The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 49
December 4, 2008

SANS Newsletters Home

One of the underlying pillars of Java, the Sun Java Runtime Environment, has critical vulnerabilities reported this week. Worth a look.

Also worth a look, but for a more satisfying reason, is the SANS 2009 program (in Orlando, the first week in March) because that's where you'll find SANS best instructors teaching their latest material - plus a big expo, lots of evening networking sessions, and just a short stroll from the hotel entrance to the Disneyworld entrance. More info: http://www.sans.org/sans2009 Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 1 (#2)
    • Mac Os
    • 1
    • Linux
    • 3
    • HP-UX
    • 1
    • Aix
    • 1
    • Unix
    • 2 (#3)
    • Cross Platform
    • 15 (#1, #4)
    • Web Application - Cross Site Scripting
    • 12
    • Web Application - SQL Injection
    • 38
    • Web Application
    • 25
    • Network Device
    • 1

**************** Sponsored By SANS Log Management Summit ****************

Attend the Log Management Summit April 6-7 to learn how to select and implement the right tools in ways o both ensure you meet the regulatory requirements and improve your security. As a bonus you'll hear how organizations have found they can use log management to improve operational efficiency as well as security. http://www.sans.org/info/36154

****************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Mac Os
Linux
HP-UX
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device
PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) MODERATE: CUPS PNG Parsing Integer Overflow
  • Affected:
    • CUPS versions 1.3.9 and prior

  • Description: CUPS is the Common Unix Printing System. It is used to provide printing services on a variety of Unix and Linux-based operating systems. It was recently acquired by Apple, but is an open source product that is widely deployed on non-Apple operating systems. It contains a flaw in its handling of Portable Network Graphics (PNG) images. A specially crafted network print request containing a specially crafted PNG image could trigger this vulnerability, leading to an integer overflow vulnerability. Successfully exploiting this vulnerability may allow an attacker to execute arbitrary code with the privileges of the vulnerable process, though this has not been confirmed. Full technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) LOW: ClamAV Remote Denial-of-Service
  • Affected:
    • ClamAV versions prior to 0.94.2

  • Description: ClamAV is a popular open source antivirus engine. It contains a flaw in its parsing of JPEG images, which can result in a denial-of-service condition. Successfully exploiting this denial-of-service condition could allow attackers to bypass malware detection and lead to further exploits. In common configurations, all that is necessary for exploitation is to send a malicious JPEG as an email attachment to a vulnerable service. Full technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.49.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MemeCode Software i.Scribe Remote Format String
  • Description: MemeCode Software i.Scribe is an email client that is available for Microsoft Windows operating systems. i.Scribe is exposed to a format string issue because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. i.Scribe versions 1.88 and 2.00 beta are affected.
  • Ref: http://www.securityfocus.com/bid/32497
  • 08.49.2 - CVE: Not Available
  • Platform: Mac Os
  • Title: Rumpus FTP Server HTTP Command Remote Denial of Service
  • Description: Maxum Rumpus is an FTP server for Macintosh OS X. Rumpus supports remote HTTP access. Rumpus is exposed to a remote denial of service issue that occurs in the handling of maliciously constructed HTTP requests. Rumpus versions prior to 6.0.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498786
  • 08.49.3 - CVE: CVE-2008-5134
  • Platform: Linux
  • Title: Linux Kernel "lbs_process_bss()" Remote Denial of Service
  • Description: The Linux Kernel is exposed to a remote denial of service issue because of a buffer overflow error in the "libertas" subsystem. The vulnerability occurs in the "lbs_process_bss()" function of the "drivers/net/wireless/libertas/scan.c" source file. Linux Kernel versions prior to 2.6.27.5 are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470761
  • 08.49.4 - CVE: CVE-2008-5300
  • Platform: Linux
  • Title: Linux Kernel "sendmsg()" Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly garbage collect file descriptors under specific circumstances. The issue is triggered when a child process allocates new file descriptors to its parent process over an "AF_UNIX" socket while the parent process is in its exit path and performing garbage collection on the file descriptors. The Linux kernel versions 2.6.27 and earlier are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=473259
  • 08.49.5 - CVE: Not Available
  • Platform: Linux
  • Title: Debian "login" Local Privilege Escalation
  • Description: Debian is a Linux operating system. Debian is exposed to a local privilege escalation issue because of an error in the "login" program. Local attackers may be able to perform symbolic-link attacks to change the ownership of arbitrary files. All versions of Debian are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
  • 08.49.6 - CVE: CVE-2008-4416
  • Platform: HP-UX
  • Title: HP-UX Unspecified Local Denial of Service
  • Description: HP-UX is exposed to a local denial of service issue. Exploiting this issue allows local attackers to deny service to legitimate users.This issue affects HP-UX B.11.31.
  • Ref: http://www.securityfocus.com/bid/32601
  • 08.49.7 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX Multiple Local Privilege Escalation Vulnerabilities
  • Description: AIX is a UNIX operating system from IBM. AIX is exposed to multiple issues because it fails to perform adequate boundary checks on user-supplied data. IBM AIX version 6.1 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248
  • 08.49.8 - CVE: CVE-2008-5286
  • Platform: Unix
  • Title: CUPS PNG Filter "_cupsImageReadPNG()" Integer Overflow
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to an integer overflow issue because it fails to perform adequate boundary checks on user-supplied PNG image sizes before using them to allocate memory buffers. CUPS versions prior to 1.3.10 are affected.
  • Ref: http://www.cups.org/str.php?L2974
  • 08.49.9 - CVE: CVE-2008-5301
  • Platform: Unix
  • Title: Dovecot ManageSieve Service ".sieve" Files Directory Traversal
  • Description: Dovecot is a mail-server application for Linux and UNIX-like operating systems. ManageSieve is a protocol designed to manage sieve scripts; the Dovecot ManageSieve service is an implementation of the protocol. The Dovecot ManageSieve service is exposed to a directory traversal issue because the application fails to adequately sanitize user-supplied input.
  • Ref: http://dovecot.org/list/dovecot/2008-November/035259.html
  • 08.49.10 - CVE: CVE-2008-4314
  • Platform: Cross Platform
  • Title: Samba Arbitrary Memory Contents Information Disclosure
  • Description: Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. Samba is exposed to an information disclosure issue that can allow attackers to gain arbitrary memory contents. Samba versions 3.0.29 up to and including 3.2.4 are affected.
  • Ref: http://us1.samba.org/samba/security/CVE-2008-4314.html
  • 08.49.11 - CVE: CVE-2008-5248
  • Platform: Cross Platform
  • Title: xine-lib MP3 Processing Remote Denial of Service
  • Description: The "xine" application is a media player; "xine-lib" is the core library for applications that use xine. The "xine-lib" library is exposed to a remote denial of service issue that occurs when processing specially crafted MP3 media files with metadata consisting only of separators. "xine-lib" versions prior to 1.1.15 are affected.
  • Ref: http://www.securityfocus.com/bid/32505
  • 08.49.12 - CVE: CVE-2008-4640
  • Platform: Cross Platform
  • Title: jhead "DoCommand()" Arbitrary File Deletion
  • Description: The "jhead" tool is used for manipulating Exif JPEG headers. The "jhead" tool is exposed to an issue that lets attackers delete arbitrary files in the context of the vulnerable application. jhead versions 2.84 and earlier are affected.
  • Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
  • 08.49.13 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MailScanner Infinite Loop Denial of Service
  • Description: MailScanner is an email monitoring and transaction logging application. MailScanner is exposed to a remote denial of service issue because it fails to properly handle user-supplied input. The issue occurs in the "Clean()" function in the "Message.pm" module. MailScanner versions prior to 4.73.3-1 are affected.
  • Ref: http://www.mailscanner.info/ChangeLog
  • 08.49.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Livio.net WEB Calendar Cross-Site Scripting and Multiple SQL Injection Vulnerabilities
  • Description: Livio.net WEB Calendar is a web-based application implemented in ASP. The application is exposed to multiple issues, since it fails to adequately sanitize user-supplied input. Livio.net WEB Calendar versions 3.12 and 3.30 are affected.
  • Ref: http://www.securityfocus.com/bid/32515
  • 08.49.15 - CVE: Not Available
  • Platform: Cross Platform
  • Title: National Instruments Electronics Workbench ".ewb" File Buffer Overflow
  • Description: Electronics Workbench is used to design and simulate electronics circuit boards. Electronics Workbench is exposed to a remote buffer overflow issue because it fails to perform adequate checks on user-supplied input. All versions are affected.
  • Ref: http://www.securityfocus.com/bid/32542
  • 08.49.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Massimiliano Montoro Cain & Abel Malformed ".rdp" File Buffer Overflow
  • Description: Cain & Abel is an application that is designed to provide functionality to recover various types of passwords by sniffing them from the connected network. Cain & Abel is exposed to a buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Cain & Abel versions 4.9.24 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32543
  • 08.49.17 - CVE: CVE-2008-5276
  • Platform: Cross Platform
  • Title: VLC Media Player Real demuxer Heap Buffer Overflow
  • Description: VLC is a cross-platform media player. VLC is exposed to a heap buffer overflow issue because it fails to perform adequate checks on user-supplied input. This issue occurs in the "ReadRealIndex()" function of the "modulesdemuxreal.c" source file when parsing malformed ".rm" files. VLC media player versions 0.9.0 up to and including 0.9.6 are affected.
  • Ref: http://www.trapkit.de/advisories/TKADV2008-013.txt
  • 08.49.18 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ClamAV "cli_check_jpeg_exploit" Function Malformed JPEG File Remote Denial of Service
  • Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to a denial of service issue when handling malformed JPEG files that contain a thumbnail image. This issue occurs in the "cli_check_jpeg_exploit()" function of the "libclamavspecial.c" source file. ClamAV versions prior to 0.94.2 are affected.
  • Ref: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266
  • 08.49.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MailScanner Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: MailScanner scans for viruses at email gateways. Multiple MailScanner scripts create temporary files in an insecure manner. MailScanner versions 4.55.10 and 4.68.8 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
  • 08.49.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Rumpus FTP Server Command Argument Remote Buffer Overflow
  • Description: Maxum Rumpus is an FTP server for the Macintosh OS X operating system. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Rumpus versions prior to 6.0.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/498786
  • 08.49.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FFmpeg Multiple Denial of Service Vulnerabilities
  • Description: FFmpeg is a media player. FFmpeg is exposed to multiple remote issues. An attacker can exploit these issues to cause the affected application to crash or enter an endless loop, denying service to legitimate users. FFmpeg versions 0.4.9_20080909 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32564
  • 08.49.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: xrdp Multiple Buffer Overflow Vulnerabilities
  • Description: xrdp is a remote desktop protocol (RDP) server. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. xrdp versions 0.4.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32565
  • 08.49.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Rational ClearQuest Maintenance Tool Local Information Disclosure
  • Description: IBM Rational ClearQuest is a software development management application. The ClearQuest Maintenance Tool is a management application included with ClearQuest. The application is exposed to a local information disclosure issue because it displays user and database authentication credentials in password edit boxes. ClearQuest versions prior to 7.0.0.4 and 7.0.1.3 are vulnerable.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938
  • 08.49.24 - CVE: CVE-2008-4917
  • Platform: Cross Platform
  • Title: VMware Products Unspecified Host Memory Corruption
  • Description: VMware products are virtualization solutions that support multiple operating platforms. Multiple VMware products are exposed to an unspecified memory-corruption issue in the virtual machine hardware. The issue can be triggered by a malicious request sent from the guest operating system to the virtual hardware.
  • Ref: http://www.securityfocus.com/bid/32597
  • 08.49.25 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ocean12 FAQ Manager Pro "Keyword" Parameter Cross-Site Scripting
  • Description: Ocean12 FAQ Manager Pro is a web-based application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "Keyword" parameter of the "default.asp" script.
  • Ref: http://www.securityfocus.com/bid/32526
  • 08.49.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ParsBlogger "blog.asp" Cross-Site Scripting Vulnerability
  • Description: ParsBlogger is a web-based application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "blog.asp" script.
  • Ref: http://www.securityfocus.com/bid/32529
  • 08.49.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
  • Description: Venalsur Booking Centre is a PHP-based web application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
  • Ref: http://www.securityfocus.com/bid/32530
  • 08.49.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Basic CMS "q" Parameter Cross-Site Scripting
  • Description: Basic CMS is a PHP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "q" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/32531
  • 08.49.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Linksys WRT160N "apply.cgi" Cross-Site Scripting
  • Description: Linksys WRT160N is a wireless router device. Linksys WRT160N is exposed to a cross-site scripting issue due to a failure of the application to properly sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/32496
  • 08.49.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AssoCIateD "menu" Parameter Cross-Site Scripting
  • Description: AssoCIateD (ACID) is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "menu" parameter of the "index.php" script when the "p" parameter is set to "search". AssoCIateD version 1.4.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498737
  • 08.49.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Ocean12 Contact Manager Pro "DisplayFormat" Parameter Cross-Site Scripting
  • Description: Ocean12 Contact Manager Pro is a web-based application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "DisplayFormat" parameter of the "index.asp" script. Contact Manager Pro version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/32503
  • 08.49.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pre Classified Listings "signup.asp" Cross-Site Scripting
  • Description: Pre Classified Listings is an ASP-based application for managing classifieds. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "address" parameter of the "signup.asp" script. All versions are considered vulnerable.
  • Ref: http://www.securityfocus.com/bid/32564
  • 08.49.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CodeToad ASP Shopping Cart Script Cross-Site Scripting
  • Description: CodeToad ASP Shopping Cart Script is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/32568
  • 08.49.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Softbiz Classifieds Script Multiple Cross-Site Scripting Vulnerabilities
  • Description: Softbiz Classifieds Script is a web-based application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/32569
  • 08.49.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pre ASP Job Board "emp_login.asp" Cross-Site Scripting
  • Description: Pre ASP Job Board is an ASP-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "msg" parameter of the "emp_login.asp" script. All versions are considered to be vulnerable.
  • Ref: http://www.securityfocus.com/bid/32572
  • 08.49.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Rational ClearCase Cross-Site Scripting
  • Description: IBM Rational ClearCase is a software configuration management solution. It ships with a web interface. IBM Rational ClearCase is exposed to a cross-site scripting issue because the applications fail to properly sanitize user-supplied input. Specifically, the issue affects the web interface. IBM Rational ClearCase versions prior to 7.0.0.4 and 7.0.1.3 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972
  • 08.49.37 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bluo "index.php" SQL Injection
  • Description: Bluo is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query. Bluo version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32522
  • 08.49.38 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS Little "term" Parameter SQL Injection
  • Description: CMS Little is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "term" parameter of the "index.php" script before using it in an SQL query. CMS Little version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32523
  • 08.49.39 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ocean12 FAQ Manager Pro "id" Parameter SQL Injection
  • Description: Ocean12 FAQ Manager Pro is an ASP-based application for managing knowledge bases. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.asp" script when the "Action" parameter is set to "Cat".
  • Ref: http://www.securityfocus.com/bid/32524
  • 08.49.40 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ReVou Login SQL Injection
  • Description: ReVou is a microblogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Username" and "Password" textboxes when logging in to the affected application.
  • Ref: http://www.securityfocus.com/bid/32525
  • 08.49.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple Ocean12 Products "Admin_ID" Parameter SQL Injection
  • Description: Ocean12 Technologies provide a number of ASP-based web applications. Multiple Ocean12 applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "Admin_ID" parameter of the "login.asp' script". Ocean12 FAQ Manager Pro and Ocean12 Poll Manager Pro are affected.
  • Ref: http://www.securityfocus.com/bid/32526
  • 08.49.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ocean12 Mailing List Manager Gold "Email" Parameter SQL Injection
  • Description: Ocean12 Mailing List Manager Gold is an ASP-based mailing list application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Email" parameter of the "default.asp" script. Ocean12 Mailing List Manager Gold version 2.04 is affected.
  • Ref: http://www.securityfocus.com/bid/32526
  • 08.49.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BusinessVein PHP TV Portal "index.php" SQL Injection
  • Description: BusinessVein PHP TV Portal is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mid" parameter of the "index.php" script before using it in an SQL query. PHP TV Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32532
  • 08.49.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CMS Ortus Edit User Profile SQL Injection
  • Description: CMS Ortus is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "City" text box field when editing a user profile. CMS Ortus versions 1.12 and 1.13 are affected.
  • Ref: http://www.securityfocus.com/bid/32486
  • 08.49.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Post Affiliate Pro "umprof_status" Parameter SQL Injection
  • Description: Post Affiliate Pro is a PHP-based affiliate application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "umprof_status" parameter of the "index.php" script before using it in an SQL query. Post Affiliate Pro version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/32487
  • 08.49.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ParsBlogger "blog.asp" SQL Injection
  • Description: ParsBlogger is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "wr" parameter of the "blog.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32488
  • 08.49.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Star Articles Multiple SQL Injection Vulnerabilities
  • Description: Kalptaru Infotech Star Articles is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Star Articles version 6.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32489
  • 08.49.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Family Project Login Page SQL Injection
  • Description: Family Project is a web-based application. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "Username" and "Password" fields when logging into the application. Family Project version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32501
  • 08.49.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ocean12 Contact Manager Pro "default.asp" SQL Injection
  • Description: Ocean12 Contact Manager Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Sort" parameter of the "default.asp" script before using it in an SQL query. Contact Manager Pro version 1.02 is affected.
  • Ref: http://www.securityfocus.com/bid/32502
  • 08.49.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Web Calendar Pro "admin.php" SQL Injection
  • Description: Web Calendar Pro is a web-based calendar system. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "Username" field in the "admin.php" script. Web Calendar Pro version 4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32507
  • 08.49.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ocean12 Membership Manager Pro SQL Injection
  • Description: Ocean12 Membership Manager Pro is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the login script before using it in an SQL query.
  • Ref: http://ocean12tech.com/products/membership/
  • 08.49.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Turnkey Arcade Script "id" Parameter SQL Injection
  • Description: Turnkey Arcade Script is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32511
  • 08.49.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Venalsur Booking Centre "hotel_habitaciones.php" SQL Injection
  • Description: Venalsur Booking Centre is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "HotelID" parameter of the "hotel_habitaciones.php" script before using it in an SQL query. Venalsur Booking Centre version 2.01 is affected.
  • Ref: http://www.securityfocus.com/bid/32512
  • 08.49.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Basic PHP CMS "id" Parameter SQL Injection
  • Description: Basic PHP CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32519
  • 08.49.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SailPlanner Login SQL Injection
  • Description: SailPlanner is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Username" and "Password" textboxes when logging in to the affected application. SailPlanner version 0.3a is affected.
  • Ref: http://www.securityfocus.com/bid/32521
  • 08.49.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
  • Description: ActiveWebSoftwares produces a number of ASP-based web applications. The applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied data provided to the "username", "password", and "email" textboxes when logging in.
  • Ref: http://www.securityfocus.com/bid/32533
  • 08.49.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares ASPReferral "Merchantsadd.asp" SQL Injection
  • Description: ActiveWebSoftwares ASPReferral is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "AccountID" parameter of the "Merchantsadd.asp" script before using it in an SQL query. ASPReferral version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32534
  • 08.49.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Minimal ABlog SQL Injection and Arbitrary File Upload Vulnerabilities
  • Description: Minimal ABlog is a web-based blogging application. Since it fails to sufficiently sanitize user-supplied data, the application is exposed to multiple input validation issues. Minimal ABlog 0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32537
  • 08.49.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Lito Lite "cate.php" SQL Injection
  • Description: Lito Lite is a web-based content management system. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "cid" field in the "cate.php" script.
  • Ref: http://www.securityfocus.com/bid/32538
  • 08.49.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: KTP Computer Customer Database "tid" Parameter SQL Injection
  • Description: KTP Computer Customer Database is a web-based application. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "tid" parameter.
  • Ref: http://www.securityfocus.com/bid/32539
  • 08.49.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares ActiveVotes "VoteHistory.asp" SQL Injection
  • Description: ActiveWebSoftwares ActiveVotes is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "AccountID" parameter of the "VoteHistory.asp" script before using it in an SQL query. ActiveVotes version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32541
  • 08.49.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Bids "bidhistory.asp" SQL Injection
  • Description: ActiveWebSoftwares Active Bids is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemID" parameter of the "bidhistory.asp" script before using it in an SQL query. Active Bids version 3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/32544
  • 08.49.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Web Mail Multiple SQL Injection Vulnerabilities
  • Description: ActiveWebSoftwares Active Web Mail is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "QuizID" parameter of the "questions.asp", "importquestions.asp" and "quiztakers.asp" scripts before using it in an SQL query. Active Web Mail version 4 is affected.
  • Ref: http://www.securityfocus.com/bid/32546
  • 08.49.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Test Multiple SQL Injection Vulnerabilities
  • Description: ActiveWebSoftwares Active Test is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "QuizID" parameter of the "questions.asp", "importquestions.asp" and "quiztakers.asp" scripts before using it in an SQL query. Active Test version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32547
  • 08.49.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Web Helpdesk "default.asp" SQL Injection
  • Description: ActiveWebSoftwares Active Web Helpdesk is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CategoryID" parameter of the "default.asp" script before using it in an SQL query. Active Web Helpdesk 2 is affected.
  • Ref: http://www.securityfocus.com/bid/32548
  • 08.49.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: cpCommerce Security Bypass and SQL Injection Vulnerabilities
  • Description: cpCommerce is a PHP-based e-commerce application. The application is exposed to multiple security issues. cpCommerce version 1.2.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32549
  • 08.49.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Price Comparison "links.asp" SQL Injection
  • Description: ActiveWebSoftwares Active Price Comparison is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "linkid" parameter of the "links.asp" script before using it in an SQL query. Active Price Comparison 4 is affected.
  • Ref: http://www.securityfocus.com/bid/32550
  • 08.49.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ActiveWebSoftwares Active Business Directory "default.asp" SQL Injection
  • Description: ActiveWebSoftwares Active Business Directory is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "default.asp" script before using it in an SQL query. Active Business Directory 2 is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/32551
  • 08.49.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Z1Exchange "edit.php" SQL Injection
  • Description: Z1Exchange is a link exchange application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "site" parameter of the "edit.php" script before using it in an SQL query. Z1Exchange version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32556
  • 08.49.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: bcoos "viewcat.php" SQL Injection
  • Description: The "bcoos" program is a content manager based on the E-Xoops CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "modules/adresses/viewcat.php" script before using it in an SQL query. bcoos version 1.0.13 is affected.
  • Ref: http://www.securityfocus.com/bid/32561
  • 08.49.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Egi Zaberl E.Z.Poll "login.asp" Multiple SQL Injection Vulnerabilities
  • Description: Egi Zaberl E.Z.Poll is a web-based polling application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Username" and "Password" parameters of the "login.asp" script. E.Z.Poll version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/32562
  • 08.49.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Classified Listings "detailad.asp" SQL Injection
  • Description: Pre Classified Listings is an ASP-based classifieds management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteid" parameter of the "detailad.asp" script before using it in an SQL query. All versions of Pre Classified Listings are affected.
  • Ref: http://www.securityfocus.com/bid/32566
  • 08.49.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Sunbyte e-Flower "popupproduct.php" SQL Injection
  • Description: Sunbyte e-Flower is an e-commerce application for flower shops. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "popupproduct.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32589
  • 08.49.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Jbook SQL Injection
  • Description: Jbook is a web-application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" field of the login script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32599
  • 08.49.75 - CVE: Not Available
  • Platform: Web Application
  • Title: CGI RESCUE MiniBBS2000 Unspecified Directory Traversal
  • Description: CGI RESCUE MiniBBS2000 is a web-based application implemented in Perl. iniBBS2000 is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input data. MiniBBS2000 versions prior to 1.0.3 are affected.
  • Ref: http://jvn.jp/en/jp/JVN86833991/index.html
  • 08.49.76 - CVE: Not Available
  • Platform: Web Application
  • Title: WHMCS "status/index.php" Information Disclosure
  • Description: WHMCS (WHM Complete Solution) is a PHP-based application for billing and managing clients. WHMCS is exposed to an information disclosure issue because it fails to restrict access to certain pages. WHMCS version 3.7.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498715
  • 08.49.77 - CVE: Not Available
  • Platform: Web Application
  • Title: ImpressCMS "PHPSESSID" Session Fixation
  • Description: ImpressCMS is a PHP-based content manager. Impress CMS is exposed to a session fixation issue caused by a design error when handling sessions. Specifically, an attacker can predefine a victim user's session ID by setting the "PHPSESSID" parameter of the "index.php" script. ImpressCMS version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/498734
  • 08.49.78 - CVE: Not Available
  • Platform: Web Application
  • Title: TxtBlog "m" Parameter Local File Include
  • Description: TxtBlog is PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "m" parameter of the "index.php" script. TxtBlog version 1.0 Alpha is affected.
  • Ref: http://www.securityfocus.com/bid/32498
  • 08.49.79 - CVE: Not Available
  • Platform: Web Application
  • Title: RaidSonic ICY BOX NAS "userHandler.cgi" Authentication Bypass
  • Description: RaidSonic ICY BOX NAS is a Network Attached Storage device. The device is managed with a web-based interface application. The device is exposed to an authentication bypass issue that can allow attackers to gain access to the device's administration interface and unauthorized access to certain services. RaidSonic ICY BOX NAS firmware version 2.3.2.IB.2.RS.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32500
  • 08.49.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Star Articles "user.modify.profile.php" Arbitrary File Upload
  • Description: Star Articles is a PHP-based content manager. The application is exposed to an unspecified issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. The vulnerability occurs in the "user.modify.profile.php" script. This issue affects Star Articles versions 6.0 and earlier.
  • Ref: http://www.securityfocus.com/bid/32509
  • 08.49.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PageTree CMS "main.php" Remote File Include
  • Description: PageTree CMS is a PHP-based content-manager application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "GLOBALS['PT_Config']['dir']['data']" parameter of the "admin/plugins/Online_Users/main.php" script. PageTree CMS version 0.0.2 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/32509
  • 08.49.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Subtext Anchor Tags HTML Injection
  • Description: Subtext is a web-based application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Subtext version 2.0 is affected. Ref: http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx
  • 08.49.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Calendar System SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Web Calendar System is a web-based calendar application. The application is exposed to multiple input validation issues. Web Calendar System versions 3.22, 3.40, 3.05, and 3.23 are affected.
  • Ref: http://www.securityfocus.com/bid/32520
  • 08.49.84 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS Made Simple "cms_language" Cookie Parameter Directory Traversal
  • Description: CMS Made Simple is a web-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "cms_language" cookie parameter of the "admin/login.php" script. CMS Made Simple version 1.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32535
  • 08.49.85 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenForum "profile.php" Authentication Bypass
  • Description: OpenForum is web forum software implemented in PHP. The application is exposed to an issue that lets attackers modify user passwords because it fails to adequately secure access to administrative functions of the "profile.php" script. OpenForum version 0.66 is affected.
  • Ref: http://www.securityfocus.com/bid/32536
  • 08.49.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Broadcast Machine "baseDir" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Broadcast Machine is a video content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input. Broadcast Machine version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32554
  • 08.49.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Andy's PHP Knowledgebase "saa.php" Arbitrary File Upload
  • Description: Andy's PHP Knowledgebase (aphpkb) is a web-based knowledgebase application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. Andy's PHP Knowledgebase version 0.92.9 is affected.
  • Ref: http://www.securityfocus.com/bid/32559
  • 08.49.88 - CVE: Not Available
  • Platform: Web Application
  • Title: RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
  • Description: RakhiSoftware Shopping Cart is a web-based application. The application is exposed to multiple issues. These issues can allow attackers to access sensitive information, steal cookie data, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32563
  • 08.49.89 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP JOBWEBSITE PRO "forgot.php" SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: PHP JOBWEBSITE PRO is a web-based application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32570
  • 08.49.90 - CVE: Not Available
  • Platform: Web Application
  • Title: ASP Forum Script SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: ASP Forum Script is a web-based application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32571
  • 08.49.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Pre Shopping Mall SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Pre Shopping Mall is a web-based e-commerce application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32573
  • 08.49.92 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM Rational ClearQuest Web Multiple Unspecified Cross-Site Scripting Vulnerabilities
  • Description: IBM Rational ClearQuest is a software development management application. ClearQuest Web is a web-based interface to the ClearQuest repository. ClearQuest Web is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input. ClearQuest versions prior to 7.0.0.4 and 7.0.1.3 are affected.
  • Ref: http://www-01.ibm.com/software/awdtools/clearquest/index.html
  • 08.49.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Fantastico "index.php" Local File Include
  • Description: Fantastico is a module for cPanel servers. The application is exposed to a local file-include issue because it fails to properly sanitize user-supplied input to the "sup3r" parameter of the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/32578
  • 08.49.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Ocean12 Mailing List Manager Gold SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Ocean12 Mailing List Manager Gold is an ASP-based application for managing mailing lists. The application is exposed to multiple input-validation issues.
  • Ref: http://www.securityfocus.com/bid/32587
  • 08.49.95 - CVE: Not Available
  • Platform: Web Application
  • Title: MAXSITE Guestbook Component "message" Parameter Remote Command Execution
  • Description: MAXSITE is a PHP-based content management system. The Guestbook component to MAXSITE is exposed to an issue that attackers can leverage to execute arbitrary PHP commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input to the "message" parameter of the "index.php" script when called with the "name" parameter set to "guestbook".
  • Ref: http://www.securityfocus.com/bid/32588
  • 08.49.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Z1Exchange SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Z1Exchange is a PHP-based script used for exchanging links. Z1Exchange is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Z1Exchange version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32598
  • 08.49.97 - CVE: Not Available
  • Platform: Web Application
  • Title: i-Net Solution Orkut Clone SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Orkut Clone is a web-based social networking application like Orkut. The application is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. Specifically, the issues affect the "id" parameter of the "profile_social.php" script.
  • Ref: http://www.securityfocus.com/bid/32600
  • 08.49.98 - CVE: Not Available
  • Platform: Web Application
  • Title: WebGUI "lib/WebGUI/Storage.pm" Remote Script Code Execution
  • Description: WebGUI is a web-based content manager. The application is exposed to an issue that may allow a remote attacker to upload and run arbitrary script code in the context of the hosting web server process. WebGUI 7.x versions prior to 7.6.5 (beta) and 7.5.35 are affected.
  • Ref: http://www.webgui.org/getwebgui/advisories/security-executable-up load-problem
  • 08.49.99 - CVE: CVE-2008-2379
  • Platform: Web Application
  • Title: SquirrelMail Malformed HTML Mail Message HTML Injection
  • Description: SquirrelMail is a web-based email client. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to malformed HTML email messages before viewing them in a user's browser. SquirrelMail version 1.4.16 is affected.
  • Ref: http://www.securityfocus.com/bid/32603
  • 08.49.100 - CVE: Not Available
  • Platform: Network Device
  • Title: Diginum Zaptel Multiple Local Privilege Escalation and Denial of Service Vulnerabilities
  • Description: Diginum Zaptel is a hardware device interface. The application is exposed to denial of service and privilege escalation issues because it fails to sufficiently sanitize user-supplied input. Diginum Zaptel versions 1.2 and 1.4 are affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

...class was well done, and I genuinely appreciate you "breathing life" into 7799. The anecdotal stories were worth the trip as were the experiences of those in classroom who shared.
-Liam Doyle, Regions Financial Corporation

SANSFIRE 2010

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT