The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 48
November 28, 2008

SANS Newsletters Home

Some of the most damaging attacks have targeted security and storage products - and this week we report on major new problems with products from EMC (the main enterprise storage control center product), Symantec (BackUp Exec), and several anti-virus vendors.

Registration just opened for the world's biggest security training conference, SANS 2009 in Orlando in early March. This is the SANS program where classes fill up fastest so early registration actually matters. Details at: http://www.sans.org/sans2009 Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 2
    • Third Party Windows Apps
    • 7 (#1, #5, #6)
    • Linux
    • 14
    • BSD
    • 1
    • Unix
    • 5
    • Cross Platform
    • 17 (#2, #3)
    • Apple
    • 1 (#4)
    • Web Application - Cross Site Scripting
    • 9
    • Web Application - SQL Injection
    • 29
    • Web Application
    • 30
    • Network Device
    • 3

************************ Sponsored By SANS *********** ******************

Join Storage, Security and Database professionals at the Log Management Summit April 6-7. Get help in selecting and implementing the right log management tools to ensure you meet regulatory requirements and improve security as well as improve operational efficiency. http://www.sans.org/info/35969

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Third Party Windows Apps
Linux
BSD
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************************************************************

TRAINING UPDATE - - SANS CDI in Washington 30 courses; big security tools expo; lots of evening sessions: http://www.sans.org/ cdi08/ - - Las Vegas (1/24-2/01) http://sans.org/securitywest09/ - - London (12/1- 12/9) http://sans.org/london08/ - - Vancouver (11/17-11/22) http://www.sans.org/ vancouver08/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Multiple Security Gateway/Antivirus Solutions PDF Handling Vulnerabilities
  • Affected:
    • BitDefender Antivirus
    • BullGuard Internet Security
    • Groupware Server Antivirus Engine

  • Description: Several antivirus and security gateway solutions have been found to be vulnerable to processing flaws when inspecting PDF documents. It is unknown, but assumed, that at least some of these vulnerabilities arise from the use of the same parsing library by these applications. A specially crafted PDF document could trigger one of these vulnerabilities when processed by a vulnerable application. Successfully exploiting one of these vulnerabilities could have a variety of effects, including arbitrary code execution with the privileges of the vulnerable process. At lease one proof-of-concept is publicly available.

  • Status: Please check with individual vendors for status.

  • References:
  • (4) HIGH: Apple iPhone Multiple Vulnerabilities
  • Affected:
    • Apple iPhone running iPhone OS versions prior to 2.2
    • Apple iPod Touch running iPhone OS versions prior to 2.2

  • Description: The Apple iPhone and Apple iPod Touch contain multiple vulnerabilities in their handling of a variety of web page contents, image formats, document formats, and other inputs. A malicious web page containing or referencing one of these file formats could result in a variety of conditions, including remote code execution. Successful remote code execution would allow an attacker to take complete control of the affected device. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) HIGH: FlexCell ActiveX Control Arbitrary File Overwrite
  • Affected:
    • FlexCell ActiveX Control versions 5.7.0.1 and prior

  • Description: FlexCell is a popular ActiveX control used to view spreadsheet and other tabular data. It contains an arbitrary file overwrite vulnerability in its "HttpDownloadFIle" method. A specially crafted web page that instantiates this control could trigger this vulnerability, allowing an attacker to overwrite any file with the privileges of the current user. This vulnerability could be leveraged to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability.

  • Status: Vendor has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism.

  • References:
  • (6) HIGH: BlackBerry Desktop Software ActiveX Control Multiple Vulnerabilities
  • Affected:
    • BlackBerry Desktop Software versions 4.2.2 through 4.7

  • Description: BlackBerry Desktop Software is the desktop software used to manage a BlackBerry handheld device. Part of its functionality is provided by an ActiveX control, the FlexNET Connect control. This control was previously discovered to contain multiple vulnerabilities. BlackBerry Desktop Software uses a vulnerable version of this control. A specially crafted web page that instantiates this control could trigger these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.48.1 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows Vista "iphlpapi.dll" Local Kernel Buffer Overflow
  • Description: Microsoft Windows Vista is exposed to a local buffer overflow issue because of insufficient boundary checks in a kernel function. This issue affects the "Microsoft Device IO Control" contained in the "iphlpapi.dll" file. Windows Vista SP1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498471
  • 08.48.2 - CVE: Not Available
  • Platform: Windows
  • Title: EMC ControlCenter Manager for SAN "msragent.exe" Remote Information Disclosure
  • Description: EMC ControlCenter Manager for SAN is management software for storage area network systems. ControlCenter Manager for SAN is prone to a remote information disclosure issue due to an access validation error. ControlCenter Manager for SAN versions 5.2 SP5 and 6.0 are affected.
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-076/
  • 08.48.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Backup Exec Data Management Protocol Buffer Overflow
  • Description: Symantec Backup Exec is a network-enabled backup solution for Novell NetWare and Microsoft Windows platforms. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html
  • 08.48.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Backup Exec for Windows Server Remote Agent Authentication Bypass
  • Description: Symantec Backup Exec System Recovery Manager is an application for system recovery available for Microsoft Windows. Symantec Backup Exec for Windows Server is exposed to an issue that allows an attacker to bypass authentication and gain unauthorized access to the affected application. Ref: http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html
  • 08.48.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: EMC ControlCenter SAN Manager "msragent.exe" Remote Stack Buffer Overflow
  • Description: EMC ControlCenter SAN Manager provides a single interface for managing a storage area network. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/498555
  • 08.48.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: BitDefender "pdf.xmd" Module PDF Parsing Remote Denial of Service
  • Description: BitDefender Antivirus is a security application available for Microsoft Windows operating platforms. The application is exposed to a denial of service issue in the PDF parsing module "pdf.xmd". Attackers can exploit this issue to deny service to legitimate users.
  • Ref: http://www.securityfocus.com/bid/32396
  • 08.48.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Apple iPhone Configuration Web Utility for Windows Directory Traversal
  • Description: Apple iPhone Configuration Web Utility for Windows is an iPhone configuration utility which includes an HTTP server. The included webserver is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. iPhone Configuration Web Utility version 1.0 for Windows is affected.
  • Ref: http://www.securityfocus.com/archive/1/498559
  • 08.48.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: FlexCell Grid Control (ActiveX) Arbitrary File Overwrite
  • Description: FlexCell Grid Control (ActiveX) is an application for working with spreadsheet data. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. FlexCell Grid Control (ActiveX) version 5.7.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.48.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nero ShowTime ".m3u" File Remote Buffer Overflow
  • Description: Nero ShowTime is a media player application for Microsoft Windows. ShowTime is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. ShowTime version 5.0.15.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32446
  • 08.48.10 - CVE: CVE-2008-5156
  • Platform: Linux
  • Title: SystemImager Insecure Temporary File Creation Vulnerabilities
  • Description: SystemImager is an application that automates Linux software installs. SystemImager creates temporary files in an insecure manner. Specifically, the "si_mkbootserver" script in "systemimager-server" creates files with predictable names such as "/tmp/*.inetd.conf" or "/tmp/pxe.conf.*.tmp". SystemImager version 4.0.2 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
  • 08.48.11 - CVE: CVE-2008-5138
  • Platform: Linux
  • Title: pam_mount Insecure Temporary File Creation
  • Description: pam_mount is a Pluggable Authentication Module that can mount volumes for a user session. pam_mount creates temporary files in an insecure manner. Specifically, the "passwdehd" script in "libpam-mount" creates files with predictable names such as "/tmp/passwdehd.*". pam_mount version 0.43 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
  • 08.48.12 - CVE: CVE-2008-5140
  • Platform: Linux
  • Title: MailScanner "trend-autoupdate" Insecure Temporary File Creation
  • Description: MailScanner is an e-mail gateway virus scanner. MailScanner creates temporary files in an insecure manner that occurs in the "trend-autoupdate" script. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. MailScanner version 4.55.10 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.13 - CVE: CVE-2008-5142
  • Platform: Linux
  • Title: Debian freebsd-sendpr "sendbug" Insecure Temporary File Creation
  • Description: Debian sfreebsd-sendpr is a client application for submitting reports to a remote GNATS database. freebsd-sendpr creates temporary files in an insecure manner. Specifically, the "sendbug" script creates files with predictable names. freebsd-sendpr version 3.113+5.3-10 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.14 - CVE: CVE-2008-5141
  • Platform: Linux
  • Title: SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
  • Description: SystemImager Flamethrower is a multicast file distribution system. Flamethrower creates temporary files in an insecure manner. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Flamethrower version 0.1.8 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506350
  • 08.48.15 - CVE: CVE-2008-5152
  • Platform: Linux
  • Title: Debian mh-book Insecure Temporary File Creation
  • Description: Debian mh-book creates temporary files in an insecure manner. The issue occurs in the "inmail-show" script. Insecure files are created with a ".log" or ".stdin" extension in the "/tmp/inmail" directory. Debian mh-book version 200605-1 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.16 - CVE: CVE-2008-5149
  • Platform: Linux
  • Title: libncbi6 Insecure Temporary File Creation
  • Description: libncbi6 is part of the NCBI dvelopment kit. The library creates temporary files in an insecure manner. Specifically, the "fwd_check.sh" script creates files with predictable names, including "/tmp/####". libncbi6 version 6.1.20080302 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.17 - CVE: CVE-2008-5157
  • Platform: Linux
  • Title: TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities
  • Description: TAU (Tuning and Analysis Utilities) is a performance analysis toolkit. TAU creates temporary files in an insecure manner. Specifically, the issue affects the "tau_cxx", "tau_f90", and "tau_cc" scripts. TAU version 2.16.4 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348
  • 08.48.18 - CVE: CVE-2008-5155
  • Platform: Linux
  • Title: SMS Client "mail2sms.sh" Insecure Temporary File Creation
  • Description: SMS Client is a command line utility that allows users to send SMS messages to mobile devices. It is freely available for UNIX and variants. SMS Client creates temporary files in an insecure manner. The issue occurs in the "mail2sms.sh" script. SMS Client version 2.0.8z is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.19 - CVE: CVE-2008-5137
  • Platform: Linux
  • Title: TkMan Insecure Temporary File Creation
  • Description: TkMan is a manual page and Texinfo browser. The application creates temporary files in an insecure manner. Specifically, the "tkman" script creates files with predictable names, such as "/tmp/tkman#####" or "/tmp/ll". TkMan version 2.2 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.20 - CVE: CVE-2008-5136
  • Platform: Linux
  • Title: TkUsr Insecure Temporary File Creation
  • Description: TkUsr is an application for managing the Self-mode of USR/3Com Message modems. The application creates temporary files in an insecure manner. Specifically, the "tkusr" script creates files with predictable names, such as "/tmp/tkusr.pgm". TkUsr version 0.82 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.21 - CVE: CVE-2008-514520060918-2.1 is affected.
  • Platform: Linux
  • Title: Debian ltp "ltpmenu" Insecure Temporary File Creation
  • Description: Debian ltp is a package for the Linux Test Project stress testing suite. Debian ltp creates temporary files in an insecure manner. The issue occurs in the "ltpmenu" script. Debian ltp version
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.22 - CVE: CVE-2008-4313
  • Platform: Linux
  • Title: "tog-pegasus" Package for Red Hat Enterprise Linux Security Bypass
  • Description: The "tog-pegasus" packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. "tog-pegasus" is exposed to a security bypass issue because previously built in security enhancements for OpenGroup Pegasus WBEM services were no longer being applied after the code was updated to version 2.7.0. "tog-pegasus" package built with Red Hat Enterprise Linux 5 is affected.
  • Ref: https://rhn.redhat.com/errata/RHSA-2008-1001.html
  • 08.48.23 - CVE: CVE-2008-4636
  • Platform: Linux
  • Title: SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection
  • Description: SuSE YaST2 Backup is a module for creating and restoring backed-up data. The application is exposed to a local command injection issue because it fails to adequately sanitize user-supplied input data. Ref: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html
  • 08.48.24 - CVE: CVE-2008-5162
  • Platform: BSD
  • Title: FreeBSD "arc4random (9)" Pseudo-Random Number Generator Insufficient Entropy Weakness
  • Description: The FreeBSD kernel is exposed to a weakness that may result in weaker cryptographic security. This issue is due to a lack of sufficient entropy in the "arc4random (9)" pseudo-random number generator. FreeBSD versions 6.3 and 7.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32447
  • 08.48.25 - CVE: CVE-2008-5187
  • Platform: Unix
  • Title: "imlib2" Library "load()" Function Buffer Overflow
  • Description: The "imlib2" library is used to view and render various types of images. It is available for UNIX, Linux, and other UNIX-like operating systems. The library is exposed to a buffer overflow issue because the software fails to properly bounds check user-supplied data. imlib2 version 1.4.2 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714
  • 08.48.26 - CVE: CVE-2008-5154
  • Platform: Unix
  • Title: P3nfs Insecure Temporary File Creation
  • Description: P3nfsd is an application that mounts phone/PDA filesystems on Unix. P3nfs creates temporary files in an insecure manner. Specifically, the "bluetooth.rc" script creates files with predictable names such as "/tmp/blue.log". P3nfs version 5.19 is vulnerable; other versions may also be affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
  • 08.48.27 - CVE: CVE-2008-5153
  • Platform: Unix
  • Title: Moodle "spell-check-logic.cgi" Insecure Temporary File Creation
  • Description: Moodle is an open-source application for managing online courseware. It is freely available under the GNU Public license for UNIX and variants and for Microsoft Windows. Moodle creates temporary files in an insecure manner. The issue occurs in the "spell-check-logic.cgi" script. Moodle version 1.8.2 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.28 - CVE: CVE-2008-5143
  • Platform: Unix
  • Title: Multi Gnome Terminal Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: Multi Gnome Terminal is a terminal emulator derived from "gnome-terminal". Multi Gnome Terminal creates the temporary files "/tmp/$WHOAMI.debug" and "/tmp/$WHOAMI.env" in an insecure manner. Multi Gnome Terminal version 1.6.2 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.29 - CVE: CVE-2008-5183
  • Platform: Unix
  • Title: CUPS "cupsd" RSS Subscriptions NULL Pointer Dereference Local Denial of Service
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. The application is exposed to a local denial of service issue due to a NULL-pointer dereference in the "cupsd" daemon. This issue can be triggered by adding an overly large number of RSS subscriptions.
  • Ref: http://lab.gnucitizen.org/projects/cups-0day
  • 08.48.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Thunderbird and SeaMonkey "mailnews" Information Disclosure
  • Description: Mozilla Thunderbird and SeaMonkey are email clients. The applications are exposed to an information disclosure issue because they allow JavaScript included in an email message to access certain DOM properties. Mozilla Thunderbird versions prior to 2.0.0.18 and SeaMonkey versions prior to 1.1.13 are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
  • 08.48.31 - CVE: CVE-2008-4829
  • Platform: Cross Platform
  • Title: Streamripper Multiple Buffer Overflow Vulnerabilities
  • Description: Streamripper is an application that records shoutcast-style streams. It is available for multiple operating systems. Streamripper is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. Streamripper version 1.63.5 is affected.
  • Ref: http://secunia.com/secunia_research/2008-50/
  • 08.48.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PHP "error_log" Safe Mode Restriction Bypass
  • Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a "safe_mode" restriction bypass issue. PHP version 5.2.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498527
  • 08.48.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Oracle Database Vault Privilege Escalation
  • Description: Oracle Database Vault is a feature of Oracle Databases to limit access to potentially sensitive information. Oracle Database Vault is exposed to a privilege escalation issue because it fails to properly restrict access. Oracle Database version 10.2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32393
  • 08.48.34 - CVE: CVE-2008-1586, CVE-2008-4227, CVE-2008-4228,CVE-2008-4229, CVE-2008-4230, CVE-2008-4231, CVE-2008-4232,CVE-2008-4233
  • Platform: Cross Platform
  • Title: Apple iPhone and iPod touch Prior to Version 2.2 Multiple Vulnerabilities
  • Description: Apple iPhone is a mobile phone that runs on the ARM architecture. Apple iPod touch is a portable music player that also contains the Safari browser. Apple iPhone and iPod touch are exposed to multiple issues. iPhone OS versions 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 are affected.
  • Ref: http://support.apple.com/kb/HT3318
  • 08.48.35 - CVE: CVE-2008-5150
  • Platform: Cross Platform
  • Title: maildirsync Insecure Temporary File Creation
  • Description: maildirsync is a "Maildir" synchronization utility. The application creates temporary files in an insecure manner. Specifically, the "sample.sh" script creates files with predictable names, including "/tmp/maildirsync-*.#####.log". maildirsync version 1.1 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: KVIrc URI Handler Remote Command Execution
  • Description: KVIrc is an IRC client available for various operating systems. KVIrc is exposed to a remote command execution issue because it fails to sufficiently sanitize user-supplied input when handling "irc://" and "irc6://" URIs. KVIrc version 3.4.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498557
  • 08.48.37 - CVE: CVE-2008-5139
  • Platform: Cross Platform
  • Title: jailer "updatejail" Insecure Temporary File Creation
  • Description: jailer is a tool for creating and maintaining chrooted environments. The "updatejail" script creates the temporary file "/tmp/$$.updatejail" in an insecure manner. jailer version 0.4 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.38 - CVE: CVE-2008-5147
  • Platform: Cross Platform
  • Title: Docvert "test-pipe-to-pyodconverter" Insecure Temporary File Creation
  • Description: Docvert is a tool for converting office document files between different formats. The "test-pipe-to-pyodconverter" script included with Docvert creates the temporary file "/tmp/outer.odt" in an insecure manner. Docvert version 3.4 is affected.
  • Ref: http://uvw.ru/report.lenny.txt
  • 08.48.39 - CVE: CVE-2008-2378
  • Platform: Cross Platform
  • Title: hf Local Privilege Escalation
  • Description: hf is an amateur-radio protocol suite. The problem occurs because hf improperly tries to execute an external command. A local attacker can exploit this issue to elevate their privileges. hf versions 0.7.3 and 0.8 are affected.
  • Ref: http://www.securityfocus.com/bid/32421
  • 08.48.40 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Wireshark 1.0.4 SMTP Denial of Service
  • Description: Wireshark (formerly Ethereal) is an application for analyzing network traffic; it is available for Microsoft Windows and UNIX-like operating systems. Wireshark is exposed to a denial of service issue during the processing of large SMTP requests. Wireshark version 1.0.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498562
  • 08.48.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ffdshow Long URL Link Remote Buffer Overflow
  • Description: The "ffdshow" codec is an open source audio and video codec. The codec is exposed to a remote heap buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. ffdshow versions prior to rev2347_20081123 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498585
  • 08.48.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: W3C Amaya "TtaWCToMBstring()" Multiple Stack-Based Buffer Overflow Vulnerabilities
  • Description: W3C Amaya is a freely available web browser and editor application that runs on multiple platforms. W3C Amaya is exposed to multiple stack-based buffer overflow issues because it fails to perform adequate checks on user-supplied input. W3C Amaya version 10.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498578
  • 08.48.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: VirtualBox "ipcdUnix.cpp" Insecure Temporary File Creation
  • Description: VirtualBox is virtualization software available for multiple operating systems on the x86 architecture. The application creates temporary files in an insecure manner. VirtualBox versions prior to 2.0.6 are affected. Ref: http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810&old=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%
  • 08.48.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Total Video Player "TVP type" Tag Handling Remote Buffer Overflow
  • Description: Total Video Player is a media player. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Total Video Player version 1.31 provided by "vcen.dll" is affected.
  • Ref: http://www.securityfocus.com/bid/32456
  • 08.48.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Access Manager for e-business Remote Denial of Service
  • Description: IBM Tivoli Access Manager for e-business provides central access control for multiple services and applications in an enterprise environment. The application is exposed to a remote denial of service issue because it fails to handle specially crafted data. IBM Tivoli Access Manager for e-business version 6.0.0.17 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37270
  • 08.48.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: RSA enVision Platform Web Console Password Hash Remote Information Disclosure
  • Description: RSA enVision Platform is a system for log collection and analysis, and includes a web console interface. The web console is exposed to a remote information disclosure issue caused by a lack of access restrictions on user profiles. RSA enVision versions 3.5.0 through 3.7.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498649
  • 08.48.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: refbase "headerMsg" Parameter Cross-Site Scripting Vulnerabilities
  • Description: refbase is a PHP-based bibliographic manager. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input. refbase versions prior to 0.9.5 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=64647&release_id=641612
  • 08.48.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Softbiz Classifieds Script Cross-Site Scripting
  • Description: Softbiz Classifieds Script is a web-based application. Softbiz Classifieds Script is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input passed to the "msg" parameter of the "signinform.php" script.
  • Ref: http://www.securityfocus.com/bid/32375
  • 08.48.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Chipmunk Topsites "start" Parameter Cross-Site Scripting
  • Description: Chipmunk Topsites is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "start" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/32470
  • 08.48.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Web Content Management Unspecified Cross-Site Scripting Vulnerabilities
  • Description: IBM Lotus Web Content Management is a suite of web-based applications for Windows, UNIX, and Sun platforms. The application is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. IBM Lotus Web Content Management version 60G is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK73108
  • 08.48.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SemanticScuttle Multiple Cross-Site Scripting Vulnerabilities
  • Description: SemanticScuttle is a social bookmarking application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to unspecified parameters. SemanticScuttle versions prior to 0.90 are affected.
  • Ref: http://sourceforge.net/
  • 08.48.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Bandwebsite "info.php" Cross-Site Scripting
  • Description: Bandwebsite is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "section" parameter of the "info.php" script. Bandwebsite version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32454
  • 08.48.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: COMS "dynamic.php" Cross-Site Scripting
  • Description: COMS is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "dynamic.php" script when the "sys" parameter is set to "search".
  • Ref: http://www.securityfocus.com/bid/32459
  • 08.48.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WordPress "wp-includes/feed.php" Cross-Site Scripting
  • Description: WordPress allows users to generate news pages and web-logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. WordPress versions prior to 2.6.5 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498652
  • 08.48.55 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HeXHub Buffer Overflow And Cross-Site Scripting Vulnerabilities
  • Description: HeXHub is an IOCP-based file-sharing hub and firewall. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs when updating cache buffers. The application is also exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "/report" macro. HeXHub versions prior to 5.02cFirewall1.09 are affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=642276
  • 08.48.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyTopix "send" Parameter SQL Injection
  • Description: MyTopix is a PHP-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "send" parameter of the "index.php" script before using it in an SQL query. MyTopix version 1.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32362
  • 08.48.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MauryCMS "Rss.php" SQL Injection
  • Description: MauryCMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "c" parameter of the "Rss.php" script before using it in an SQL query. MauryCMS version 0.53.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32364
  • 08.48.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RevSense "index.php" SQL Injection
  • Description: RevSense is a web-based advertisement management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" parameter of the "index.php" script when the "action" parameter is set to "login" before using it in an SQL query. RevSense version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32365
  • 08.48.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre ASP Job Board "emp_login.asp" SQL Injection
  • Description: Pre ASP Job Board is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" and "password" fields of the login form presented by "emp_login.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32366
  • 08.48.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: W3matter AskPert "index.php" SQL Injection
  • Description: AskPert is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password form field in the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32368
  • 08.48.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Easyedit Multiple SQL Injection Vulnerabilities
  • Description: Easyedit is a PHP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "intPageID" parameter of the "page.php" and "news.php" scripts. The "intSubCategoryID" parameter of the "subcategory.php" is also affected.
  • Ref: http://www.securityfocus.com/bid/32369
  • 08.48.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: boastMachine "mail.php" SQL Injection
  • Description: boastMachine is a content management system implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "mail.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32379
  • 08.48.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SocialEngine HTTP Response Splitting and SQL Injection Vulnerabilities
  • Description: SocialEngine is a PHP-based social network application. SocialEngine is exposed to multiple input validation issues. Attackers can leverage these issues to influence or misrepresent how web content is served, cached or interpreted, compromise the application, access or modify data or exploit latent vulnerabilities in the underlying database. SocialEngine version 2.7 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498525
  • 08.48.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NatterChat "login.asp" Multiple SQL Injection Vulnerabilities
  • Description: NatterChat is a web-based chat system implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "txtUsername" and "txtPassword" parameters of the "login.asp" script. NatterChat version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32385
  • 08.48.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Fusion "messages.php" SQL Injection
  • Description: PHP-Fusion is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "subject" parameter of the "messages.php" script before using it in an SQL query. PHP-Fusion version 7.00.1 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/32388
  • 08.48.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MicroHellas ToursManager "tourview.php" SQL Injection
  • Description: MicroHellas ToursManager is a PHP-based application for travel agents. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "tourid" parameter of the "tourview.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32397
  • 08.48.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: xt:Commerce Unspecified SQL Injection
  • Description: xt:Commerce is an ecommerce application. The application is exposed to an unspecified SQL injection issue because it fails to properly sanitize user-supplied input to before using it in an SQL query. xt:Commerce versions prior to 3.0.4 Sp2.1 are affected.
  • Ref: http://www.securityfocus.com/bid/32398
  • 08.48.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Werner Hilversum FAQ Manager "catagorie.php" SQL Injection
  • Description: Werner Hilversum FAQ Manager is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter of the "catagorie.php" script before using it in an SQL query. FAQ Manager version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32466
  • 08.48.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Chipmunk Topsites "authenticate.php" SQL Injection
  • Description: Chipmunk Topsites is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "authenticate.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32469
  • 08.48.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: eXtrovert Software Thyme Joomla! Component SQL Injection
  • Description: eXtrovert software Thyme is a web-based calendar application implemented in PHP. "com_thyme" is a component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "event" parameter of the "com_thyme" component before using it in an SQL query. Thyme version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32417
  • 08.48.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ZoGo-Shop "product-details.php" SQL Injection
  • Description: ZoGo-Shop is an ecommerce plugin for the e107 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "product" parameter of the "product-details.php" script. ZoGo-Shop version 1.15.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32423
  • 08.48.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Vlog System "blog.php" SQL Injection
  • Description: Vlog System is a video blog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "blog.php" script. Vlog System version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32425
  • 08.48.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media Car Portal "image.php" SQL Injection
  • Description: Car Portal is a web-based auto classifieds portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "image.php" script. Car Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32426
  • 08.48.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Prozilla Hosting Index "directory.php" SQL Injection
  • Description: Prozilla Hosting Index is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "directory.php" script.
  • Ref: http://www.securityfocus.com/bid/32427
  • 08.48.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pilot Group PG Real Estate SQL Injection
  • Description: Pilot Group PG Real Estate is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the login page.
  • Ref: http://www.securityfocus.com/bid/32429
  • 08.48.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pilot Group PG Roommate SQL Injection
  • Description: Pilot Group PG Roommate is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the login page.
  • Ref: http://www.securityfocus.com/bid/32430
  • 08.48.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pilot Group PG Job Site Pro "homepage.php" SQL Injection
  • Description: Pilot Group PG Job Site Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "poll_view_id" parameter of the "homepage.php" script.
  • Ref: http://www.securityfocus.com/bid/32434
  • 08.48.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media Blog System "image.php" SQL Injection
  • Description: Blog System is a web-based blogging portal. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "image.php" script.
  • Ref: http://www.securityfocus.com/bid/32441
  • 08.48.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media Real Estate Portal "ad_id" Parameter SQL Injection
  • Description: Real Estate Portal is a web-based application implemented in PHP. It is used to publish real estate listings. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ad_id" parameter of the "index.php" script when the "mod" parameter is set to "re_send_email" before using it in an SQL query. Real Estate Portal version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32445
  • 08.48.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebStudio CMS "pageid" Parameter SQL Injection
  • Description: WebStudio CMS is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pageid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/498597
  • 08.48.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bandwebsite "lyrics.php" SQL Injection
  • Description: Bandwebsite is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "lyrics.php" script before using it in an SQL query. Bandwebsite version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32453
  • 08.48.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NitroTech "members.php" SQL Injection
  • Description: NitroTech is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "members.php" script before using it in an SQL query. NitroTech version 0.0.3a is affected.
  • Ref: http://www.securityfocus.com/bid/32458
  • 08.48.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VideoGirls "view_snaps.php" SQL Injection
  • Description: VideoGirls is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "type" parameter of the "view_snaps.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32477
  • 08.48.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jamit Job Board "index.php" SQL Injection
  • Description: Jamit Job Board is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "show_emp" parameter of the "index.php" script before using it in an SQL query. Jamit Job Board versions up to and including 3.4.10 are affected.
  • Ref: http://www.securityfocus.com/bid/32478
  • 08.48.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Ruby on Rails "redirect_to()" HTTP Header Injection
  • Description: Ruby on Rails is a web application framework for multiple platforms. Ruby on Rails is exposed to an issue that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. Ruby on Rails versions prior to 2.0.5 are affected. Ref: http://www.rorsecurity.info/journal/2008/10/20/header-injection-and-response-splitting.html
  • 08.48.86 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB "pun_user[language]" Parameter Multiple Local File Include Vulnerabilities
  • Description: PunBB is a PHP-based forum application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. PunBB version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32360
  • 08.48.87 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPCow Unspecified Remote File Include
  • Description: PHPCow is a web-based application for publishing news. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to unspecified scripts and parameters.
  • Ref: http://www.kb.cert.org/vuls/id/515417
  • 08.48.88 - CVE: Not Available
  • Platform: Web Application
  • Title: wPortfolio "/admin/upload_form.php" Arbitrary File Upload
  • Description: wPortfolio is a PHP-based content manager. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately secure access to the "/admin/upload_form.php" script. wPortfolio versions up to and including 0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/32367
  • 08.48.89 - CVE: CVE-2008-5185
  • Platform: Web Application
  • Title: GeSHi XML Parsing Remote Denial of Service
  • Description: GeSHi is a generic syntax highlighter application. GeSHi is exposed to a remote denial of service issue due to an error in its parsing of malformed XML input. GeSHi versions prior to 1.0.8 are affected.
  • Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1197
  • 08.48.90 - CVE: Not Available
  • Platform: Web Application
  • Title: PunPortal "login.php" Local File Include
  • Description: PunPortal is a plugin module for PunBB. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pun_user[language]" parameter of the "includes/login.php" script.
  • Ref: http://www.securityfocus.com/bid/32380
  • 08.48.91 - CVE: Not Available
  • Platform: Web Application
  • Title: wPortfolio "/admin/userinfo.php" Authentication Bypass
  • Description: wPortfolio is a PHP-based content manager. The application is exposed to an issue that lets attackers modify user passwords because it fails to adequately secure access to the "/admin/userinfo.php" script when called with the "action" parameter set to "account_save". wPortfolio Versions up to and including 0.3 are affected.
  • Ref: http://www.securityfocus.com/bid/32384
  • 08.48.92 - CVE: Not Available
  • Platform: Web Application
  • Title: vBulletin Visitor Messages Addon Comment Notification HTML Injection
  • Description: vBulletin is a web-based content manager written in PHP. The Visitor Message addon is included with vBulletin and provides social networking functionality. vBulletin is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. vBulletin version 3.7.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32387
  • 08.48.93 - CVE: Not Available
  • Platform: Web Application
  • Title: NatterChat "admin/home.asp" Authentication Bypass Vulnerability
  • Description: NatterChat is a web-based chat system implemented in ASP. The application is exposed to an issue that lets attackers gain access to the administrative scripts. This issue arises because NatterChat fails to adequately secure access to the "admin/home.asp" script when an attacker directly issues an HTTP GET request for the script. NatterChat version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32395
  • 08.48.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Pie RSS Module "lib" Parameter Remote File Include
  • Description: Pie RSS module is a feed module available for the Pie web content management system. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "lib" parameter of the "lib/action/rss.php" script. Pie RSS module version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32465
  • 08.48.95 - CVE: Not Available
  • Platform: Web Application
  • Title: VideoScript "admin/homeset.php" Remote PHP Code Injection
  • Description: VideoScript is a PHP-based content management system. The application is exposed to an issue that attackers can leverage to execute arbitrary PHP code in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input to the "ndbhost" parameter of the "admin/homeset.php" script. VideoScript versions 4.0.1.50 and 4.1.5.55 are affected.
  • Ref: http://www.securityfocus.com/bid/32468
  • 08.48.96 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB "my_post_key" Remote Image Information Disclosure
  • Description: MyBB is a PHP-based bulletin board. The application is exposed to an information disclosure issue affecting the "my_post_key" POST key parameter of the "moderation.php" script. MyBB version 1.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498630
  • 08.48.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Discuz! Reset Lost Password Security Bypass
  • Description: Discuz! is a web-based forum application. Discuz! is exposed to a security bypass issue due to a design error when resetting lost passwords through the actions "lostpasswd" and "getpasswd" of "members.php".
  • Ref: http://www.securityfocus.com/bid/32424
  • 08.48.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Goople CMS "/win/content/upload.php" Arbitrary File Upload
  • Description: Goople CMS is a PHP-based content manager. The application is exposed to an arbitrary file upload issue because the "/win/content/upload.php" script fails to properly verify the file extensions of uploaded files. Goople CMS version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/32428
  • 08.48.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Ez Ringtone Manager Information Disclosure
  • Description: Ez Ringtone Manager is web-based ringtone manager. The application is exposed to an information disclosure issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "main.php" script. Successful exploitation may allow an attacker to gain sensitive information in the context of the web server process.
  • Ref: http://www.securityfocus.com/bid/32431
  • 08.48.100 - CVE: Not Available
  • Platform: Web Application
  • Title: getaphpsite.com Auto Dealers Arbitrary File Upload
  • Description: getaphpsite.com Auto Dealers is a web-based application. The application is exposed to an arbitrary file upload issue because it fails to properly verify the file extensions of uploaded files.
  • Ref: http://www.securityfocus.com/bid/32432
  • 08.48.101 - CVE: Not Available
  • Platform: Web Application
  • Title: getaphpsite.com Real Estate Arbitrary File Upload
  • Description: getaphpsite.com Real Estate is a web-based application. The application is exposed to an arbitrary file upload issue because it fails to properly verify the file extensions of uploaded files.
  • Ref: http://www.securityfocus.com/bid/32433
  • 08.48.102 - CVE: Not Available
  • Platform: Web Application
  • Title: LoveCMS Simple Forum Password Reset Security Bypass
  • Description: Simple Forum is a PHP-based module for LoveCMS content manager. The module is exposed to an issue that lets attackers gain administrative access by resetting the admin password. Simple Forum version 3.1d is affected.
  • Ref: http://www.securityfocus.com/bid/32435
  • 08.48.103 - CVE: Not Available
  • Platform: Web Application
  • Title: MODx CMS Cross-Site Scripting and Remote File Include Vulnerabilities
  • Description: MODx CMS is a PHP-based content manger. Since it fails to sufficiently sanitize user-supplied input, the application is exposed to a cross-site scripting issue and a remote file-include vulnerability. These issues affect MODx CMS version 0.9.6.2. Ref: http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178
  • 08.48.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Goople CMS Cookie Authentication Bypass
  • Description: Goople CMS is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Goople CMS version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/32437
  • 08.48.105 - CVE: Not Available
  • Platform: Web Application
  • Title: MauryCMS Unspecified Arbitrary File Upload
  • Description: MauryCMS is a content-management system. The application is exposed to an unspecified arbitrary file upload issue because it fails to adequately sanitize user-supplied input. MauryCMS versions up to and including 0.53.2 are affected.
  • Ref: http://www.securityfocus.com/bid/32439
  • 08.48.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Gallery Unspecified Security Bypass
  • Description: Gallery is a web-based photo album. The application is exposed to a security bypass issue which occurs when handling certain cookies. Gallery versions 1.5.8-svn-b34 up to and including 1.5.10 are affected.
  • Ref: http://gallery.menalto.com/last_official_G1_releases
  • 08.48.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Goople CMS "/win/notepad/index.php" Arbitrary Command Execution
  • Description: Goople CMS is a PHP-based content manager. The application is exposed to an issue that lets attackers execute arbitrary commands because it fails to properly verify its notepad contents. Goople CMS version 1.7 is affected.
  • Ref: http://www.securityfocus.com/bid/32448
  • 08.48.108 - CVE: Not Available
  • Platform: Web Application
  • Title: FTPzik "c" Parameter Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: FTPzik is a web-based application. FTPzik is exposed to multiple input validation issues. Exploits of the cross-site scripting issues may allow the attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://www.milw0rm.com/exploits/7214
  • 08.48.109 - CVE: Not Available
  • Platform: Web Application
  • Title: Quicksilver Forums Local File Include and Arbitrary File Upload Vulnerabilities
  • Description: Quicksilver Forums is a web-based forum application. The application is exposed to multiple input validation issues. An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server process, and obtain sensitive information. Quicksilver Forums version 1.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32452
  • 08.48.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Pie Multiple Remote File Include Vulnerabilities
  • Description: Pie is a web-based content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Pie version 0.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32455
  • 08.48.111 - CVE: Not Available
  • Platform: Web Application
  • Title: RaidSonic ICY BOX NAS FTP Log HTML Injection
  • Description: RaidSonic ICY BOX NAS is a Network Attached Storage device. The device is managed with a web-based interface application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32471
  • 08.48.112 - CVE: Not Available
  • Platform: Web Application
  • Title: Werner Hilversum FAQ Manager "include/header.php" Remote File Include
  • Description: Werner Hilversum FAQ Manager is a PHP-based content management application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "config_path" parameter of the "include/header.php" script. FAQ Manager version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32472
  • 08.48.113 - CVE: Not Available
  • Platform: Web Application
  • Title: Werner Hilversum Clean CMS "full_txt.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Werner Hilversum Clean CMS is a web-based application. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "full_txt.php" script. Clean CMS version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32474
  • 08.48.114 - CVE: Not Available
  • Platform: Web Application
  • Title: fuzzylime (cms) "code/track.php" Local File Include
  • Description: "fuzzylime (cms)" is a web-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "code/track.php" script. fuzzylime (cms) version 3.03 is affected.
  • Ref: http://www.securityfocus.com/bid/32475
  • 08.48.115 - CVE: Not Available
  • Platform: Network Device
  • Title: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Multiple Security Vulnerabilities
  • Description: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is a wireless solution for enterprises. The device is exposed to multiple security issues. Successfully exploiting these issues will allow an attacker to obtain administrative credentials, bypass security mechanisms, or run attacker-supplied HTML and script code in the context of the web administration interface.
  • Ref: http://www.securityfocus.com/archive/1/498489
  • 08.48.116 - CVE: CVE-2008-5144
  • Platform: Network Device
  • Title: NVIDIA Cg Toolkit Installer Insecure Temporary File Creation
  • Description: NVIDIA Cg Toolkit Installer installs the NVIDIA Cg Toolkit, a compiler for Cg. The problem occurs because during installation the application creates the temporary file "/tmp/nvidia-cg-toolkit-manifest" in an insecure manner. NVIDIA Cg Toolkit Installer version 2.0.0015 is affected.
  • Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
  • 08.48.117 - CVE: Not Available
  • Platform: Network Device
  • Title: Siemens Multiple Gigaset VoIP Phones SIP Remote Denial of Service
  • Description: Siemens Gigaset C450 IP and C475 IP devices are SIP based Voice-over-IP (VoIP) devices. These devices are exposed to a denial of service issue because they fail to handle specially crafted SIP messages.
  • Ref: http://www.securityfocus.com/archive/1/498599

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Topical information that can immediately be applied and shared in the workplace.
-Blair Campbell, Bank of Nova Scotia

SANS 2010-sky-c

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT