Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 5
January 28, 2008

SANS Newsletters Home

IBM Tivoli is used by many of the largest organizations in the world to deploy software and manage systems. A remotely exploitable buffer overflow in the operating system distribution component of Tivoli is a big problem, and that's what we have this week, along with a similar problem in an open source groupware and messaging product called Citadel.

Sadly many organizations won't patch these problems quickly. That's not because they are careless, but because software vendors make patching risky. The risk arises because software vendors don't test their software on securely configured systems and because they change standard configurations to non-standard configurations. The federal government is leading by example with its FDCC (federal desktop core configuration) and the requirement that all software vendors certify their software runs well on the FDCC. The lead agency (USAF) has already cut patching time from 51 days to 72 hours because of FDCC compliance across 400,000 computers. If you buy any software in 2008, make sure your vendor certifies, in advance of signing the contract that the software runs on the FDCC configuration. The federal government's OMB mandate for certification is linked at the FDCC site at http://fdcc.nist.gov/. Please follow through on this. If you don't hold the line, your country and your leading businesses will never be able to speed patching of their important systems. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 12 (#2, #4, #5, #6)
    • Linux
    • 1
    • Aix
    • 7
    • Unix
    • 1
    • Cross Platform
    • 23 (#1, #3)
    • Web Application - Cross Site Scripting
    • 8
    • Web Application - SQL Injection
    • 18
    • Web Application
    • 25
    • Network Device
    • 3

************************* SECURITY TRAINING UPDATE *********************

Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - Las Vegas (3/17 - 3/18) Penetration Testing Summit: (an ultra cool program) http://www.sans.org/pentesting08_summit - - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php - - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/prague08 - - SANS 2008 (4/18-4/25) In Orlando SANS' biggest program with myriad bonus sessions: http://www.sans.org/sans2008 - - and in 100 other cites and on line any-time: www.sans.org *************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

*************************** SPONSORED LINK ****************************

1) Discover the latest security management trends from Jon Oltsik's ESG research in this HP-hosted webinar. http://www.sans.org/info/22619

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Citadel SMTP Server Buffer Overflow
  • Affected:
    • Citadel SMTP Server versions prior to 7.24

  • Description: Citadel is a popular open source groupware and messaging platform. Its Simple Mail Transport Protocol (SMTP) server component, used to send and receive email messages, contains a buffer overflow in its handling of recipient email addresses. An overlong email address passed to the recipient command could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that, by default, no authentication is necessary to exploit this vulnerability. A proof-of-concept and full technical details are publicly available for this vulnerability.

  • Status: Citadel confirmed, updates available.

  • References:
  • (2) CRITICAL: IBM Tivoli Provisioning Manager for OS Deployment HTTP Buffer Overflow
  • Affected:
    • IBM Tivoli Provisioning Manager for OS Deployment versions prior to 5.1.0 with Interim Fix 3

  • Description: IBM Tivoli Provisioning Manager for OS Deployment is an enterprise operating system deployment suite, used to install operating systems on other machines. It contains a flaw in its handling of HTTP requests to its internal web server. A specially crafted request could exploit a buffer overflow within the affected component, allowing an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Some technical details are publicly available for this vulnerability.

  • Status: IBM confirmed, updates available.

  • References:
  • (3) HIGH: Firebird Database Overlong Username Buffer Overflow
  • Affected:
    • Firebird Database versions prior to 2.0.4 and 2.1.0 RC1

  • Description: The Firebird database server is a popular relational database system. It contains a buffer overflow in its handling of usernames passed in login requests. An overlong username could trigger this buffer overflow. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details are publicly available for this vulnerability via source code analysis.

  • Status: Firebird confirmed, updates available.

  • References:
  • (4) HIGH: HP Virtual Rooms Install ActiveX Control Buffer Overflow
  • Affected:
    • HP Virtual Rooms Install ActiveX Control

  • Description: HP Virtual Rooms is a conferencing and telepresence solution from HP. Users can install the client via an ActiveX control. This control contains a buffer overflow in its handling of several properties. Setting one of these properties to an overlong value could trigger this buffer overflow. A web page that instantiates this control could exploit this buffer overflow and execute arbitrary code with the privileges of the current user. Some technical details and a proof-of-concept for this vulnerability are publicly available.

  • Status: HP has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the vulnerable control via Microsoft's "kill bit" mechanism using CLSID "00000014-9593-4264-8B29-930B3E4EDCCD". Note that this may impact normal application functionality.

  • References:
  • (5) HIGH: Comodo Antivirus ActiveX Control Arbitrary Command Execution
  • Affected:
    • Comodo Antivirus versions 2.0 and prior

  • Description: Comodo Antivirus is an antivirus solution for Microsoft Windows. Part of its functionality is provided by an ActiveX control. This control fails to validate the arguments to its ""ExecuteStr()" method. A malicious web page that instantiated this control could call this vulnerable method to execute arbitrary commands with the privileges of the current user. A proof-of-concept and full technical details are publicly available for this vulnerability.

  • Status: Comodo has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "309F674D-E4D3-46BD-B9E2-ED7DFD7FD176".

  • References: Proof-of-Concept http://milw0rm.com/exploits/4974 Microsoft
  • (6) HIGH: Lycos File Upload ActiveX Control Buffer Overflow
  • Affected:
    • Lycos File Upload ActiveX Control

  • Description: The Lycos File Upload ActiveX is provided by Lycos to ease file uploads to Lycos services. This control contains a flaw in its handling of its "HandwriterFilename" property. Setting this property to an overlong value could trigger a buffer overflow vulnerability. A specially crafted web page that instantiates this control could trigger this buffer overflow, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for this vulnerability.

  • Status: Lycos has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "C36112BF-2FA3-4694-8603-3B510EA3B465". Note that this may affect normal application functionality.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.5.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer Overflow Vulnerabilities
  • Description: Microsoft Visual Basic is a development platform for building applications for Microsoft Windows operating systems. The application is exposed to two buffer overflow issues because it fails to bounds check user-supplied data before copying it into insufficiently sized buffers. Microsoft Visual Basic version 6 SP6 is affected.
  • Ref: http://www.securityfocus.com/bid/27349
  • 08.5.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SocksCap Hostname Resolution Remote Stack-Based Buffer Overflow
  • Description: SocksCap is an application wrapper that allows Windows 95/98/NT users to enable their Winsock applications to traverse a SOCKS server. The application is exposed to a remote stack-based buffer overflow issue because it fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. SocksCap version 2.40-051231 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486632
  • 08.5.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Toshiba Surveillance Surveillix DVR "MeIpCamX.DLL" ActiveX Control Buffer Overflow Vulnerabilities
  • Description: Toshiba Surveillance Surveillix is a DVR (Digital Video Recorder) system. The application uses ActiveX controls for user interaction. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. MeIpCamX.DLL version 1.0.0.4 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.5.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Winamp Ultravox Streaming Metadata Multiple Stack-Based Buffer Overflow Vulnerabilities
  • Description: Winamp is a multiformat media player application for the Microsoft windows operating system. The application is exposed to multiple stack-based buffer overflow issues because it fails to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Winamp versions 5.51, 5.5 and 5.21 are affected.
  • Ref: http://secunia.com/secunia_research/2008-2/advisory/
  • 08.5.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HP Virtual Rooms "hpvirtualrooms14.dll" ActiveX Control Multiple Buffer Overflow Vulnerabilities
  • Description: HP Virtual Rooms is a set of tools for online trainings, meetings and support. The application is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. HP Virtual Rooms with "hpvirtualrooms14.dll" ActiveX control 1.0.0.100 is affected.
  • Ref: http://seclists.org/fulldisclosure/2008/Jan/0452.html
  • 08.5.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: IBM WebSphere Business Modeler Repository Arbitrary File Deletion
  • Description: IBM WebSphere Business Modeler is a solution that supports visualization and documenting of business processes. The application is exposed to an issue that allows users to delete arbitrary files from repositories. IBM WebSphere Business Modeler versions Basic 6.0.2.1 and Advanced 6.0.2.1 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018061
  • 08.5.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GlobalLink "GLChat.ocx" ActiveX Control "ChatRoom()" Buffer Overflow
  • Description: GlobalLink "GLChat.ocx" ActiveX control is a web-based instant messaging/chat application. The control is exposed to a buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized memory buffer. GlobalLink "GLChat.ocx" ActiveX control version 2.5.1.33 is affected. Ref: http://hi.baidu.com/0x7ffa1571/blog/item/8e9b890907ecc7206a60fb7c.html
  • 08.5.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Lycos File Upload Component "FileUploader.dll" ActiveX Control Buffer Overflow
  • Description: Lycos File Upload Component is an ActiveX control that lets users upload files to the server. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "HandwriterFilename" property of the "FileUploader.dll" dynamic-link library. FileUploader.dll version 2.0.0.2 is affected.
  • Ref: http://www.milw0rm.com/exploits/4967
  • 08.5.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: HFS HTTP File Server Multiple Security Vulnerabilities
  • Description: HFS HTTP File Server is a file sharing application for Microsoft Windows platforms. The application is exposed to multiple security issues.
  • Ref: http://www.securityfocus.com/archive/1/486873
  • 08.5.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Comodo AntiVirus "ExecuteStr()" ActiveX Control Arbitrary Command Execution
  • Description: Comodo AntiVirus is a computer security application for Microsoft Windows. A Comodo AntiVirus ActiveX control is exposed to an issue that lets attackers execute arbitrary commands. This issue occurs when handling data passed to the "ExecuteStr()" method. Comodo AntiVirus version 2.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.5.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Move Networks Media Player "QMPUpgrade.dll" ActiveX Control Buffer Overflow
  • Description: Move Networks Media Player is a media application used to view streaming television media. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Move Networks Media Player version 1.0.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.5.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: ImageShack Toolbar "ImageShackToolbar.dll" ActiveX Control Insecure Method
  • Description: ImageShack Toolbar is an ActiveX control integrated into a web browser. It's used to upload images. The application is exposed to an issue that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). FileUploader class of ImageShack Toolbar version 4.5.7 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.5.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GE Fanuc CIMPLICITY "w32rtr.exe" Remote Buffer Overflow
  • Description: GE Fanuc CIMPLICITY is an HMI/SCADA (Human-Machine Interfacing/Supervisory Control And Data Acquisition) system. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into an insufficiently sized buffer. CIMPLICITY versions prior to 7.0 SIM 9 are affected.
  • Ref: http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
  • 08.5.14 - CVE: Not Available
  • Platform: Linux
  • Title: MoinMoin MOIN_ID Cookie Remote Authentication Bypass
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for UNIX and Linux platforms. The application is exposed to an authentication bypass issue because it fails to properly sanitize user-supplied input. MoinMoin versions in the 1.5 series are affected.
  • Ref: http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630
  • 08.5.15 - CVE: CVE-2007-5764
  • Platform: Aix
  • Title: IBM AIX "pioout" Local Buffer Overflow
  • Description: AIX is a UNIX operating system from IBM. The "pioout" command is used to print a file or a burst page on a printer. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the "/usr/lib/lpd/pio/etc/pioout" command in the "printers.rte" fileset.
  • Ref: http://www.securityfocus.com/archive/1/486999
  • 08.5.16 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "uspchrp" Local Buffer Overflow
  • Description: AIX is a UNIX operating system from IBM. The "uspchrp" command is used in the AIX diagnostics subsystem. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the "/usr/lpp/diagnostics/bin/uspchrp" command in the "devices.chrp.base.diag" fileset. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072
  • 08.5.17 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "utape" Local Buffer Overflow
  • Description: AIX is a UNIX operating system from IBM. The "utape" command is used in the AIX diagnostics subsystem. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the "/usr/lpp/diagnostics/bin/utape" command in the "devices.scsi.tape.diag" fileset. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4070
  • 08.5.18 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX Logical Volume Manager Multiple Commands Local Buffer Overflow Vulnerabilities
  • Description: AIX is a UNIX operating system from IBM. The application is exposed to multiple local buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068
  • 08.5.19 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "swap" Commands Local Buffer Overflow Vulnerabilities
  • Description: AIX is a UNIX operating system from IBM. The "swap", "swapon" and "swapoff" commands are used to activate and deactivate paging spaces. The application is exposed to multiple local buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4064
  • 08.5.20 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions
  • Description: WebSM Remote Client for Linux provides remote administration functionality for AIX systems. The application is exposed to a local insecure file permissions vulnerability due to a configuration error. Specifically, certain files created during installation have incorrect world-writable permissions. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066
  • 08.5.21 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "ps" Local Information Disclosure
  • Description: AIX is a UNIX operating system from IBM. The "ps" command is used to display details for processes. The application is exposed to a local information disclosure issue that stems from a design error. Specifically, the "/usr/bin/ps" command in the "bos.rte.control" fileset does not properly restrict access to process details. Ref: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075
  • 08.5.22 - CVE: Not Available
  • Platform: Unix
  • Title: Axigen AXIMilter Filtering Module Remote Format String
  • Description: Axigen is a mail server designed for UNIX and UNIX-like operating systems. AXIMilter is the AXIGEN Filtering Module that provides an interface for third-party software to access and modify emails. The application is exposed to a remote format string issue because it fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted printing function. Specifically, the issue arises when the application tries to parse malicious message headers. Axigen version 5.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27363
  • 08.5.23 - CVE: CVE-2007-5958
  • Platform: Cross Platform
  • Title: X.Org X Server X:1 -sp Command Information Disclosure
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local information disclosure issue that allows an attacker to obtain information through the "X:1 - -sp <file>" command. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1&amp;searchclause=
  • 08.5.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: BitDefender Products Update Server HTTP Daemon Directory Traversal
  • Description: BitDefender Update Server is included in multiple BitDefender products and allows users to remotely update other computers on a network. The Update Server is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the HTTP Daemon (http.exe). This daemon runs with SYSTEM-level privileges.
  • Ref: http://www.securityfocus.com/archive/1/486701
  • 08.5.25 - CVE: CVE-2008-0128
  • Platform: Cross Platform
  • Title: Apache Tomcat SingleSignOn Remote Information Disclosure
  • Description: Apache Tomcat is a Java-based webserver application for multiple operating systems. The application is exposed to a remote information disclosure issue because the application fails to properly restrict access to sensitive information. Specifically, it does not set the "secure" attribute for the "JSESSIONIDSSO" cookie when using the "SingleSignOn" valve over HTTPS. Tomcat version 5.5.20 is affected.
  • Ref: http://security-tracker.debian.net/tracker/CVE-2008-0128
  • 08.5.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server serveServletsByClassnameEnabled Unspecified
  • Description: IBM WebSphere Application Server is exposed to an unspecified issue that occurs when "serveServletsByClassnameEnabled" is set. WebSphere Application Server versions 6.0 through 6.0.2.25 and 6.1 through 6.1.0.14 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018067
  • 08.5.27 - CVE: CVE-2007-6429
  • Platform: Cross Platform
  • Title: X.Org X Server "MIT-SHM" Local Privilege Escalation
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local privilege escalation issue in the "MIT-SHM" extension, which is used to create a "pixmap" in shared memory.
  • Ref: http://www.securityfocus.com/archive/1/486516
  • 08.5.28 - CVE: CVE-2007-6427
  • Platform: Cross Platform
  • Title: X.Org X Server "Xinput" Extension Local Privilege Escalation
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local privilege escalation issue that affects multiple functions residing in the "Xinput" extension. The issue occurs when swapping the byte order of client requests. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643
  • 08.5.29 - CVE: CVE-2008-0006
  • Platform: Cross Platform
  • Title: X.Org X Server PCF Font Parser Buffer Overflow
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a buffer overflow issue that affects the PCF Font parser because the application fails to perform adequate boundary checks on user-supplied data. Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1&amp;searchclause=
  • 08.5.30 - CVE: CVE-2007-6429
  • Platform: Cross Platform
  • Title: X.Org X Server "EVI" Extension Local Privilege Escalation
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local privilege escalation issue in the "EVI" extension, which is used to process "GetVisualInfo" requests. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
  • 08.5.31 - CVE: CVE-2007-5760
  • Platform: Cross Platform
  • Title: X.Org X Server "PassMessage" Request Local Privilege Escalation
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local privilege escalation issue that resides in the code that processes "PassMessage" requests.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0031.html
  • 08.5.32 - CVE: CVE-2007-6428
  • Platform: Cross Platform
  • Title: X.Org X Server "TOG-CUP" Extension Local Privilege Escalation
  • Description: The X.Org X Server is an open-source X Windows System for UNIX, Linux, and variants. It is freely available and distributed publicly. The application is exposed to a local privilege escalation issue that affects the "ProcGetReservedColormapEnteries()" function of the "TOG-CUP" extension. This issue occurs because the application uses a 32-bit user-supplied value to reference memory.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0030.html
  • 08.5.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Numara FootPrints "MRchat.pl" and "MRABLoad2.pl" Multiple Remote Command Execution Vulnerabilities
  • Description: Numara FootPrints is a service desk management solution available for multiple platforms. The application is exposed to multiple issues that can be leveraged to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. FootPrints versions prior to 8.1 are affected. Ref: http://support.unipress.com/MRcgi/MRTicketPage.pl?USER=&amp;MRP=0&amp;PROJECTID=4&amp;MR=89552&amp;MAXMININC=&amp;MAJOR_MODE=DETAILS
  • 08.5.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Citadel SMTP RCPT TO Remote Buffer Overflow
  • Description: Citadel is an open-source server application designed to provide email and communications services. The application is exposed to a buffer overflow issue because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Citadel versions prior to 7.11 are affected.
  • Ref: http://www.securityfocus.com/bid/27376
  • 08.5.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Provisioning Manager for OS Deployment Denial of Service
  • Description: IBM Tivoli Provisioning Manager for OS Deployment is used to deploy and manage operating systems from a single remote console. The application is exposed to a denial of service issue. IBM Tivoli Provisioning Manager for OS Deployment versions prior to 5.1.0.3 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018010
  • 08.5.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Business Service Manager Password Disclosure
  • Description: IBM Tivoli Business Service Manager is a tool suite that helps organize and allocate enterprise IT resources. The application is exposed to a local password disclosure issue that arises because of a design error. Specifically, certain passwords are stored in cleartext format on "reconfig" or in "SM_server.log". IBM Tivoli Business Service Manager version 4.1.1 is affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24017939
  • 08.5.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Interstage HTTP Server Multiple Unspecified Denial of Service Vulnerabilities
  • Description: Fujitsu Interstage HTTP Server is exposed to multiple issues, including an unspecified denial of service issue that occurs when the application handles certain requests and an unspecified denial of service issue that exists in the way the application handles SSL sessions. Solaris products with the T023AS-03 urgent corrections applied are affected. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
  • 08.5.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
  • Description: IBM WebSphere Application Server is a utility for creating enterprise web applications. The application is exposed to multiple remote issues. IBM WebSphere Application Server versions prior to 6.0.2.25 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876
  • 08.5.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox chrome:// URI JavaScript File Request Information Disclosure
  • Description: Mozilla Firefox is a browser available for multiple platforms. The application is exposed to an information disclosure issue because it fails to restrict access to local JavaScript files. This issue occurs when handling chrome: URIs that use hex escaped directory traversal characters to point to arbitrary local JavaScript files on affected computers. This is achieved by specifying a chrome URI as the "src" parameter of an HTML "script" element. Firefox version 2.0.0.11 is affected. Ref: http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-traversal/
  • 08.5.40 - CVE: CVE-2007-4850
  • Platform: Cross Platform
  • Title: PHP cURL "safe mode" Security Bypass
  • Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP cURL is an extension that provides support for the "libcurl" library. The application is exposed to a "safe mode" security bypass issue. PHP versions 5.2.5 and 5.2.4 are affected. Ref: http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&amp;view=markup
  • 08.5.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer Overflow
  • Description: SDL (Simple DirectMedia Layer) is a cross-platform multimedia library that provides various low level functionalities. SDL_image is an image handling library that is part of the SDL library. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. SDL_image versions prior to 1.2.7 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486853
  • 08.5.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: aconon Mail Template Parameter Directory Traversal
  • Description: aconon Mail is a commercial newsletter and email marketing software. It provides public archive of sent newsletters through a web interface. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "template" parameter of the "archiv.cgi" script. aconon Mail 2007 Enterprise SQL version 11.7.0 and 2004 Enterprise SQL version 11.5.1 are affected.
  • Ref: http://www.securityfocus.com/bid/27427
  • 08.5.43 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SDL_image IFF ILBM File Remote Buffer Overflow
  • Description: SDL (Simple DirectMedia Layer) is a cross-platform multimedia library that provides various low level functionalities. SDL_image is an image handling library that is part of the SDL library. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. SDL_image version 1.2.6 is affected. Ref: http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&amp;r2=3521
  • 08.5.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Apple iPhone Mobile Safari Memory Exhaustion Remote Denial of Service
  • Description: Apple iPhone is exposed to a remote denial of service issue because it fails to handle excessive memory use. This issue occurs when Mobile Safari is used to view specially crafted webpages. iPhone version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27442
  • 08.5.45 - CVE: CVE-2008-0008
  • Platform: Cross Platform
  • Title: PulseAudio Local Privilege Escalation
  • Description: PulseAudio is a sound server available for various platforms. The application is exposed to a local privilege escalation issue that stems from a design error. This issue occurs because the application fails to properly ensure that it has dropped its privileges. PulseAudio versions prior to 0.9.9 are affected. Ref: https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
  • 08.5.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MegaBBS "upload.asp" Cross-Site Scripting
  • Description: MegaBBS is a bulletin board system implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "target" parameter of the "upload.asp" script. MegaBBS version 1.5.14b is affected.
  • Ref: http://www.securityfocus.com/archive/1/486723
  • 08.5.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MediaWiki Search Bar Cross-Site Scripting
  • Description: MediaWiki is a wiki application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to parameters used in conjunction with the search bar.
  • Ref: http://www.securityfocus.com/bid/27370
  • 08.5.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Agares phpAutoVideo Cross-Site Scripting Vulnerability and Remote File Include
  • Description: phpAutoVideo is a web-based application for running a video site. The application is exposed to multiple input validation issues, including a cross-site scripting issue affecting the "cat" parameter of the "index.php" script, and a remote file include issue affecting the "loadpage" parameter of the "/theme/phpAutoVideo/LightTwoOh/sidebar.php" script. phpAutoVideo version 2.21 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486591
  • 08.5.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mantis "Most Active Bugs" Summary Cross-Site Scripting
  • Description: Mantis is a web-based bug tracker. It is written in PHP and supported by a MySQL database. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. This issue is affected by the "Most Active Bugs" category of the "Summary" page. Mantis versions prior to 1.1.1 are affected.
  • Ref: http://www.mantisbt.org/changelog.php
  • 08.5.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PacerCMS "submit.php" Cross-Site Scripting
  • Description: PacerCMS is a content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "submit.php" script. PacerCMS version 0.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486796
  • 08.5.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Novemberborn sIFR "txt" Parameter Cross-Site Scripting
  • Description: sIFR (Scalable Inman Flash Replacement) is a web application that converts plain browser text to a replacement typeface regardless of whether the font is installed on a user's computer. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "txt" parameter used by "<fontname>.swf" files. sIFR versions prior to 2.0.3 and 3r278 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486787
  • 08.5.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: ELOG Cross-Site Scripting Vulnerability and Denial of Service
  • Description: ELOG is a web-log application. The application is exposed to a cross-site scripting issue because it fails to properly handle user-supplied input to the "subtext" parameter. ELOG versions prior to 2.7.1 are affected.
  • Ref: http://midas.psi.ch/elog/download/ChangeLog
  • 08.5.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DeluxeBB "attachments_header.php" Cross-Site Scripting
  • Description: DeluxeBB is a web-based bulletin board application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "lang_listofmatches" parameter of the "admincp/attachments_header.php" script. DeluxeBB version 1.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486804
  • 08.5.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Wordpress Plugin WP-Forum SQL Injection
  • Description: WebPress is a web-based publishing application implemented in PHP. WP-Forum plugin for WordPress provides forum functionality. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "wp-forum.php" script before using it in an SQL query. WP-Forum version 1.7.4 is affected.
  • Ref: http://www.securityfocus.com/bid/27362
  • 08.5.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 360 Web Manager "form.php" SQL Injection
  • Description: 360 Web Manager is a content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "IDFM" parameter of the "form.php" script before using it in an SQL query. 360 Web Manager version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27364
  • 08.5.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: boastMachine "mail.php" SQL Injection
  • Description: boastMachine is a blogging application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "mail.php" script before using it in an SQL query. boastMachine version 3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486737
  • 08.5.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: VP-ASP "paypalresult.asp" SQL Injection
  • Description: Virtual Programming VP-ASP is a shopping cart for ecommerce sites. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "paypalresult.asp" script file before using it in an SQL query. VP-ASP versions 6.50 and earlier are affected.
  • Ref: http://www.vpasp.com/sales/securitypatches.asp
  • 08.5.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery "thumbnails.php" SQL Injection
  • Description: Coppermine Photo Gallery is a web-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "albpw" cookie-parameter of the "thumbnails.php" script before using it in an SQL query. Coppermine Photo Gallery version 1.4.10 is affected.
  • Ref: http://www.securityfocus.com/bid/27372
  • 08.5.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mooseguy Blog System "blog.php" SQL Injection
  • Description: Mooseguy Blog System is a web-based blog application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "month" parameter of the "blog.php" script before using it in an SQL query. Mooseguy Blog System version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27377
  • 08.5.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyBB "private.php" SQL Injection
  • Description: MyBB, also known as MyBulletinBoard, is a web-based bulletin board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "options[disablesmilies]" parameter of the "private.php" script before using it in an SQL query. MyBB version 1.2.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486763
  • 08.5.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AlstraSoft Forum Pay Per Post Exchange "index.php" SQL Injection
  • Description: Forum Pay Per Post Exchange is a web-based application enabling users to get paid for submitting forum posts. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, the "catid" parameter of the "index.php" script when using "menu=forum_catview" is not properly sanitized.
  • Ref: http://alstrasoft.com/forum-pay-per-post-exchange.htm
  • 08.5.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PacerCMS "id" Parameter Multiple SQL Injection Vulnerabilities
  • Description: PacerCMS is a content management system. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input. PacerCMS versions prior to 0.6.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486796
  • 08.5.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: EasySiteNetwork Recipe Website Script "list.php" SQL Injection
  • Description: EasySiteNetwork Recipe Website Script is a web-based application for the display and distribution of recipes. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categoryid" parameter of the "list.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27405
  • 08.5.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Search Module "sid" Parameter SQL Injection
  • Description: PHP-Nuke is a web-based content management system (CMS). The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "sid" parameter of the Search module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27408
  • 08.5.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Foojan WMS "index.php" SQL Injection
  • Description: Foojan WMS is a PHP-based web management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "story" parameter of the "index.php" script before using it in an SQL query. Foojan WMS version 1.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/4968
  • 08.5.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: LulieBlog "voircom.php" SQL Injection
  • Description: LulieBlog is a PHP-based web-log application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "voircom.php" script before using it in an SQL query. LulieBlog version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27416
  • 08.5.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Tiger Php News System "catid" Parameter SQL Injection
  • Description: Tiger Php News System is a web-based news application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/486961
  • 08.5.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Flinx "category.php" SQL Injection
  • Description: Flinx is a PHP linkware script. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "category.php" script before using it in an SQL query. Flinx versions 1.3 and earlier are affected.
  • Ref: http://www.milw0rm.com/exploits/4985
  • 08.5.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Hotel and Resorts "user_login.asp" Multiple SQL Injection Vulnerabilies
  • Description: Pre Hotel and Resorts is an ASP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Login" or "Password" form field parameters of the "user_login.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/487053
  • 08.5.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Pre Dynamic Institution "login.asp" Multiple SQL Injection Vulnerabilies
  • Description: Pre Dynamic Institution is an ASP-based content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Login" or "Password" form field parameters of the "login.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/487054
  • 08.5.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-SMART CART "Members Login" Multiple SQL Injection Vulnerabilies
  • Description: E-SMART CART is an ASP-based ecommerce application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "Email" or "Password" form field parameters of the "Member Login" section before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/487055
  • 08.5.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Bloofox CMS Multiple Input Validation Vulnerabilities
  • Description: Bloofox is a CMS system. The application is exposed to a directory traversal issue, a SQL injection issue, and an authentication bypass issue. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" parameter of the "class_permissions.php" script before using it in an SQL query. Bloofox version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27361
  • 08.5.73 - CVE: Not Available
  • Platform: Web Application
  • Title: GalaxyScripts Mini File Host "upload.php" POST Parameter Local File Include
  • Description: Galaxyscripts Mini File Host is a file-hosting script. The application is exposed to a local file include issue because it fails to sufficiently sanitize user-supplied input to the "language" parameter of the "upload.php" script when handling POST requests. Mini File Host versions 1.2.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27366
  • 08.5.74 - CVE: Not Available
  • Platform: Web Application
  • Title: GradMan "info.php" Local File Include
  • Description: GradMan a web-based application for maintaining contact with school alumni. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "tabla" parameter of the "info.php" script. GradMan version 0.1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27343
  • 08.5.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Small Axe Weblog "linkbar.php" Remote File Include
  • Description: Small Axe Weblog is a PHP-based blog application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "cfile" parameter of the "inc/linkbar.php" script. Small Axe Weblog version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27345
  • 08.5.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Mahara HTML Arbitrary File Upload
  • Description: Mahara is an e-portfolio application implemented in Perl. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. The issue exists in the "Files" form field parameter of the "My Portfolio/Files" page. Mahara versions 0.9.0 and prior are affected.
  • Ref: https://eduforge.org/frs/shownotes.php?release_id=342
  • 08.5.77 - CVE: Not Available
  • Platform: Web Application
  • Title: OZJournals "printpreview" Local File Disclosure
  • Description: OZJournals is web-log application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "id" parameter while in the "printpreview" mode. OZJournals version 2.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27375
  • 08.5.78 - CVE: Not Available
  • Platform: Web Application
  • Title: IDMOS CMS "download.php" Local File Include
  • Description: IDMOS CMS is a PHP-based content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "fileName" parameter of the "administrator/download.php" script. IDMOS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27379
  • 08.5.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Lama Software "MY_CONF[classRoot]" Multiple Remote File Include Vulnerabilities
  • Description: Lama Software is a web-based content management system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "MY_CONF[classRoot]" parameter of the following scripts: "admin/functions/inc.steps.access_error.php", "admin/functions/inc.steps.check_login.php", and "admin/functions/inc.steps.init_system.php".
  • Ref: http://www.securityfocus.com/bid/27380
  • 08.5.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Small Axe Weblog "ffile" Parameter Remote File Include
  • Description: Small Axe Weblog is a PHP-based blog application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "ffile" parameter of the "inc/linkbar.php" script. Small Axe Weblog version 0.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27383
  • 08.5.81 - CVE: Not Available
  • Platform: Web Application
  • Title: Frimousse "explorerdir.php" File Disclosure
  • Description: Frimousse is a PHP-based web interface for the VLC media player. The application is exposed to an issue that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files. Frimousse version 0.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27385
  • 08.5.82 - CVE: Not Available
  • Platform: Web Application
  • Title: aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: aflog is a web-based blogging script. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. aflog version 1.01 is affected.
  • Ref: http://www.securityfocus.com/bid/27398
  • 08.5.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Belong Software Site Builder Administration Pages Authentication Bypass
  • Description: Belong Software Site Builder is a content manager. The application is exposed to an issue that results in unauthorized administrative access. The application fails to perform authentication when certain pages are accessed. Site Builder version 0.1 beta is affected.
  • Ref: http://www.securityfocus.com/archive/1/486803
  • 08.5.84 - CVE: Not Available
  • Platform: Web Application
  • Title: SetCMS "set" Parameter Local File Include
  • Description: SetCMS is a content manager. The application is exposed to a local file include issue because it fails to properly initialize the "set" parameter. Local files can then be included which permit command execution. SetCMS version 3.6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27407
  • 08.5.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Apache "mod_negotiation" HTML Injection and HTTP Response Splitting
  • Description: Apache "mod_negotation" allows the server to select the content that best matches the clients capabilities. The module is exposed to an HTML injection and HTTP response splitting issue because it fails to properly sanitize user-supplied input when handling the name of a file on the server.
  • Ref: http://www.mindedsecurity.com/MSA01150108.html
  • 08.5.86 - CVE: Not Available
  • Platform: Web Application
  • Title: YaBB SE Cookie Security Bypass
  • Description: YaBB SE is a web-based bulletin board. The application is exposed to a security bypass issue because it fails to properly validate user credentials. Specifically, by passing a specified user ID in the cookie an attacker can bypass authentication and log in to the application without providing valid user credentials. YaBB SE versions 1.5.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27414
  • 08.5.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple Web Wiz Products Remote Information Disclosure
  • Description: Web Wiz Forums is a web-based bulletin board application. Web Wiz NewsPad is a news-bulletin and newsletter application. Web Wiz Rich Text Editor (RTE) is a WYSIWYG HTML text editor. All three applications are implemented in ASP. The application is exposed to a remote information disclosure issue because they fail to properly sanitize user-supplied input. Forums version 9.07, NewsPad version 1.02, and Rich Text Editor version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486866
  • 08.5.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Web Wiz Rich Text Editor Arbitrary HTML File Creation
  • Description: Web Wiz Rich Text Editor (RTE) is a WYSIWYG HTML text editor implemented in ASP. The application is exposed to an issue that permits the creation of an arbitrary HTML file. Specifically, the "RTE_popup_save_file.asp" script allows an attacker to save arbitrary data to an "HTM" or "HTML" file on the vulnerable server. Rich Text Editor version 4.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/486868
  • 08.5.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Siteman "articles.php" File Disclosure
  • Description: Siteman is a PHP-based content management system. The application is exposed to an issue that lets attackers obtain potentially sensitive information because it fails to prevent access to arbitrary files. Siteman version 1.1.9 is affected.
  • Ref: http://www.securityfocus.com/bid/27422
  • 08.5.90 - CVE: CVE-2008-0029
  • Platform: Web Application
  • Title: Cisco Application Velocity System (AVS) Remote Default Account Vulnerabilities
  • Description: Cisco Application Velocity System (AVS) is an appliance-based package designed to increase the performance and security of HTML and XML-based applications. The application is exposed to multiple default account issues. These issues stem from a design flaw that makes several accounts available to remote attackers. Cisco AVS versions prior to 5.1.0 are affected.
  • Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
  • 08.5.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Liquid-Silver CMS "update/index.php" Local File Include
  • Description: Liquid-Silver CMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "update" parameter of the "update/index.php" script.
  • Ref: http://www.securityfocus.com/bid/27425
  • 08.5.92 - CVE: Not Available
  • Platform: Web Application
  • Title: SLAED CMS "index.php" Local File Include
  • Description: SLAED CMS is a PHP-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "newlang" parameter of the "index.php" script. SLAED CMS version 2.5 Lite is affected.
  • Ref: http://www.securityfocus.com/bid/27426
  • 08.5.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Seagull PHP Framework "optimizer.php" Information Disclosure
  • Description: Seagull is a PHP-based application framework. The application is exposed to an issue that allows attackers to access source code because it fails to properly sanitize user-supplied input. Specifically, this issue affects the "files" parameter of the "www/optimizer.php" script. Seagull PHP Framework version 0.6.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27437
  • 08.5.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Workflow Module Multiple HTML Injection Vulnerabilities
  • Description: Drupal is an open-source content manager that is available for a number of platforms. The Workflow module for Drupal is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied input to unspecified workflow message parameters. Workflow versions prior to 4.7.x-1.2 and 5.x-1.2 are affected.
  • Ref: http://drupal.org/node/213473
  • 08.5.95 - CVE: Not Available
  • Platform: Web Application
  • Title: ManageEngine Applications Manager Multiple Cross-Site Scripting and Security Vulnerabilities
  • Description: ManageEngine Applications Manager is an enterprise tool for monitoring and managing application servers. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Applications Manager version 8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27443
  • 08.5.96 - CVE: Not Available
  • Platform: Web Application
  • Title: GE Fanuc Proficy Portal Remote Script Code Execution
  • Description: Proficy Real Time Information Portal is a web-based application for managing production environment data. The application is exposed to a remote script code execution issue because it fails to properly sanitize user-supplied data.
  • Ref: http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
  • 08.5.97 - CVE: Not Available
  • Platform: Network Device
  • Title: Belkin Wireless G Plus MIMO Router Remote Authentication Bypass
  • Description: Belkin Wireless G Plus MIMO Router is exposed to an authentication bypass issue because the device fails to properly check authorization before it allows a user to perform certain administration actions. Specifically the application does not restrict access to the "SaveCfgFile.cgi" script that is used to modify the router's configuration files. Firmware version 3.01.53 is affected.
  • Ref: http://www.securityfocus.com/bid/27359
  • 08.5.98 - CVE: Not Available
  • Platform: Network Device
  • Title: Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery
  • Description: Alice Gate2 Plus Wi-Fi routers are network devices designed for home and small-office setups. They support wireless networking and DSL modem functionality. The application is exposed to a cross-site request forgery issue.
  • Ref: http://www.securityfocus.com/archive/1/486733
  • 08.5.99 - CVE: CVE-2008-0028
  • Platform: Network Device
  • Title: Cisco PIX and ASA Appliance "TTL Decrement" Denial of Service
  • Description: Multiple Cisco security appliances are exposed to a denial of service issue when the Time-To-Live (TTL) decrement feature is enabled for handling IP packets. The following devices are affected: Cisco PIX 500 Series Security Appliance and Cisco 5500 Series Adaptive Security Appliance(ASA). Devices running software versions 7.2(2) up to 7.2(3)006 or 8.0(3) that have the TTL decrement feature enabled are affected.
  • Ref: http://www.securityfocus.com/archive/1/486870

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

If you want to be a technology and security leader, this is the course for you!
-Andrew Longsworth, Priscoll's

SEC505: Securing Windows and Resisting Malware

Latest Whitepapers

Building and Maintaining a &quot;Certifiable&quot; Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU