securityfocus.com/bid/31875
  • 08.44.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LoudBlog "ajax.php" SQL Injection
  • Description: LoudBlog is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "colpick" parameter of the "loudblog/ajax.php" script before using it in an SQL query. LoudBlog versions 0.8.0a and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31878
  • 08.44.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
  • Description: CS-Partner is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "pseudo" and "passe" parameters of the "gestion.php" script. CS-Partner version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31886
  • 08.44.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UC Gateway Investment SiteEngine "announcements.php" SQL Injection
  • Description: SiteEngine is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "announcements.php" script before using it in an SQL query. SiteEngine version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497747
  • 08.44.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MindDezign Photo Gallery "id" Parameter SQL Injection
  • Description: MindDezign Photo Gallery is a PHP based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script when the "module" parameter is set to "gallery" before using it in an SQL query. MindDezign Photo Gallery version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31893
  • 08.44.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJ RSS Reader "EditUrl.php" SQL Injection
  • Description: AJ RSS Reader is a PHP based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "url" parameter of the "EditUrl.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31910
  • 08.44.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KasraCMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: KasraCMS is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "shme" and "cont" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/31918
  • 08.44.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SFS Ez Forum "forum.php" SQL Injection
  • Description: SFS Ez Forum is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum" parameter of the "forum.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31924
  • 08.44.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PozScripts Classified Ads "gotourl.php" SQL Injection
  • Description: PozScripts Classified Ads is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "gotourl.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31925
  • 08.44.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Graphiks MyForum "lecture.php" SQL Injection
  • Description: Graphiks MyForum is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "lecture.php" script before using it in an SQL query. MyForum version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31926
  • 08.44.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Persia BME E-Catalogue "search.asp" SQL Injection
  • Description: Persia BME E-Catalogue is an ASP based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "qsearch/search.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31833
  • 08.44.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tandis CMS "index.php" Multiple SQL Injection Vulnerabilities
  • Description: Tandis CMS is a PHP based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "nid" and "cpage" parameters of the "index.php" script. Tandis CMS version 2.5.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31930
  • 08.44.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 CMS "alternate_profiles" Plugin "newuser.php" SQL Injection
  • Description: The "alternate_profiles" plugin is an application for the e107 CMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "alternate_profiles/newuser.php" script before using it in an SQL query. Ref: http://www.justfreespace.com/e107_plugins/alternate_profiles/readme.txt
  • 08.44.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: bcoos "modules/banners/click.php" SQL Injection
  • Description: bcoos is a content manager based on the E-Xoops CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "bid" parameter of the "modules/banners/click.php" script before using it in an SQL query. bcoos version 1.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/31941
  • 08.44.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 CMS EasyShop Plugin "easyshop.php" SQL Injection
  • Description: The EasyShop plugin is a module for the e107 CMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "category_id" parameter of the "easyshop.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31948
  • 08.44.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: All In One Control Panel "cp_polls_results.php" SQL Injection
  • Description: All In One Control Panel (AIOCP) is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "poll_id" parameter of the "public/code/cp_polls_results.php" script before using it in an SQL query. All In One Control Panel version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31949
  • 08.44.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PersianBB "iranian_music.php" SQL Injection
  • Description: PersianBB is a PHP based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "iranian_music.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31953
  • 08.44.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: H&H Solutions WebSoccer "id" SQL Injection
  • Description: H&H Solutions WebSoccer is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "liga.php" script before using it in an SQL query. H&H Solutions WebSoccer version 2.80 is affected.
  • Ref: http://www.securityfocus.com/bid/31963
  • 08.44.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ElkaGroup Image Gallery "view.php" SQL Injection
  • Description: Elkagroup is a web-based photo album application. Elkagroup is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. Elkagroup version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31966
  • 08.44.79 - CVE: Not Available
  • Platform: Web Application
  • Title: LightBlog Multiple Local File Include Vulnerabilities
  • Description: LightBlog is a PHP based blog application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. LightBlog version 9.8 is affected.
  • Ref: http://www.securityfocus.com/bid/31851
  • 08.44.80 - CVE: Not Available
  • Platform: Web Application
  • Title: TikiWiki Multiple Unspecified Vulnerabilities
  • Description: TikiWiki is a PHP based content manager and wiki system. The application is exposed to multiple remote issues caused by unspecified errors. TikiWiki versions 2.x prior to 2.2 are affected.
  • Ref: http://info.tikiwiki.org/tiki-read_article.php?articleId=41
  • 08.44.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Archaic Binary Gallery "com_ab_gallery" Component Directory Traversal
  • Description: Archaic Binary Gallery is a component for the Joomla! content manager. The component is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "gallery" parameter of the "index.php" script when the "option" parameter is set to "com_ab_gallery". Joomla! Archaic Binary Gallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31901
  • 08.44.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Smarty Template Engine "Smarty_Compiler.class.php" Security Bypass
  • Description: Smarty Template Engine is a template based content manager. Smarty Template Engine is exposed to a security bypass issue that occurs when embedded variables are processed. Specifically, this issue occurs in the "_expand_quoted_text()" function of the "Smarty_Compiler.class.php" file. Smarty version 2.6.19 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467317
  • 08.44.83 - CVE: CVE-2008-4688
  • Platform: Web Application
  • Title: Mantis "string_api.php" Issue Number Information Disclosure
  • Description: Mantis is a web-based bug tracker. It is written in PHP and supported by a MySQL database. Mantis is exposed to an information disclosure issue because it fails to protect private information. Specifically, the vulnerability occurs if a user references an issue via an issue number. Mantis versions prior to 1.1.3 are affected.
  • Ref: http://www.mantisbt.org/bugs/view.php?id=9321
  • 08.44.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload
  • Description: Iamma Nuke Simple Gallery is photo gallery module for PHP-Nuke. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. This issue occurs because the application fails to sufficiently sanitize file extensions before uploading files to the web server through the "upload.php" script. Iamma Nuke Simple Gallery versions 1.0 and 2.0 are affected.
  • Ref: http://www.securityfocus.com/bid/31873
  • 08.44.85 - CVE: Not Available
  • Platform: Web Application
  • Title: phpcrs "frame.php" Local File Include
  • Description: phpcrs is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "importFunction" parameter before using it in the "frame.php" script. phpcrs versions up to and including 2.06 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497742
  • 08.44.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! ionFiles Component "download.php" Directory Traversal
  • Description: Joomla! ionFiles is a component for the Joomla content manager. The component is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "file" parameter of the "download.php" script. Joomla! ionFiles version 4.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31877
  • 08.44.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Book Page Title HTML Injection
  • Description: Drupal is a content management system. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the titles of book pages before using the input in dynamically generated content. Users with "create book content" privileges can exploit this issue. Drupal 5.x versions prior to 5.12 and Drupal 6.x versions prior to 6.6 are affected.
  • Ref: http://drupal.org/node/324824
  • 08.44.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Osprey "ListRecords.php" Multiple Remote File Include Vulnerabilities
  • Description: Osprey is a peer-to-peer content distribution system. The application is exposed to multiple remote file include issue because it fails to sufficiently sanitize user-supplied input to the "lib_dir" and "xml_dir" parameters of the "/web/lib/xml/oai/ListRecords.php" script. Osprey version 1.0a4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31883
  • 08.44.89 - CVE: Not Available
  • Platform: Web Application
  • Title: TXTshop "header.php" Local File Include
  • Description: TXTshop is a PHP based shopping cart application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter before using it in the "header.php" script. TXTshop version 1.0b is affected.
  • Ref: http://www.securityfocus.com/bid/31885
  • 08.44.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Snoopy "_httpsrequest()" Arbitrary Command Execution
  • Description: Snoopy is a freely available, open-source PHP class that implements a web client for use in automating HTTP requests in PHP applications. Snoopy is exposed to an issue that lets attackers execute arbitrary commands because the application fails to properly sanitize user-supplied input. Snoopy versions prior to 1.2.4 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=635111
  • 08.44.91 - CVE: Not Available
  • Platform: Web Application
  • Title: UC Gateway Investment SiteEngine "api.php" URI Redirection
  • Description: SiteEngine is a PHP based content management system. SiteEngine is exposed to a remote URI redirection issue because it fails to properly sanitize user-supplied input to the "forward" parameter of the "api.php" script, when called with the "action" parameter set to "logout". SiteEngine version 5.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497747
  • 08.44.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! RWCards Component "captcha_image.php" Local File Include
  • Description: RWCards is a greeting card component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "img" parameter before using it in the "captcha_image.php" script. RWCards version 3.0.11 is affected.
  • Ref: http://www.securityfocus.com/bid/31892
  • 08.44.93 - CVE: Not Available
  • Platform: Web Application
  • Title: aflog Cookie Authentication Bypass
  • Description: aflog is a PHP based web log application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. aflog version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31894
  • 08.44.94 - CVE: Not Available
  • Platform: Web Application
  • Title: MindDezign Photo Gallery "admin" Module Unauthorized Access
  • Description: MindDezign Photo Gallery is a web-based application. The application is exposed to an unauthorized access issue because it fails to adequately limit access to administrative scripts used for creating accounts. This issue affects the "admin" module. MindDezign Photo Gallery version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31897
  • 08.44.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal "bootstrap.inc" Local File Include
  • Description: Drupal is a PHP based content management system. Drupal is exposed to a local file include issue due to an error in the "bootstrap.inc" script file. This issue occurs when Drupal is hosted on a computer supporting multiple IP based virtual hosts. Drupal versions prior to 5.12 and Drupal 6.6 are affected.
  • Ref: http://drupal.org/node/324824
  • 08.44.96 - CVE: Not Available
  • Platform: Web Application
  • Title: New Earth Programming Team Image Upload Script Arbitrary File Upload
  • Description: New Earth Programming Team Image Upload Script is a PHP based image uploader. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. This issue occurs because the application fails to sufficiently sanitize file extensions passed to the "upload.php" script before uploading files to the web server.
  • Ref: http://www.securityfocus.com/bid/31909
  • 08.44.97 - CVE: Not Available
  • Platform: Web Application
  • Title: BuzzScripts BuzzyWall "download.php" Directory Traversal
  • Description: BuzzScripts BuzzyWall is a web-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "download.php" script. BuzzScripts BuzzyWall version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31914
  • 08.44.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Php-Daily Multiple Input Validation Vulnerabilities
  • Description: Php-Daily is a PHP based time management application. Since it fails to adequately sanitize user-supplied input, Php-Daily is exposed to multiple input validation issues. Php-Daily version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31915
  • 08.44.99 - CVE: Not Available
  • Platform: Web Application
  • Title: tlNews Cookie Authentication Bypass
  • Description: tlNews is a PHP based web application. The application is exposed to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie based authentication. Attackers can gain administrative access by setting the "tlNews_login" cookie parameter to "admin", effectively bypassing authentication. tlNews version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31919
  • 08.44.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Ads Pro "dhtml.pl" Remote Command Execution
  • Description: Ads Pro is a web-based application used to display ads on a web site. The application is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input to the "page" parameter of the "dhtml.pl" script.
  • Ref: http://www.securityfocus.com/bid/31923
  • 08.44.101 - CVE: Not Available
  • Platform: Web Application
  • Title: KTorrent PHP Code Injection and Security Bypass Vulnerabilities
  • Description: KTorrent is exposed to multiple issues that affect its web interface. Successful exploits may facilitate a compromise of the application and the underlying system; other attacks may also be possible. KTorrent version 3.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31927
  • 08.44.102 - CVE: Not Available
  • Platform: Web Application
  • Title: bcoos "include/common.php" Remote File Include
  • Description: bcoos is a PHP based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "XOOPS_ROOT_PATH" parameter of the "include/common.php" script. bcoos version 1.0.13 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497809
  • 08.44.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Python "Imageop" Module Argument Validation Buffer Overflow
  • Description: Python is an interpreted, dynamic, object oriented programming language that is available for many operating systems. Python is exposed to a buffer overflow issue because it fails to sufficiently sanitize user-supplied input. The vulnerability stems from an integer overflow in the "imageop" module and may result in a segmentation fault. Python versions prior to 2.5.2-r6 are affected.
  • Ref: http://svn.python.org/view?rev=66689&view=rev
  • 08.44.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Eaton Network Shutdown Module Authentication Bypass
  • Description: Eaton Network Shutdown Module is a monitoring system for UPS devices; it includes a PHP based administrative interface. Network Shutdown Module is exposed to an authentication bypass issue caused by an unspecified error. This issue occurs in the "pane_actionbutton.php" and "exec_action.php" scripts. Network Shutdown Module versions prior to 3.10 build 13 are affected.
  • Ref: http://www.securityfocus.com/archive/1/497824
  • 08.44.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Graphiks MyForum "centre.php" Local File Include
  • Description: Graphiks MyForum is a web-based application. Graphiks MyForum is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "padmin" parameter of the "admin/centre.php" script. Graphiks MyForum version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31934
  • 08.44.106 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Message Attachment Predictable Filename Information Disclosure
  • Description: MyBB is a PHP based bulletin board. The application is exposed to an information disclosure issue because it saves message attachments with predictable filenames. MyBB version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/497817
  • 08.44.107 - CVE: Not Available
  • Platform: Web Application
  • Title: tlAds Cookie Authentication Bypass
  • Description: tlAds is web-based advertisement application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. tlAds version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/31939
  • 08.44.108 - CVE: Not Available
  • Platform: Web Application
  • Title: MyKtools "update.php" Local File Include
  • Description: MyKtools is a collection of database administration tools. MyKtools is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "language" parameter of the "update.php" script. MyKtools version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/31942
  • 08.44.109 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI "Asset.pm" Perl Module Handling Code Execution
  • Description: WebGUI is a content manager and framework for web applications. The application is exposed to an arbitrary Perl code-execution issue that caused by a design error in the "loadModule" function in "lib/WebGUI/Asset.pm" which fails to appropriately restrict the type of module that can be loaded by this function. WebGUI versions prior to 7.5.30 are affected.
  • Ref: http://www.webgui.org/bugs/tracker/8980
  • 08.44.110 - CVE: Not Available
  • Platform: Web Application
  • Title: libgadu Contact Description Remote Buffer Overflow
  • Description: libgadu is a library implementing the Gadu-Gadu instant message protocol. It is available for multiple operating systems. libgadu is exposed to a remote buffer overflow issue that arises when the library handles malformed contact description data from a malicious server. This issue occurs in the source code file "events.c". libgadu versions prior to 1.8.2 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=468830
  • 08.44.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Graphiks MyForum Cookie Authentication Bypass
  • Description: Graphiks MyForum is a web-based application implemented in PHP. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Graphiks MyForum version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31955
  • 08.44.112 - CVE: Not Available
  • Platform: Web Application
  • Title: tlGuestBook Cookie Authentication Bypass
  • Description: tlGuestBook is PHP based guestbook application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. tlGuestBook version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31958
  • 08.44.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Agares Media ThemeSiteScript "frontpage_right.php" Remote File Include
  • Description: ThemeSiteScript is a PHP based application that helps users create and manage themes web sites. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "loadadminpage" parameter of the "admin/frontpage_right.php" script. ThemeSiteScript version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31959
  • 08.44.114 - CVE: Not Available
  • Platform: Web Application
  • Title: H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
  • Description: H2O-CMS is a content-management system. The application is exposed to a PHP code-injection issue and a cookie authentication bypass issue. The PHP injection issue occurs because the application fails to properly sanitize user-supplied input when the "option" parameter is set to "SaveConfig" for the "index.php" script. H2O-CMS versions up to and including 3.4 are affected.
  • Ref: http://www.securityfocus.com/bid/31961
  • 08.44.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Atlassian JIRA Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: Atlassian JIRA is a bug tracking, issue tracking, and project management application. This application is exposed to an HTML injection issue and a cross-site scripting issue. The HTML injection issue is caused by a failure to sufficiently sanitize user-supplied input to the "Full Name" parameter when editing a user profile. Atlassian JIRA version 3.13 is affected. Ref: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS instructors are top tier on all training classes.
-Fuchu Liu, First Quadrant

SSI Application Security-Secure Coding-skyscraper

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT