The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 47
November 20, 2008

SANS Newsletters Home

Both Safari (prior to version 3.2), Apple's web browser for Mac OS X and Microsoft Windows, and Trend Micro's ServerProtect, a popular enterprise antivirus solution, have multiple vulnerabilities in its handling of a variety of inputs. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2
    • Third Party Windows Apps
    • 6 (#4)
    • Linux
    • 4
    • Solaris
    • 1
    • Unix
    • 1
    • Cross Platform
    • 23 (#1, #2, #3)
    • Web Application - Cross Site Scripting
    • 5
    • Web Application - SQL Injection
    • 27
    • Web Application
    • 24
    • Network Device
    • 6

********************* Sponsored By Sourcefire, Inc. *********************

Best of Open Source Security (BOSS) Conference 2009

February 8-10, 2009 at the Flamingo in Las Vegas. Content-rich agenda around open source security (OSS). Come join others passionate about OSS and share ideas and experiences. Sponsors include Sourcefire, Nokia, Symantec, ArcSight, Crossbeam Systems, and others. Sourcefire Users Summit will be running simultaneously. Early-bird registration now in effect. http://www.sans.org/info/35604

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/cdi08/ - - Las Vegas (1/24-2/01) http://sans.org/securitywest09/ - - London (12/1- 12/9) http://sans.org/london08/ - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************ Sponsored Link: ******************************

1) Rediscover Orlando and hear about Process Control Security issues. - SCADA & Process Control Security Summit February 2-3. http://www.sans.org/info/35609

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari versions prior to 3.2

  • Description: Safari, Apple's web browser for Mac OS X and Microsoft Windows, contains multiple vulnerabilities in its handling of a variety of inputs. A specially crafted web page or URL could trigger one of these vulnerabilities, with a variety of consequences, including remote code execution with the privileges of the current user. Some technical details are publicly available for these vulnerabilities. Additionally, since portions of Safari are open source, it is possible that further details may be uncovered via source code analysis. Safari on both Apple Mac OS X and Microsoft Windows is affected.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) HIGH: Adobe AIR Multiple Vulnerabilities
  • Affected:
    • Adobe AIR versions prior to 1.5

  • Description: Adobe AIR is the Adobe Integrated Runtime. It is an application designed to ease development of web- and Adobe Flash-based applications with functionality similar to traditional desktop applications. Since it uses Adobe's Flash Player technology, it is also vulnerable to the issues recently discovered in that application. Additionally, it contains a vulnerability in its handling of certain input. A specially crafted set of input could trigger this vulnerability, allowing an attacker to execute arbitrary JavaScript code with elevated privileges, potentially equal to the full rights of the current user.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) HIGH: Exodus "im://" URL Handling Command Injection
  • Affected:
    • Exodus versions 0.10.0 and prior

  • Description: Exodus is a popular Jabber/XMPP instant messaging client for Microsoft Windows. XMPP (sometimes called Jabber) is a popular open-standards instant messaging protocol. Exodus contains a command-injection vulnerability in its handling of "im://" links. A specially crafted "im://" link could result in arbitrary command execution with the privileges of the current user. Exodus must be registered as the handler for the "im://" URI type for users to be vulnerable; this may be the default behavior depending on configuration. Full technical details and a simple proof-of-concept are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 47, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.47.1 - CVE: CVE-2008-4029
  • Platform: Windows
  • Title: Microsoft XML Core Services DTD Cross Domain Information Disclosure
  • Description: Microsoft XML Core Services (MSXML) is a software component that allows multiple programming languages to support XML-based communication. MSXML is exposed to a cross-domain information disclosure issue because it fails to properly handle error checks for external document type definitions (DTDs).
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-438.htm
  • 08.47.2 - CVE: CVE-2008-4033
  • Platform: Windows
  • Title: Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure
  • Description: Microsoft XML Core Services (MSXML) is a software component that allows multiple programming languages to support XML-based communication. MSXML is exposed to a cross-domain information disclosure issue because it fails to enforce the same-origin policy. This issue stems from the way MSXML handles transfer-encoding HTTP headers.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-438.htm
  • 08.47.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: pi3Web ISAPI Directory Remote Denial of Service
  • Description: pi3Web is an HTTP server available for Microsoft Windows. The server is exposed to a remote denial of service issue. The problem stems from a design flaw whenever an invalid ISAPI module is requested from the server. pi3Web version 2.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/32287
  • 08.47.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: VeryPDF PDFView ActiveX Component Heap Buffer Overflow
  • Description: The VeryPDF PDFView ActiveX control handles files in the PDF digital document format. The application is exposed to a heap-based buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer.
  • Ref: http://www.securityfocus.com/bid/32313
  • 08.47.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GungHo LoadPrgAx ActiveX Control Unspecified
  • Description: The GungHo LoadPrgAx ActiveX control is exposed to an unspecified issue. An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious HTML page. The GungHo LoadPrgAx ActiveX control versions 1.0.0.6 and earlier are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.47.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Exodus "im://" URI Handler Command Line Parameter Injection
  • Description: Exodus is a Jabber/XMPP client for Windows platforms. Exodus is exposed to an issue that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input. Exodus version 0.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498389
  • 08.47.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chilkat Socket ActiveX "SaveLastError()" Arbitrary File Overwrite
  • Description: Chikat Socket ActiveX control is a TCP sockets component with SSL capabilities. The control is exposed to an issue that allows attackers to overwrite arbitrary attacker-specified files. This issue occurs in the "SaveLastError()" method of the "ChilkatSocket.dll" ActiveX control. Chikat Socket ActiveX control version 2.3.1.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.47.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Microsoft Communicator RTCP Unspecified Remote Denial of Service
  • Description: Microsoft Communicator is an online communications client including instant messaging, voice, and video. The application is exposed to a remote denial of service issue. Microsoft Communicator, Office Communications Server (OCS), and Windows Live Messenger are affected. Ref: http://www.voipshield.com/research-details.php?id=132&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=20&sort=discovered&sortby=DESC
  • 08.47.9 - CVE: CVE-2008-5025
  • Platform: Linux
  • Title: Linux Kernel "hfs_cat_find_brec()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly bounds-check data before copying it to an insufficiently sized memory buffer. The problem occurs in the "hfs_cat_find_brec()" function of the "fs/hfs/catalog.c" source file. Linux kernel versions prior to 2.6.27.6 are affected.
  • Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.6
  • 08.47.10 - CVE: Not Available
  • Platform: Linux
  • Title: Ubuntu vm-builder Local Security Bypass
  • Description: Ubuntu vm-builder is an application used to create customized virtual machines. The application is exposed to a local security bypass issue. Specifically, the issue occurs because the application improperly sets the root password when creating virtual machines.
  • Ref: http://www.securityfocus.com/bid/32292
  • 08.47.11 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "drivers/media/video/tvaudio.c" Memory Corruption
  • Description: The Linux kernel is exposed to a local denial of service issue. This issue stems from potential bounds-checking errors related to the "shadow.bytes[]" array in the "drivers/media/video/tvaudio.c" source file. Linux kernel versions prior to the 2.6.28-rc5 are affected.
  • Ref: http://www.securityfocus.com/bid/32327
  • 08.47.12 - CVE: Not Available
  • Platform: Linux
  • Title: No-IP Dynamic Update Client for Linux Remote Buffer Overflow
  • Description: No-IP Dynamic Update Client (DUC) is a client application for the No-IP dynamic DNS service; it is available for a number of platforms. DUC is exposed to a buffer overflow issue that arises when the client handles malformed responses from the No-IP server. DUC version 2.1.7 for Linux is affected.
  • Ref: http://www.securityfocus.com/bid/32344
  • 08.47.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "3SOCKET" Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a local denial of service issue that occurs in the "3SOCKET" socket function on Solaris systems without InfiniBand hardware. Solaris 10 and OpenSolaris based upon builds snv_57 to snv_91 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242806-1
  • 08.47.14 - CVE: CVE-2008-4994
  • Platform: Unix
  • Title: Debian xmcd Insecure Temporary File Creation Vulnerabilities
  • Description: Debian xmcd is a CD player application for the X11 window system. Debian xmcd creates temporary files in an insecure manner. An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Debian xmcd version 2.6.19-3 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496416
  • 08.47.15 - CVE: CVE-2006-5268, CVE-2006-5269, CVE-2008-0012,CVE-2008-0013, CVE-2008-0014, CVE-2007-0072, CVE-2007-0073,CVE-2007-0074
  • Platform: Cross Platform
  • Title: Trend Micro ServerProtect Multiple Remote Vulnerabilities
  • Description: Trend Micro ServerProtect is an antivirus application designed specifically for servers. Trend Micro ServerProtect is exposed to multiple remote issues. Successfully exploiting the buffer-overflow issues may allow the attacker to execute arbitrary code with SYSTEM-level privileges or crash the affected application, denying service to legitimate users. Trend Micro ServerProtect versions 5.58 and 5.7 are affected.
  • Ref: http://www.iss.net/threats/308.html
  • 08.47.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OptiPNG BMP Reader Buffer Overflow
  • Description: OptiPNG is an application for optimizing and converting PNG files. OptiPNG is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. This issue occurs in the BMP reader. OptiPNG versions prior to 0.6.2 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=639631&group_id=151404
  • 08.47.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ooVoo URI Handler Remote Buffer Overflow
  • Description: ooVoo is video chat software available for various operating systems. ooVoo is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. ooVoo version 1.7.1.35 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498235
  • 08.47.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: smcFanControl Local Buffer Overflow
  • Description: smcFanControl is an application for setting fan speeds on Intel-based Mac computers. The application is exposed to a local buffer overflow issue because it fails to adequately bounds-check user-supplied input. The issue occurs in the "smc.c" source file and can be triggered with excessively long input to the "smc -k" option. smcFanControl version 2.1.2 is affected.
  • Ref: http://blog.xwings.net/?p=127
  • 08.47.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Google Chrome Pop-Up Address Bar URI Spoofing
  • Description: Google Chrome is a web browser. The application is affected by a URI spoofing vulnerability. This issue occurs because the application fails to handle user-supplied data in pop-up windows. Google Chrome versions prior to 0.3.154.9 are affected. Ref: http://googlechromereleases.blogspot.com/2008/10/beta-release-031549.html
  • 08.47.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Avira Products Driver IOCTL Request Local Buffer Overflow
  • Description: Avira produces anti-virus products for a variety of operating systems. The applications are exposed to multiple local buffer overflow issues because the drivers fail to properly validate user-space input to IOCTL requests.
  • Ref: http://www.frsirt.com/english/FrSIRT-Security-Advisory-20081112.txt
  • 08.47.21 - CVE: CVE-2008-4415
  • Platform: Cross Platform
  • Title: HP Service Manager (HPSM) Unspecified Privilege Escalation
  • Description: HP Service Manager (HPSM) is an IT service desk application available for multiple platforms. The software is exposed to an unspecified privilege escalation issue. HP Service Manager version 7.01 is affected.
  • Ref: http://www.securityfocus.com/bid/32272
  • 08.47.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AlstraSoft SendIt Pro Arbitrary File Upload
  • Description: AlstraSoft SendIt Pro is a file hosting application. AlstraSoft SendIt Pro is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer within the context of the webserver process. This issue occurs because the application fails to sufficiently sanitize file extensions before accepting uploaded files onto the webserver.
  • Ref: http://www.securityfocus.com/bid/32277
  • 08.47.23 - CVE: CVE-2008-5006
  • Platform: Cross Platform
  • Title: University of Washington IMAP "smtp.c" Null Pointer Dereference Denial of Service
  • Description: The University of Washington IMAP library is a library implementing the IMAP mail protocol. The library is exposed to a remote denial of service issue because it fails to handle specific error conditions. University of Washington IMAP version 2007b is affected.
  • Ref: http://www.washington.edu/imap/
  • 08.47.24 - CVE: CVE-2008-0017, CVE-2008-5015, CVE-2008-5024,CVE-2008-5023, CVE-2008-5022, CVE-2008-5021, CVE-2008-5019,CVE-2008-5018, CVE-2008-5017, CVE-2008-5016, CVE-2008-5014,CVE-2008-5013, CVE-2008-5012, CVE-2008-5052
  • Platform: Cross Platform
  • Title: Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released multiple advisories regarding security vulnerabilities in Mozilla Firefox/Thunderbird/SeaMonkey. These vulnerabilities can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. Firefox versions 2.0.0.17 and earlier are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-52.html
  • 08.47.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Logical Domain Manager Local Security Bypass
  • Description: Sun Logical Domain Manager is exposed to a local security bypass issue. Specifically, local attackers can circumvent SPARC Firmware password protection. Logical Domain Manager versions 1.0 up to and including 1.0.3 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243606-1
  • 08.47.26 - CVE: CVE-2008-4216, CVE-2008-3644, CVE-2008-3623
  • Platform: Cross Platform
  • Title: Apple Safari Prior to 3.2 Multiple Security Vulnerabilities
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to multiple security issues. Attackers may exploit these issues to execute arbitrary code or obtain sensitive information. Safari versions prior to 3.2 running on Apple Mac OS X 10.4.11 and 10.5.5, Microsoft Windows XP, and Windows Vista are affected.
  • Ref: http://support.apple.com/kb/HT3298
  • 08.47.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Scriptsfeed Scripts Arbitrary File Upload
  • Description: Multiple Scriptsfeed scripts are exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer within the context of the webserver process. This issue occurs because the applications fail to sufficiently sanitize file extensions before accepting uploaded files.
  • Ref: http://www.securityfocus.com/bid/32293
  • 08.47.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Microsoft Active Directory LDAP Server Username Enumeration Weakness
  • Description: Microsoft Active Directory is an LDAP implementation used on the Microsoft Windows operating system. The application is exposed to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Windows 2000 SP4 and Windows Server 2003 SP1 and SP2 are affected.
  • Ref: http://labs.portcullis.co.uk/application/ldapuserenum/
  • 08.47.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Cobbler Web Interface Kickstart Template Remote Privilege Escalation
  • Description: Cobbler is a network installation and update server. The application is exposed to a remote privilege escalation issue that occurs in the Cobbler Web interface. Remote attackers who can edit kickstart templates, may exploit this issue to execute arbitrary python code with root privileges. Cobbler versions prior to 1.2.9 are affected.
  • Ref: http://www.securityfocus.com/bid/32317
  • 08.47.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: OpenSSH CBC Mode Information Disclosure
  • Description: OpenSSH is exposed to an information disclosure issue. This issue arises because of an error in the implementation of the block cipher algorithm in CBC (Cipher-Block Chaining) mode. OpenSSH version 4.7p1 is affected.
  • Ref: http://www.cpni.gov.uk/Products/3716.aspx
  • 08.47.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser "file://" Heap Based Buffer Overflow
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. The application is exposed to a heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. Opera Web Browser version 9.62 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498388
  • 08.47.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FREEze Greetings "pwd.txt" Password Information Disclosure
  • Description: FREEze Greetings is a greeting card application. netRisk is exposed to an information disclosure issue because it fails to restrict access to the "pwd.txt" file.
  • Ref: http://www.securityfocus.com/bid/32325
  • 08.47.33 - CVE: CVE-2008-4226
  • Platform: Cross Platform
  • Title: libxml2 "xmlSAX2Characters()" Integer Overflow
  • Description: The "libxml2" library is freely available, open-source software designed to manipulate XML files. The library is exposed to an integer overflow issue because it fails to properly verify user-supplied data. libxml2 version 2.7.2 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470466
  • 08.47.34 - CVE: CVE-2008-4225
  • Platform: Cross Platform
  • Title: libxml2 "xmlBufferResize()" Remote Denial of Service
  • Description: The "libxml2" library is freely available, open-source software designed to manipulate XML files. The library is exposed to a remote denial of service issue. Specifically, this issue is triggered when an application using the library parses a specially crafted XML file. libxml version 2-2.7.2 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470480
  • 08.47.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe AIR Unspecified JavaScript Code Execution
  • Description: Adobe AIR is a runtime environment for constructing rich internet applications that would execute on local computers. Adobe AIR is exposed to a security issue that permits remote attackers to execute arbitrary JavaScript code with elevated privileges. Adobe AIR versions prior to 1.5 are affected.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb08-23.html
  • 08.47.36 - CVE: CVE-2008-5110
  • Platform: Cross Platform
  • Title: Balabit syslog-ng Insecure "chroot()" Implementation Weakness
  • Description: Balabit syslog-ng is a system log application available for multiple platforms. syslog-ng is prone to a weakness in its use of "chroot()". Specifically, the application fails to call "chdir()" on the jail directory immediately before calling "chroot()". Syslog-ng version 2.0.9 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505791
  • 08.47.37 - CVE: CVE-2008-5012
  • Platform: Cross Platform
  • Title: Mozilla Firefox Arbitrary Image Cross Domain Security Bypass
  • Description: Mozilla Firefox is a web browser available for multiple platforms. An origin-validation issue may allow attackers to bypass the same-origin policy and gain access to arbitrary images from other domains. Firefox versions prior to 2.0.0.18 are affected.
  • Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-441.htm
  • 08.47.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TYPO3 Core Multiple Cross-Site Scripting Vulnerabilities
  • Description: TYPO3 is a web-based content manager. The TYPO3 Core component of the application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. TYPO3 versions 4.2.0 up to and including 4.2.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/
  • 08.47.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Messaging Server Cross-Site Scripting
  • Description: Sun Java System Messaging Server provides messaging services for enterprises. Sun Java System Messaging Server is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input. Sun Java System Messaging Server versions 6.2 and 6.3 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242186-1
  • 08.47.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Interchange Multiple Cross-Site Scripting Vulnerabilities
  • Description: Interchange is an ecommerce application implemented in PERL. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. Interchange versions prior to 5.4.3 or 5.6.1 are affected. Ref: http://www.icdevgroup.org/i/dev/news?id=ssEkj9j8&mv_arg=00030&mvpc=96
  • 08.47.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BoutikOne CMS "search_query" Parameter Cross-Site Scripting
  • Description: BoutikOne CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "search_query" parameter of the "search.php" script.
  • Ref: http://www.securityfocus.com/bid/32321
  • 08.47.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kimson CMS "id" Parameter Cross-Site Scripting
  • Description: Kimson CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "bbs.track.php" script.
  • Ref: http://www.securityfocus.com/archive/1/498438
  • 08.47.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Books Component "book_id" Parameter SQL Injection
  • Description: Books is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_books" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32255
  • 08.47.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Catalog Production Component "id" Parameter SQL Injection
  • Description: Catalog Production is a component for the Joomla! and Mambo content managers. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_catalogproduction" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32259
  • 08.47.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Digital Greys Contact Information Module Joomla! Component SQL Injection
  • Description: Contact Information Module is a component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_contactinfo" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32260
  • 08.47.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PozScripts Business Directory "showcategory.php" SQL Injection
  • Description: PozScripts Business Directory is a web-application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32264
  • 08.47.47 - CVE: CVE-2008-5055, CVE-2008-5056
  • Platform: Web Application - SQL Injection
  • Title: ActiveCampaign TrioLive "department_id" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: ActiveCampaign TrioLive is a web-based live chat application implemented in PHP. The application is exposed to multiple issues because it fails to adequately sanitize user-supplied input. ActiveCampaign TrioLive versions prior to 1.58.7 are affected.
  • Ref: http://holisticinfosec.org/content/view/93/45/
  • 08.47.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft Article Manager Pro "admin/admin.php" SQL Injection
  • Description: AlstraSoft Article Manager Pro is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "admin/admin.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32276
  • 08.47.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HyperStop WebHost Directory "admin/login" SQL Injection
  • Description: HyperStop WebHost Directory is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "passwd" parameter of the "admin/login" script before using it in an SQL query. WebHost Directory version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32278
  • 08.47.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MemHT Portal "inc/ajax/ajax_rating.php" SQL Injection
  • Description: MemHT Portal is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "X-Forwarded-For" HTTP header in the "inc/ajax/ajax_rating.php" script before using the data in an SQL query. MemHT Portal version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32294
  • 08.47.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft Web Host Directory "Password" Parameter SQL Injection
  • Description: AlstraSoft Web Host Directory is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the login script before using it in an SQL query. Web Host Directory version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32298
  • 08.47.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bankoi Webhost Panel "login.asp" SQL Injection
  • Description: Bankoi Webhost Panel is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" and "password" parameters of the "login.asp" script before using it in an SQL query. Webhost Panel version 1.20 is affected.
  • Ref: http://www.milw0rm.com/exploits/7120
  • 08.47.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SlimCMS "edit.php" SQL Injection
  • Description: SlimCMS is a web-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageID" parameter of the "edit.php" script before using it in an SQL query. SlimCMS version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32300
  • 08.47.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: X7 Chat Password Field SQL Injection
  • Description: X7 Chat is a free, open source, web-based chat application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field before using it in an SQL query. X7 Chat version 2.0.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32309
  • 08.47.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: HOSTNOMI Real Estate Portal Pro "index.php" SQL Injection
  • Description: HOSTNOMI Real Estate Portal Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "show_board" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32310
  • 08.47.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ClipShare Pro "channel_detail.php" SQL Injection
  • Description: ClipShare Pro is a PHP-based script for sharing videos. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "chid" parameter of the "channel_detail.php" script before using it in an SQL query. ClipShare Pro version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/32311
  • 08.47.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wholesale "track.php" SQL Injection
  • Description: Wholesale is a PHP-based application used for wholesale business. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "track.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32314
  • 08.47.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Flosites Blog SQL Injection Vulnerabilities
  • Description: Flosites Blog is a PHP-based blogging application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "cat" and "category" parameters of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/32315
  • 08.47.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpstore.info Yahoo Answers-Like "index.php" SQL Injection
  • Description: Yahoo Answers-Like is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32316
  • 08.47.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OpenASP "default.asp" SQL Injection
  • Description: OpenASP is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "idpage" parameter of the "forum.asp" script before using it in an SQL query. OpenASP version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32322
  • 08.47.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-topbiz AdManager "view.php" SQL Injection
  • Description: E-topbiz AdManager is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "group" parameter of the "view.php" script before using it in an SQL query. AdManager version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/32328
  • 08.47.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SaturnCMS "Username" Login Page SQL Injection
  • Description: SaturnCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "Username" field when logging in as an administrator.
  • Ref: http://www.securityfocus.com/bid/32336
  • 08.47.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jadu Galaxies "documents.php" SQL Injection
  • Description: Jadu Galaxies is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "categoryID" parameter of the "documents.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32337
  • 08.47.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Customer "login.php" SQL Injection
  • Description: Simple Customer is a web-based contact manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the "login.php" script before using it in an SQL query. Simple Customer version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32339
  • 08.47.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: UltraStats "login.php" SQL Injection
  • Description: UltraStats is a web-based log analyzer for Call of Duty 2 server logfiles. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "serverid" parameter of the "index.php" script before using it in an SQL query. UltraStats versions 0.3.11 and 0.2.144 are affected.
  • Ref: http://www.securityfocus.com/bid/32340
  • 08.47.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "admincalendar.php" SQL Injection
  • Description: vBulletin is a web-based bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "holidayinfo" parameter of the "admincp/admincalendar.php" script before using it in an SQL query. vBulletin version 3.7.3.pl1 is affected.
  • Ref: http://www.waraxe.us/advisory-68.html
  • 08.47.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "admincp/verify.php" SQL Injection
  • Description: vBulletin is a PHP-based bulletin board. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "answer" parameter of the "admincp/verify.php" script before using it in an SQL query. vBulletin version 3.7.4 is affected.
  • Ref: http://www.waraxe.us/advisory-69.html
  • 08.47.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "admincp/attachmentpermission.php" SQL Injection
  • Description: vBulletin is a PHP-based bulletin board. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "extension" parameter of the "admincp/attachmentpermission.php" script before using it in an SQL query. vBulletin version 3.7.4 is affected.
  • Ref: http://www.waraxe.us/advisory-69.html
  • 08.47.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: vBulletin "admincp/image.php" SQL Injection
  • Description: vBulletin is a PHP-based bulletin board. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "iperm" parameter of the "admincp/image.php" script before using it in an SQL query. vBulletin version 3.7.4 is affected.
  • Ref: http://www.waraxe.us/advisory-69.html
  • 08.47.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Sun Java System Identity Manager Multiple Vulnerabilities
  • Description: Sun Java System Identity Manager is a web-based application. The application is exposed to multiple web-based issues. Successful exploits of many of these issues will allow an attacker to completely compromise the affected devices.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243386-1
  • 08.47.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Multiple HTML Injection Vulnerabilities
  • Description: Joomla! is a web-based content manager. The application is exposed to multiple issues. Joomla! versions prior to 1.5.8 are affected. Ref: http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html
  • 08.47.72 - CVE: Not Available
  • Platform: Web Application
  • Title: WOW Raid Manager "auth/auth_phpbb3.php" Security Bypass
  • Description: WOW Raid Manager is a PHP-based Raid and Group management system for World of Warcraft. The application is exposed to a security bypass issue that is caused by an error in the "auth/auth_phpbb3.php" script. WOW Raid Manager versions prior to 3.6.0 are vulnerable to this issue. Ref: http://github.com/Illydth/wowraidmanager/commit/7dd6367ae85003dd5d715431b6ab695f2c2f200a
  • 08.47.73 - CVE: Not Available
  • Platform: Web Application
  • Title: AJ Article Authentication Bypass Vulnerabilities
  • Description: AJ Article is a web-based application. The application is exposed to multiple authentication bypass issues. An attacker accessing the scripts can effectively bypass the intended security measures and gain administrative access to the application.
  • Ref: http://www.securityfocus.com/bid/32254
  • 08.47.74 - CVE: Not Available
  • Platform: Web Application
  • Title: AJ Classifieds Authentication Bypass
  • Description: AJ Classifieds is a web-based application. The application is exposed to an authentication bypass issue affecting the "admin/home.php" file.
  • Ref: http://www.securityfocus.com/bid/32256
  • 08.47.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Pre Real Estate Listings Seller Logo Arbitrary File Upload
  • Description: Pre Real Estate Listings is a web-based application. Pre Real Estate Listings is exposed to an issue that lets remote attackers upload and execute arbitrary script code on an affected computer within the context of the web server process. This issue occurs because the applications fail to sufficiently sanitize file extensions before accepting uploaded files via the script "profile.php".
  • Ref: http://www.securityfocus.com/bid/32257
  • 08.47.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! Simple RSS Reader Component Remote File Include
  • Description: Simple RSS Reader is a component for the Joomla! content manager. Simple RSS Reader is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mosConfig_live_site" parameter of the "admin.rssreader.php" script. Simple RSS Reader version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32265
  • 08.47.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Zope PythonScript Multiple Remote Denial of Service Vulnerabilities
  • Description: Zope is a content management system implemented in Python. Zope is exposed to multiple remote denial of service issues related to the PythonScript scripting language. Zope versions 2.7.0 through 2.11.2 are affected.
  • Ref: http://www.zope.org/advisories/advisory-2008-08-12/document_view
  • 08.47.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Linksys WRT160N DHCP Client Table HTML Injection
  • Description: Linksys WRT160N is a wireless router. The router is exposed to an HTML injection issue that occurs when an administrator views a DHCP client table. Specifically, the application fails to sanitize user-supplied data to the "host name" value, before storing it into the DHCP client table.
  • Ref: http://www.securityfocus.com/bid/32274
  • 08.47.79 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Local Classifieds "Site_Admin/admin.php" Authentication Bypass
  • Description: TurnkeyForms Local Classifieds is a web-based application. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "Site_Admin/admin.php" script because the application fails to restrict access to it.
  • Ref: http://www.securityfocus.com/bid/32282
  • 08.47.80 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Web Hosting Directory Multiple Vulnerabilities
  • Description: TurnkeyForms Web Hosting Directory is a web-based application. The application is exposed to multiple issues. The attacker can exploit the authentication bypass vulnerability to gain administrative access to the affected application.
  • Ref: http://www.securityfocus.com/bid/32283
  • 08.47.81 - CVE: Not Available
  • Platform: Web Application
  • Title: BandSite CMS Cookie Authentication Bypass
  • Description: BandSite CMS is web-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. BandSite CMS version 1.1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32295
  • 08.47.82 - CVE: Not Available
  • Platform: Web Application
  • Title: AlstraSoft Web Hosting Directory Multiple Vulnerabilities
  • Description: AlstraSoft Web Hosting Directory is a web-based application. The application is exposed to multiple issues. An attacker may masquerade as an administrator by setting the value of this cookie parameter to 1.
  • Ref: http://www.securityfocus.com/bid/32301
  • 08.47.83 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Text Link Sales "admin.php" Authentication Bypass
  • Description: TurnkeyForms Text Link Sales is a web-based application. The application is exposed to an authentication bypass issue. Specifically, this issue affects the "admin.php" script because the application fails to restrict access to it.
  • Ref: http://www.securityfocus.com/bid/32302
  • 08.47.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Discuz! "index.php" Remote Code Execution
  • Description: Discuz! is web-based forum software. The application is exposed to an issue that lets remote attackers execute arbitrary code. The problem occurs because the application performs an "eval()" function call on user-supplied input. Discuz! versions 6.x and 7.x are affected.
  • Ref: http://www.securityfocus.com/bid/32303
  • 08.47.85 - CVE: Not Available
  • Platform: Web Application
  • Title: GS Real Estate Portal Multiple Input Validation Vulnerabilities
  • Description: GS Real Estate Portal is a web-based realty application. The application is exposed to mulitple input validation issues. An attacker can exploit these issues to execute arbitrary code in the context of the web server process, steal cookie-based authentication credentials, control how the site is rendered to the user, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32307
  • 08.47.86 - CVE: Not Available
  • Platform: Web Application
  • Title: TurnkeyForms Text Link Sales "admin.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: TurnkeyForms Text Link Sales is a web-based application. The application is exposed to the multiple issues because it fails to adequately sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32308
  • 08.47.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Minigal "index.php" Directory Traversal
  • Description: Minigal is a web-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "list" parameter of the "index.php" script. Minigal version B13 is affected.
  • Ref: http://www.securityfocus.com/bid/32312
  • 08.47.88 - CVE: Not Available
  • Platform: Web Application
  • Title: infiniteReality mxCamArchive "archive/config.ini" Information Disclosure
  • Description: infiniteReality mxCamArchive is PHP-based photo gallery application. mxCamArchive is exposed to an information disclosure issue that occurs in the "archive/config.ini" script. mxCamArchive version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32324
  • 08.47.89 - CVE: Not Available
  • Platform: Web Application
  • Title: QuadComm Q-Shop Cross-Site Scripting and Multiple SQL Injection Vulnerabilities
  • Description: QuadComm Q-Shop is a web-based application. The application is exposed to the multiple issues because it fails to adequately sanitize user-supplied input. Q-Shop version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32329
  • 08.47.90 - CVE: Not Available
  • Platform: Web Application
  • Title: phpFan "init.php" Remote File Include
  • Description: phpFan is a web-based application for maintaining links. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "includepath" parameter of the "init.php" script. phpFan version 3.3.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32335
  • 08.47.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Pluck "g_pcltar_lib_dir" Parameter Local File Include
  • Description: Pluck is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "g_pcltar_lib_dir" parameter of the "data/inc/lib/pcltar.lib.php" script. Pluck version 4.5.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498438
  • 08.47.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Link Back Checker Cookie Authentication Bypass
  • Description: Link Back Checker is a web-based application that can indicate whether sites that were linked to will also link back. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication.
  • Ref: http://www.securityfocus.com/bid/32354
  • 08.47.93 - CVE: Not Available
  • Platform: Web Application
  • Title: MDaemon Server WorldClient Script Injection
  • Description: WorldClient is a web-based email client shipped with MDaemon Email Server. The application is exposed to a script injection issue because it fails to properly sanitize user-supplied input. WorldClient HTTP Server and WorldClient DLL versions 10.0.1 included in MDaemon PRO 10.0.1 for Windows are affected.
  • Ref: http://files.altn.com/MDaemon/Release/RelNotes_en.txt
  • 08.47.94 - CVE: Not Available
  • Platform: Network Device
  • Title: Sweex RO002 Router Default Password Security Bypass
  • Description: Sweex RO002 Router is affected by a vulnerability that allows attackers to bypass security restrictions. Specifically, attackers can log in to the web configuration interface using an undocumented username "rdc123" and password "rdc123". Sweex RO002 Router with firmware version Ts03-072 is affected.
  • Ref: http://www.securityfocus.com/bid/32249
  • 08.47.95 - CVE: Not Available
  • Platform: Network Device
  • Title: Actiontec MI424WR Default WEP Key Security Bypass
  • Description: ActionTec MI424WR is a wireless broadband router. The device is exposed to a security bypass issue because it uses a default WEP encryption key. Specifically, the default WEP key is the same as the device's MAC address.
  • Ref: http://www.securityfocus.com/bid/32271
  • 08.47.96 - CVE: Not Available
  • Platform: Network Device
  • Title: Belkin F5D8233-4 Wireless N Router IP-Based Authentication Session Hijacking
  • Description: The Belkin F5D8233-4 Wireless N Router is a Wi-Fi networking device. The device is exposed to an authentication bypass issue because of the way it maintains authentication states. This issue occurs because authentication states are maintained based on the IP address of users. Belkin F5D8233-4 is affected.
  • Ref: http://www.securityfocus.com/bid/32273
  • 08.47.97 - CVE: Not Available
  • Platform: Network Device
  • Title: Belkin F5D8233-4 Wireless N Router Multiple Scripts Authentication Bypass Vulnerabilities
  • Description: The Belkin F5D8233-4 Wireless N Router is a Wi-Fi networking router. The device is exposed to multiple issues because of a lack of authentication when users access specific administration scripts. Belkin version F5D8233-4 is affected.
  • Ref: http://www.securityfocus.com/bid/32275
  • 08.47.98 - CVE: Not Available
  • Platform: Network Device
  • Title: NETGEAR WGR614 Administration Interface Remote Denial of Service
  • Description: NETGEAR WGR614 is a wireless router. NETGEAR WGR614 is exposed to a denial of service issue that occurs in the administration web interface. Specifically, the web administration interface crashes when processing a URI that has a "?" character appended to the end.
  • Ref: http://www.securityfocus.com/bid/32290
  • 08.47.99 - CVE: Not Available
  • Platform: Network Device
  • Title: Check Point VPN-1 Port Address Translation Information Disclosure Weakness
  • Description: Check Point VPN-1 is a virtual private network device. Check Point VPN-1 is exposed to an information disclosure weakness. The problem occurs when handling specially-crafted packets to ports on the firewall that are mapped by port address translation (PAT) to ports on internal devices. Information regarding the internal network can be disclosed in the subsequent ICMP error packets.
  • Ref: http://www.portcullis-security.com/293.php

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

...class was well done, and I genuinely appreciate you "breathing life" into 7799. The anecdotal stories were worth the trip as were the experiences of those in classroom who shared.
-Liam Doyle, Regions Financial Corporation

Forensics Website

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT