The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 46
November 13, 2008

SANS Newsletters Home

This week has two critical Microsoft problems; one critical Firefox problem and one critical ClamAV (anti-virus tool) problem, but what is remarkable about this week is that we are reporting 150 new vulnerabilities. The weekly number hasn't exceeded 100 more than a few times in the last two years. We'll see shortly whether the increase is permanent. Even if not, it is crystal clear that web application programmers are writing a LOT of bad code and their bosses are either ignorant of the problem or negligent in exercising their management authority. Alan.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2 (#1, #2)
    • Third Party Windows Apps
    • 2 (#6)
    • Linux
    • 7
    • Solaris
    • 2
    • Apple
    • 1 (#5)
    • Unix
    • 1
    • Cross Platform
    • 32 (#3, #4)
    • Web Application - Cross Site Scripting
    • 7
    • Web Application - SQL Injection
    • 50
    • Web Application
    • 46
    • Network Device
    • 2
    • Hardware
    • 1

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/cdi08/ - - London (12/1- 12/9) http://sans.org/london08/ - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ - - Las Vegas (1/24-2/01) http://sans.org/securitywest09/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
Hardware

************************ SPONSORED LINK *********************************

1) Come hear about the most valuable research projects in SCADA security today. SANS SCADA Summit - February 2-3 - Orlando http://www.sans.org/info/35279

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Windows Server 2008

  • Description: SMB is the Server Message Block, the protocol used by Microsoft Windows to share files, printers, and other operating system services. SMB is also known as the Common Internet Filesystem (CIFS). The implementation of SMB on Microsoft Windows supports authenticating SMB users and servers via NTLM (an authentication protocol originated on Microsoft Windows NT). Microsoft Windows fails to properly implement the credential protection mechanisms in NTLM. If a user were tricked into accessing a malicious SMB server, that server could then immediately used the provided credentials to access the victim's machine via SMB (an attack known as "credential reflection"). This would allow an attacker to execute arbitrary commands and code with the privileges of the current user. Note that a user must first be convinced to connect to a malicious SMB server. This could be accomplished via a web page or email message. A proof-of-concept for this vulnerability is publicly available. This vulnerability has been publicly known, but not confirmed, since 2003.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
  • Affected:
    • ClamAV versions prior to 0.94.1

  • Description: ClamAV (Clam Anti-Virus) is a popular open source antivirus solution. It is often deployed on mail servers to actively scan email messages for viruses and other malware. It contains a flaw in its processing of Microsoft Visual Basic project files. A specially crafted file could trigger this flaw, leading to a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. An attacker could exploit this vulnerability by sending an email to a server known to use ClamAV to process email messages. Full technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
  • Affected:
    • Apple Aperture 2 when running on versions of Mac OS X 10.4.11 or prior
    • Apple iLife 8.0 when running on versions of Mac OS X 10.4.11 or prior

  • Description: Apple Aperture is a popular photograph processing application for Apple Mac OS X. Apple iLife is a suite of applications for media management, web publishing, and other tasks for Apple Mac OS X. These applications contain flaws in the processing of a variety of image formats when they are installed on Apple Mac OS X versions 10.4.11 or prior. A specially crafted image could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for these vulnerabilities. Note that images are not opened by the vulnerable applications without prompting by default.

  • Status: Vendor confirmed, updates available.

  • References:
  • (6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability
  • Affected:
    • SAP GUI versions 7.x and prior

  • Description: SAP GUI is a graphical user interface (GUI) to the SAP Enterprise Resource Planning application. Part of its functionality is provided via an ActiveX control. This control contains a remote code execution vulnerability in its handling of input. A malicious web page that instantiated this control could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "B01952B0-AF66-11D1-B10D-0060086F6D97". Note that this could affect normal application functionality.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.46.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows "UnhookWindowsHookEx" Local Denial of Service
  • Description: Microsoft Windows 2003 and Windows Vista are exposed to a local denial of service issue. This issue stems from an error affecting multiple calls to "UnhookWindowsHookEx" and SwitchDesktop. Windows 2003 and Windows Vista are affected.
  • Ref: http://www.securityfocus.com/bid/32206/references
  • 08.46.2 - CVE: CVE-2008-4817
  • Platform: Third Party Windows Apps
  • Title: NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow
  • Description: NOS Microsystems getPlus Download Manager is a download agent which includes an ActiveX control for Microsoft Windows clients. The getPlus ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. getPlus Download Manager version 1.2.2.50 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
  • 08.46.3 - CVE: CVE-2008-4387
  • Platform: Third Party Windows Apps
  • Title: SAP AG SAPgui "mdrmsap.dll" ActiveX Control Remote Code Execution
  • Description: SAP AG SAPgui is a graphical user interface feature included in various SAP applications. The application is exposed to a remote code execution issue that occurs in the "mdrmsap.dll".
  • Ref: http://www.kb.cert.org/vuls/id/277313
  • 08.46.4 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "hfsplus_find_cat()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly bounds check data before copying it to an insufficiently sized memory buffer. The problem occurs in the "hfsplus_find_cat()" function of the "fs/hfsplus/catalog.c" source file. Linux kernel versions prior to 2.6.28-rc1 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
  • 08.46.5 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "tvaudio.c" Operations NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. This vulnerability stems from potential NULL pointer dereference exception errors in the source code file "drivers/video/tvaudio.c". Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Linux kernel versions prior to 2.6.25.19 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1
  • 08.46.6 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "hfsplus_block_allocate()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly check return values before proceeding with further operations. The problem occurs in the "hfsplus_block_allocate()" function of the "fs/hfsplus/bitmap.c" source file. The function fails to properly validate return values from calls to "read_mapping_page()" before using them in memory mapping operations. Linux kernel versions prior to 2.6.28-rc1 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
  • 08.46.7 - CVE: CVE-2008-3527
  • Platform: Linux
  • Title: Linux Kernel VDSO Unspecified Privilege Escalation
  • Description: The Linux Kernel is exposed to a local privilege escalation issue. This issue results from insufficient bounds checking in the "syscall()" and "syscall_nopage32()" function calls in the Virtual Dynamic Shared Object (VDSO) implementation. Linux kernel versions prior to 2.6.20-git5 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=460251
  • 08.46.8 - CVE: CVE-2008-4395
  • Platform: Linux
  • Title: Linux Kernel "ndiswrapper" Remote Buffer Overflow
  • Description: "ndiswrapper" is a driver wrapper for Linux Kernel that enables the use of Microsoft Windows drivers for wireless network devices. The Linux Kernel is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. kernel version 2.6.27 is affected.
  • Ref: http://bugs.gentoo.org/show_bug.cgi?id=239371
  • 08.46.9 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "__scm_destroy()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly close sockets under specific circumstances. The problem occurs in the "__scm_destroy()" function of the "/net/core/scm.c" source code file and is related to recursive function calls when closing a socket via the "fput()" function call. The Linux kernel versions 2.6.26 and earlier are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470201
  • 08.46.10 - CVE: Not Available
  • Platform: Linux
  • Title: cluster Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: The cluster program is a freely available application for creating clusters on Linux systems. Multiple components of the application are exposed to a security issue that allows attackers to create temporary files in an insecure manner. cluster versions prior to 2.03.09 are affected.
  • Ref: http://www.securityfocus.com/bid/32179
  • 08.46.11 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris DHCP Denial of Service And Remote Code Execution Vulnerabilities
  • Description: DHCP daemon is used for dynamically assigning IP addresses to network devices. The DHCP server daemon in Sun Solaris is exposed to multiple issues when handling specially crafted DHCP requests. Attackers can exploit these issues to execute arbitrary code with root privileges or cause the DHCP server daemon to crash.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243806-1
  • 08.46.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solstice X.25 "/dev/xty" Local Denial of Service
  • Description: Solstice X.25 is an application used for communicating across X.25 networks. Solstice X.25 is exposed to a denial of service issue. Specifically, a local user with read privileges to the "/dev/xty" file may panic a system with multiple CPUs. X.25 version 9.2 on both x86 and SPARC platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243106-1
  • 08.46.13 - CVE: CVE-2008-4989
  • Platform: Unix
  • Title: GnuTLS X.509 Certificate Chain Security Bypass
  • Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. It is maintained by GNU and is available for UNIX and Linux variants. GnuTLS is exposed to a security bypass issue because it fails to properly validate chained X.509 certificates. GnuTLS versions prior to 2.6.1 are affected.
  • Ref: http://www.gnu.org/software/gnutls/security.html
  • 08.46.14 - CVE: CVE-2008-4414
  • Platform: Cross Platform
  • Title: HP Tru64 UNIX AdvFS "showfile" Command Local Privilege Escalation
  • Description: The AdvFS "showfile" command displays attributes of AdvFS files and directories. HP Tru64 UNIX is exposed to a local privilege escalation issue affecting the AdvFS "showfile" command. HP Tru64 UNIX versions v5.1B-4 and v5.1B-3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498113
  • 08.46.15 - CVE: CVE-2008-2992
  • Platform: Cross Platform
  • Title: Adobe Reader "util.printf()" JavaScript Function Stack Buffer Overflow
  • Description: Adobe Reader is an application for viewing PDF files. Adobe Reader is exposed to a stack based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/498027
  • 08.46.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FFmpeg "libswscale" Buffer Overflow
  • Description: FFmpeg is an open source solution for handling audio and video data. The "libswscale" component is a video scaling library. The "libswscale" library is exposed to a buffer overflow that occurs in the "swscale.c" source file when malformed height values are used with the "yuv2rgb" converter. Ref: http://git.mplayerhq.hu/?p=libswscale;a=commitdiff;h=72ba9cadc4e2c23e3763a03fc06c1993ec280f08
  • 08.46.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libsamplerate Buffer Overflow
  • Description: libsamplerate (Secret Rabbit Code) is a sample rate converter library. The library is exposed to a buffer overflow that occurs when handling low conversion ratios. Successful exploits may allow attackers to execute arbitrary code within the context of an affected application.
  • Ref: http://www.mega-nerd.com/SRC/index.html
  • 08.46.18 - CVE: CVE-2008-4812, CVE-2008-4813, CVE-2008-4814,CVE-2008-4815
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
  • Description: Adobe Acrobat and Reader are freely available, proprietary applications to handle PDF documents. Adobe Acrobat and Reader are exposed to multiple security issues. Attackers can exploit these issues to execute arbitrary code, elevate privileges, or cause a denial of service condition.
  • Ref: http://www.securityfocus.com/archive/1/498058
  • 08.46.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XWork "ParameterInterceptor" Class OGNL Security Bypass
  • Description: XWork is a command pattern framework; it is used in Apache Struts 2 and other applications. XWork is exposed to a security bypass issue because it fails to adequately handle user-supplied input. XWork versions prior to 2.0.6 are affected.
  • Ref: http://jira.opensymphony.com/browse/XW-641
  • 08.46.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aruba Networks ArubaOS SNMP Community String Information Disclosure
  • Description: ArubaOS is the operating system used by various Aruba Networks network devices, including the Aruba Mobility Controller. ArubaOS is exposed to a remote information disclosure issue related to its implementation of the Simple Network Management Protocol. ArubaOS version 3.3.2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498033
  • 08.46.21 - CVE: CVE-2008-4816
  • Platform: Cross Platform
  • Title: getPlus Download Manager Unauthorized Access
  • Description: getPlus Download Manager is an application that manages internet file downloads. getPlus Download Manager is exposed to a security issue that may allow unauthorized modifications of Internet options on affected computers.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-19.html
  • 08.46.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Novell Access Manager Local Browser Security Bypass
  • Description: Novell Access Manager is an identity management product that provisions user/password management for the enterprise. The application is exposed to a security bypass issue when configured to use X.509 authentication. This issue is the result of the web browser's SSL cache not being properly cleared when the user logs out of Access Manager.
  • Ref: http://www.novell.com/support/viewContent.do?externalId=7001788
  • 08.46.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: libcdaudio "cddb.c" Remote Heap Buffer Overflow
  • Description: libcdaudio is a library for CD audio playback. It includes support for data lookups against a CDDB server. The application is exposed to a remote heap buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. libcdaudio version 0.99.12p2 is affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442
  • 08.46.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
  • Description: VLC is a cross platform media player. VLC is exposed to multiple stack based buffer overflow issues because it fails to perform adequate checks on user-supplied input. These issues occur when parsing CUE image files and RealText subtitle files. VLC media player versions prior to 0.9.6 are affected.
  • Ref: http://www.videolan.org/security/sa0810.html
  • 08.46.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Pre Projects Products Cookie Authentication Bypass
  • Description: Multiple Pre Projects products are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie based authentication. Attackers can exploit this vulnerability to gain administrative access to the affected applications, which may aid in further attacks.
  • Ref: http://www.securityfocus.com/bid/32126
  • 08.46.26 - CVE: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820,CVE-2008-4821, CVE-2008-4822, CVE-2008-4823
  • Platform: Cross Platform
  • Title: Adobe Flash Player Multiple Security Vulnerabilities
  • Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player is exposed to multiple security issues. Attackers can exploit these issues to disclose sensitive information, steal cookie based authentication credentials, control how web pages are rendered, or execute arbitrary script code in the context of the application. Adobe Flash Player versions 9.0.124.0 and earlier are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-20.html
  • 08.46.27 - CVE: CVE-2008-4831
  • Platform: Cross Platform
  • Title: Adobe ColdFusion Local Information Disclosure and Local Privilege Escalation
  • Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an issue that can result in privilege escalation or information disclosure. ColdFusion versions 8, 8.0.1 and ColdFusion MX 7.0.2 Solution are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-21.html
  • 08.46.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: CuteNews aj-fork "path" Parameter Remote File Include
  • Description: CuteNews aj-fork is a PHP based news and web-blog application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "example.php" script. CuteNews aj-fork version 167 final is affected.
  • Ref: http://www.securityfocus.com/bid/32141
  • 08.46.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun System Firmware Unspecified Local Information Disclosure
  • Description: Sun System Firmware is exposed to a local information disclosure issue due to an unspecified error. Successful exploits may allow local privileged attackers in one logical domain to gain access to memory in another logical domain.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1
  • 08.46.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Nagios Unspecified Privilege Escalation
  • Description: Nagios is an open source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. The software is exposed to an unspecified privilege escalation issue related to the creation of custom forms or browser add-ons. Nagios version 3.0.5 is affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1143
  • 08.46.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wi-Fi Protected Access (WPA) Encryption Standard TKIP Encryption Bypass
  • Description: Wi-Fi Protected Access (WPA) Encryption Standard is a security technology for wireless networking. WPA Encryption Standard is exposed to an encryption bypass issue that affects the Temporal Key Integrity Protocol (TKIP) key. The key can broken by unspecified mathematical techniques in 12 to 15 minutes.
  • Ref: http://www.securityfocus.com/bid/32164
  • 08.46.32 - CVE: CVE-2008-4915
  • Platform: Cross Platform
  • Title: VMware Products Trap Flag In-Guest Privilege Escalation
  • Description: VMware is a set of server emulation applications available for several platforms. Various VMware products are exposed to a privilege escalation issue due to an error in the CPU hardware emulation. Specifically, the virtual CPU may incorrectly handle the Trap flag.
  • Ref: http://www.securityfocus.com/archive/1/498138
  • 08.46.33 - CVE: CVE-2008-4281
  • Platform: Cross Platform
  • Title: VMware VirtualCenter Directory Traversal
  • Description: VMware VirtualCenter is an application for monitoring and management of visualized IT environments. VMware VirtualCenter is exposed to a directory traversal vulnerability due to an unspecified input validation error. ESXi 3.5 versions prior to ESXe350-200810401-O-UG are affected.
  • Ref: http://www.securityfocus.com/archive/1/498138
  • 08.46.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Hardware Management Console RMC Daemon Remote Denial of Service
  • Description: IBM Hardware Management Console is software used to manage virtualized systems. It includes a Resource Monitoring and Control (RMC) daemon which provides a framework for monitoring system resources. The RMC daemon is exposed to a remote denial of service issue because it fails to handle malformed data. Hardware Management Console versions V7R3.3.0 SP2 and V7R3.2.0 SP1 are affected. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4441
  • 08.46.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Orb Networks Orb Unspecified Directory Traversal
  • Description: Orb is an application that allows users to access media stored on remote computers. The application is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/32187
  • 08.46.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Openfire Multiple Input Validation Vulnerabilities
  • Description: Openfire is an open source XMPP (Jabber) server implemented in Java. The application is exposed to multiple input validation issues. A successful exploit of these issues may allow an attacker to gain unauthorized access to the affected application. Openfire version 3.6.0a is affected.
  • Ref: http://www.securityfocus.com/archive/1/498162
  • 08.46.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
  • Description: ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are security products for the Microsoft Windows operating system. The applications are exposed to multiple local privilege escalation issues that result from drivers failing to properly validate userspace input to IOCTL requests. Anti-Trojan Elite versions 4.2.1 and earlier and Anti-Keylogger Elite 3.3.0 and earlier are affected.
  • Ref: http://www.ntinternals.org/ntiadv0802/ntiadv0802.html
  • 08.46.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ClamAV "get_unicode_name()" Off-By-One Heap Based Buffer Overflow
  • Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to an off-by-one heap based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs in the "get_unicode_name()" function of the "libclamav/vba_extract.c" source file. ClamAV versions prior to 0.94.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498169
  • 08.46.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Collabtive Multiple Remote Vulnerabilities
  • Description: Collabtive is an open source collaboration software. The application is exposed to multiple remote issues. A successful exploit of these issues may allow an attacker to gain access to sensitive information. Collabtive version 0.4.8 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498186
  • 08.46.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: rtgdictionary for TYPO3 Arbitrary File Upload
  • Description: The rtgdictionary extension is a dictionary application for the TYPO3 content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input. rtgdictionary versions 0.1.9 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
  • 08.46.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FreshScripts Fresh Email Script Session Fixation and Remote File Include Vulnerabilities
  • Description: FreshScripts Fresh Email Script is a tool for uploading files via email. FreshScripts Fresh Email Script is exposed to multiple issues. An attacker may leverage the session fixation issue to hijack a session of an unsuspecting user. FreshScripts Fresh Email Script versions 1.0 to 1.11 are affected.
  • Ref: http://www.securityfocus.com/bid/32241
  • 08.46.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple phpstore.info Scripts Arbitrary File Upload
  • Description: Multiple phpstore.info scripts are exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer within the context of the web server process. This issue occurs because the applications fail to sufficiently sanitize file extensions before accepting uploaded files.
  • Ref: http://www.securityfocus.com/bid/32242
  • 08.46.43 - CVE: CVE-2008-4986
  • Platform: Cross Platform
  • Title: WIMS Insecure Temporary File Creation Vulnerabilities
  • Description: WWW Interactive Multipurpose Server (WIMS) is an interactive mathematics application for the web. WIMS creates temporary files in an insecure manner. Specifically, the issues affect the "bin/account.sh" and "public_html/bin/coqweb" scripts. WIMS version 3.64 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496387
  • 08.46.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Yosemite Backup "DtbClsLogin()" Remote Buffer Overflow
  • Description: Yosemite Backup is a backup and recovery solution available for various platforms. The application is exposed to a buffer overflow issue. Specifically, the vulnerability occurs in the "DtbClsLogin()" function in the "ytwindtb.dll" file on Windows systems and in the "libytlindtb.so" file on Linux systems. Yosemite Backup version 8.70 is affected.
  • Ref: http://www.securityfocus.com/bid/32246
  • 08.46.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: sISAPILocation HTTP Header Rewrite Security Bypass
  • Description: sISAPILocation is an Internet Server Application Program Interface (ISAPI) filter for IIS. The application is exposed to a security bypass issue due to which an attacker can bypass HTTP header rewrite function. sISAPILocation versions 1.0.2.1 and earlier are affected.
  • Ref: http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000076.html
  • 08.46.46 - CVE: CVE-2008-4931
  • Platform: Web Application - Cross Site Scripting
  • Title: firmCHANNEL Indoor & Outdoor Digital SIGNAGE Cross-Site Scripting
  • Description: firmCHANNEL Indoor & Outdoor Digital SIGNAGE is an advertising display appliance managed with a web-based interface. The device's management application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "login" parameter of the "index.php" script. firmCHANNEL Indoor & Outdoor Digital SIGNAGE version 3.24 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498042
  • 08.46.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Simple Machines Forum Cross-Site Request Forgery
  • Description: Simple Machine Forum is a PHP based message board. The application is exposed to a cross-site request forgery issue. Attackers can upload arbitrary PHP code to the affected application as an attachment. Simple Machines Forum version 1.1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32119
  • 08.46.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pre ADS Portal Cross-Site Scripting Vulnerabilities and Authentication Bypass
  • Description: Pre ADS Portal is a web application. The application is exposed to multiple remote issues. An attacker can exploit the cross-site scripting issues to execute arbitrary script code within the context of the affected site and steal cookie-based authentication credentials. Pre Projects Pre ADS Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32151
  • 08.46.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Silva "fulltext" Parameter Cross-Site Scripting
  • Description: Silva is a PHP based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "fulltext" parameter of the Silva Find component.
  • Ref: http://holisticinfosec.org/content/view/91/45/
  • 08.46.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Parallels Plesk Billing "new_language" Parameter Cross-Site Scripting
  • Description: Parallels Plesk Billing is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "new_language" parameter of the "index.php" script when the "op" attribute is set to "login". Parallels Plesk Billing version 4.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32185
  • 08.46.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mini Web Calendar Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: Mini Web Calendar is a web-based application. Mini Web Calendar is exposed to multiple input validation issues. An attacker can exploit the local file include vulnerability using directory traversal strings to execute local script code in the context of the application. Mini Web Calendar version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32196
  • 08.46.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: IBM Lotus Quickr is web-based collaboration software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied inputs. Lotus Quickr version 8.1 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013341
  • 08.46.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SoftComplex PHP Image Gallery Multiple SQL Injection Vulnerabilities
  • Description: SoftComplex PHP Image Gallery is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "login" and "password" parameters of the "index.php" script when called with the "action" parameter set to "login". PHP Image Gallery version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32159
  • 08.46.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeltaScripts PHP Links "admin/adm_login.php" Multiple SQL Injection Vulnerabilities
  • Description: DeltaScripts PHP Links is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/adm_login.php" script. PHP Links version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32163
  • 08.46.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WEBBDOMAIN post Card "choosecard.php" SQL Injection
  • Description: WEBBDOMAIN post Card is an ecard application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "choosecard.php" script before using it in an SQL query. WEBBDOMAIN post Card versions 1.01 and 1.02 are affected.
  • Ref: http://www.securityfocus.com/bid/32097
  • 08.46.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vibro-CMS "pId" and "nId" Parameters Multiple SQL Injection Vulnerabilities
  • Description: Vibro-CMS is a PHP based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/32106
  • 08.46.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple WEBBDOMAIN Products Login Screen SQL Injection
  • Description: Multiple WEBBDOMAIN products are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Username" parameter of the login screen before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32108
  • 08.46.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NicLOR Vibro-School-CMS "view_news.php" SQL Injection
  • Description: NicLOR Vibro-School-CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nID" parameter of the "view_news.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32109
  • 08.46.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MicroHellas ToursManager "cityview.php" SQL Injection
  • Description: MicroHellas ToursManager is a travel directory application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cityid" parameter of the "cityview.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32110
  • 08.46.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NicLOR CMS-School 2005 "showarticle.php" SQL Injection
  • Description: NicLOR CMS-School 2005 is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aID" parameter of the "showarticle.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32112
  • 08.46.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Document Management System "login.php" SQL Injection
  • Description: Simple Document Management System is a web-based document storage system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pass" parameter of the "login.php" script before using it in an SQL query. Simple Document Management System version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32114
  • 08.46.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tr Script News "admin/login.php" SQL Injection
  • Description: Tr Script News is a PHP based news application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "login_ad" parameter of the "admin/login.php" script before using it in an SQL query. Tr Script News versions 2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32116
  • 08.46.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpBB2 Small ShoutBox Module "shoutbox_view.php" Multiple SQL Injection Vulnerabilities
  • Description: Small ShoutBox is a PHP based shoutbox module for phpBB2 forum software. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "shoutbox_view.php" script when called with the "mode" parameter set to either "edit" or "delete". Small ShoutBox version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32123
  • 08.46.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Podcast Portal "Tour.php" SQL Injection
  • Description: Pre Podcast Portal is a PHP based application for managing podcasts. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "Tour.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32124
  • 08.46.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Multi-Vendor Shopping Malls "buyer_detail.php" Multiple SQL Injection Vulnerabilities
  • Description: Pre Multi-Vendor Shopping Malls is a PHP based ecommerce platform. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cid" and "sid" parameters of the "buyer_detail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32127
  • 08.46.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Auto Listings Script "moreinfo.php" SQL Injection
  • Description: PHP Auto Listings Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "itemno" parameter of the "moreinfo.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32131
  • 08.46.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Simple CMS "adminlogin.php" SQL Injection
  • Description: Pre Simple CMS is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" field of the "adminlogin.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32132
  • 08.46.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Job Board SQL Injection
  • Description: Pre Job Board is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Admin" field of the administration panel before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32133
  • 08.46.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Real Estate Listings SQL Injection
  • Description: Pre Real Estate Listings is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Admin" field of the administration panel before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32134
  • 08.46.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Five Dollar Scripts Drinks Script "index.php" SQL Injection
  • Description: The Five Dollar Scripts Drinks script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "recid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32137
  • 08.46.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mole Group Airline Ticket Script "info.php" SQL Injection
  • Description: Mole Group Airline Ticket Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "flight" parameter of the "info.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32138
  • 08.46.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mole Group Taxi Dist-Calc Script "login.php" SQL Injection
  • Description: Mole Group Taxi Dist-Calc Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" field of the "login.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32140
  • 08.46.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Develop It Easy News And Article System Multiple SQL Injection Vulnerabilities
  • Description: Develop It Easy News And Article System is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy News And Article System version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32144
  • 08.46.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Develop It Easy Membership System Multiple SQL Injection Vulnerabilities
  • Description: Develop It Easy Membership System is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy Membership System version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32147
  • 08.46.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Develop It Easy Event Calendar Multiple SQL Injection Vulnerabilities
  • Description: Develop It Easy Event Calendar is a web-based calendar application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy Event Calendar version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32148
  • 08.46.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NICE PHP FAQ Script "Admin Panel" SQL Injection
  • Description: NICE PHP FAQ Script is a knowledge base script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pass" field of the "Admin Panel" page.
  • Ref: http://www.securityfocus.com/bid/32150
  • 08.46.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mole Group Pizza Script "index.php" SQL Injection
  • Description: Pizza Script is a PHP-based application for food delivery services. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "manufacturers_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32165
  • 08.46.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TurnkeyForms Business Survey Pro "survey_results_text.php" SQL Injection
  • Description: Business Survey Pro is a PHP-based application for creating surveys. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "survey_results_text.php" script before using it in an SQL query. Business Survey Pro version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32169
  • 08.46.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Domain Shop "admin.php" SQL Injection
  • Description: E-topbiz Domain Shop is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "admin.php" script before using it in an SQL query. E-topbiz Domain Shop version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32170
  • 08.46.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Slide Popups "admin.php" SQL Injection
  • Description: E-topbiz Slide Popups is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "admin.php" script before using it in an SQL query. E-topbiz Slide Popups version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32171
  • 08.46.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EC-CUBE "image" Parameter Multiple SQL Injection Vulnerabilities
  • Description: EC-CUBE is an open source system for creating shopping sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "image" parameter of the "html/products/detail_image.php" script in versions 1.x and the "data/class/pages/products/LC_Page_Products_DetailImage.php" script in version 2.x before using it in an SQL query. EC-CUBE versions 1.x and 2.x are affected.
  • Ref: http://www.securityfocus.com/bid/32177
  • 08.46.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SoftComplex PHP Image Gallery
  • Description: SoftComplex PHP Image Gallery is a web-based photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ctg" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32182
  • 08.46.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Online Store "login.php" SQL Injection
  • Description: E-topbiz Online Store is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "login.php" script before using it in an SQL query. E-topbiz Online Store version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/32188
  • 08.46.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeltaScripts PHP Classifieds "detail.php" SQL Injection
  • Description: DeltaScripts PHP Classifieds is a PHP-based web advertisement application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteid" parameter of the "detail.php" script before using it in an SQL query. DeltaScripts PHP Classifieds version 7.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32191
  • 08.46.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Auto Listings Script "adminlogin.php" SQL Injection
  • Description: PHP Auto Listings Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" and "pass" parameter of the "adminlogin.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32193
  • 08.46.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mole Group Rental Script "admin/login.php" SQL Injection
  • Description: Mole Group Rental Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "admin/login.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32195
  • 08.46.87 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz eStore "index.php" SQL Injection
  • Description: E-topbiz eStore is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "index.php" script before using it in an SQL query. E-topbiz eStore version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32197
  • 08.46.88 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz Number Links 1 "admin/admin_catalog.php" SQL Injection
  • Description: E-topbiz Number Links 1 is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "admin/admin_catalog.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32198
  • 08.46.89 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple MyioSoft Products Login Screen SQL Injection
  • Description: Multiple MyioSoft products are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Username" parameter of the login screen before using it in an SQL query. Ajax Portal version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32199
  • 08.46.90 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyioSoft EasyBookMarker "bookmarker_backend.php" SQL Injection
  • Description: EasyBookMarker is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Parent" parameter of the "bookmarker_backend.php" script before using it in an SQL query. EasyBookMarker version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32200
  • 08.46.91 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Domain Seller Pro "index.php" SQL Injection
  • Description: Domain Seller Pro is PHP-based application designed for reselling domain names to users. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Domain Seller Pro version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32201
  • 08.46.92 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MemHT Portal "lang/english.php" SQL Injection
  • Description: MemHT Portal is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "lang/english.php" script when the "op" parameter is set to "readArticle" before using it in an SQL query. MemHT Portal version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32210
  • 08.46.93 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: V3 Chat Profiles/Dating Script SQL Injection Vulnerabilities
  • Description: V3 Chat Profiles/Dating Script is a web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the administrative section. V3 Chat Profiles/Dating Script version 3.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32214
  • 08.46.94 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digiappz DigiAffiliate Script SQL Injection Vulnerabilities
  • Description: DigiAffiliate is a web application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin" and "password" fields of the "login.asp" script. DigiAffiliate versions 1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32217
  • 08.46.95 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mole Group Airline Ticket Script "username" SQL Injection
  • Description: Mole Group Airline Ticket Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the administration panel before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32219
  • 08.46.96 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Exocrew ExoPHPDesk "username" SQL Injection
  • Description: ExoPHPDesk is a web-based helpdesk application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the administration panel before using it in an SQL query. ExoPHPDesk version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32220
  • 08.46.97 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZEEMATRI "bannerclick.php" SQL Injection
  • Description: ZEEMATRI is web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "bannerclick.php" script before using it in an SQL query. ZEEMATRI version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32221
  • 08.46.98 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 advCalendar Extension Unspecified SQL Injection
  • Description: TYPO3 advCalendar ("advcalendar") is an extension for the TYPO3 content manager. The extension is not a part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 advCalendar version 0.3.1 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
  • 08.46.99 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 CMS Poll System Extension Unspecified SQL Injection
  • Description: TYPO3 CMS Poll system ("cms_poll") is an extension for the TYPO3 content manager. The extension is not a part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 CMS Poll system versions prior to 0.1.1 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
  • 08.46.100 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! JooBlog Component "PostID" Parameter SQL Injection
  • Description: JooBlog is a plugin that provides blog functionality for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PostID" parameter of the "com_jb2" component before using it in an SQL query. JooBlog version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32236
  • 08.46.101 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Dizi Portali "film.asp" SQL Injection
  • Description: Dizi Portali is an ASP based web portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "film" parameter of the "film.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32239
  • 08.46.102 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AJPoll Security Bypass and SQL Injection Vulnerabilities
  • Description: AJPoll is a PHP-based application used to manage polls. The application is exposed to multiple security issues. Exploiting the security bypass issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
  • Ref: http://www.securityfocus.com/bid/32245
  • 08.46.103 - CVE: Not Available
  • Platform: Web Application
  • Title: DeltaScripts PHP Classifieds "admin/login.php" Multiple SQL Injection Vulnerabilities
  • Description: DeltaScripts PHP Classifieds is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/login.php" script. PHP Classifieds version 7.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32161
  • 08.46.104 - CVE: Not Available
  • Platform: Web Application
  • Title: DeltaScripts PHP Shop "admin/login.php" Multiple SQL Injection Vulnerabilities
  • Description: DeltaScripts PHP Shop is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/login.php" script. PHP Shop version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32162
  • 08.46.105 - CVE: Not Available
  • Platform: Web Application
  • Title: TBmnetCMS "index.php" Local File Include
  • Description: TBmnetCMS is a PHP-based content manager. TBmnetCMS is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "index.php" script. TBmnetCMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32087
  • 08.46.106 - CVE: CVE-2008-4413
  • Platform: Web Application
  • Title: HP System Management Homepage Unspecified Security Bypass
  • Description: HP System Management Homepage (SMH) is a web-based interface used to simplify the management of servers. The application is exposed to a security bypass issue caused by an unspecified error. HP System Management Homepage (SMH) versions 2.2.6 and earlier running on HP-UX B.11.11 and B.11.23 are affected. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01586921
  • 08.46.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Multi Languages WebShop Online Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: Multi Languages WebShop Online is a PHP-based ecommerce application. Since it fails to sufficiently sanitize user-supplied data, Multi Languages Webshop Online is exposed to multiple input validation issues. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1
  • 08.46.108 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Onguma Time Sheet Component Remote File Include
  • Description: Onguma Time Sheet is a time sheet component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the component's "onguma.class.php" script. Onguma Time Sheet version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32095
  • 08.46.109 - CVE: Not Available
  • Platform: Web Application
  • Title: VirtueMart Google Base (Froogle) Component "admin.googlebase.php" Remote File Include
  • Description: VirtueMart Google Base (Froogle) Component is a bulk upload utility for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "administrator/components/com_googlebase/admin.googlebase.php" script. VirtueMart Google Base (Froogle) Component version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32098
  • 08.46.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Sitoincludefile in PHP "includefile.php" Local File Include
  • Description: Sitoincludefile in PHP is a web-based script. Sitoincludefile in PHP is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page_file" parameter of the "includefile.php" script.
  • Ref: http://www.securityfocus.com/bid/32111
  • 08.46.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Pro Desk Support Center "include_file" Parameter Local File Include
  • Description: Pro Desk Support Center is a customer support plugin for the Mambo and Joomla! content managers. Pro Desk Support Center is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "include_file" parameter of the "com_pro_desk" module. Pro Desk Support Center versions 1.0 and 1.2 are affected.
  • Ref: http://www.securityfocus.com/bid/32113
  • 08.46.112 - CVE: Not Available
  • Platform: Web Application
  • Title: DHCart Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: DHCart is a PHP based shopping cart. The application is exposed to multiple cross-site scripting and HTML injection issues because it fails to sufficiently sanitize user-supplied data. DHCart version 3.84 is affected.
  • Ref: http://www.securityfocus.com/bid/32116
  • 08.46.113 - CVE: Not Available
  • Platform: Web Application
  • Title: PTK "file_content.php" Arbitrary Command Execution and Unspecified Input Validation Vulnerabilities
  • Description: PTK is a graphical interface for the Sleuthkit Interface computer forensics tool. PTK is exposed to an issue that lets attackers execute arbitrary commands because it fails to properly sanitize user-supplied input. This issue is due to a "shell_exec()" system call on unsanitized input in the "ptk/lib/file_content.php" script. PTK versions prior to 1.0.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498081
  • 08.46.114 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Dada Mail Manager Component Remote File Include
  • Description: Dada Mail Manager is a component for the Joomla! content manager. The application component for Joomla! is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[mosConfig_absolute_path]" parameter of the component's "config.dadamail.php" script.
  • Ref: http://www.securityfocus.com/bid/32135
  • 08.46.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Content Construction Kit Module HTML Injection Vulnerabilities
  • Description: Content Construction Kit is a third party component for Drupal. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to unspecified field labels and content type names before using it in dynamically generated content. Content Construction Kit versions prior to 5.x-1.10 and prior to 6.x-2.0 are affected.
  • Ref: http://drupal.org/node/330546
  • 08.46.116 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Machines Forum "Themes.php" Local File Include
  • Description: Simple Machines Forum is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme_dir" parameter of the "Themes.php" script. Simple Machines Forum up to and including version 1.1.6 are affected.
  • Ref: http://www.securityfocus.com/bid/32139
  • 08.46.117 - CVE: Not Available
  • Platform: Web Application
  • Title: CuteNews "config_skin" Parameter Local File Include
  • Description: CuteNews is a PHP-based news management system. CuteNews is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "config_skin" parameter of the "register.php" script. CuteNews version 1.4.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32142
  • 08.46.118 - CVE: Not Available
  • Platform: Web Application
  • Title: Develop It Easy Photo Gallery Multiple SQL Injection Vulnerabilities
  • Description: Develop It Easy Photo Gallery is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Photo Gallery version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32145
  • 08.46.119 - CVE: Not Available
  • Platform: Web Application
  • Title: Arab Portal "file" Parameter Local File Include
  • Description: Arab Portal is a web portal application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "mod.php" script when the "mod" parameter is set to "html". Arab Portal version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498092
  • 08.46.120 - CVE: Not Available
  • Platform: Web Application
  • Title: BigDump ".sql" Arbitrary File Upload
  • Description: BigDump is a PHP-based, staggered MySQL dump importer application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "bigdump.php" script. BigDump version 0.29b is affected.
  • Ref: http://www.securityfocus.com/archive/1/498093
  • 08.46.121 - CVE: Not Available
  • Platform: Web Application
  • Title: MySQL Quick Admin "actions.php" Local File Include
  • Description: MySQL Quick Admin is a web-based MySQL management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "actions.php" script. MySQL Quick Admin version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32157
  • 08.46.122 - CVE: Not Available
  • Platform: Web Application
  • Title: LoveCMS "images.php" Arbitrary File Deletion
  • Description: LoveCMS is a PHP-based content manager. The application is exposed to an issue that allows attackers to delete arbitrary files because it fails to properly sanitize user-supplied input to the "delete" parameter of the "images.php" script. LoveCMS version 1.6.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32158
  • 08.46.123 - CVE: Not Available
  • Platform: Web Application
  • Title: U&M Software Multiple Products Authentication Bypass Vulnerabilities
  • Description: U&M Software products, including JustBookIt, JustListIt, and Signup are web-based applications. The applications are exposed to multiple authentication bypass issues. U&M Software products versions JustBookIt 1.0, JustListIt 1.0 and Signup 1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32166
  • 08.46.124 - CVE: Not Available
  • Platform: Web Application
  • Title: TestLink Multiple HTML Injection Vulnerabilities
  • Description: TestLink is a PHP-based testing suite. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "Testcaseprefixes" field of the "projectview.tpl" script and also user-supplied input to the "Testproject Names" and "Testplan Names" fields of the "planEdit.php" script. TestLink versions prior to 1.8 RC1 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=638751
  • 08.46.125 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Entertainment Portal Cookie Authentication Bypass
  • Description: TurnkeyForms Entertainment Portal a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Entertainment Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32174
  • 08.46.126 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Software Directory SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: TurnkeyForms Software Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script. Software Directory version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32175
  • 08.46.127 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Local Classifieds SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: TurnkeyForms Local Classifieds is a web-based application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "r" parameter of the "listtest.php" script.
  • Ref: http://www.securityfocus.com/bid/32176
  • 08.46.128 - CVE: Not Available
  • Platform: Web Application
  • Title: e-Vision CMS Multiple Local File Include Vulnerabilities
  • Description: e-Vision CMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. e-Vision CMS version 2.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32180
  • 08.46.129 - CVE: Not Available
  • Platform: Web Application
  • Title: PrestaShop Prior to 1.1 Beta 2 Multiple Unspecified Security Vulnerabilities
  • Description: PrestaShop is a PHP-based ecommerce application. The application is exposed to multiple remote security issues caused by unspecified errors. PrestaShop versions prior to 1.1 beta 2 are affected.
  • Ref: http://www.prestashop.com/download/changelog_1.1.0.1.txt
  • 08.46.130 - CVE: Not Available
  • Platform: Web Application
  • Title: Clickheat "mosConfig_absolute_path" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Clickheat is a module for the Mambo and Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Clickheat version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32190
  • 08.46.131 - CVE: Not Available
  • Platform: Web Application
  • Title: Recly! Competitions Component "mosConfig_absolute_path" Multiple Remote File Include Vulnerabilities
  • Description: Recly! Competitions Component is a text-based contest application for the Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. Recly! Competitions Component version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32192
  • 08.46.132 - CVE: Not Available
  • Platform: Web Application
  • Title: Recly Feederator "mosConfig_absolute_path" Multiple Remote File Include Vulnerabilities
  • Description: Recly Feederator is a RSS manager component for the Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. Recly Feederator version 1.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32194
  • 08.46.133 - CVE: Not Available
  • Platform: Web Application
  • Title: Indiscripts Enthusiast "show_joined.php" Remote File Include
  • Description: Indiscripts Enthusiast is a PHP-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "show_joined.php" script. Indiscripts Enthusiast version 3.1.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498161
  • 08.46.134 - CVE: Not Available
  • Platform: Web Application
  • Title: MoinMoin Cross-Site Scripting and Information Disclosure Vulnerabilities
  • Description: MoinMoin is a freely available, opensource wiki written in Python. It is available for Unix and Linux platforms. MoinMoin is exposed to cross-site scripting and information disclosure issues because it fails to sanitize user-supplied input. MoinMoin versions 1.5.9 and 1.8.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498166
  • 08.46.135 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple V3 Chat Products Cookie Authentication Bypass
  • Description: Multiple products from V3 Chat are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie-based authentication. Profiles/Dating Script version 3.0.2 and Live Support 3.0.4 are affected.
  • Ref: http://v3chat.com/profiles.php
  • 08.46.136 - CVE: Not Available
  • Platform: Web Application
  • Title: Cyberfolio "theme" Parameter Local File Include
  • Description: Cyberfolio is a web-based application. Cyberfolio is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme" parameter of the "portfolio/css.php" script. Cyberfolio versions 7.12.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32218
  • 08.46.137 - CVE: Not Available
  • Platform: Web Application
  • Title: Zeeways SHAADICLONE "admin/home.php" Authentication Bypass
  • Description: Zeeways SHAADICLONE is web-based matrimonial application. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "admin/home.php" script because the application fails to restrict access to it. Zeeways SHAADICLONE version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32222
  • 08.46.138 - CVE: Not Available
  • Platform: Web Application
  • Title: Zeeways PHOTOVIDEOTUBE "admin/home.php" Authentication Bypass
  • Description: Zeeways PHOTOVIDEOTUBE is PHP-based application used to share photos and videos. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "admin/home.php" script because the application fails to restrict access to it. Zeeways PHOTOVIDEOTUBE version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32223
  • 08.46.139 - CVE: Not Available
  • Platform: Web Application
  • Title: ZEEPROPERTY Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
  • Description: ZEEPROPERTY is a web-based application. The application is exposed to an issue that lets attackers upload and execute arbitrary code. The issue occurs because the software fails to properly sanitize user-supplied input in the "viewprofile.php" script. ZEEPROPERTY version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32224
  • 08.46.140 - CVE: Not Available
  • Platform: Web Application
  • Title: ZEEJOBSITE Arbitrary File Upload
  • Description: ZEEJOBSITE is a web-based application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "editresume_next.php" script. ZEEJOBSITE version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32225
  • 08.46.141 - CVE: Not Available
  • Platform: Web Application
  • Title: Trac Denial of Service and Phishing Vulnerabilities
  • Description: Trac is a web-based project management application. The application is exposed to multiple issues. Attackers may exploit these issues to perform phishing attacks or cause a denial of service condition. Trac versions prior to 0.11.2 are affected.
  • Ref: http://trac.edgewall.org/wiki/ChangeLog
  • 08.46.142 - CVE: Not Available
  • Platform: Web Application
  • Title: x10 Automatic MP3 Script "url" Parameter File Disclosure
  • Description: x10 Automatic MP3 Script is a PHP-based search engine. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "download.php" script. x10 Automatic MP3 Script versions up to and including 1.6 are affected.
  • Ref: http://www.securityfocus.com/bid/32227
  • 08.46.143 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 "eluna_pagecomments" Extension SQL Injection and Cross- Site Scripting Vulnerabilities
  • Description: "eluna_pagecomments" is an extension to TYPO3 content manager. The extension is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to certain unspecified parameters. "eluna_pagecomments" extension version 1.1.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
  • 08.46.144 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Metrica Service Assurance Framework Cross-Site Scripting and HTML Injection Vulnerabilities
  • Description: IBM Metrica Service Assurance Framework is a framework that implements a distributed, object-oriented J2EE architecture. The application is exposed to multiple input validation issues. Attacker supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065520.html
  • 08.46.145 - CVE: Not Available
  • Platform: Web Application
  • Title: OTManager "Admin/ADM_Pagina.php" Remote File Include
  • Description: OTManager is a PHP-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "Tipo" parameter of the "Admin/ADM_Pagina.php" script. OTManager version 2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32235
  • 08.46.146 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 Wir ber uns Extension SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Wir ber uns is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to certain unspecified parameters. Wir ber uns extension version 0.0.24 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/
  • 08.46.147 - CVE: Not Available
  • Platform: Web Application
  • Title: Free simple PHP guestbook "act.php" Arbitrary Script Injection
  • Description: Free simple PHP guestbook is a PHP-based content manager. The application is exposed to an arbitrary script injection issue due to a failure to sanitize user-supplied input to the "message" parameter of the "act.php" script. An attacker can exploit this issue to execute arbitrary script code in the context of the web server.
  • Ref: http://www.securityfocus.com/bid/32240
  • 08.46.148 - CVE: Not Available
  • Platform: Web Application
  • Title: AJ Auction Pro Authentication Bypass Vulnerabilities
  • Description: AJ Auction Pro is a web-based application. The applications are exposed to multiple authentication bypass issues. An attacker accessing the scripts can effectively bypass the intended security measures and gain administrative access to the application.
  • Ref: http://www.securityfocus.com/bid/32243
  • 08.46.149 - CVE: Not Available
  • Platform: Network Device
  • Title: Siemens SpeedStream 5200 HTTP Host Spoofing Authentication Bypass
  • Description: Siemens SpeedStream 5200 is a ADSL modem and router hardware device. The router is exposed to an authentication bypass issue that may allow attackers to gain access to a router's administration interface. Successfully exploiting this issue will allow attackers to gain unauthorized administrative access to the affected device.
  • Ref: http://www.securityfocus.com/bid/32203
  • 08.46.150 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple 2Wire DSL Routers "xslt" HTTP Request Denial of Service
  • Description: 2Wire DSL routers are networking devices that use a web-based management interface. Multiple 2Wire DSL routers are exposed to a denial of service issue because it fails to adequately handle specially crafted HTTP requests. The issue occurs when the HTTP service handles requests to "xslt" followed by "%" and a non-alphanumeric character.
  • Ref: http://www.securityfocus.com/bid/32211
  • 08.46.151 - CVE: Not Available
  • Platform: Hardware
  • Title: Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial of Service
  • Description: VTP (VLAN Trunking Protocol) is a Cisco protocol used for VLAN centralized management. Cisco IOS and Cisco CatOS are exposed to a remote denial of service issue that occurs when handling specially crafted VTP packets. Attackers would need local area network access to the affected computer and the device must be operating using server or client VTP mode. Ref: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml#status

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Topical information that can immediately be applied and shared in the workplace.
-Blair Campbell, Bank of Nova Scotia

SANS 2010-skycomp

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT