@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 46
November 13, 2008

This week has two critical Microsoft problems; one critical Firefox problem and one critical ClamAV (anti-virus tool) problem, but what is remarkable about this week is that we are reporting 150 new vulnerabilities. The weekly number hasn't exceeded 100 more than a few times in the last two years. We'll see shortly whether the increase is permanent. Even if not, it is crystal clear that web application programmers are writing a LOT of bad code and their bosses are either ignorant of the problem or negligent in exercising their management authority. Alan.

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

- Category
- # of Updates & Vulnerabilities
- Platform Number of Updates and Vulnerabilities
- - ------------------------ -------------------------------------
- Windows
- 2 (#1, #2)
- Third Party Windows Apps
- 2 (#6)
- Linux
- 7
- Solaris
- 2
- Apple
- 1 (#5)
- Unix
- 1
- Cross Platform
- 32 (#3, #4)
- Web Application - Cross Site Scripting
- 7
- Web Application - SQL Injection
- 50
- Web Application
- 46
- Network Device
- 2
- Hardware
- 1

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/cdi08/ - - London (12/1- 12/9) http://sans.org/london08/ - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ - - Las Vegas (1/24-2/01) http://sans.org/securitywest09/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

(1) CRITICAL: Microsoft XML Core Services Multiple Vulnerabilities (MS08-069)
(2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
(4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
(5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
(6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

************************ SPONSORED LINK *********************************

1) Come hear about the most valuable research projects in SCADA security today. SANS SCADA Summit - February 2-3 - Orlando http://www.sans.org/info/35279

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software

(1) CRITICAL: Microsoft XML Core Services Multiple Vulnerabilities (MS08-069)
Affected:
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
- Microsoft Windows Vista
- Microsoft Windows Server 2008
- Microsoft Office
Description: Microsoft XML Core Services are a collection of components in various Microsoft products that are used to parse XML content. These components contain multiple vulnerabilities in their handling of a variety of XML content. A specially crafted web page containing XML data could trigger a memory corruption vulnerability leading to remote code execution with the privileges of the current user. Other vulnerabilities could lead to information disclosure or cross site scripting vulnerabilities. Some technical details and a proof-of-concept are publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
- Microsoft Security Bulletin
- http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx
- SANS Internet Storm Center Handler's Diary Entry
- http://isc.sans.org/diary.html?storyid=2181&rss
- Posting by Michal Zalewski
- http://www.securityfocus.com/archive/1/455965
- Proof-of-Concept (direct link)
- http://lcamtuf.coredump.cx/iediex/iediex.html
- SecurityFocus BIDs
- http://www.securityfocus.com/bid/32204
- http://www.securityfocus.com/bid/21872
- http://www.securityfocus.com/bid/32155

(2) CRITICAL: Microsoft SMB Credential Stealing Vulnerability (MS08-068)
Affected:
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
- Microsoft Windows Vista
- Microsoft Windows Server 2008
Description: SMB is the Server Message Block, the protocol used by Microsoft Windows to share files, printers, and other operating system services. SMB is also known as the Common Internet Filesystem (CIFS). The implementation of SMB on Microsoft Windows supports authenticating SMB users and servers via NTLM (an authentication protocol originated on Microsoft Windows NT). Microsoft Windows fails to properly implement the credential protection mechanisms in NTLM. If a user were tricked into accessing a malicious SMB server, that server could then immediately used the provided credentials to access the victim's machine via SMB (an attack known as "credential reflection"). This would allow an attacker to execute arbitrary commands and code with the privileges of the current user. Note that a user must first be convinced to connect to a malicious SMB server. This could be accomplished via a web page or email message. A proof-of-concept for this vulnerability is publicly available. This vulnerability has been publicly known, but not confirmed, since 2003.
Status: Vendor confirmed, updates available.
References:
- Microsoft Security Bulletin
- http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx
- Proof-of-Concept
- http://downloads.securityfocus.com/vulnerabilities/exploits/backrush.patch .README"> http://downloads.securityfocus.com/vulnerabilities/exploits/backrush.patch .READM
  E
- http://downloads.securityfocus.com/vulnerabilities/exploits/backrush.patch
- Wikipedia Article on Replay Attacks, a similar type of attack
- http://en.wikipedia.org/wiki/Replay_attack
- SecurityFocus BID
- http://www.securityfocus.com/bid/7385

(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
Affected:
- Mozilla Firefox versions 3.x
- Mozilla SeaMonkey versions 1.1.x
- Mozilla Thunderbird versions 2.x
Description: Mozilla Firefox contains multiple vulnerabilities in its handling of a variety of inputs. Flaws in the processing of web pages, script input, URIs, XML documents, JAR files, and other input can lead to a variety of vulnerabilities including arbitrary code execution with the privileges of the current user. Due to the shared codebase among the various Mozilla products, Mozilla SeaMonkey and Mozilla Thunderbird are also vulnerable to some of these issues. Full technical details for these vulnerabilities are publicly available via source code analysis.
Status: Vendor confirmed, updates available.
References:
- Mozilla Advisories
- http://www.mozilla.org /security/announce/2008/mfsa2008-51.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-51.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-52.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-52.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-53.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-53.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-54.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-54.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-55.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-55.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-56.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-56.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-57.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-57.html
- http://www.mozilla.org /security/announce/2008/mfsa2008-58.html"> http://www.mozilla.org /security/announce/2008/mfsa2008-58.html
- Mozilla Home Page
- http://www.mozilla.org
- SecurityFocus BID
- http://www.securityfocus.com/bid/32281

(4) CRITICAL: ClamAV Unicode Processing Buffer Overflow
Affected:
- ClamAV versions prior to 0.94.1
Description: ClamAV (Clam Anti-Virus) is a popular open source antivirus solution. It is often deployed on mail servers to actively scan email messages for viruses and other malware. It contains a flaw in its processing of Microsoft Visual Basic project files. A specially crafted file could trigger this flaw, leading to a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. An attacker could exploit this vulnerability by sending an email to a server known to use ClamAV to process email messages. Full technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available.
References:
- Posting by Moritz Jodeit
- http://www.securityfocus.com/archive/1/498169
- Product Home Page
- http://www.clamav.net/
- SecurityFocus BID
- http://www.securityfocus.com/bid/32207

(5) HIGH: Apple Multiple Products Multiple Image Processing Vulnerabilities
Affected:
- Apple Aperture 2 when running on versions of Mac OS X 10.4.11 or prior
- Apple iLife 8.0 when running on versions of Mac OS X 10.4.11 or prior
Description: Apple Aperture is a popular photograph processing application for Apple Mac OS X. Apple iLife is a suite of applications for media management, web publishing, and other tasks for Apple Mac OS X. These applications contain flaws in the processing of a variety of image formats when they are installed on Apple Mac OS X versions 10.4.11 or prior. A specially crafted image could trigger one of these vulnerabilities. Successfully exploiting one of these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for these vulnerabilities. Note that images are not opened by the vulnerable applications without prompting by default.
Status: Vendor confirmed, updates available.
References:
- Apple Security Bulletin
- http://support.apple.com/kb/HT3276
- Secunia Advisory
- http://secunia.com/advisories/32688/
- Product Home Pages
- http://www.apple.com/aperture/
- http://www.apple.com/ilife/
- SecurityFocus BID
- http://www.securityfocus.com/bid/30832

(6) HIGH: SAP GUI ActiveX Control Remote Code Execution Vulnerability
Affected:
- SAP GUI versions 7.x and prior
Description: SAP GUI is a graphical user interface (GUI) to the SAP Enterprise Resource Planning application. Part of its functionality is provided via an ActiveX control. This control contains a remote code execution vulnerability in its handling of input. A malicious web page that instantiated this control could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user.
Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism, using CLSID "B01952B0-AF66-11D1-B10D-0060086F6D97". Note that this could affect normal application functionality.
References:
- US-CERT Vulnerability Note
- http://www.kb.cert.org/vuls/id/277313
- SAP Vulnerability Note
- https://websmp130.sap-ag.de/sap/support/notes/1142431
- Microsoft Knowledge Base Article (details the "kill bit" mechanism)
- http://support.microsoft.com/kb/240797
- SAP Home Page
- http://www.sap.com
- SecurityFocus BID
- http://www.securityfocus.com/bid/32186

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

08.46.1 - CVE: Not Available
Platform: Windows
Title: Microsoft Windows "UnhookWindowsHookEx" Local Denial of Service
Description: Microsoft Windows 2003 and Windows Vista are exposed to a local denial of service issue. This issue stems from an error affecting multiple calls to "UnhookWindowsHookEx" and SwitchDesktop. Windows 2003 and Windows Vista are affected.
Ref: http://www.securityfocus.com/bid/32206/references

08.46.2 - CVE: CVE-2008-4817
Platform: Third Party Windows Apps
Title: NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow
Description: NOS Microsystems getPlus Download Manager is a download agent which includes an ActiveX control for Microsoft Windows clients. The getPlus ActiveX control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. getPlus Download Manager version 1.2.2.50 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754

08.46.3 - CVE: CVE-2008-4387
Platform: Third Party Windows Apps
Title: SAP AG SAPgui "mdrmsap.dll" ActiveX Control Remote Code Execution
Description: SAP AG SAPgui is a graphical user interface feature included in various SAP applications. The application is exposed to a remote code execution issue that occurs in the "mdrmsap.dll".
Ref: http://www.kb.cert.org/vuls/id/277313

08.46.4 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "hfsplus_find_cat()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly bounds check data before copying it to an insufficiently sized memory buffer. The problem occurs in the "hfsplus_find_cat()" function of the "fs/hfsplus/catalog.c" source file. Linux kernel versions prior to 2.6.28-rc1 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

08.46.5 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "tvaudio.c" Operations NULL Pointer Dereference Denial of Service
Description: The Linux kernel is exposed to a local denial of service issue. This vulnerability stems from potential NULL pointer dereference exception errors in the source code file "drivers/video/tvaudio.c". Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Linux kernel versions prior to 2.6.25.19 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ba2f67afb02c5302b2898949ed6fc3b3d37dcf1

08.46.6 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "hfsplus_block_allocate()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly check return values before proceeding with further operations. The problem occurs in the "hfsplus_block_allocate()" function of the "fs/hfsplus/bitmap.c" source file. The function fails to properly validate return values from calls to "read_mapping_page()" before using them in memory mapping operations. Linux kernel versions prior to 2.6.28-rc1 are affected. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

08.46.7 - CVE: CVE-2008-3527
Platform: Linux
Title: Linux Kernel VDSO Unspecified Privilege Escalation
Description: The Linux Kernel is exposed to a local privilege escalation issue. This issue results from insufficient bounds checking in the "syscall()" and "syscall_nopage32()" function calls in the Virtual Dynamic Shared Object (VDSO) implementation. Linux kernel versions prior to 2.6.20-git5 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=460251

08.46.8 - CVE: CVE-2008-4395
Platform: Linux
Title: Linux Kernel "ndiswrapper" Remote Buffer Overflow
Description: "ndiswrapper" is a driver wrapper for Linux Kernel that enables the use of Microsoft Windows drivers for wireless network devices. The Linux Kernel is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. kernel version 2.6.27 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=239371

08.46.9 - CVE: Not Available
Platform: Linux
Title: Linux Kernel "__scm_destroy()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly close sockets under specific circumstances. The problem occurs in the "__scm_destroy()" function of the "/net/core/scm.c" source code file and is related to recursive function calls when closing a socket via the "fput()" function call. The Linux kernel versions 2.6.26 and earlier are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470201

08.46.10 - CVE: Not Available
Platform: Linux
Title: cluster Multiple Insecure Temporary File Creation Vulnerabilities
Description: The cluster program is a freely available application for creating clusters on Linux systems. Multiple components of the application are exposed to a security issue that allows attackers to create temporary files in an insecure manner. cluster versions prior to 2.03.09 are affected.
Ref: http://www.securityfocus.com/bid/32179

08.46.11 - CVE: Not Available
Platform: Solaris
Title: Sun Solaris DHCP Denial of Service And Remote Code Execution Vulnerabilities
Description: DHCP daemon is used for dynamically assigning IP addresses to network devices. The DHCP server daemon in Sun Solaris is exposed to multiple issues when handling specially crafted DHCP requests. Attackers can exploit these issues to execute arbitrary code with root privileges or cause the DHCP server daemon to crash.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243806-1

08.46.12 - CVE: Not Available
Platform: Solaris
Title: Sun Solstice X.25 "/dev/xty" Local Denial of Service
Description: Solstice X.25 is an application used for communicating across X.25 networks. Solstice X.25 is exposed to a denial of service issue. Specifically, a local user with read privileges to the "/dev/xty" file may panic a system with multiple CPUs. X.25 version 9.2 on both x86 and SPARC platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243106-1

08.46.13 - CVE: CVE-2008-4989
Platform: Unix
Title: GnuTLS X.509 Certificate Chain Security Bypass
Description: GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. It is maintained by GNU and is available for UNIX and Linux variants. GnuTLS is exposed to a security bypass issue because it fails to properly validate chained X.509 certificates. GnuTLS versions prior to 2.6.1 are affected.
Ref: http://www.gnu.org/software/gnutls/security.html

08.46.14 - CVE: CVE-2008-4414
Platform: Cross Platform
Title: HP Tru64 UNIX AdvFS "showfile" Command Local Privilege Escalation
Description: The AdvFS "showfile" command displays attributes of AdvFS files and directories. HP Tru64 UNIX is exposed to a local privilege escalation issue affecting the AdvFS "showfile" command. HP Tru64 UNIX versions v5.1B-4 and v5.1B-3 are affected.
Ref: http://www.securityfocus.com/archive/1/498113

08.46.15 - CVE: CVE-2008-2992
Platform: Cross Platform
Title: Adobe Reader "util.printf()" JavaScript Function Stack Buffer Overflow
Description: Adobe Reader is an application for viewing PDF files. Adobe Reader is exposed to a stack based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/498027

08.46.16 - CVE: Not Available
Platform: Cross Platform
Title: FFmpeg "libswscale" Buffer Overflow
Description: FFmpeg is an open source solution for handling audio and video data. The "libswscale" component is a video scaling library. The "libswscale" library is exposed to a buffer overflow that occurs in the "swscale.c" source file when malformed height values are used with the "yuv2rgb" converter. Ref: http://git.mplayerhq.hu/?p=libswscale;a=commitdiff;h=72ba9cadc4e2c23e3763a03fc06c1993ec280f08

08.46.17 - CVE: Not Available
Platform: Cross Platform
Title: libsamplerate Buffer Overflow
Description: libsamplerate (Secret Rabbit Code) is a sample rate converter library. The library is exposed to a buffer overflow that occurs when handling low conversion ratios. Successful exploits may allow attackers to execute arbitrary code within the context of an affected application.
Ref: http://www.mega-nerd.com/SRC/index.html

08.46.18 - CVE: CVE-2008-4812, CVE-2008-4813, CVE-2008-4814,CVE-2008-4815
Platform: Cross Platform
Title: Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities
Description: Adobe Acrobat and Reader are freely available, proprietary applications to handle PDF documents. Adobe Acrobat and Reader are exposed to multiple security issues. Attackers can exploit these issues to execute arbitrary code, elevate privileges, or cause a denial of service condition.
Ref: http://www.securityfocus.com/archive/1/498058

08.46.19 - CVE: Not Available
Platform: Cross Platform
Title: XWork "ParameterInterceptor" Class OGNL Security Bypass
Description: XWork is a command pattern framework; it is used in Apache Struts 2 and other applications. XWork is exposed to a security bypass issue because it fails to adequately handle user-supplied input. XWork versions prior to 2.0.6 are affected.
Ref: http://jira.opensymphony.com/browse/XW-641

08.46.20 - CVE: Not Available
Platform: Cross Platform
Title: Aruba Networks ArubaOS SNMP Community String Information Disclosure
Description: ArubaOS is the operating system used by various Aruba Networks network devices, including the Aruba Mobility Controller. ArubaOS is exposed to a remote information disclosure issue related to its implementation of the Simple Network Management Protocol. ArubaOS version 3.3.2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/498033

08.46.21 - CVE: CVE-2008-4816
Platform: Cross Platform
Title: getPlus Download Manager Unauthorized Access
Description: getPlus Download Manager is an application that manages internet file downloads. getPlus Download Manager is exposed to a security issue that may allow unauthorized modifications of Internet options on affected computers.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-19.html

08.46.22 - CVE: Not Available
Platform: Cross Platform
Title: Novell Access Manager Local Browser Security Bypass
Description: Novell Access Manager is an identity management product that provisions user/password management for the enterprise. The application is exposed to a security bypass issue when configured to use X.509 authentication. This issue is the result of the web browser's SSL cache not being properly cleared when the user logs out of Access Manager.
Ref: http://www.novell.com/support/viewContent.do?externalId=7001788

08.46.23 - CVE: Not Available
Platform: Cross Platform
Title: libcdaudio "cddb.c" Remote Heap Buffer Overflow
Description: libcdaudio is a library for CD audio playback. It includes support for data lookups against a CDDB server. The application is exposed to a remote heap buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. libcdaudio version 0.99.12p2 is affected. Ref: http://sourceforge.net/tracker/index.php?func=detail&aid=1288043&group_id=27134&atid=389442

08.46.24 - CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player Multiple Stack Based Buffer Overflow Vulnerabilities
Description: VLC is a cross platform media player. VLC is exposed to multiple stack based buffer overflow issues because it fails to perform adequate checks on user-supplied input. These issues occur when parsing CUE image files and RealText subtitle files. VLC media player versions prior to 0.9.6 are affected.
Ref: http://www.videolan.org/security/sa0810.html

08.46.25 - CVE: Not Available
Platform: Cross Platform
Title: Multiple Pre Projects Products Cookie Authentication Bypass
Description: Multiple Pre Projects products are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie based authentication. Attackers can exploit this vulnerability to gain administrative access to the affected applications, which may aid in further attacks.
Ref: http://www.securityfocus.com/bid/32126

08.46.26 - CVE: CVE-2008-4818, CVE-2008-4819, CVE-2008-4820,CVE-2008-4821, CVE-2008-4822, CVE-2008-4823
Platform: Cross Platform
Title: Adobe Flash Player Multiple Security Vulnerabilities
Description: Adobe Flash Player is a multimedia application for Microsoft Windows, Mozilla, and Apple technologies. Adobe Flash Player is exposed to multiple security issues. Attackers can exploit these issues to disclose sensitive information, steal cookie based authentication credentials, control how web pages are rendered, or execute arbitrary script code in the context of the application. Adobe Flash Player versions 9.0.124.0 and earlier are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-20.html

08.46.27 - CVE: CVE-2008-4831
Platform: Cross Platform
Title: Adobe ColdFusion Local Information Disclosure and Local Privilege Escalation
Description: Adobe ColdFusion is an application for developing websites; it is available for various operating systems. The application is exposed to an issue that can result in privilege escalation or information disclosure. ColdFusion versions 8, 8.0.1 and ColdFusion MX 7.0.2 Solution are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-21.html

08.46.28 - CVE: Not Available
Platform: Cross Platform
Title: CuteNews aj-fork "path" Parameter Remote File Include
Description: CuteNews aj-fork is a PHP based news and web-blog application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "example.php" script. CuteNews aj-fork version 167 final is affected.
Ref: http://www.securityfocus.com/bid/32141

08.46.29 - CVE: Not Available
Platform: Cross Platform
Title: Sun System Firmware Unspecified Local Information Disclosure
Description: Sun System Firmware is exposed to a local information disclosure issue due to an unspecified error. Successful exploits may allow local privileged attackers in one logical domain to gain access to memory in another logical domain.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244826-1

08.46.30 - CVE: Not Available
Platform: Cross Platform
Title: Nagios Unspecified Privilege Escalation
Description: Nagios is an open source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. The software is exposed to an unspecified privilege escalation issue related to the creation of custom forms or browser add-ons. Nagios version 3.0.5 is affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1143

08.46.31 - CVE: Not Available
Platform: Cross Platform
Title: Wi-Fi Protected Access (WPA) Encryption Standard TKIP Encryption Bypass
Description: Wi-Fi Protected Access (WPA) Encryption Standard is a security technology for wireless networking. WPA Encryption Standard is exposed to an encryption bypass issue that affects the Temporal Key Integrity Protocol (TKIP) key. The key can broken by unspecified mathematical techniques in 12 to 15 minutes.
Ref: http://www.securityfocus.com/bid/32164

08.46.32 - CVE: CVE-2008-4915
Platform: Cross Platform
Title: VMware Products Trap Flag In-Guest Privilege Escalation
Description: VMware is a set of server emulation applications available for several platforms. Various VMware products are exposed to a privilege escalation issue due to an error in the CPU hardware emulation. Specifically, the virtual CPU may incorrectly handle the Trap flag.
Ref: http://www.securityfocus.com/archive/1/498138

08.46.33 - CVE: CVE-2008-4281
Platform: Cross Platform
Title: VMware VirtualCenter Directory Traversal
Description: VMware VirtualCenter is an application for monitoring and management of visualized IT environments. VMware VirtualCenter is exposed to a directory traversal vulnerability due to an unspecified input validation error. ESXi 3.5 versions prior to ESXe350-200810401-O-UG are affected.
Ref: http://www.securityfocus.com/archive/1/498138

08.46.34 - CVE: Not Available
Platform: Cross Platform
Title: IBM Hardware Management Console RMC Daemon Remote Denial of Service
Description: IBM Hardware Management Console is software used to manage virtualized systems. It includes a Resource Monitoring and Control (RMC) daemon which provides a framework for monitoring system resources. The RMC daemon is exposed to a remote denial of service issue because it fails to handle malformed data. Hardware Management Console versions V7R3.3.0 SP2 and V7R3.2.0 SP1 are affected. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4441

08.46.35 - CVE: Not Available
Platform: Cross Platform
Title: Orb Networks Orb Unspecified Directory Traversal
Description: Orb is an application that allows users to access media stored on remote computers. The application is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32187

08.46.36 - CVE: Not Available
Platform: Cross Platform
Title: Openfire Multiple Input Validation Vulnerabilities
Description: Openfire is an open source XMPP (Jabber) server implemented in Java. The application is exposed to multiple input validation issues. A successful exploit of these issues may allow an attacker to gain unauthorized access to the affected application. Openfire version 3.6.0a is affected.
Ref: http://www.securityfocus.com/archive/1/498162

08.46.37 - CVE: Not Available
Platform: Cross Platform
Title: Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
Description: ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are security products for the Microsoft Windows operating system. The applications are exposed to multiple local privilege escalation issues that result from drivers failing to properly validate userspace input to IOCTL requests. Anti-Trojan Elite versions 4.2.1 and earlier and Anti-Keylogger Elite 3.3.0 and earlier are affected.
Ref: http://www.ntinternals.org/ntiadv0802/ntiadv0802.html

08.46.38 - CVE: Not Available
Platform: Cross Platform
Title: ClamAV "get_unicode_name()" Off-By-One Heap Based Buffer Overflow
Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to an off-by-one heap based buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs in the "get_unicode_name()" function of the "libclamav/vba_extract.c" source file. ClamAV versions prior to 0.94.1 are affected.
Ref: http://www.securityfocus.com/archive/1/498169

08.46.39 - CVE: Not Available
Platform: Cross Platform
Title: Collabtive Multiple Remote Vulnerabilities
Description: Collabtive is an open source collaboration software. The application is exposed to multiple remote issues. A successful exploit of these issues may allow an attacker to gain access to sensitive information. Collabtive version 0.4.8 is affected.
Ref: http://www.securityfocus.com/archive/1/498186

08.46.40 - CVE: Not Available
Platform: Cross Platform
Title: rtgdictionary for TYPO3 Arbitrary File Upload
Description: The rtgdictionary extension is a dictionary application for the TYPO3 content manager. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input. rtgdictionary versions 0.1.9 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/

08.46.41 - CVE: Not Available
Platform: Cross Platform
Title: FreshScripts Fresh Email Script Session Fixation and Remote File Include Vulnerabilities
Description: FreshScripts Fresh Email Script is a tool for uploading files via email. FreshScripts Fresh Email Script is exposed to multiple issues. An attacker may leverage the session fixation issue to hijack a session of an unsuspecting user. FreshScripts Fresh Email Script versions 1.0 to 1.11 are affected.
Ref: http://www.securityfocus.com/bid/32241

08.46.42 - CVE: Not Available
Platform: Cross Platform
Title: Multiple phpstore.info Scripts Arbitrary File Upload
Description: Multiple phpstore.info scripts are exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer within the context of the web server process. This issue occurs because the applications fail to sufficiently sanitize file extensions before accepting uploaded files.
Ref: http://www.securityfocus.com/bid/32242

08.46.43 - CVE: CVE-2008-4986
Platform: Cross Platform
Title: WIMS Insecure Temporary File Creation Vulnerabilities
Description: WWW Interactive Multipurpose Server (WIMS) is an interactive mathematics application for the web. WIMS creates temporary files in an insecure manner. Specifically, the issues affect the "bin/account.sh" and "public_html/bin/coqweb" scripts. WIMS version 3.64 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496387

08.46.44 - CVE: Not Available
Platform: Cross Platform
Title: Yosemite Backup "DtbClsLogin()" Remote Buffer Overflow
Description: Yosemite Backup is a backup and recovery solution available for various platforms. The application is exposed to a buffer overflow issue. Specifically, the vulnerability occurs in the "DtbClsLogin()" function in the "ytwindtb.dll" file on Windows systems and in the "libytlindtb.so" file on Linux systems. Yosemite Backup version 8.70 is affected.
Ref: http://www.securityfocus.com/bid/32246

08.46.45 - CVE: Not Available
Platform: Cross Platform
Title: sISAPILocation HTTP Header Rewrite Security Bypass
Description: sISAPILocation is an Internet Server Application Program Interface (ISAPI) filter for IIS. The application is exposed to a security bypass issue due to which an attacker can bypass HTTP header rewrite function. sISAPILocation versions 1.0.2.1 and earlier are affected.
Ref: http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000076.html

08.46.46 - CVE: CVE-2008-4931
Platform: Web Application - Cross Site Scripting
Title: firmCHANNEL Indoor & Outdoor Digital SIGNAGE Cross-Site Scripting
Description: firmCHANNEL Indoor & Outdoor Digital SIGNAGE is an advertising display appliance managed with a web-based interface. The device's management application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "login" parameter of the "index.php" script. firmCHANNEL Indoor & Outdoor Digital SIGNAGE version 3.24 is affected.
Ref: http://www.securityfocus.com/archive/1/498042

08.46.47 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Simple Machines Forum Cross-Site Request Forgery
Description: Simple Machine Forum is a PHP based message board. The application is exposed to a cross-site request forgery issue. Attackers can upload arbitrary PHP code to the affected application as an attachment. Simple Machines Forum version 1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/32119

08.46.48 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pre ADS Portal Cross-Site Scripting Vulnerabilities and Authentication Bypass
Description: Pre ADS Portal is a web application. The application is exposed to multiple remote issues. An attacker can exploit the cross-site scripting issues to execute arbitrary script code within the context of the affected site and steal cookie-based authentication credentials. Pre Projects Pre ADS Portal version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32151

08.46.49 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Silva "fulltext" Parameter Cross-Site Scripting
Description: Silva is a PHP based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "fulltext" parameter of the Silva Find component.
Ref: http://holisticinfosec.org/content/view/91/45/

08.46.50 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Parallels Plesk Billing "new_language" Parameter Cross-Site Scripting
Description: Parallels Plesk Billing is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "new_language" parameter of the "index.php" script when the "op" attribute is set to "login". Parallels Plesk Billing version 4.4 is affected.
Ref: http://www.securityfocus.com/bid/32185

08.46.51 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mini Web Calendar Local File Include and Cross-Site Scripting Vulnerabilities
Description: Mini Web Calendar is a web-based application. Mini Web Calendar is exposed to multiple input validation issues. An attacker can exploit the local file include vulnerability using directory traversal strings to execute local script code in the context of the application. Mini Web Calendar version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32196

08.46.52 - CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description: IBM Lotus Quickr is web-based collaboration software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied inputs. Lotus Quickr version 8.1 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013341

08.46.53 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: SoftComplex PHP Image Gallery Multiple SQL Injection Vulnerabilities
Description: SoftComplex PHP Image Gallery is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "login" and "password" parameters of the "index.php" script when called with the "action" parameter set to "login". PHP Image Gallery version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32159

08.46.54 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Links "admin/adm_login.php" Multiple SQL Injection Vulnerabilities
Description: DeltaScripts PHP Links is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/adm_login.php" script. PHP Links version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32163

08.46.55 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: WEBBDOMAIN post Card "choosecard.php" SQL Injection
Description: WEBBDOMAIN post Card is an ecard application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "choosecard.php" script before using it in an SQL query. WEBBDOMAIN post Card versions 1.01 and 1.02 are affected.
Ref: http://www.securityfocus.com/bid/32097

08.46.56 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vibro-CMS "pId" and "nId" Parameters Multiple SQL Injection Vulnerabilities
Description: Vibro-CMS is a PHP based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32106

08.46.57 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple WEBBDOMAIN Products Login Screen SQL Injection
Description: Multiple WEBBDOMAIN products are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Username" parameter of the login screen before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32108

08.46.58 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: NicLOR Vibro-School-CMS "view_news.php" SQL Injection
Description: NicLOR Vibro-School-CMS is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "nID" parameter of the "view_news.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32109

08.46.59 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: MicroHellas ToursManager "cityview.php" SQL Injection
Description: MicroHellas ToursManager is a travel directory application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cityid" parameter of the "cityview.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32110

08.46.60 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: NicLOR CMS-School 2005 "showarticle.php" SQL Injection
Description: NicLOR CMS-School 2005 is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aID" parameter of the "showarticle.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32112

08.46.61 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Document Management System "login.php" SQL Injection
Description: Simple Document Management System is a web-based document storage system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pass" parameter of the "login.php" script before using it in an SQL query. Simple Document Management System version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32114

08.46.62 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tr Script News "admin/login.php" SQL Injection
Description: Tr Script News is a PHP based news application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "login_ad" parameter of the "admin/login.php" script before using it in an SQL query. Tr Script News versions 2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32116

08.46.63 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpBB2 Small ShoutBox Module "shoutbox_view.php" Multiple SQL Injection Vulnerabilities
Description: Small ShoutBox is a PHP based shoutbox module for phpBB2 forum software. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "shoutbox_view.php" script when called with the "mode" parameter set to either "edit" or "delete". Small ShoutBox version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/32123

08.46.64 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Podcast Portal "Tour.php" SQL Injection
Description: Pre Podcast Portal is a PHP based application for managing podcasts. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "Tour.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32124

08.46.65 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Multi-Vendor Shopping Malls "buyer_detail.php" Multiple SQL Injection Vulnerabilities
Description: Pre Multi-Vendor Shopping Malls is a PHP based ecommerce platform. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cid" and "sid" parameters of the "buyer_detail.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32127

08.46.66 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Auto Listings Script "moreinfo.php" SQL Injection
Description: PHP Auto Listings Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "itemno" parameter of the "moreinfo.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32131

08.46.67 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Simple CMS "adminlogin.php" SQL Injection
Description: Pre Simple CMS is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" field of the "adminlogin.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32132

08.46.68 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Job Board SQL Injection
Description: Pre Job Board is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Admin" field of the administration panel before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32133

08.46.69 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Real Estate Listings SQL Injection
Description: Pre Real Estate Listings is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Admin" field of the administration panel before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32134

08.46.70 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Five Dollar Scripts Drinks Script "index.php" SQL Injection
Description: The Five Dollar Scripts Drinks script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "recid" parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32137

08.46.71 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Airline Ticket Script "info.php" SQL Injection
Description: Mole Group Airline Ticket Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "flight" parameter of the "info.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32138

08.46.72 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Taxi Dist-Calc Script "login.php" SQL Injection
Description: Mole Group Taxi Dist-Calc Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" field of the "login.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32140

08.46.73 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy News And Article System Multiple SQL Injection Vulnerabilities
Description: Develop It Easy News And Article System is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy News And Article System version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/32144

08.46.74 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy Membership System Multiple SQL Injection Vulnerabilities
Description: Develop It Easy Membership System is a PHP based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy Membership System version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32147

08.46.75 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Develop It Easy Event Calendar Multiple SQL Injection Vulnerabilities
Description: Develop It Easy Event Calendar is a web-based calendar application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Develop It Easy Event Calendar version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32148

08.46.76 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: NICE PHP FAQ Script "Admin Panel" SQL Injection
Description: NICE PHP FAQ Script is a knowledge base script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pass" field of the "Admin Panel" page.
Ref: http://www.securityfocus.com/bid/32150

08.46.77 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Pizza Script "index.php" SQL Injection
Description: Pizza Script is a PHP-based application for food delivery services. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "manufacturers_id" parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32165

08.46.78 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: TurnkeyForms Business Survey Pro "survey_results_text.php" SQL Injection
Description: Business Survey Pro is a PHP-based application for creating surveys. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "survey_results_text.php" script before using it in an SQL query. Business Survey Pro version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32169

08.46.79 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Domain Shop "admin.php" SQL Injection
Description: E-topbiz Domain Shop is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "admin.php" script before using it in an SQL query. E-topbiz Domain Shop version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32170

08.46.80 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Slide Popups "admin.php" SQL Injection
Description: E-topbiz Slide Popups is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "admin.php" script before using it in an SQL query. E-topbiz Slide Popups version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32171

08.46.81 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: EC-CUBE "image" Parameter Multiple SQL Injection Vulnerabilities
Description: EC-CUBE is an open source system for creating shopping sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "image" parameter of the "html/products/detail_image.php" script in versions 1.x and the "data/class/pages/products/LC_Page_Products_DetailImage.php" script in version 2.x before using it in an SQL query. EC-CUBE versions 1.x and 2.x are affected.
Ref: http://www.securityfocus.com/bid/32177

08.46.82 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: SoftComplex PHP Image Gallery
Description: SoftComplex PHP Image Gallery is a web-based photo album application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ctg" parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32182

08.46.83 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Online Store "login.php" SQL Injection
Description: E-topbiz Online Store is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "login.php" script before using it in an SQL query. E-topbiz Online Store version 1 is affected.
Ref: http://www.securityfocus.com/bid/32188

08.46.84 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Classifieds "detail.php" SQL Injection
Description: DeltaScripts PHP Classifieds is a PHP-based web advertisement application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteid" parameter of the "detail.php" script before using it in an SQL query. DeltaScripts PHP Classifieds version 7.5 is affected.
Ref: http://www.securityfocus.com/bid/32191

08.46.85 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Auto Listings Script "adminlogin.php" SQL Injection
Description: PHP Auto Listings Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" and "pass" parameter of the "adminlogin.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32193

08.46.86 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Rental Script "admin/login.php" SQL Injection
Description: Mole Group Rental Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "admin/login.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32195

08.46.87 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz eStore "index.php" SQL Injection
Description: E-topbiz eStore is an ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "index.php" script before using it in an SQL query. E-topbiz eStore version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32197

08.46.88 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Number Links 1 "admin/admin_catalog.php" SQL Injection
Description: E-topbiz Number Links 1 is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "admin/admin_catalog.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32198

08.46.89 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple MyioSoft Products Login Screen SQL Injection
Description: Multiple MyioSoft products are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Username" parameter of the login screen before using it in an SQL query. Ajax Portal version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32199

08.46.90 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyioSoft EasyBookMarker "bookmarker_backend.php" SQL Injection
Description: EasyBookMarker is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Parent" parameter of the "bookmarker_backend.php" script before using it in an SQL query. EasyBookMarker version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32200

08.46.91 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Domain Seller Pro "index.php" SQL Injection
Description: Domain Seller Pro is PHP-based application designed for reselling domain names to users. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Domain Seller Pro version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32201

08.46.92 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: MemHT Portal "lang/english.php" SQL Injection
Description: MemHT Portal is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "lang/english.php" script when the "op" parameter is set to "readArticle" before using it in an SQL query. MemHT Portal version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32210

08.46.93 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: V3 Chat Profiles/Dating Script SQL Injection Vulnerabilities
Description: V3 Chat Profiles/Dating Script is a web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the administrative section. V3 Chat Profiles/Dating Script version 3.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32214

08.46.94 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Digiappz DigiAffiliate Script SQL Injection Vulnerabilities
Description: DigiAffiliate is a web application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin" and "password" fields of the "login.asp" script. DigiAffiliate versions 1.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32217

08.46.95 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Airline Ticket Script "username" SQL Injection
Description: Mole Group Airline Ticket Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the administration panel before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32219

08.46.96 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Exocrew ExoPHPDesk "username" SQL Injection
Description: ExoPHPDesk is a web-based helpdesk application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the administration panel before using it in an SQL query. ExoPHPDesk version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32220

08.46.97 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZEEMATRI "bannerclick.php" SQL Injection
Description: ZEEMATRI is web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "adid" parameter of the "bannerclick.php" script before using it in an SQL query. ZEEMATRI version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32221

08.46.98 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 advCalendar Extension Unspecified SQL Injection
Description: TYPO3 advCalendar ("advcalendar") is an extension for the TYPO3 content manager. The extension is not a part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 advCalendar version 0.3.1 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/

08.46.99 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 CMS Poll System Extension Unspecified SQL Injection
Description: TYPO3 CMS Poll system ("cms_poll") is an extension for the TYPO3 content manager. The extension is not a part of the TYPO3 default installation. The extension is exposed to an SQL injection issue because it fails to sufficiently sanitize input before using it in an SQL query. TYPO3 CMS Poll system versions prior to 0.1.1 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/

08.46.100 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! JooBlog Component "PostID" Parameter SQL Injection
Description: JooBlog is a plugin that provides blog functionality for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "PostID" parameter of the "com_jb2" component before using it in an SQL query. JooBlog version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/32236

08.46.101 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dizi Portali "film.asp" SQL Injection
Description: Dizi Portali is an ASP based web portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "film" parameter of the "film.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32239

08.46.102 - CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJPoll Security Bypass and SQL Injection Vulnerabilities
Description: AJPoll is a PHP-based application used to manage polls. The application is exposed to multiple security issues. Exploiting the security bypass issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions.
Ref: http://www.securityfocus.com/bid/32245

08.46.103 - CVE: Not Available
Platform: Web Application
Title: DeltaScripts PHP Classifieds "admin/login.php" Multiple SQL Injection Vulnerabilities
Description: DeltaScripts PHP Classifieds is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/login.php" script. PHP Classifieds version 7.3 is affected.
Ref: http://www.securityfocus.com/bid/32161

08.46.104 - CVE: Not Available
Platform: Web Application
Title: DeltaScripts PHP Shop "admin/login.php" Multiple SQL Injection Vulnerabilities
Description: DeltaScripts PHP Shop is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "admin_username" and "admin_password" parameters of the "admin/login.php" script. PHP Shop version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32162

08.46.105 - CVE: Not Available
Platform: Web Application
Title: TBmnetCMS "index.php" Local File Include
Description: TBmnetCMS is a PHP-based content manager. TBmnetCMS is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "index.php" script. TBmnetCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32087

08.46.106 - CVE: CVE-2008-4413
Platform: Web Application
Title: HP System Management Homepage Unspecified Security Bypass
Description: HP System Management Homepage (SMH) is a web-based interface used to simplify the management of servers. The application is exposed to a security bypass issue caused by an unspecified error. HP System Management Homepage (SMH) versions 2.2.6 and earlier running on HP-UX B.11.11 and B.11.23 are affected. Ref: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01586921

08.46.107 - CVE: Not Available
Platform: Web Application
Title: Multi Languages WebShop Online Cross-Site Scripting and SQL Injection Vulnerabilities
Description: Multi Languages WebShop Online is a PHP-based ecommerce application. Since it fails to sufficiently sanitize user-supplied data, Multi Languages Webshop Online is exposed to multiple input validation issues. Ref: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1

08.46.108 - CVE: Not Available
Platform: Web Application
Title: Joomla! Onguma Time Sheet Component Remote File Include
Description: Onguma Time Sheet is a time sheet component for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the component's "onguma.class.php" script. Onguma Time Sheet version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32095

08.46.109 - CVE: Not Available
Platform: Web Application
Title: VirtueMart Google Base (Froogle) Component "admin.googlebase.php" Remote File Include
Description: VirtueMart Google Base (Froogle) Component is a bulk upload utility for the Joomla! content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "administrator/components/com_googlebase/admin.googlebase.php" script. VirtueMart Google Base (Froogle) Component version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32098

08.46.110 - CVE: Not Available
Platform: Web Application
Title: Sitoincludefile in PHP "includefile.php" Local File Include
Description: Sitoincludefile in PHP is a web-based script. Sitoincludefile in PHP is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page_file" parameter of the "includefile.php" script.
Ref: http://www.securityfocus.com/bid/32111

08.46.111 - CVE: Not Available
Platform: Web Application
Title: Pro Desk Support Center "include_file" Parameter Local File Include
Description: Pro Desk Support Center is a customer support plugin for the Mambo and Joomla! content managers. Pro Desk Support Center is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "include_file" parameter of the "com_pro_desk" module. Pro Desk Support Center versions 1.0 and 1.2 are affected.
Ref: http://www.securityfocus.com/bid/32113

08.46.112 - CVE: Not Available
Platform: Web Application
Title: DHCart Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
Description: DHCart is a PHP based shopping cart. The application is exposed to multiple cross-site scripting and HTML injection issues because it fails to sufficiently sanitize user-supplied data. DHCart version 3.84 is affected.
Ref: http://www.securityfocus.com/bid/32116

08.46.113 - CVE: Not Available
Platform: Web Application
Title: PTK "file_content.php" Arbitrary Command Execution and Unspecified Input Validation Vulnerabilities
Description: PTK is a graphical interface for the Sleuthkit Interface computer forensics tool. PTK is exposed to an issue that lets attackers execute arbitrary commands because it fails to properly sanitize user-supplied input. This issue is due to a "shell_exec()" system call on unsanitized input in the "ptk/lib/file_content.php" script. PTK versions prior to 1.0.1 are affected.
Ref: http://www.securityfocus.com/archive/1/498081

08.46.114 - CVE: Not Available
Platform: Web Application
Title: Joomla! Dada Mail Manager Component Remote File Include
Description: Dada Mail Manager is a component for the Joomla! content manager. The application component for Joomla! is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS[mosConfig_absolute_path]" parameter of the component's "config.dadamail.php" script.
Ref: http://www.securityfocus.com/bid/32135

08.46.115 - CVE: Not Available
Platform: Web Application
Title: Drupal Content Construction Kit Module HTML Injection Vulnerabilities
Description: Content Construction Kit is a third party component for Drupal. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to unspecified field labels and content type names before using it in dynamically generated content. Content Construction Kit versions prior to 5.x-1.10 and prior to 6.x-2.0 are affected.
Ref: http://drupal.org/node/330546

08.46.116 - CVE: Not Available
Platform: Web Application
Title: Simple Machines Forum "Themes.php" Local File Include
Description: Simple Machines Forum is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme_dir" parameter of the "Themes.php" script. Simple Machines Forum up to and including version 1.1.6 are affected.
Ref: http://www.securityfocus.com/bid/32139

08.46.117 - CVE: Not Available
Platform: Web Application
Title: CuteNews "config_skin" Parameter Local File Include
Description: CuteNews is a PHP-based news management system. CuteNews is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "config_skin" parameter of the "register.php" script. CuteNews version 1.4.6 is affected.
Ref: http://www.securityfocus.com/bid/32142

08.46.118 - CVE: Not Available
Platform: Web Application
Title: Develop It Easy Photo Gallery Multiple SQL Injection Vulnerabilities
Description: Develop It Easy Photo Gallery is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Photo Gallery version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32145

08.46.119 - CVE: Not Available
Platform: Web Application
Title: Arab Portal "file" Parameter Local File Include
Description: Arab Portal is a web portal application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "mod.php" script when the "mod" parameter is set to "html". Arab Portal version 2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/498092

08.46.120 - CVE: Not Available
Platform: Web Application
Title: BigDump ".sql" Arbitrary File Upload
Description: BigDump is a PHP-based, staggered MySQL dump importer application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "bigdump.php" script. BigDump version 0.29b is affected.
Ref: http://www.securityfocus.com/archive/1/498093

08.46.121 - CVE: Not Available
Platform: Web Application
Title: MySQL Quick Admin "actions.php" Local File Include
Description: MySQL Quick Admin is a web-based MySQL management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "actions.php" script. MySQL Quick Admin version 1.5.5 is affected.
Ref: http://www.securityfocus.com/bid/32157

08.46.122 - CVE: Not Available
Platform: Web Application
Title: LoveCMS "images.php" Arbitrary File Deletion
Description: LoveCMS is a PHP-based content manager. The application is exposed to an issue that allows attackers to delete arbitrary files because it fails to properly sanitize user-supplied input to the "delete" parameter of the "images.php" script. LoveCMS version 1.6.2 is affected.
Ref: http://www.securityfocus.com/bid/32158

08.46.123 - CVE: Not Available
Platform: Web Application
Title: U&M Software Multiple Products Authentication Bypass Vulnerabilities
Description: U&M Software products, including JustBookIt, JustListIt, and Signup are web-based applications. The applications are exposed to multiple authentication bypass issues. U&M Software products versions JustBookIt 1.0, JustListIt 1.0 and Signup 1.0 are affected.
Ref: http://www.securityfocus.com/bid/32166

08.46.124 - CVE: Not Available
Platform: Web Application
Title: TestLink Multiple HTML Injection Vulnerabilities
Description: TestLink is a PHP-based testing suite. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input to the "Testcaseprefixes" field of the "projectview.tpl" script and also user-supplied input to the "Testproject Names" and "Testplan Names" fields of the "planEdit.php" script. TestLink versions prior to 1.8 RC1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=638751

08.46.125 - CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Entertainment Portal Cookie Authentication Bypass
Description: TurnkeyForms Entertainment Portal a web-based application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie based authentication. Entertainment Portal version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32174

08.46.126 - CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Software Directory SQL Injection and Cross-Site Scripting Vulnerabilities
Description: TurnkeyForms Software Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script. Software Directory version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32175

08.46.127 - CVE: Not Available
Platform: Web Application
Title: TurnkeyForms Local Classifieds SQL Injection and Cross-Site Scripting Vulnerabilities
Description: TurnkeyForms Local Classifieds is a web-based application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "r" parameter of the "listtest.php" script.
Ref: http://www.securityfocus.com/bid/32176

08.46.128 - CVE: Not Available
Platform: Web Application
Title: e-Vision CMS Multiple Local File Include Vulnerabilities
Description: e-Vision CMS is a PHP-based content manager. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. e-Vision CMS version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32180

08.46.129 - CVE: Not Available
Platform: Web Application
Title: PrestaShop Prior to 1.1 Beta 2 Multiple Unspecified Security Vulnerabilities
Description: PrestaShop is a PHP-based ecommerce application. The application is exposed to multiple remote security issues caused by unspecified errors. PrestaShop versions prior to 1.1 beta 2 are affected.
Ref: http://www.prestashop.com/download/changelog_1.1.0.1.txt

08.46.130 - CVE: Not Available
Platform: Web Application
Title: Clickheat "mosConfig_absolute_path" Parameter Multiple Remote File Include Vulnerabilities
Description: Clickheat is a module for the Mambo and Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Clickheat version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32190

08.46.131 - CVE: Not Available
Platform: Web Application
Title: Recly! Competitions Component "mosConfig_absolute_path" Multiple Remote File Include Vulnerabilities
Description: Recly! Competitions Component is a text-based contest application for the Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. Recly! Competitions Component version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/32192

08.46.132 - CVE: Not Available
Platform: Web Application
Title: Recly Feederator "mosConfig_absolute_path" Multiple Remote File Include Vulnerabilities
Description: Recly Feederator is a RSS manager component for the Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to properly sanitize user-supplied input. Recly Feederator version 1.0.5 is affected.
Ref: http://www.securityfocus.com/bid/32194

08.46.133 - CVE: Not Available
Platform: Web Application
Title: Indiscripts Enthusiast "show_joined.php" Remote File Include
Description: Indiscripts Enthusiast is a PHP-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "path" parameter of the "show_joined.php" script. Indiscripts Enthusiast version 3.1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/498161

08.46.134 - CVE: Not Available
Platform: Web Application
Title: MoinMoin Cross-Site Scripting and Information Disclosure Vulnerabilities
Description: MoinMoin is a freely available, opensource wiki written in Python. It is available for Unix and Linux platforms. MoinMoin is exposed to cross-site scripting and information disclosure issues because it fails to sanitize user-supplied input. MoinMoin versions 1.5.9 and 1.8.0 are affected.
Ref: http://www.securityfocus.com/archive/1/498166

08.46.135 - CVE: Not Available
Platform: Web Application
Title: Multiple V3 Chat Products Cookie Authentication Bypass
Description: Multiple products from V3 Chat are exposed to an authentication bypass issue because they fail to adequately verify user-supplied input used for cookie-based authentication. Profiles/Dating Script version 3.0.2 and Live Support 3.0.4 are affected.
Ref: http://v3chat.com/profiles.php

08.46.136 - CVE: Not Available
Platform: Web Application
Title: Cyberfolio "theme" Parameter Local File Include
Description: Cyberfolio is a web-based application. Cyberfolio is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "theme" parameter of the "portfolio/css.php" script. Cyberfolio versions 7.12.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32218

08.46.137 - CVE: Not Available
Platform: Web Application
Title: Zeeways SHAADICLONE "admin/home.php" Authentication Bypass
Description: Zeeways SHAADICLONE is web-based matrimonial application. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "admin/home.php" script because the application fails to restrict access to it. Zeeways SHAADICLONE version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32222

08.46.138 - CVE: Not Available
Platform: Web Application
Title: Zeeways PHOTOVIDEOTUBE "admin/home.php" Authentication Bypass
Description: Zeeways PHOTOVIDEOTUBE is PHP-based application used to share photos and videos. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "admin/home.php" script because the application fails to restrict access to it. Zeeways PHOTOVIDEOTUBE version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32223

08.46.139 - CVE: Not Available
Platform: Web Application
Title: ZEEPROPERTY Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
Description: ZEEPROPERTY is a web-based application. The application is exposed to an issue that lets attackers upload and execute arbitrary code. The issue occurs because the software fails to properly sanitize user-supplied input in the "viewprofile.php" script. ZEEPROPERTY version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32224

08.46.140 - CVE: Not Available
Platform: Web Application
Title: ZEEJOBSITE Arbitrary File Upload
Description: ZEEJOBSITE is a web-based application. The application is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process. The issue occurs because the software fails to properly sanitize user-supplied input in the "editresume_next.php" script. ZEEJOBSITE version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32225

08.46.141 - CVE: Not Available
Platform: Web Application
Title: Trac Denial of Service and Phishing Vulnerabilities
Description: Trac is a web-based project management application. The application is exposed to multiple issues. Attackers may exploit these issues to perform phishing attacks or cause a denial of service condition. Trac versions prior to 0.11.2 are affected.
Ref: http://trac.edgewall.org/wiki/ChangeLog

08.46.142 - CVE: Not Available
Platform: Web Application
Title: x10 Automatic MP3 Script "url" Parameter File Disclosure
Description: x10 Automatic MP3 Script is a PHP-based search engine. The application is exposed to a file disclosure issue because it fails to properly sanitize user-supplied input to the "url" parameter of the "download.php" script. x10 Automatic MP3 Script versions up to and including 1.6 are affected.
Ref: http://www.securityfocus.com/bid/32227

08.46.143 - CVE: Not Available
Platform: Web Application
Title: TYPO3 "eluna_pagecomments" Extension SQL Injection and Cross- Site Scripting Vulnerabilities
Description: "eluna_pagecomments" is an extension to TYPO3 content manager. The extension is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to certain unspecified parameters. "eluna_pagecomments" extension version 1.1.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/

08.46.144 - CVE: Not Available
Platform: Web Application
Title: IBM Metrica Service Assurance Framework Cross-Site Scripting and HTML Injection Vulnerabilities
Description: IBM Metrica Service Assurance Framework is a framework that implements a distributed, object-oriented J2EE architecture. The application is exposed to multiple input validation issues. Attacker supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065520.html

08.46.145 - CVE: Not Available
Platform: Web Application
Title: OTManager "Admin/ADM_Pagina.php" Remote File Include
Description: OTManager is a PHP-based application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "Tipo" parameter of the "Admin/ADM_Pagina.php" script. OTManager version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/32235

08.46.146 - CVE: Not Available
Platform: Web Application
Title: TYPO3 Wir ber uns Extension SQL Injection and Cross-Site Scripting Vulnerabilities
Description: Wir ber uns is an extension for the TYPO3 content manager. The extension is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to certain unspecified parameters. Wir ber uns extension version 0.0.24 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081110-2/

08.46.147 - CVE: Not Available
Platform: Web Application
Title: Free simple PHP guestbook "act.php" Arbitrary Script Injection
Description: Free simple PHP guestbook is a PHP-based content manager. The application is exposed to an arbitrary script injection issue due to a failure to sanitize user-supplied input to the "message" parameter of the "act.php" script. An attacker can exploit this issue to execute arbitrary script code in the context of the web server.
Ref: http://www.securityfocus.com/bid/32240

08.46.148 - CVE: Not Available
Platform: Web Application
Title: AJ Auction Pro Authentication Bypass Vulnerabilities
Description: AJ Auction Pro is a web-based application. The applications are exposed to multiple authentication bypass issues. An attacker accessing the scripts can effectively bypass the intended security measures and gain administrative access to the application.
Ref: http://www.securityfocus.com/bid/32243

08.46.149 - CVE: Not Available
Platform: Network Device
Title: Siemens SpeedStream 5200 HTTP Host Spoofing Authentication Bypass
Description: Siemens SpeedStream 5200 is a ADSL modem and router hardware device. The router is exposed to an authentication bypass issue that may allow attackers to gain access to a router's administration interface. Successfully exploiting this issue will allow attackers to gain unauthorized administrative access to the affected device.
Ref: http://www.securityfocus.com/bid/32203

08.46.150 - CVE: Not Available
Platform: Network Device
Title: Multiple 2Wire DSL Routers "xslt" HTTP Request Denial of Service
Description: 2Wire DSL routers are networking devices that use a web-based management interface. Multiple 2Wire DSL routers are exposed to a denial of service issue because it fails to adequately handle specially crafted HTTP requests. The issue occurs when the HTTP service handles requests to "xslt" followed by "%" and a non-alphanumeric character.
Ref: http://www.securityfocus.com/bid/32211

08.46.151 - CVE: Not Available
Platform: Hardware
Title: Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial of Service
Description: VTP (VLAN Trunking Protocol) is a Cisco protocol used for VLAN centralized management. Cisco IOS and Cisco CatOS are exposed to a remote denial of service issue that occurs when handling specially crafted VTP packets. Attackers would need local area network access to the affected computer and the device must be operating using server or client VTP mode. Ref: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml#status

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Check Them Out!

I think this course changed my life.
-James Welcher, LBNL

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 46
November 13, 2008

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Third Party Windows Apps

Linux

Solaris

Unix

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

Hardware

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2008

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 46November 13, 2008

Current Newsletters

Summary of the vulnerabilities reported this week:

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

Third Party Windows Apps

Linux

Solaris

Unix

Cross Platform

Web Application - Cross Site Scripting

Web Application - SQL Injection

Web Application

Network Device

Hardware

PART I Critical Vulnerabilities

Widely Deployed Software

Part II: Weekly Comprehensive List of Newly Discovered VulnerabilitiesWeek 46, 2008

Check Them Out!

Latest Whitepapers

Latest Tweets

Contact Us

Volume: VII, Issue: 46
November 13, 2008

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 46, 2008