@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

• (1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (0day)
• (2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (0day)
• (3) CRITICAL: BMC Patrol Format String Vulnerability
• (4) CRITICAL: Microsoft Windows GDI Multiple Vulnerabilities (MS08-071)
• (5) CRITICAL: Microsoft Windows Search Multiple Vulnerabilities (MS08-075)
• (6) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-073)
• (7) CRITICAL: Microsoft Visual Basic ActiveX Controls Multiple Vulnerabilities (MS08-070)
• (8) CRITICAL: Microsoft Office Word Multiple Vulnerabilities (MS08-072)
• (9) CRITICAL: Microsoft Office Excel Multiple Vulnerabilities (MS08-074)
• (10) HIGH: Microsoft SQL Server Remote Memory Corruption (0day)
• (11) MODERATE: Microsoft SharePoint Authentication Bypass (MS08-077)
• (12) MODERATE: Microsoft Media Components Credential Reflection Vulnerability (MS08-076)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 08.50.1 - Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow
• 08.50.2 - Microsoft Windows GDI WMF Integer Overflow
• 08.50.3 - Microsoft Windows GDI File Size Parameter Heap Overflow
• 08.50.4 - Microsoft Windows Saved Search File Handling Remote Code Execution
• 08.50.5 - Microsoft Windows "search-ms" Protocol Parsing Remote Code Execution
• 08.50.6 - Microsoft Windows Media Components "Service Principle Name" Remote Code Execution
• 08.50.7 - Microsoft Windows Media Components ISATAP URL Handling Information Disclosure

Microsoft Office

• 08.50.8 - Microsoft Word RTF Polyline/Polygon Integer Overflow
• 08.50.9 - Microsoft Word Malformed Record Remote Code Execution
• 08.50.10 - Microsoft Word RTF "do" Drawing Object Remote Heap Memory Corruption
• 08.50.11 - Microsoft Word Malformed Value Remote Code Execution
• 08.50.12 - Microsoft Word Malformed Record Value Remote Code Execution
• 08.50.13 - Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution
• 08.50.14 - Microsoft Word RTF Malformed String Remote Code Execution
• 08.50.15 - Microsoft Excel Malformed Object Handling Remote Code Execution
• 08.50.16 - Microsoft Excel Formula Handling Remote Code Execution
• 08.50.17 - Microsoft Excel Name Record Array Remote Code Execution
• 08.50.18 - Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution

Other Microsoft Products

• 08.50.19 - Microsoft Outlook Express Malformed MIME Message Denial of Service
• 08.50.20 - Microsoft SQL Server 2000 "sp_replwritetovarbin" Remote Memory Corruption
• 08.50.21 - Microsoft Internet Explorer HTML Objects Remote Code Execution
• 08.50.22 - Microsoft DataGrid ActiveX Control Memory Corruption
• 08.50.23 - Microsoft FlexGrid ActiveX Control Memory Corruption
• 08.50.24 - Microsoft Internet Explorer Deleted Object Access Remote Code Execution
• 08.50.25 - Microsoft Internet Explorer Embedded Object Remote Code Execution
• 08.50.26 - Microsoft Internet Explorer Navigation Method Remote Code Execution
• 08.50.27 - Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption
• 08.50.28 - Microsoft Charts ActiveX Control Memory Corruption
• 08.50.29 - Microsoft SharePoint Server Unauthorized Access
• 08.50.30 - Microsoft WordPad Text Converter Remote Code Execution
• 08.50.31 - Microsoft Internet Explorer Unspecified XML Handling Remote Code Execution

Third Party Windows Apps

• 08.50.32 - RadASM ".rap" Project File Buffer Overflow
• 08.50.33 - Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite
• 08.50.34 - Linksys WVC54GC "NetCamPlayerWeb11gv2.ocx" ActiveX Control Buffer Overflow
• 08.50.35 - DesignWorks Professional ".cct" File Buffer Overflow
• 08.50.36 - EasyMail Objects "emmailstore.dll" ActiveX Control Remote Buffer Overflow

Linux

• 08.50.37 - Ubuntu Privacy Remix S/ATA-Disks Security Bypass
• 08.50.38 - Linux Kernel "parisc_show_stack()" Local Denial of Service
• 08.50.39 - Linux Kernel "net/atm/proc.c" Local Denial of Service
• 08.50.40 - Vinagre "vinarge_utils_show_error()" Function Format String
• 08.50.41 - Linux Kernel MIPS Untrusted User Application Local Denial of Service
• 08.50.42 - bash-doc Insecure Temporary File Creation Vulnerabilities
• 08.50.43 - Debian netdisco-mibs-installer Insecure Temporary File Creation Vulnerabilities
• 08.50.44 - noip2 Insecure Temporary File Creation
• 08.50.45 - PvPGN Insecure Temporary File Creation
• 08.50.46 - Screenie Insecure Temporary File Creation
• 08.50.47 - lessdisks.net sdm Insecure Temporary File Creation
• 08.50.48 - Debian ppp Insecure Temporary File Creation Vulnerabilities
• 08.50.49 - Debian ppp-udeb Insecure Temporary File Creation
• 08.50.50 - crip Insecure Temporary File Creation
• 08.50.51 - Avast! Linux Home Edition ISO and RPM File Multiple Buffer Overflow Vulnerabilities
• 08.50.52 - Sophos Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
• 08.50.53 - AVG Anti-Virus For Linux UPX File Parsing Denial of Service
• 08.50.54 - BitDefender Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
• 08.50.55 - F-Prot Antivirus for Linux ELF File Scanning Denial of Service

HP-UX

• 08.50.56 - HP-UX DCE Unspecified Remote Denial of Service

Solaris

• 08.50.57 - Sun Solaris OpenSSL "PKCS#11" Engine Remote Denial of Service

Unix

• 08.50.58 - RSyslog "$AllowedSender" Configuration Directive Security Bypass
• 08.50.59 - CUPS "pstopdf" Insecure Temporary File Creation

Novell

• 08.50.60 - Novell Netware ApacheAdmin Security Bypass

Cross Platform

• 08.50.61 - Null FTP Server "SITE" Command Arbitrary Command Injection
• 08.50.62 - Sun Java Runtime Environment 6 Update 11 Multiple Unspecified Security Vulnerabilities
• 08.50.63 - Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
• 08.50.64 - Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• 08.50.65 - Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
• 08.50.66 - PHP ZipArchive::extractTo() ".zip" Files Directory Traversal
• 08.50.67 - PowerDNS "CH HINFO" Remote Denial of Service
• 08.50.68 - Orb Networks Orb Unspecified Remote Denial of Service
• 08.50.69 - ccTiddly "cct_base" Parameter Multiple Remote File Include Vulnerabilities
• 08.50.70 - Trillian Multiple Remote Memory Corruption Vulnerabilities
• 08.50.71 - Tor Security Bypass And Privilege Escalation Weaknesses
• 08.50.72 - PHP 5.2.7 "magic_quotes_gpc" Security Bypass Weakness
• 08.50.73 - D-Bus "send_requested_reply" and "receive_requested_reply" Security Bypass
• 08.50.74 - IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
• 08.50.75 - PHP SAPI "php_getuid()" Safe Mode Restriction Bypass
• 08.50.76 - BMC Patrol Agent Remote Format String
• 08.50.77 - Aruba Mobility Controller EAP Frame Remote Denial of Service
• 08.50.78 - Multiple Laptop Face Recognition Authentication Bypass
• 08.50.79 - Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
• 08.50.80 - HP DECnet-Plus OpenVMS "OSIT$NAMES" Security Bypass Weakness
• 08.50.81 - Compiz Fusion "Expo" Plugin Security Bypass
• 08.50.82 - PHP "proc_open()" Environment Parameter Safe Mode Restriction Bypass
• 08.50.83 - GpsDrive "geo-nearest" Insecure Temporary File Creation
• 08.50.84 - CMus Insecure Temporary File Creation
• 08.50.85 - Muttprint Insecure Temporary File Creation
• 08.50.86 - ClamAV LZH File Unpacking Denial of Service

Web Application - Cross Site Scripting

• 08.50.87 - Tribiq CMS "index.php" Cross-Site Scripting
• 08.50.88 - Movable Type Unspecified Cross-Site Scripting
• 08.50.89 - mvnForum Cross-Site Scripting
• 08.50.90 - yappa-ng Multiple Cross-Site Scripting Vulnerabilities
• 08.50.91 - DD-WRT Cross-Site Request Forgery
• 08.50.92 - Nightfall Personal Diary "login.asp" Multiple Cross-Site Scripting Vulnerabilities
• 08.50.93 - TWiki URLPARAM Variable Cross-Site Scripting
• 08.50.94 - yMonda Thread-IT "txtSearchString" Parameter Cross-Site Scripting
• 08.50.95 - PrestaShop Multiple Cross-Site Scripting Vulnerabilities
• 08.50.96 - PhPepperShop Multiple Cross-Site Scripting Vulnerabilities
• 08.50.97 - 3CX Phone System Multiple Cross-Site Scripting Vulnerabilities
• 08.50.98 - Moodle Wiki Page Name Cross-Site Scripting
• 08.50.99 - PHP Multiple Newsletters "index.php" Cross-Site Scripting

Web Application - SQL Injection

• 08.50.100 - Tribiq CMS "index.php" SQL Injection
• 08.50.101 - Multiple Membership Script "sitepage.php" SQL Injection
• 08.50.102 - Mxmania Gallery MX "pics_pre.asp" SQL Injection
• 08.50.103 - Calendar MX Professional "calendar_Eventupdate.asp" SQL Injection
• 08.50.104 - Check Up New Generation "findoffice.php" SQL Injection
• 08.50.105 - JMovies Joomla! Component "id" Parameter SQL Injection
• 08.50.106 - Rae Media Web Based Contact Management Login SQL Injection
• 08.50.107 - Drupal Storm Module Multiple Unspecified SQL Injection Vulnerabilities
• 08.50.108 - dotnetindex Professional Download Assistant SQL Injection
• 08.50.109 - PHPSTREET Webboard "show.php" SQL Injection
• 08.50.110 - Joomla! and Mambo Mydyngallery Component "directory" Parameter SQL Injection
• 08.50.111 - ASPApps.com Template Creature "media_level.asp" SQL Injection
• 08.50.112 - RankEm "rankup.asp" SQL Injection
• 08.50.113 - ASPToys Teamworx Server "default.asp" SQL Injection
• 08.50.114 - ASPToys ASP Portal Multiple SQL Injection Vulnerabilities
• 08.50.115 - ASP AutoDealer "detail.asp" SQL Injection
• 08.50.116 - Kalptaru Infotech Product Sale Framework "forum_topic_id" Parameter SQL Injection
• 08.50.117 - yMonda Thread-IT "treplies.asp" SQL Injection
• 08.50.118 - RankEm "processlogin.asp" Multiple SQL Injection Vulnerabilities
• 08.50.119 - SIU Guarani SQL Injection and Arbitrary File Upload Vulnerabilities
• 08.50.120 - Secure Downloads for vBulletin "fileinfo.php" SQL Injection
• 08.50.121 - Tag Board 4 phpBB3 "tag_board.php" SQL Injection
• 08.50.122 - Poll Pro User and Passwrod SQL Injection Vulnerabilities
• 08.50.123 - PEEL "rubid" Parameter SQL Injection
• 08.50.124 - PostEcards "sendcard.cfm" SQL Injection
• 08.50.125 - phpMyAdmin "table" Parameter SQL Injection
• 08.50.126 - ProQuiz "Username" Parameter SQL Injection
• 08.50.127 - Netref "id" Parameter Multiple SQL Injection Vulnerabilities

Web Application

• 08.50.128 - Pro Clan Manager "PHPSESSID" Session Fixation
• 08.50.129 - SEO phpBB "include/global.php" Remote File Include
• 08.50.130 - RevSense SQL Injection and Cross-Site Scripting Vulnerabilities
• 08.50.131 - WebCAF Multiple Input Validation Vulnerabilities
• 08.50.132 - PHPmyGallery Local and Remote File Include Vulnerabilities
• 08.50.133 - ImpressCMS "rank_title" Parameter HTML Injection
• 08.50.134 - Drennan Software My Simple Forum "index.php" Local File Include
• 08.50.135 - BNCwi "index.php" Local File Include
• 08.50.136 - Gravity GTD PHP Code Injection and Local File Include Vulnerabilities
• 08.50.137 - lcxbbportal "phpbb_root_path" Parameter Multiple Remote File Include Vulnerabilities
• 08.50.138 - Tizag Countdown Creater "index.php" Arbitrary File Upload
• 08.50.139 - TWiki SEARCH Variable Remote Command Execution
• 08.50.140 - phpPgAdmin "_language" Parameter Local File Include
• 08.50.141 - w3blabor Local File Include and Arbitrary File Upload Vulnerabilities
• 08.50.142 - BPowerHouse Mini Blog "index.php" Multiple Local File Include Vulnerabilities
• 08.50.143 - PHPmyGallery "index.php" Directory Traversal
• 08.50.144 - Mini-CMS "index.php" Multiple Local File Include Vulnerabilities
• 08.50.145 - XOOPS Local File Include and HTML Injection Vulnerabilities
• 08.50.146 - MG2 "includes/mg2_functions.php" PHP Code Injection
• 08.50.147 - Google Gears WorkerPool API "allowCrossOrigin()" Same Origin Policy Violation
• 08.50.148 - PunBB SQL Injection and Cross-Site Scripting Vulnerabilities
• 08.50.149 - PHPmyGallery "common-tpl-vars.php" Local and Remote File Include Vulnerabilities
• 08.50.150 - PHP Multiple Newsletters "lang" Parameter Local File Include
• 08.50.151 - Atlassian JIRA Remote Security Bypass
• 08.50.152 - HTMPL "htmpl_admin.cgi" Remote Command Execution

Network Device

• 08.50.153 - Linksys WVC54GC Wireless-G Internet Video Camera Information Disclosure
• 08.50.154 - Neostrada Livebox ADSL Router HTTP Request Denial of Service

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

• 08.50.1 - CVE: CVE-2008-4255
• Platform: Windows
• Title: Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow
• Description: Microsoft Windows Common AVI ActiveX control is an application used for playing AVI files in the browser. The Windows Common AVI ActiveX control is exposed to a remote buffer overflow issue. The problem can occur when AVI stream lengths aren't properly validated.
• Ref: http://www.securityfocus.com/archive/1/499061

• 08.50.2 - CVE: CVE-2008-2249
• Platform: Windows
• Title: Microsoft Windows GDI WMF Integer Overflow
• Description: Microsoft GDI (graphics device interface) enables applications to use graphics and formatted text on the video display and on printers. The GDI component of Microsoft Windows is exposed to an integer overflow issue.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx

• 08.50.3 - CVE: CVE-2008-3465
• Platform: Windows
• Title: Microsoft Windows GDI File Size Parameter Heap Overflow
• Description: Microsoft GDI (graphics device interface) enables applications to use graphics and formatted text on the video display and on printers. The GDI component of Microsoft Windows is exposed to a heap overflow issue because the software fails to sufficiently validate the file size parameters in WMF images.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx

• 08.50.4 - CVE: CVE-2008-4268
• Platform: Windows
• Title: Microsoft Windows Saved Search File Handling Remote Code Execution
• Description: Microsoft Windows Search is a component of Windows Vista and Windows Server 2008. Microsoft Windows is exposed to a remote code execution issue because Windows Explorer fails to correctly free memory when saving the Windows Search saved-search files. Windows Vista and Windows Server 2008 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx

• 08.50.5 - CVE: CVE-2008-4269
• Platform: Windows
• Title: Microsoft Windows "search-ms" Protocol Parsing Remote Code Execution
• Description: Microsoft Windows Search is a component of Windows Vista and Windows Server 2008. It allows a user to search for various resources. Microsoft Windows is exposed to a remote code execution issue because Windows Explorer fails to correctly interpret parameters when parsing the "search-ms" protocol. Windows Vista and Windows Server 2008 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx

• 08.50.6 - CVE: CVE-2008-3009
• Platform: Windows
• Title: Microsoft Windows Media Components "Service Principle Name" Remote Code Execution
• Description: Microsoft Windows Media Components is a multimedia application for the Windows platform. This application is exposed to a remote code execution issue in the SPN (Service Principle Name) implementation. The vulnerability occurs because the software fails to correctly opt-in to NTLM credential-reflection protections.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-076.mspx

• 08.50.7 - CVE: CVE-2008-3010
• Platform: Windows
• Title: Microsoft Windows Media Components ISATAP URL Handling Information Disclosure
• Description: Microsoft Windows Media Components is a multimedia application for the Windows platform. The software is exposed to an information disclosure issue when handling "ISATAP" (Intra-Site Automatic Tunnel Addressing Protocol) URLs because it incorrectly treats an external resource as internal when connecting to a server that uses an "ISATAP" address.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-076.mspx

• 08.50.8 - CVE: CVE-2008-4025
• Platform: Microsoft Office
• Title: Microsoft Word RTF Polyline/Polygon Integer Overflow
• Description: Microsoft Word is a word processing application. Microsoft Word is exposed to an integer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when calculating the space required for the number of points contained in a polyline or polygon.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.9 - CVE: CVE-2008-4024
• Platform: Microsoft Office
• Title: Microsoft Word Malformed Record Remote Code Execution
• Description: Microsoft Word is a word processor available for multiple platforms. Word is exposed to a remote code execution issue when it processes a specially-crafted Office file with a malformed record value.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.10 - CVE: CVE-2008-4027
• Platform: Microsoft Office
• Title: Microsoft Word RTF "do" Drawing Object Remote Heap Memory Corruption
• Description: Microsoft Word is a word processing application. Microsoft Word is exposed to a remote heap memory corruption issue when processing consecutive "do" drawing object tags. Specifically, the application fails to validate the integrity of the object, which may cause a memory buffer to be freed twice.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.11 - CVE: CVE-2008-4026
• Platform: Microsoft Office
• Title: Microsoft Word Malformed Value Remote Code Execution
• Description: Microsoft Word is a word processor available for multiple platforms. Word is exposed to a remote code execution issue when it processes a specially-crafted Word file with a malformed value.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.12 - CVE: CVE-2008-4837
• Platform: Microsoft Office
• Title: Microsoft Word Malformed Record Value Remote Code Execution
• Description: Microsoft Word is a word processor available for multiple platforms. Word is exposed to a remote code execution issue when it processes a specially-crafted Office file with a malformed record value. Specifically, the size of stack buffer is calculated using user-controlled contents of a malformed table property.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.13 - CVE: CVE-2008-4028
• Platform: Microsoft Office
• Title: Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution
• Description: Microsoft Word is a word processing application. Microsoft Word is exposed to a remote code execution issue when handling multiple drawing objects. Specifically, code in the "wwlib.dll" library allocates a buffer for the tag objects.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.14 - CVE: CVE-2008-4031
• Platform: Microsoft Office
• Title: Microsoft Word RTF Malformed String Remote Code Execution
• Description: Microsoft Word is exposed to a remote code execution issue because of memory-calculation errors when handling malformed strings in a Rich Text Format (RTF) document. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.
• Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-09

• 08.50.15 - CVE: CVE-2008-4265
• Platform: Microsoft Office
• Title: Microsoft Excel Malformed Object Handling Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue stems from memory corruption because the application fails to validate record values when processing malformed objects in Excel files.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx

• 08.50.16 - CVE: CVE-2008-4253
• Platform: Microsoft Office
• Title: Microsoft Excel Formula Handling Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because of memory corruption when the application loads Excel formulas from a malicious Excel file.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

• 08.50.17 - CVE: CVE-2008-4266
• Platform: Microsoft Office
• Title: Microsoft Excel Name Record Array Remote Code Execution
• Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the application fails to perform sufficient validation of an index value in the "NAME" record.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx

• 08.50.18 - CVE: CVE-2008-4030
• Platform: Microsoft Office
• Title: Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution
• Description: Microsoft Word is exposed to a remote code execution issue that occurs because of memory calculation errors when handling malformed control words in a Rich Text Format (RTF) document. Specifically, this issue is caused by an error when parsing mismatched "dpgroup" and "dpendgroup" control words.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx

• 08.50.19 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Outlook Express Malformed MIME Message Denial of Service
• Description: Microsoft Outlook Express is an email client for Microsoft Windows platforms. The application is exposed to a denial of service issue because it fails to properly handle malformed multi-part MIME messages. An attacker can exploit this issue to crash the application process during delivery.
• Ref: http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro

• 08.50.20 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft SQL Server 2000 "sp_replwritetovarbin" Remote Memory Corruption
• Description: Microsoft SQL Server 2000 is exposed to a remote memory-corruption issue because it fails to properly handle user-supplied input. Specifically, the issue occurs when the server handles the "sp_replwritetovarbin" extended stored procedure call. Microsoft SQL Server 2000 is affected. Ref: http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt

• 08.50.21 - CVE: CVE-2008-4259
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer HTML Objects Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because it incorrectly handles an error when attempting to access uninitialized memory related to HTML objects.
• Ref: http://www.securityfocus.com/archive/1/499065

• 08.50.22 - CVE: CVE-2008-4252
• Platform: Other Microsoft Products
• Title: Microsoft DataGrid ActiveX Control Memory Corruption
• Description: Microsoft DataGrid ActiveX control is part of the Microsoft Help engine. The DataGrid ActiveX control is exposed to a remote memory corruption issue. The problem occurs because the control fails tp properly initialize objects.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

• 08.50.23 - CVE: CVE-2008-4264
• Platform: Other Microsoft Products
• Title: Microsoft FlexGrid ActiveX Control Memory Corruption
• Description: Microsoft FlexGrid ActiveX control is an application used with databases. The FlexGrid ActiveX control is exposed to a remote memory-corruption issue. The problem can occur when objects within the control aren't properly initialized.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx

• 08.50.24 - CVE: CVE-2008-4260
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Deleted Object Access Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because it may attempt to access deleted objects when handling webpages.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

• 08.50.25 - CVE: CVE-2008-4261
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Embedded Object Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because of an error in handling embedded objects when rendering HTML content. The problem is due to a stack-based buffer overflow when handling specific HTML tags.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

• 08.50.26 - CVE: CVE-2008-4258
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Navigation Method Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue because of an error in validating parameters to an unspecified navigation method.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx

• 08.50.27 - CVE: CVE-2008-4254
• Platform: Other Microsoft Products
• Title: Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption
• Description: Microsoft Hierarchical FlexGrid ActiveX control is an application used with databases. The Hierarchical FlexGrid ActiveX control is exposed to a remote memory corruption issue. The problem can occur when objects within the control aren't properly initialized. Microsoft Hierarchical FlexGrid Control version 6.0.88.4 is affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

• 08.50.28 - CVE: CVE-2008-4256
• Platform: Other Microsoft Products
• Title: Microsoft Charts ActiveX Control Memory Corruption
• Description: Microsoft Charts ActiveX control is an application for making chart objects. The Charts ActiveX control is exposed to a remote memory corruption issue. The problem can occur when objects within the control aren't properly initialized.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx

• 08.50.29 - CVE: CVE-2008-4032
• Platform: Other Microsoft Products
• Title: Microsoft SharePoint Server Unauthorized Access
• Description: Microsoft SharePoint Server is an integrated server application providing content management and search capabilities. Microsoft SharePoint Server is exposed to an issue that could let remote attackers gain unauthorized access. The issue occurs because of how the software handles authentication to affected administrative functions of the server.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-077.mspx

• 08.50.30 - CVE: CVE-2008-4841
• Platform: Other Microsoft Products
• Title: Microsoft WordPad Text Converter Remote Code Execution
• Description: microsoft WordPad is a simple text editor supplied with most versions of Microsoft Windows. Microsoft WordPad is exposed to a remote code execution vulnerability because of an unspecified error that may result in corrupted memory. This issue can be triggered when WordPad is used to open specially-crafted .doc, .wri and .rtf files.
• Ref: http://www.microsoft.com/technet/security/advisory/960906.mspx

• 08.50.31 - CVE: Not Available
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Unspecified XML Handling Remote Code Execution
• Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue due to an unspecified error in the handling of XML content. Internet Explorer 7 on Microsoft Windows XP and 2003 is affected.
• Ref: http://research.eeye.com/html/alerts/zeroday/20081209.html

• 08.50.32 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: RadASM ".rap" Project File Buffer Overflow
• Description: RadASM is an assembly language IDE for the Microsoft Windows operating system. RadASM is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. RadASM version 2.2.1.4 is affected.
• Ref: http://www.securityfocus.com/bid/32617

• 08.50.33 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite
• Description: Visagesoft eXPert PDF EditorX ActiveX control is an application for editing, printing, and viewing PDF documents. The application is exposed to an issue that allows attackers to overwrite files with arbitrary, attacker-supplied content. Visagesoft eXPert PDF EditorX ActiveX control version 1.0.200.0 is affected.
• Ref: http://support.microsoft.com/kb/240797

• 08.50.34 - CVE: CVE-2008-4391
• Platform: Third Party Windows Apps
• Title: Linksys WVC54GC "NetCamPlayerWeb11gv2.ocx" ActiveX Control Buffer Overflow
• Description: WVC54GC is a wireless video camera. The NetCamPlayerWeb11gv2 control is prone to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input to the "SetSource()" method. WVC53GC with firmware versions prior to 1.25 that include the ActiveX control are affected.
• Ref: http://www.kb.cert.org/vuls/id/639345

• 08.50.35 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: DesignWorks Professional ".cct" File Buffer Overflow
• Description: DesignWorks Professional is a circuit design and diagramming tool for the Microsoft Windows operating system. DesignWorks Professional is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. DesignWorks Professional version 4.3.1 is affected.
• Ref: http://www.securityfocus.com/bid/32667

• 08.50.36 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: EasyMail Objects "emmailstore.dll" ActiveX Control Remote Buffer Overflow
• Description: EasyMail Objects is an application that provides email sending/receiving for ActiveX applications. EasyMail Objects ActiveX control is exposed to a remote buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data.
• Ref: http://support.microsoft.com/kb/240797

• 08.50.37 - CVE: Not Available
• Platform: Linux
• Title: Ubuntu Privacy Remix S/ATA-Disks Security Bypass
• Description: Ubuntu Privacy Remix is a modified live-CD based on Ubuntu Linux. The read-only CD provides an isolated and unmodifiable environment. Ubuntu Privacy Remix (UPR) is prone to a security-bypass issue that may allow attackers to modify the operating system. This issue occurs because UPR allows attackers to mount RAID-Arrays onto the affected computer. Ubutnu Privacy Remix versions prior to 8.04 r1 are affected.
• Ref: http://www.securityfocus.com/bid/32629

• 08.50.38 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel "parisc_show_stack()" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue caused by an error in the "parisc_show_stack()" function in the "arch/parisc/kernel/unwind.c" source file. The issue occurs when unwinding a stack containing userspace memory addresses. Linux kernel versions prior to 2.6.28-rc7 are affected.
• Ref: http://marc.info/?l=linux-parisc&m=121736357203624&w=2

• 08.50.39 - CVE: CVE-2008-5079
• Platform: Linux
• Title: Linux Kernel "net/atm/proc.c" Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue. Specifically, the issue is triggered when the "svc_listen()" function in the "net/atm/svc.c" file is called two times on the same socket. Attackers can exploit this issue to cause the Linux kernel to go into an infinite loop.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5079

• 08.50.40 - CVE: Not Available
• Platform: Linux
• Title: Vinagre "vinarge_utils_show_error()" Function Format String
• Description: Vinagre is a VNC client for the GNOME Desktop. Vinagre is exposed to a remote format string issue because the application fails to sufficiently sanitize user-supplied input before using it in a formatted printing function. This issue occurs in the "vinagre_utils_show_error()" function of the "src/vinagre-utils.c" source file.
• Ref: http://www.securityfocus.com/archive/1/499057

• 08.50.41 - CVE: Not Available
• Platform: Linux
• Title: Linux Kernel MIPS Untrusted User Application Local Denial of Service
• Description: The Linux kernel is exposed to a local denial of service issue affecting 64 bit MIPS architectures. The issue can occur in some cases when system calls are read from outside the bounds of the system call table. This issue can be triggered when 32 bit system calls with a number less than 4000 are made on 64 bit kernels. Ref: http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.28-rc7-git6.log

• 08.50.42 - CVE: CVE-2008-5374
• Platform: Linux
• Title: bash-doc Insecure Temporary File Creation Vulnerabilities
• Description: The bash-doc package contains documentation and examples for the GNU Bourne Again Shell. bash-doc creates temporary files in an insecure manner. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. bash-doc version 3.2 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html

• 08.50.43 - CVE: CVE-2008-5379
• Platform: Linux
• Title: Debian netdisco-mibs-installer Insecure Temporary File Creation Vulnerabilities
• Description: Debian netdisco-mibs-installer is a set of download and install scripts for the Netdisco MIB bundle. The application creates temporary files in an insecure manner. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. netdisco-mibs-installer version 1.0 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html

• 08.50.44 - CVE: CVE-2008-5369
• Platform: Linux
• Title: noip2 Insecure Temporary File Creation
• Description: noip2 is a client for dynamic DNS service. The application creates temporary files in an insecure manner. Specifically, the "noip2" script creates files with predictable names. noip2 version 2.1.7 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.45 - CVE: CVE-2008-5370
• Platform: Linux
• Title: PvPGN Insecure Temporary File Creation
• Description: PvPGN is a server that emulates Battle.net. The application creates temporary files in an insecure manner. Specifically, the "pvpgn-support-installer" script creates files with predictable names. PvPGN version 1.8.1 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.46 - CVE: CVE-2008-5371
• Platform: Linux
• Title: Screenie Insecure Temporary File Creation
• Description: Screenie is a small and lightweight GNU screen(1) wrapper. The application creates temporary files in an insecure manner. Specifically, the "screenie" script creates files with predictable names. Screenie version 1.30.0 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.47 - CVE: CVE-2008-5372
• Platform: Linux
• Title: lessdisks.net sdm Insecure Temporary File Creation
• Description: sdm is a secure display manager similar to X11. The application creates temporary files in an insecure manner. Specifically, the "sdm-login" script creates files with predictable names. An attacker with local access could perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. sdm version 0.4.0b is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.48 - CVE: CVE-2008-5366
• Platform: Linux
• Title: Debian ppp Insecure Temporary File Creation Vulnerabilities
• Description: Debian ppp is a Point-to-Point Protocol (PPP) daemon. The application creates temporary files in an insecure manner. An attacker with local access could potentially exploit these issues to perform symbolic-link attacks, overwriting temporary files in the context of the affected application. Debian ppp version 2.4.4rel is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.49 - CVE: CVE-2008-5367
• Platform: Linux
• Title: Debian ppp-udeb Insecure Temporary File Creation
• Description: Debian ppp-udeb is a minimal ppp package used by the Debian installer. The application creates a temporary file in an insecure manner. Specifically, the issue affects the "ip-up" script. Debian ppp-udeb version 2.4.4rel is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.50 - CVE: CVE-2008-5376
• Platform: Linux
• Title: crip Insecure Temporary File Creation
• Description: crip is a terminal-based application used to rip, encode, and tag Ogg Vorbis files. crip creates temporary files in an insecure manner. The issue occurs because the "editcomment" script creates the "/tmp/*.tag.tmp" file in an insecure manner. crip version 3.7 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html

• 08.50.51 - CVE: Not Available
• Platform: Linux
• Title: Avast! Linux Home Edition ISO and RPM File Multiple Buffer Overflow Vulnerabilities
• Description: Avast! Linux Home Edition is a virus scanning application for the Linux operating system. The application is exposed to multiple buffer overflow issues because it fails to adequately bounds check user-supplied data before copying it into an insufficiently sized buffer. Avast! Linux Home Edition version 1.0.8 is affected.
• Ref: http://www.securityfocus.com/bid/32747

• 08.50.52 - CVE: Not Available
• Platform: Linux
• Title: Sophos Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
• Description: Sophos Antivirus For Linux is security software providing antivirus, antispyware, and firewall capabilities for both enterprise and endpoint-based systems. Sophos Antivirus For Linux is exposed to multiple remote denial of service isssues because it fails to properly handle malformed files. Sophos Antivirus For Linux version 4.33.0 is affected.
• Ref: http://www.securityfocus.com/bid/32748

• 08.50.53 - CVE: Not Available
• Platform: Linux
• Title: AVG Anti-Virus For Linux UPX File Parsing Denial of Service
• Description: AVG Anti-Virus for Linux is an anti-vrius application. AVG Anti-Virus is exposed to a denial of service issue. An attacker can exploit this issue by supplying a malicious UPX file. AVG Anti-Virus versions prior to 7.5.51 are affected.
• Ref: http://www.securityfocus.com/bid/32749

• 08.50.54 - CVE: Not Available
• Platform: Linux
• Title: BitDefender Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
• Description: BitDefender Antivirus For Linux is security software providing antivirus capabilities. BitDefender Antivirus For Linux is exposed to multiple remote denial of service issues because it fails to properly handle malformed files. BitDefender Antivirus For Linux 7.60825 is affected.
• Ref: http://www.securityfocus.com/archive/1/499079

• 08.50.55 - CVE: Not Available
• Platform: Linux
• Title: F-Prot Antivirus for Linux ELF File Scanning Denial of Service
• Description: F-Prot Antivirus for Linux is a virus scanning application for the Linux operating system. The application is exposed to a denial of service issue because it fails to handle malformed ELF files. F-Prot Antivirus for Linux version 4.6.8 is affected.
• Ref: http://www.securityfocus.com/archive/1/499083

• 08.50.56 - CVE: CVE-2008-4418
• Platform: HP-UX
• Title: HP-UX DCE Unspecified Remote Denial of Service
• Description: HP-UX is exposed to a remote denial of service issue. Few details regarding this vulnerability are available. Exploiting this issue allows remote attackers to trigger denial of service conditions. HP-UX versions B.11.11, B.11.23, and B.11.31 running DCE (Distributed Computing Environment) are affected.
• Ref: http://www.securityfocus.com/bid/32754

• 08.50.57 - CVE: Not Available
• Platform: Solaris
• Title: Sun Solaris OpenSSL "PKCS#11" Engine Remote Denial of Service
• Description: Sun Solaris OpenSSL "PKCS#11" is an SSL library. This OpenSSL "PKCS#11" engine in Sun Solaris is exposed to a denial of service issue when handling malicious "RSA_sign" and "RSA_verify" cryptographic operations. The OpenSSL "PKCS#11" engine implementation that ships with Sun Solaris 10 is affected.
• Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246846-1

• 08.50.58 - CVE: Not Available
• Platform: Unix
• Title: RSyslog "$AllowedSender" Configuration Directive Security Bypass
• Description: RSyslog is a system log management daemon for Unix and Linux variants. RSyslog is exposed to a security bypass issue because of an error in the daemon's ACL (Access Control List) handling.
• Ref: http://www.rsyslog.com/Article327.phtml

• 08.50.59 - CVE: CVE-2008-5377
• Platform: Unix
• Title: CUPS "pstopdf" Insecure Temporary File Creation
• Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS creates temporary files in an insecure manner. The issue occurs because the "pstopdf" script creates the "/tmp/pstopdf.log" file in an insecure manner. CUPS version 1.3,8 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html

• 08.50.60 - CVE: Not Available
• Platform: Novell
• Title: Novell Netware ApacheAdmin Security Bypass
• Description: Novell NetWare is a network operating system. Novell Netware is exposed to a security bypass issue. Specifically, after installing an OES2 Linux server into the tree running Netware, it is possible for attackers to log into the ApacheAdmin console without using a password.
• Ref: http://www.novell.com/support/viewContent.do?externalId=7001907

• 08.50.61 - CVE: Not Available
• Platform: Cross Platform
• Title: Null FTP Server "SITE" Command Arbitrary Command Injection
• Description: Null FTP server is an FTP server application available for Microsoft Windows. The application is exposed to an arbitrary command injection issue because it fails to sufficiently sanitize user-supplied input to the "SITE" FTP server command. Null FTP server version 1.1.0.7 is affected.
• Ref: http://vuln.sg/nullftpserver1107-en.html

• 08.50.62 - CVE: Not Available
• Platform: Cross Platform
• Title: Sun Java Runtime Environment 6 Update 11 Multiple Unspecified Security Vulnerabilities
• Description: Sun Java Runtime Environment (JRE) allows users to run Java applications. The application is exposed to multiple remote security issues caused by unspecified errors. Java Runtime Environment versions prior to 1.6.0_11 are affected.
• Ref: http://www.securityfocus.com/archive/1/498922

• 08.50.63 - CVE: Not Available
• Platform: Cross Platform
• Title: Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
• Description: Adobe Acrobat 9 is prone to an unspecified weakness related to encrypted PDF documents. Attackers may take advantage of this issue to aid in attempts to recover encryption keys or to decrypt documents, possibly allowing greater efficiency in brute-force attacks. Ref: http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html

• 08.50.64 - CVE: Not Available
• Platform: Cross Platform
• Title: Nagios External Commands and Adaptive Commands Unspecified Vulnerability
• Description: Nagios is an open-source application designed to monitor networks and services for interruptions and to notify administrators when various events occur. Nagios is exposed to an unspecified issue related to the CGI submission of external commands and the processing of adaptive commands. Nagios versions prior to 3.0.6 are affected.
• Ref: http://www.nagios.org/development/history/nagios-3x.php

• 08.50.65 - CVE: CVE-2008-2086
• Platform: Cross Platform
• Title: Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
• Description: Sun Java Web Start is a utility included in the Java Runtime Environment. It enables Java applications to launch either from a desktop or from a web page. Sun Java Web Start and Java Plug-in are exposed to multiple issues.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-081/

• 08.50.66 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP ZipArchive::extractTo() ".zip" Files Directory Traversal
• Description: PHP is an open-source scripting language used for web development. The application is exposed to a directory traversal issue because the application fails to adequately sanitize user-supplied input. PHP versions 5.2.6 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/498909

• 08.50.67 - CVE: CVE-2008-5277
• Platform: Cross Platform
• Title: PowerDNS "CH HINFO" Remote Denial of Service
• Description: PowerDNS is a DNS nameserver application available for various platforms. The application is exposed to a denial of service issue that is triggered when malicious "CH HINFO" queries are sent to the server. PowerDNS versions prior to 2.9.21.2 are affected.
• Ref: http://doc.powerdns.com/powerdns-advisory-2008-03.html

• 08.50.68 - CVE: Not Available
• Platform: Cross Platform
• Title: Orb Networks Orb Unspecified Remote Denial of Service
• Description: Orb is an application that allows users to access media stored on remote computers. The application is exposed to a remote denial of service issue. Exploiting this issue allows remote attackers to crash the application and trigger denial of service conditions, denying further service to legitimate users.
• Ref: http://www.securityfocus.com/archive/1/498904

• 08.50.69 - CVE: Not Available
• Platform: Cross Platform
• Title: ccTiddly "cct_base" Parameter Multiple Remote File Include Vulnerabilities
• Description: ccTiddly is a server side implementation of TiddlyWiki. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "cct_base" parameter. ccTiddly version 1.7.4 is affected.
• Ref: http://www.securityfocus.com/bid/32631

• 08.50.70 - CVE: Not Available
• Platform: Cross Platform
• Title: Trillian Multiple Remote Memory Corruption Vulnerabilities
• Description: Trillian is a chat client that supports many instant messaging protocols. The application is exposed to multiple memory corruption issues. Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial of service conditions. Trillian versions prior to 3.1.12.0 are affected.
• Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-077/

• 08.50.71 - CVE: Not Available
• Platform: Cross Platform
• Title: Tor Security Bypass And Privilege Escalation Weaknesses
• Description: Tor is an implementation of second-generation onion routing, a connection oriented anonymous communication service. Successful exploitation may allow attackers to exploit other vulnerabilities that facilitate privilege escalation and security-bypass attacks. Tor versions prior to 0.2.0.32 are affected.
• Ref: http://blog.torproject.org/blog/tor-0.2.0.32-released

• 08.50.72 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP 5.2.7 "magic_quotes_gpc" Security Bypass Weakness
• Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a security bypass weakness that occurs because the "magic_quotes_gpc" directive remains off even when set to on. PHP version 5.2.7 is affected.
• Ref: http://bugs.php.net/bug.php?id=42718

• 08.50.73 - CVE: CVE-2008-4311
• Platform: Cross Platform
• Title: D-Bus "send_requested_reply" and "receive_requested_reply" Security Bypass
• Description: D-Bus is a message bus system for applications to talk to one another. The application is exposed to a security bypass issue because of an issue with the default configuration. D-Bus version 1.2.6 is affected. Ref: https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html

• 08.50.74 - CVE: Not Available
• Platform: Cross Platform
• Title: IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
• Description: IBM WebSphere Application Server (WAS) is an application server used for service-oriented architecture. The application is exposed to multiple issues. WAS version 7.0 is affected.
• Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27014463

• 08.50.75 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP SAPI "php_getuid()" Safe Mode Restriction Bypass
• Description: PHP is a general-purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a "safe_mode" restriction bypass issue. This allows PHP applications to bypass some security restrictions. PHP version 5.2.6 is affected.
• Ref: http://www.securityfocus.com/archive/1/499004

• 08.50.76 - CVE: Not Available
• Platform: Cross Platform
• Title: BMC Patrol Agent Remote Format String
• Description: BMC Patrol is an application used for remote system monitoring and management. Patrol Agent is the central component of the Patrol architecture. Patrol Agent is exposed to a remote format string issue because it fails to perform adequate boundary checks on user-supplied input. Patrol Agent versions prior to 3.7.30 are affected.
• Ref: http://www.securityfocus.com/archive/1/499013

• 08.50.77 - CVE: Not Available
• Platform: Cross Platform
• Title: Aruba Mobility Controller EAP Frame Remote Denial of Service
• Description: Aruba Mobility Controller is used to scale ArubaOS and other software modules on enterprise networks. Access to the device's web-based management interface is protected with X.509 certificates. Aruba Mobility Controller is exposed to a remote denial of service issue because it fails to handle malformed Extensible Authentication Protocol (EAP) frames.
• Ref: http://www.securityfocus.com/archive/1/499014

• 08.50.78 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Laptop Face Recognition Authentication Bypass
• Description: Face Reacquisition authentication is an authentication mechanism that allows users to authenticate themselves to devices using certain facial characteristics. An attacker can exploit this issue to gain unauthorized access to the affected device.
• Ref: http://www.securityfocus.com/archive/1/498997

• 08.50.79 - CVE: CVE-2008-5316, CVE-2008-5317
• Platform: Cross Platform
• Title: Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
• Description: Little CMS is an open-source color management engine that has been ported to a variety of platforms. The application is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. The buffer overflow issue affects all versions of Little CMS prior to 1.16.
• Ref: http://www.securityfocus.com/bid/32708

• 08.50.80 - CVE: Not Available
• Platform: Cross Platform
• Title: HP DECnet-Plus OpenVMS "OSIT$NAMES" Security Bypass Weakness
• Description: HP DECNet-Plus for OpenVMS is a network protocol application for VAX and ALPHA systems. The application is exposed to a security bypass weakness because the default user has read and write privileges for the "OSIT$NAMES" table. HP DECnet-Plus OpenVMS versions prior to V8.3 ECO03 are affected.
• Ref: http://www.securityfocus.com/bid/32711

• 08.50.81 - CVE: Not Available
• Platform: Cross Platform
• Title: Compiz Fusion "Expo" Plugin Security Bypass
• Description: Compiz Fusion is a framework for 3-D desktop addons. The application is exposed to a security bypass issue because of an issue with the "Expo" plugin. This plugin does not correctly restrict the movement of the screensaver and as a result can allow attackers to access the locked desktop underneath by simply moving the screensaver out of the way with the mouse. Compiz Fusion versions prior to 0.5.2, 0.7.4 and 0.7.8 are affected.
• Ref: http://www.securityfocus.com/bid/32712

• 08.50.82 - CVE: Not Available
• Platform: Cross Platform
• Title: PHP "proc_open()" Environment Parameter Safe Mode Restriction Bypass
• Description: PHP is a general purpose scripting language that is especially suited for web development and can be embedded into HTML. PHP is exposed to a "safe_mode" restriction bypass issue. PHP version 5.2.8 on the Linux operating system is affected.
• Ref: http://www.securityfocus.com/archive/1/499041

• 08.50.83 - CVE: CVE-2008-5380
• Platform: Cross Platform
• Title: GpsDrive "geo-nearest" Insecure Temporary File Creation
• Description: GpsDrive is a GPS navigation application. GpsDrive creates temporary files in an insecure manner. The issue occurs because the "geo-nearest" script creates files in an insecure manner. GpsDrive version 2.09 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html

• 08.50.84 - CVE: CVE-2008-5375
• Platform: Cross Platform
• Title: CMus Insecure Temporary File Creation
• Description: CMus is an audio player application. CMus creates temporary files in an insecure manner. The issue occurs because the "cmus-status-display" script creates the "/tmp/cmus-status" file in an insecure manner. CMus version 2.2.0 is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html

• 08.50.85 - CVE: CVE-2008-5368
• Platform: Cross Platform
• Title: Muttprint Insecure Temporary File Creation
• Description: Muttprint is an application used to format the output of mail clients. The application creates a temporary file in an insecure manner. Specifically, the issue affects the "muttprint" script. Muttprint version 0.72d is affected.
• Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html

• 08.50.86 - CVE: Not Available
• Platform: Cross Platform
• Title: ClamAV LZH File Unpacking Denial of Service
• Description: ClamAV is a multiplatform toolkit used for scanning email messages for viruses. ClamAV is exposed to a denial of service issue because the external unpacker used by the application fails to handle malformed LZH files. ClamAV versions 0.93.3 and earlier are affected.
• Ref: http://www.securityfocus.com/archive/1/499078

• 08.50.87 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Tribiq CMS "index.php" Cross-Site Scripting
• Description: Tribiq CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "cID" parameter of the "index.php" script. Tribiq CMS versions 5.0.10b and 5.0.11e are affected.
• Ref: http://www.securityfocus.com/bid/32650

• 08.50.88 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Movable Type Unspecified Cross-Site Scripting
• Description: Movable Type is a web-log application. Movable Type is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. This issue affects the application management section.
• Ref: http://www.securityfocus.com/bid/32604

• 08.50.89 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: mvnForum Cross-Site Scripting
• Description: mvnForum is a web-based bulletin board in JSP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data in the "Who's online" function of the forum. mvnForum versions 1.2 GA and earlier are affected.
• Ref: http://security.bkis.vn/?p=286

• 08.50.90 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: yappa-ng Multiple Cross-Site Scripting Vulnerabilities
• Description: yappa-ng is a web-based photo album implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "album" and unspecified parameters of the "index.php" script.
• Ref: http://www.securityfocus.com/bid/32623

• 08.50.91 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: DD-WRT Cross-Site Request Forgery
• Description: DD-WRT is a modification of the original Linksys Firmware for supporting simple Radius Authentication. The device is exposed to a cross-site request forgery issue. DD-WRT version v24-sp1 is affected.
• Ref: http://www.securityfocus.com/bid/32703

• 08.50.92 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Nightfall Personal Diary "login.asp" Multiple Cross-Site Scripting Vulnerabilities
• Description: Nightfall Personal Diary is a web-based application implemented in ASP. The application is exposed to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input passed to the "Username" and "Password" form fields of the "login.asp" script.
• Ref: http://www.securityfocus.com/bid/32658

• 08.50.93 - CVE: CVE-2008-5304
• Platform: Web Application - Cross Site Scripting
• Title: TWiki URLPARAM Variable Cross-Site Scripting
• Description: TWiki is a wiki-based content managment system (CMS) implemented in Perl. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "%URLPARAM{}%" parameter.
• Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304

• 08.50.94 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: yMonda Thread-IT "txtSearchString" Parameter Cross-Site Scripting
• Description: yMonda Thread-IT is a web-based application implemented in ASP. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "txtSearchString" parameter of the "default.asp" script when called through the search form. Thread-IT versions 1.6 and Thread-ITSQL version 2.0 are affected.
• Ref: http://www.securityfocus.com/bid/32681

• 08.50.95 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PrestaShop Multiple Cross-Site Scripting Vulnerabilities
• Description: PrestaShop is a PHP-based ecommerce application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input to the "admin/login.php" and "order.php" scripts. PrestaShop version 1.1 beta 3 is affected.
• Ref: http://www.securityfocus.com/archive/1/498994

• 08.50.96 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PhPepperShop Multiple Cross-Site Scripting Vulnerabilities
• Description: PhPepperShop is an e-commerce application. The application is prone to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. PhPepperShop version 1.4 is affected.
• Ref: http://www.securityfocus.com/archive/1/498998

• 08.50.97 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: 3CX Phone System Multiple Cross-Site Scripting Vulnerabilities
• Description: 3CX Phone System is an IP PBX and SIP server available for Windows platform. The web-based interface of the application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "fName" and "fPassword" form fields in the "login.php" script. 3CX Phone System version 6.1793 is affected.
• Ref: http://www.securityfocus.com/bid/32709

• 08.50.98 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Moodle Wiki Page Name Cross-Site Scripting
• Description: Moodle is a content manager for online courseware. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to Wiki page names. Moodle versions prior to 1.6.8, Moodle 1.7.6, Moodle 1.8.7 and Moodle 1.9.3 are affected.
• Ref: http://www.securityfocus.com/bid/32714/references

• 08.50.99 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHP Multiple Newsletters "index.php" Cross-Site Scripting
• Description: PHP Multiple Newsletters is a web-based email marketing application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "index.php" script. PHP Multiple Newsletters version 2.7 is affected.
• Ref: http://www.securityfocus.com/bid/32727

• 08.50.100 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Tribiq CMS "index.php" SQL Injection
• Description: Tribiq CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cID" parameter of the "index.php" script before using it in an SQL query. Tribiq CMS versions 5.0 10b and 5.0.11e are affected.
• Ref: http://www.securityfocus.com/bid/32649

• 08.50.101 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Multiple Membership Script "sitepage.php" SQL Injection
• Description: Multiple Membership Script is a membership and affiliation application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "sitepage.php" script before using it in an SQL query. Multiple Membership Script version 2.5 is affected.
• Ref: http://www.securityfocus.com/bid/32655

• 08.50.102 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Mxmania Gallery MX "pics_pre.asp" SQL Injection
• Description: Mxmania Gallery MX is a photo gallery application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "pics_pre.asp" script before using it in an SQL query. Mxmania Gallery MX version 2.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/32607

• 08.50.103 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Calendar MX Professional "calendar_Eventupdate.asp" SQL Injection
• Description: Calendar MX Professional is an ASP-based calendar application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "calendar_Eventupdate.asp" script before using it in an SQL query. Calendar MX Professional version 2.0.0 is affected.
• Ref: http://www.securityfocus.com/bid/32609

• 08.50.104 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Check Up New Generation "findoffice.php" SQL Injection
• Description: Check Up New Generation is a patient record management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "search" parameter of the "findoffice.php" script before using it in an SQL query. Check Up New Generation version 4.52 is affected.
• Ref: http://www.securityfocus.com/bid/32590

• 08.50.105 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: JMovies Joomla! Component "id" Parameter SQL Injection
• Description: JOOMItaly JMovies is a video and movie library component for the Joomla! content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_jmovies" component before using it in an SQL query. JMovies version 1.1 is affected.
• Ref: http://www.securityfocus.com/bid/32615

• 08.50.106 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Rae Media Web Based Contact Management Login SQL Injection
• Description: Rae Media Web Based Contact Management is a web application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "User Name" and "Password" textboxes when logging in to the affected application.
• Ref: http://www.securityfocus.com/bid/32616

• 08.50.107 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drupal Storm Module Multiple Unspecified SQL Injection Vulnerabilities
• Description: Storm (SpeedTech Organization and Resource Manager) is a project management module for the Drupal content management system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters before using it in SQL queries. Storm versions prior to 5.x-1.14 and 6.x-1.18 are affected.
• Ref: http://drupal.org/node/342246

• 08.50.108 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: dotnetindex Professional Download Assistant SQL Injection
• Description: Professional Download Assistant is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the password field of the login page before using it in an SQL query. Professional Download Assistant version 0.1 is affected.
• Ref: http://www.securityfocus.com/bid/32706

• 08.50.109 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PHPSTREET Webboard "show.php" SQL Injection
• Description: PHPSTREET Webboard is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "show.php" script before using it in an SQL query.
• Ref: http://www.milw0rm.com/exploits/7337

• 08.50.110 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Joomla! and Mambo Mydyngallery Component "directory" Parameter SQL Injection
• Description: Mydyngallery is a photo-gallery module for the Mambo and Joomla! content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "directory" parameter of the "com_mydyngallery" component before using it in an SQL query.
• Ref: http://www.securityfocus.com/archive/1/498916

• 08.50.111 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASPApps.com Template Creature "media_level.asp" SQL Injection
• Description: ASPApps.com Template Creature is an e-commerce application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "mcatid" parameter of the "media/media_level.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/32641

• 08.50.112 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RankEm "rankup.asp" SQL Injection
• Description: RankEm is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "siteID" parameter of the "rankup.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/32659

• 08.50.113 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASPToys Teamworx Server "default.asp" SQL Injection
• Description: ASPToys Teamworx Server is a project management application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "password" field of the "default.asp" login script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/32660

• 08.50.114 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASPToys ASP Portal Multiple SQL Injection Vulnerabilities
• Description: ASPToys ASP Portal is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
• Ref: http://www.securityfocus.com/bid/32662

• 08.50.115 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ASP AutoDealer "detail.asp" SQL Injection
• Description: ASP AutoDealer is an ASP-based application that allows users to sell vehicles online. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ID" parameter of the "detail.asp" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/32663

• 08.50.116 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Kalptaru Infotech Product Sale Framework "forum_topic_id" Parameter SQL Injection
• Description: Kalptaru Infotech Product Sale Framework is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "forum_topic_id" parameter of the "customer/customer.forumtopic.php" script before using it in an SQL query. Kalptaru Infotech Product Sale Framework version 0.1 beta is affected.
• Ref: http://www.securityfocus.com/bid/32672

• 08.50.117 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: yMonda Thread-IT "treplies.asp" SQL Injection
• Description: yMonda Thread-IT is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "message" parameter of the "treplies.asp" script before using it in an SQL query. Thread-IT version 1.6 and Thread-ITSQL version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/32684

• 08.50.118 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: RankEm "processlogin.asp" Multiple SQL Injection Vulnerabilities
• Description: RankEm is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "txtusername" and "txtpassword" parameters of the "processlogin.asp" script.
• Ref: http://www.securityfocus.com/bid/32686

• 08.50.119 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: SIU Guarani SQL Injection and Arbitrary File Upload Vulnerabilities
• Description: SIU Guarani is a web-based application that keeps track of academic activities. The application is exposed to multiple remote issues. Exploiting these issues could allow an attacker to compromise the application, upload arbitrary files and execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database.
• Ref: http://www.securityfocus.com/bid/32697

• 08.50.120 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Secure Downloads for vBulletin "fileinfo.php" SQL Injection
• Description: Secure Downloads is a file-download management add-on for the vBulletin bulletin board. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "fineinfo.php" script before using it in an SQL query.
• Ref: http://www.milw0rm.com/exploits/7385

• 08.50.121 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Tag Board 4 phpBB3 "tag_board.php" SQL Injection
• Description: Tag Board 4 phpBB3 is a plugin module available for PHPBB. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tag_board.php" script before using it in an SQL query. Tag Board 4 phpBB3 version 3.0.2 is affected.
• Ref: http://bx67212.netsons.org/forum/viewtopic.php?f=3&t=3&sid=980fd3 8ff5f3ca40919d28be3f2e2d08#p3

• 08.50.122 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Poll Pro User and Passwrod SQL Injection Vulnerabilities
• Description: Poll Pro is a web-based application used to add polls. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the username and password fields. Poll Pro version 2.0 is affected.
• Ref: http://www.securityfocus.com/bid/32707

• 08.50.123 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PEEL "rubid" Parameter SQL Injection
• Description: PEEL is a PHP-based e-commerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "rubid" parameter of the "index.php" script before using it in an SQL query. PEEL version 3.1 is affected.
• Ref: http://www.securityfocus.com/bid/32715

• 08.50.124 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: PostEcards "sendcard.cfm" SQL Injection
• Description: PostEcards is a web-based application that creates and emails postcards. The application is implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "sendcard.cfm" script before using it in an SQL query.
• Ref: http://www.securityfocus.com/bid/32719

• 08.50.125 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpMyAdmin "table" Parameter SQL Injection
• Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "table" parameter of the "tbl_structure.php" script before using it in an SQL query. phpMyAdmin versions prior to 2.11.9.4 and 3.1.1.0 are affected.
• Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php

• 08.50.126 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: ProQuiz "Username" Parameter SQL Injection
• Description: ProQuiz is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to "Username" text box when logging into the application through the "admin/index.php" script. ProQuiz version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/32724

• 08.50.127 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Netref "id" Parameter Multiple SQL Injection Vulnerabilities
• Description: Netref is a URL management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Netref version 4.0 is affected.
• Ref: http://www.securityfocus.com/bid/32725

• 08.50.128 - CVE: Not Available
• Platform: Web Application
• Title: Pro Clan Manager "PHPSESSID" Session Fixation
• Description: Pro Clan Manager is a PHP-based content manager. Pro Clan Manager is exposed to a session-fixation issue caused by a design error when handling sessions. Specifically, an attacker can predefine a victim user's session ID by setting the "PHPSESSID" parameter of the "index.php" script. Pro Clan Manager version 0.4.2 is affected.
• Ref: http://www.securityfocus.com/bid/32606

• 08.50.129 - CVE: Not Available
• Platform: Web Application
• Title: SEO phpBB "include/global.php" Remote File Include
• Description: SEO phpBB is web-based application based on phpBB. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "pfad" parameter of the "include/global.php" script. SEO phpBB version 1.1.0 is affected.
• Ref: http://www.securityfocus.com/bid/32619

• 08.50.130 - CVE: Not Available
• Platform: Web Application
• Title: RevSense SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: RevSense is a web-based application for managing ads. RevSense is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. RevSense version 1.0 is affected.
• Ref: http://www.securityfocus.com/bid/32624

• 08.50.131 - CVE: Not Available
• Platform: Web Application
• Title: WebCAF Multiple Input Validation Vulnerabilities
• Description: WebCAF is a web-based application. The application is exposed to multiple input validation issues. WebCAF version 1.4 is affected.
• Ref: http://www.securityfocus.com/bid/32704

• 08.50.132 - CVE: Not Available
• Platform: Web Application
• Title: PHPmyGallery Local and Remote File Include Vulnerabilities
• Description: PHPmyGallery is a web-based application. The application is exposed to multiple input validation issues. A remote attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. PHPmyGallery version 1.0beta2 is affected.
• Ref: http://www.securityfocus.com/bid/32705

• 08.50.133 - CVE: Not Available
• Platform: Web Application
• Title: ImpressCMS "rank_title" Parameter HTML Injection
• Description: ImpressCMS is a content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. ImpressCMS versions prior to 1.0.3 "Janus" RC 1 are affected.
• Ref: http://sourceforge.net/project/shownotes.php?release_id=634159

• 08.50.134 - CVE: Not Available
• Platform: Web Application
• Title: Drennan Software My Simple Forum "index.php" Local File Include
• Description: Drennan Software My Simple Forum is a web-based forum. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "action" parameter of the "index.php" script. My Simple Forum version 3.0 is affected.
• Ref: http://www.securityfocus.com/bid/32643

• 08.50.135 - CVE: Not Available
• Platform: Web Application
• Title: BNCwi "index.php" Local File Include
• Description: BNCwi is a web interface for psyBNC IRC application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "newlanguage" HTTP POST parameter of the "index.php" script. BNCwi versions 1.04 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/32644

• 08.50.136 - CVE: Not Available
• Platform: Web Application
• Title: Gravity GTD PHP Code Injection and Local File Include Vulnerabilities
• Description: Gravity GTD is a PHP-based list manager used to track action items. Gravity GTD is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. The issues include a PHP code injection and a local file include issue that affect the "objectname" parameter of the "library/setup/rpc.php" script. Gravity GTD versions 0.4.5 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/32646

• 08.50.137 - CVE: Not Available
• Platform: Web Application
• Title: lcxbbportal "phpbb_root_path" Parameter Multiple Remote File Include Vulnerabilities
• Description: lcxbbportal is a web-based application. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "phpbb_root_path" parameter. lcxbbportal version 0.1 is affected.
• Ref: http://www.securityfocus.com/bid/32647

• 08.50.138 - CVE: Not Available
• Platform: Web Application
• Title: Tizag Countdown Creater "index.php" Arbitrary File Upload
• Description: Tizag Countdown Creater is a countdown application. The application is exposed to an unspecified issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. Tizag Countdown Creater version 3 is affected.
• Ref: http://www.securityfocus.com/bid/32661

• 08.50.139 - CVE: CVE-2008-5305
• Platform: Web Application
• Title: TWiki SEARCH Variable Remote Command Execution
• Description: TWiki is a wiki-based content managment system (CMS) implemented in Perl. The application is exposed to an issue that attackers can leverage to execute arbitrary commands in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input.
• Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305

• 08.50.140 - CVE: Not Available
• Platform: Web Application
• Title: phpPgAdmin "_language" Parameter Local File Include
• Description: phpPgAdmin is a web-based administration utility. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "_language" parameter of the "libraries/lib.inc.php" script. phpPgAdmin versions 4.2.1 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/32670

• 08.50.141 - CVE: Not Available
• Platform: Web Application
• Title: w3blabor Local File Include and Arbitrary File Upload Vulnerabilities
• Description: w3blabor is a web-based content management system. The application is exposed to multiple input validation issues. By exploiting the arbitrary file upload and local file include vulnerabilities at the same time, the attacker may be able to execute remote code. w3blabor version 3.0.5 is affected.
• Ref: http://www.securityfocus.com/bid/32675

• 08.50.142 - CVE: Not Available
• Platform: Web Application
• Title: BPowerHouse Mini Blog "index.php" Multiple Local File Include Vulnerabilities
• Description: BPowerHouse Mini Blog is a PHP-based blog application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "page" and "admin" parameters of the "index.php" scripts. BPowerHouse Mini Blog version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/32677

• 08.50.143 - CVE: Not Available
• Platform: Web Application
• Title: PHPmyGallery "index.php" Directory Traversal
• Description: PHPmyGallery is a web-based application. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "group" parameter of the "index.php" script. PHPmyGallery version 1.51gold is affected.
• Ref: http://www.securityfocus.com/bid/32678

• 08.50.144 - CVE: Not Available
• Platform: Web Application
• Title: Mini-CMS "index.php" Multiple Local File Include Vulnerabilities
• Description: Mini-CMS is a PHP-based web application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Mini-CMS version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/bid/32680

• 08.50.145 - CVE: Not Available
• Platform: Web Application
• Title: XOOPS Local File Include and HTML Injection Vulnerabilities
• Description: XOOPS is a PHP-based content manager. The application is exposed to multiple input-validation issues. An attacker can exploit the local file include vulnerabilities using directory traversal strings to execute local files within the context of the web server process. XOOPS versions prior to 2.3.2b are affected.
• Ref: http://www.securityfocus.com/archive/1/499002

• 08.50.146 - CVE: Not Available
• Platform: Web Application
• Title: MG2 "includes/mg2_functions.php" PHP Code Injection
• Description: MG2 (MiniGal2) is a PHP-based photo gallery application. MG2 is exposed to an issue that lets attackers inject arbitrary PHP code. The issue occurs because the application fails to properly sanitize user-supplied input to the "name" parameter of the "includes/mg2_functions.php" script. MG2 version 0.5.1 is affected.
• Ref: http://www.securityfocus.com/bid/32695

• 08.50.147 - CVE: Not Available
• Platform: Web Application
• Title: Google Gears WorkerPool API "allowCrossOrigin()" Same Origin Policy Violation
• Description: Google Gears is a browser extension intended to help in the development of web applications. It is available for a number of platforms and browsers. This issue exists in the WorkerPool API, used to create worker objects within the Gears framework. Google Gears versions prior to 0.5.4 are affected. Ref: http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html

• 08.50.148 - CVE: Not Available
• Platform: Web Application
• Title: PunBB SQL Injection and Cross-Site Scripting Vulnerabilities
• Description: PunBB is a PHP-based forum application. PunBB is exposed to multiple input validation issues. An attacker can exploit these issues to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PunBB versions prior to 1.3.2 are affected.
• Ref: http://punbb.informer.com/forums/topic/20475/punbb-132/

• 08.50.149 - CVE: Not Available
• Platform: Web Application
• Title: PHPmyGallery "common-tpl-vars.php" Local and Remote File Include Vulnerabilities
• Description: PHPmyGallery is a web-based application. The application is exposed to the multiple input validation issues. PHPmyGallery version 1.5beta is affected.
• Ref: http://www.securityfocus.com/bid/32723

• 08.50.150 - CVE: Not Available
• Platform: Web Application
• Title: PHP Multiple Newsletters "lang" Parameter Local File Include
• Description: PHP Multiple Newsletters is a web-based email marketing application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "index.php" script. PHP Multiple Newsletters version 2.7 is affected.
• Ref: http://www.securityfocus.com/bid/32726

• 08.50.151 - CVE: Not Available
• Platform: Web Application
• Title: Atlassian JIRA Remote Security Bypass
• Description: Atlassian JIRA is a web-based issue tracking system. The application is exposed to a security bypass issue that attackers can leverage to execute certain methods in the context of the application. This issue occurs because the application fails to adequately validate user-supplied input resulting in specific URL parameters being transformed into method calls. Atlassian JIRA versions prior to 3.13.2 are affected. Ref: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09

• 08.50.152 - CVE: Not Available
• Platform: Web Application
• Title: HTMPL "htmpl_admin.cgi" Remote Command Execution
• Description: HTMPL is an HTML editor implemented in Perl. HTMPL is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "help" parameter of the "htmpl_admin.cgi" script. HTMPL version 1.11 is affected.
• Ref: http://www.securityfocus.com/bid/32755

• 08.50.153 - CVE: CVE-2008-4390
• Platform: Network Device
• Title: Linksys WVC54GC Wireless-G Internet Video Camera Information Disclosure
• Description: Linksys WVC54GC Wireless-G Internet Video Camera is exposed to an information disclosure issue because it fails to encrypt sensitive information before transmitting it over the network. Firmware for the Linksys WVC54GC Wireless-G Internet Video Camera versions prior to 1.25 are affected.
• Ref: http://www.kb.cert.org/vuls/id/528993

• 08.50.154 - CVE: Not Available
• Platform: Network Device
• Title: Neostrada Livebox ADSL Router HTTP Request Denial of Service
• Description: Neostrada Livebox ADSL Router is a networking device provided by Telekomunikacja Polska. The device is exposed to a denial of service issue because it fails to adequately handle malformed HTTP requests.
• Ref: http://www.securityfocus.com/archive/1/499010

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.