The most trusted source for computer security training, certification and research.

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 51
December 18, 2008

SANS Newsletters Home

Thunderbird, Firefox and Apple Macs are the products with critical vulnerabilities this week. Also notice the number of new vulnerabilities in new web applications. Thousands more vulnerable applications are going live every week on corporate web sites. Many security people are completely shirking their responsibility by claiming this is a programming problem and then not creating the opportunity for the programmers to master secure coding. When the attacks come, the bosses will ask why they never used the free assessments to show the programmers where their knowledge gaps were and then the course to help the programmers fill those gaps. There won't be a career-enhancing good answer. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Other Microsoft Products
    • 2
    • Third Party Windows Apps
    • 2
    • Mac Os
    • 11 (#1)
    • Linux
    • 1 (#3)
    • Solaris
    • 4
    • Cross Platform
    • 18 (#2, #4)
    • Web Application - Cross Site Scripting
    • 11
    • Web Application - SQL Injection
    • 36
    • Web Application
    • 34
    • Network Device
    • 1

*************************************************************************

TRAINING UPDATE - - SANS 2009 in Orlando in early march - the largest security training conference and expo in the world. lots of evening sessions: http://www.sans.org/ - - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/ - - Looking for training in your own Community? http://sans.org/community/ For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

********************* SPONSORED LINK **********************************

Join professionals to learn about Log Management tools at the Log Management Summit April 6-7. http://www.sans.org/info/36644

2) Ensure that your VMware ESX hosts are secure and compliant using free Compliance Checker from Configuresoft. http://www.sans.org/info/36649

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) HIGH: Adobe Flash Player for Linux Remote Code Execution
  • Affected:
    • Adobe Flash Player for Linux versions prior to 10.0.12.36

  • Description: Adobe Flash Player, the most common rich media player on the web, contains a flaw in its parsing of Flash files. A specially crafted Flash file could exploit this vulnerability to execute arbitrary code with the privileges of the current user. Flash content is generally downloaded and played without first prompting the user. Few technical details are publicly available for this vulnerability. The Adobe Flash Player is installed by default on numerous Linux distributions. Reportedly, only the Linux version of the Adobe Flash Player is vulnerable.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.51.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Internet Explorer 8 CSS
  • Description: Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site scripting filter, designed to prevent cross-site scripting attacks against vulnerable web applications. If the injected code contains a closing cascading style sheet (CSS) tag in addition to malicious script code included as a CSS "expression" property, the cross-site scripting filter will be bypassed. Internet Explorer version 8 beta 2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499124
  • 08.51.2 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer "Scripting.FileSystem" Security Bypass
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a security bypass issue due to a failure to properly enforce restrictions on script behavior.
  • Ref: http://support.microsoft.com/kb/182569
  • 08.51.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Evans FTP "EvansFTP.ocx" ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
  • Description: Evans FTP is an application that provides FTP functionality for ActiveX applications. The control is exposed to multiple remote buffer overflow issues because the application fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.evansprogramming.com/evansftp.asp
  • 08.51.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Realtek Media Player Playlist Buffer Overflow
  • Description: Realtek Media Player (RtlRack) is a media player for Windows platform. Realtek Media Player (RtlRack) is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Realtek Media Player version A4.06 is affected. Ref: http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=Local_performed_exploits&topic=1229414951.ff.php&page=last
  • 08.51.5 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X 2008-008 Multiple Security Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple security issues that have been addressed in Security Update 2008-008.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.6 - CVE: CVE-2008-4223
  • Platform: Mac Os
  • Title: Apple Podcast Producer Authentication Bypass
  • Description: Podcast Producer is an application for encoding, publishing and producing podcasts. Podcast Producer is exposed to an authentication bypass issue. An attacker can exploit this issue to gain access to certain administrative functions. Podcast Producer for Mac OS X Server versions 10.5 through 10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.7 - CVE: CVE-2008-4224
  • Platform: Mac Os
  • Title: Apple Mac OS X UDF ISO File Handling Denial of Service
  • Description: Apple Mac OS X is exposed to a denial of service issue when handling malformed UDF ISO volumes. Specifically, when a specially crafted ISO file is opened, the computer may shut down. Mac OS X version 10.4.11, Server 10.4.11, 10.5 through 10.5.5, and Server 10.5 through 10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.8 - CVE: CVE-2008-4219
  • Platform: Mac Os
  • Title: Apple Mac OS X NFS Mounted Executable Exception Remote Denial of Service
  • Description: Apple Mac OS X is exposed to a remote denial of service issue because it fails to adequately handle exceptions from NFS-mounted (Network File System) executables. Specifically, an executable application located on an NFS share that encounters an exception may trigger an infinite loop within the kernel, causing an unexpected shutdown.
  • Ref: http://www.securityfocus.com/bid/32873
  • 08.51.9 - CVE: Not Available CVE-2008-4222
  • Platform: Mac Os
  • Title: Apple Mac OS X "natd" Remote Denial of Service
  • Description: Apple Mac OS X is exposed to a remote denial of service issue. This issue affects the "natd" Network Address Translation daemon. Specifically, if Internet sharing is enabled, the "natd" process may enter into an infinite loop when processing specially constructed packets. Mac OS X versions 10.4.11, 10.5 through 10.5.5, Server 10.4.11, and Server 10.5 through 10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.10 - CVE: CVE-2008-4236
  • Platform: Mac Os
  • Title: Apple Mac OS X Type Service PDF File Remote Denial of Service
  • Description: Apple Mac OS X Type Service is exposed to a denial of service issue. This issue occurs when handling a PDF file containing malformed embedded fonts. Apple Mac OS X versions 10.5 through 10.5.5 and Mac OS X Server 10.5 through 10.5.5 are affecetd.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.11 - CVE: CVE-2008-4217
  • Platform: Mac Os
  • Title: Apple Mac OS X BOM CPIO Header Stack Buffer Overflow
  • Description: Apple Mac OS X BOM is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability is due to a signedness error when handling malicious CPIO headers contained in a CPIO archive.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.12 - CVE: CVE-2008-4220
  • Platform: Mac Os
  • Title: Apple Mac OS X "inet_net_pton" API Integer Overflow
  • Description: The "inet_net_pton()" function is used to convert a string representation of an IP address into a network-format binary representation. The Apple Mac OS X "Libsystem" is exposed to an integer overflow issue in the "inet_net_pton" API because it fails to adequately bounds-check input data.
  • Ref: http://www.securityfocus.com/bid/32877
  • 08.51.13 - CVE: CVE-2008-421810.5.5 are affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X "i386_set_ldt" and "1386_get_ldt" Multiple Integer Overflow Vulnerabilities
  • Description: Apple Mac OS X is exposed to multiple integer overflow issues because the application fails to perform adequate boundary checks on integer values. Specifically the vulnerabilities affect the "i386_set_ldt" and "i386_get_ldt" system calls of the kernel. Apple Mac OS X versions 10.5 through 10.5.5 and Mac OS X Server 10.5 through
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.14 - CVE: CVE-2008-4237
  • Platform: Mac Os
  • Title: Apple Mac OS X Managed Client Screen Saver Lock Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue affecting managed client systems. Specifically, this issue results from per-host configuration settings not being correctly applied to some managed client systems. Mac OS X versions 10.5 through 10.5.5 and Server 10.5 through 10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.15 - CVE: CVE-2008-4221
  • Platform: Mac Os
  • Title: Apple Mac OS X "strptime" API Memory Corruption
  • Description: The "strptime" API is a reference library that provides standardized time and date functions. The Mac OS X "Libsystem" is exposed to a memory corruption issue that affects the "strptime" API. Mac OS X versions 10.4.11, 10.5 through 10.5.5, Server 10.4.11, and Server 10.5 through 10.5.5 are affected.
  • Ref: http://support.apple.com/kb/HT3338
  • 08.51.16 - CVE: Not Available
  • Platform: Linux
  • Title: Linux Kernel "ac_ioctl()" Local Buffer Overflow
  • Description: The Linux kernel is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue occurs in the "ac_ioctl()" function in the "applicom.c" source file. Linux kernel versions prior to 2.6.28-rc1 are affected.
  • Ref: http://bugzilla.kernel.org/show_bug.cgi?id=11408
  • 08.51.17 - CVE: CVE-2008-5550
  • Platform: Solaris
  • Title: Sun Java Web Console Unspecified URI Redirection
  • Description: Sun Java Web Console is a web-based management tool for the Solaris operating system. The application is exposed to an unspecified remote URI-redirection issue. Java Web Console versions 3.0.2 through 3.0.5 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243786-1
  • 08.51.18 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Kerberos Remote Denial of Service
  • Description: Sun Solaris Kerberos is a network authentication protocol. The application is exposed to a denial of service issue because it fails to properly validate user-supplied data. Specifically, local attackers can deny service to legitimate users by taking advantage of a flaw in the credential-renewal system.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244866-1
  • 08.51.19 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "libICE" Unspecified Denial of Service
  • Description: Sun Solaris is an enterprise-grade UNIX distribution. Sun Solaris is exposed to a denial of service issue that is caused by an unspecified error in the X Inter Client Exchange Library (libICE). Remote attackers may exploit this issue to deny service to legitimate users.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243566-1
  • (x86) - CVE: Not Available120012-14 is affected.
  • Platform: Solaris
  • Title: Sun Solaris IPv4 Forwarding Denial of Service
  • Description: Sun Solaris is prone to a denial of service vulnerability. A remote attacker can exploit this issue to panic the system denying service to legitimate users. Specifically, the issue occurs in IPv4 forwarding. Solaris 10 with patch 120011-14 (SPARC) or
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241126-1
  • 08.51.21 - CVE: CVE-2008-5415
  • Platform: Cross Platform
  • Title: Computer Associates ARCserve Backup "LDBServer" Remote Code Execution
  • Description: Computer Associates ARCserve Backup provides backup and restore protection for Windows. The application is exposed to a remote code execution issue that exists in the "LDBserver" service. This issue occurs because the application fails to perform sufficient validation on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/499128
  • 08.51.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Ray Server Administration Password Information Disclosure
  • Description: Sun Ray server is a proxy server developed by Sun Microsystems. Sun Ray server is exposed to an information disclosure issue that may allow attackers to gain access to the Sun Ray administration password.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240365-1
  • 08.51.23 - CVE: CVE-2008-5549
  • Platform: Cross Platform
  • Title: Sun Java System Portal Server Web Console Information Disclosure
  • Description: Sun Java System Portal Server is a Java-based framework for developing web applications. The server is exposed to an information disclosure issue because the Web Console component fails to restrict access to potentially sensitive information. Java System Portal Server versions 7.1 and 7.2 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243886-1
  • 08.51.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Ray Server and Sun Ray Windows Connector Information Disclosure
  • Description: Sun Ray server is a proxy server developed by Sun Microsystems. Sun Ray Server and Sun Ray Windows Connector are exposed to an information disclosure issue that may allow attackers to gain access to the Sun Ray administration password, while the application is being configured.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1
  • 08.51.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Asterisk IAX2 Unauthenticated Session Handling Remote Denial of Service
  • Description: Asterisk is a PBX and telephony application for multiple operating platforms. Asterisk supports the IAX2 VoIP protocol. Asterisk is exposed to a remote denial of service issue because it fails to handle remote unauthenticated sessions in a proper manner.
  • Ref: http://downloads.digium.com/pub/security/AST-2008-012.html
  • 08.51.26 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Check Point SecurePlatform Unspecified Remote Security
  • Description: Check Point SecurePlatform is a server operating system. SecurePlatform is exposed to an unspecified remote security issue. Attackers may exploit this vulnerability to create accounts with administrative privileges. Other attacks may also be possible. SecurePlatform version R65 HFA02 is affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066422.html
  • 08.51.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Portal and Workplace Web Content Management Unspecified Security Bypass
  • Description: IBM WebSphere Portal and Workplace Web Content Management are enterprise Web content management applications. IBM WebSphere Portal and Workplace Web Content Management are exposed to an unspecified security bypass issue that affects "BasicAuthTAI". IBM WebSphere Portal and Workplace Web Content Management version 6.0.1.5 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007603
  • 08.51.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Tmax Soft JEUS Alternate Data Stream Source Code Information Disclosure
  • Description: Tmax Soft JEUS is a web application server. The application is exposed to an issue that allows attackers to access source code because it fails to properly sanitize user-supplied input. JEUS versions prior to 6 are affected.
  • Ref: http://www.securityfocus.com/bid/32804
  • 08.51.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Fire Servers IP Spoofing Security Bypass
  • Description: The Sun Fire server brand is a series of server computers produced by Sun Microsystems. Sun Fire Servers are exposed to a security bypass issue. Attackers can leverage this issue by spoofing their IP in a manner sufficient to trigger this vulnerability.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246746-1
  • 08.51.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MPlayer TwinVQ Handling Stack Buffer Overflow
  • Description: MPlayer is a cross-platform media player. MPlayer is exposed to a stack-based buffer overflow issue because it fails to perform adequate checks on user-supplied input. This issue occurs in the "demux_open_vqf()" function of the "libmpdemux/demux_vqf.c" source file when parsing malformed TwinVQ media files. MPlayer version 1.0rc2 is affected.
  • Ref: http://trapkit.de/advisories/TKADV2008-014.txt
  • 08.51.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Tivoli Provisioning Manager Security Bypass
  • Description: IBM Tivoli Provisioning Manager is used to deploy and manage operating systems from a single remote console. The application is exposed to an unspecified security bypass issue. Tivoli Provisioning Manager versions prior to 5.1.1.1 with Interim Fix IF0006 applied are vulnerable.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21330228
  • 08.51.32 - CVE: CVE-2008-5081
  • Platform: Cross Platform
  • Title: Avahi Multicast DNS Denial of Service
  • Description: Avahi is an application to discover services available on the local network. Avahi is exposed to a denial of service issue. Specifically, the vulnerability occurs when the application processes multicast DNS data. Avahi versions prior to 0.6.24 are affected. Ref: http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=3093047f1aa36bed8a37fa79004bf0ee287929f4
  • 08.51.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
  • Description: W3C Amaya is a freely available web browser and editor that runs on multiple platforms. Amaya is exposed to multiple buffer overflow issues because it fails to perform adequate checks on user-supplied input. Amaya version 10.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32847
  • 08.51.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java Wireless Toolkit Unspecified Remote Stack-Based Buffer Overflow
  • Description: Sun Java Wireless Toolkit for CDLC is a toolbox for developing wireless applications that are based on J2ME's Connected Limited Device Configuration (CLDC). The toolkit is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Sun Java Wireless Toolkit versions 2.5.2 and earlier are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1
  • 08.51.35 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
  • Description: Opera Web Browser is a browser that runs on multiple operating systems. Opera is exposed to multiple security issues. Opera versions prior to 9.63 are affected.
  • Ref: http://www.opera.com/support/kb/view/921/
  • 08.51.36 - CVE: CVE-2008-0971, CVE-2008-1094
  • Platform: Cross Platform
  • Title: Multiple Barracuda Products Multiple Input Validation Vulnerabilities
  • Description: Multiple Barracuda products are exposed to multiple input-validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.barracudanetworks.com/ns/support/tech_alert.php
  • 08.51.37 - CVE: CVE-2008-5430
  • Platform: Cross Platform
  • Title: Mozilla Thunderbird Malformed MIME Message Denial of Service
  • Description: Mozilla Thunderbird is a cross-platform mail client for Windows, Linux, and Apple Mac OS X. The application is exposed to a denial of service issue because it fails to properly handle malformed multipart MIME messages.
  • Ref: http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro
  • 08.51.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox MathML XHTML Denial of Service
  • Description: Mozilla Firefox is a browser available for multiple platforms. The browser is exposed to a remote denial of service issue. Viewing a malicious XHTML web page containing an empty "frameset" tag within a "mathml:mroot" tag may cause the browser to crash. Firefox version 3.0.4 is affected.
  • Ref: http://www.securityfocus.com/bid/32878
  • 08.51.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pro Chat Rooms "gud" Parameter Cross-Site Scripting
  • Description: Pro Chat Rooms is a web-based chat room application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "gud" parameter of the "profiles/index.php" script. Pro Chat Rooms version 3.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32758
  • 08.51.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eZoneScripts Living Local Cross-Site Scripting
  • Description: eZoneScripts Living Local is a web-based application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "r" parameter of the "listtest.php" script. Living Local version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32761
  • 08.51.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Max's Guestbook Multiple Cross-Site Scripting Vulnerabilities
  • Description: Max's Guestbook is a guestbook application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/499099
  • 08.51.42 - CVE: CVE-2008-5435
  • Platform: Web Application - Cross Site Scripting
  • Title: PunBB "moderate.php" Cross-Site Scripting
  • Description: PunBB is a PHP-based forum application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to topic subjects in the "moderate.php" script. PunBB versions prior to 1.3.1 are affected.
  • Ref: http://punbb.informer.com/forums/topic/20392/punbb-131/
  • 08.51.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: PHP Weather Local File Include and Cross-Site Scripting Vulnerabilities
  • Description: PHP Weather is a PHP-based application used to show current weather. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. PHP Weather version 2.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32820
  • 08.51.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Flatnux "photo.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Flatnux is a web-based content manager. Flatnux is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "mod" and "foto" parameters of the "photo.php" script.
  • Ref: http://www.securityfocus.com/bid/32828
  • 08.51.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Groupmax Workflow Development Kit for Active Server Pages Cross-Site Scripting
  • Description: Hitachi Groupmax Workflow is a workflow management system. Groupmax Workflow Development Kit for Active Server Pages is exposed to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vul s/HS08-026/index.html
  • 08.51.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hitachi JP1/Integrated Management - Service Support Unspecified Cross-Site Scripting
  • Description: Hitachi JP1/Integrated Management - Service Support is an application server available for multiple operating platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-023/index.html
  • 08.51.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: World Recipe Multiple Cross-Site Scripting Vulnerabilities
  • Description: World Recipe is an ASP-based recipe management application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. World Recipe version 2.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499217
  • 08.51.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: icash Click&Rank "user.asp" Cross-Site Scripting
  • Description: icash Click&Rank is an ASP-based web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "action" parameter of the "user.asp" script.
  • Ref: http://www.securityfocus.com/bid/32855
  • 08.51.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kerio MailServer WebMail Multiple Cross-Site Scripting Vulnerabilities
  • Description: Kerio MailServer is a mail management application used as an alternative to Microsoft Exchange. WebMail is a mail client for the Kerio MailServer. Kerio MailServer WebMail is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data. Kerio MailServer version 6.6.1 build 7069 for Windows is affected.
  • Ref: http://www.kerio.com/security_advisory.html#0812
  • 08.51.50 - CVE: CVE-2008-5574
  • Platform: Web Application - SQL Injection
  • Title: unscripts UN Webmaster Marketplace "member.php" SQL Injection
  • Description: unscripts UN Webmaster Marketplace is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "u" parameter of the "MPS/member.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32756
  • 08.51.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CF Shopkart "index.cfm" SQL Injection
  • Description: CF Shopkart is a web-based e-commerce application implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Category" parameter of the "index.cfm" script before using it in an SQL query. CF Shopkart version 5.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32765
  • 08.51.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CFMSource CF_Calendar "calendarevent.cfm" SQL Injection
  • Description: CFMSource CF_Calendar is a web-based calendar application implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "calid" parameter of the "calendarevent.cfm" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32766
  • 08.51.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CF_Auction and CF_Forum "forummessages.cfm" SQL Injection
  • Description: CF_Auction is an auction script implemented in ColdFusion. CF_Forum is a web-based forum application implemented in ColdFusion. The applications are exposed to an SQL injection issue because they fail to sufficiently sanitize user-supplied data to the "categorynbr" parameter of the "forummessages.cfm" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32767
  • 08.51.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CFMSource CFMBlog "categorynbr" Parameter SQL Injection
  • Description: CFMSource CFMBlog is a web-based content management application implemented in ColdFusion. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "categorynbr" parameter of the "index.cfm" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32768
  • 08.51.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Banner Exchange Software Java "logon_license.jsp" Multiple SQL Injection Vulnerabilities
  • Description: Banner Exchange Software Java is an advertisement management application implemented in Java. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to "User Name" and "Password" textboxes when logging in to the affected application through the "logon_license.jsp" script.
  • Ref: http://www.securityfocus.com/bid/32781
  • 08.51.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple Ad Server Solutions Products "logon_processing.jsp" SQL Injection Vulnerabilities
  • Description: Ad Server Solutions creates multiple JSP-based products related to online advertising. Multiple applications are exposed to SQL injection issues because they fail to sufficiently sanitize user-supplied data to the "uname" and "pass" parameters of the "logon_processing.jsp" script.
  • Ref: http://www.securityfocus.com/bid/32782
  • 08.51.57 - CVE: CVE-2008-3058
  • Platform: Web Application - SQL Injection
  • Title: Octeth Oempro Multiple SQL Injection Vulnerabilities
  • Description: Octeth Oempro is a PHP-based email marketing application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. Octeth Oempro version 3.5.5.1 is affected.
  • Ref: http://osvdb.org/ref/50/oempro.txt
  • 08.51.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP-CMS "cha" Parameter SQL Injection
  • Description: ASP-CMS is an ASP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cha" parameter of the "index.php" script before using it in an SQL query. ASP-CMS version 1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499153
  • 08.51.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Social Groupie "id" Parameter SQL Injection
  • Description: Social Groupie is a PHP-based social networking application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "group_index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32787
  • 08.51.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Ad Management Java "logon.jsp" SQL Injection
  • Description: Ad Management Java is an advertisement management application implemented in Java. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to "User Name" and "Password" textboxes of the "logon.jsp" script when logging in to the affected application.
  • Ref: http://www.securityfocus.com/bid/32790
  • 08.51.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Affiliate Software Java "logon.jsp" SQL Injection
  • Description: Affiliate Software Java is an advertisement management application implemented in Java. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to "User Name" and "Password" textboxes of the "logon.jsp" script when logging in to the affected application. Affiliate Software Java version 4.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32791
  • 08.51.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASPired2Blog "blog_comments.asp" SQL Injection
  • Description: ASPired2Blog is an ASP-based weblog application. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "BlogID" parameter of the "admin/blog_comments.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32797
  • 08.51.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Umer Inc Songs Portal "id" Parameter SQL Injection
  • Description: Umer Inc Songs Portal is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32802
  • 08.51.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla Live Chat Multiple SQL Injection and Open Proxy Vulnerabilities
  • Description: Joomla Live Chat is a chat application for the Joomla! content manager. The application is exposed to multiple input validation issues. Exploiting these issues could allow attackers to perform certain proxy actions, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32803
  • 08.51.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP-DEV Internal E-Mail System SQL Injection Vulnerabilities
  • Description: ASP-DEV Internal E-Mail System is a web-based email-like messaging system. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "user" and "pass" fields.
  • Ref: http://www.securityfocus.com/bid/32808
  • 08.51.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP-DEV XM Events Diary "cat" Parameter SQL Injection
  • Description: ASP-DEV XM Events Diary is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "default.asp" script before using it in an SQL query.
  • Ref: http://www.asp-dev.com/main.asp?page=42
  • 08.51.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FlexPHPNews Username and Password SQL Injection Vulnerabilities
  • Description: FlexPHPNews is a news manager for web sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the username and password fields in the "admin/usercheck.php" script. FlexPHPNews version 0.0.6 and FlexPHPNews Pro 0.0.6 are affected.
  • Ref: http://www.securityfocus.com/bid/32810
  • 08.51.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Multiple ASP SiteWare Products SQL Injection Vulnerabilities
  • Description: ASP SiteWare produces a number of ASP-based web applications. The applications are exposed to multiple SQL injection issues because they fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/32812
  • 08.51.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: FLDS Free Links Directory Script "redir.php" SQL Injection
  • Description: FLDS (Free Links Directory Script) is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "redir.php" script before using it in an SQL query. FLDS version 1.2a is affected.
  • Ref: http://www.securityfocus.com/bid/32813
  • 08.51.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Intesync LLC Miniweb 2.0 "username" Parameter SQL Injection
  • Description: Intesync LLC Miniweb 2.0 is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "username" field of the admin area login form before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32819
  • 08.51.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WebPhotoPro Multiple SQL Injection Vulnerabilities
  • Description: WebPhotoPro is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32829
  • 08.51.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Citrix Broadcast Server Unspecified SQL Injection
  • Description: Citrix Application Gateway is used to distribute applications to IP phones. It includes a Broadcast Server component. The Broadcast Server is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Broadcast Server version 6.1 for Citrix Application Gateway and Broadcast Server 2.0 for Avaya AG250 are affected.
  • Ref: http://support.citrix.com/article/CTX119315
  • 08.51.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Free Links Directory Script "lpro.php" SQL Injection
  • Description: Free Links Directory Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "lpro.php" script before using it in an SQL query. Free Links Directory Script version 1.2a is affected.
  • Ref: http://www.securityfocus.com/bid/32835
  • 08.51.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mediatheka "connection.php" SQL Injection
  • Description: Mediatheka is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "connection.php" script before using it in an SQL query. Mediatheka version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32836
  • 08.51.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CadeNix "cid" Parameter SQL Injection
  • Description: CadeNix is a PHP-based application that allows users to develop online games. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32846
  • 08.51.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AM Events Module For Xoops "print.php" SQL Injection
  • Description: The AM Events module is a PHP-based component for the XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "modules/amevents/print.php" script before using it in an SQL query. The AM Events module version 0.22 is affected.
  • Ref: http://www.securityfocus.com/bid/32848
  • 08.51.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CFAGCMS "print.php" SQL Injection
  • Description: CFAGCMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "title" parameter of the "right.php" script before using it in an SQL query. CFAGCMS version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/32851
  • 08.51.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Aperto Blog "categories.php" SQL Injection
  • Description: Aperto Blog is a web application. The application is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "categories.php" script before using it in an SQL query. Aperto Blog version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32853
  • 08.51.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: icash Click&Rank Multiple SQL Injection Vulnerabilities
  • Description: icash Click&Rank is a web-based application implemented in ASP. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32854
  • 08.51.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: icash Click&BaneX Multiple SQL Injection Vulnerabilities
  • Description: icash Click&BaneX is a web-based application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data.
  • Ref: http://www.securityfocus.com/bid/32856
  • 08.51.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Faupload "download.php" SQL Injection
  • Description: Faupload is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "download.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32858
  • 08.51.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Free Links Directory Script "report.php" SQL Injection
  • Description: Free Links Directory Script is a PHP-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "linkid" parameter of the "report.php" script before using it in an SQL query. Free Links Directory Script version 1.2a is affected.
  • Ref: http://www.securityfocus.com/bid/32859
  • 08.51.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gnews Publisher "authors.asp" SQL Injection
  • Description: Gnews Publisher is a web-based publishing application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "authorID" parameter of the "authors.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32883
  • 08.51.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Liberum Help Desk "forgotpass.asp" SQL Injection
  • Description: Liberum Help Desk is a web interface for managing and tracking technical support problems. It is implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" field in the "forgotpass.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32884
  • 08.51.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ASP Indir EvimGibi Pro Resim Galerisi "resim.asp" SQL Injection
  • Description: ASP Indir EvimGibi Pro Resim Galerisi is a web-based application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kat_id" parameter of the "resim.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/32885
  • 08.51.86 - CVE: Not Available
  • Platform: Web Application
  • Title: eZoneScripts Living Local Arbitrary File Upload
  • Description: eZoneScripts Living Local is a web-based application. The application is exposed to an arbitrary file upload issue because it fails to properly verify the file extensions of uploaded files. Living Local version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32760
  • 08.51.87 - CVE: Not Available
  • Platform: Web Application
  • Title: eZ Publish "/user/register" Remote Privilege Escalation
  • Description: eZ Publish in a content management system. eZ Publish is exposed to a remote privilege escalation issue that occurs in the registration view ("/user/register") page. eZ Publish versions prior to 3.9.5, 3.10.1, and 4.0.1 are affected. Ref: http://ez.no/developer/security/security_advisories/ez_publish_3_9/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
  • 08.51.88 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAddEdit "addedit-render.php" Local File Include
  • Description: phpAddEdit is a web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "editform" parameter of the "addedit-render.php" script. phpAddEdit version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32774
  • 08.51.89 - CVE: Not Available
  • Platform: Web Application
  • Title: MDaemon Server WorldClient "<IMG>" Tag Script Injection
  • Description: WorldClient is a web-based email client shipped with MDaemon Email Server. The application is exposed to a script injection issue because it fails to properly sanitize user-supplied input. WorldClient version 10.0.2 with Internet Explorer 7 is affected.
  • Ref: http://www.securityfocus.com/bid/32776
  • 08.51.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Deleted Input Format HTML Injection
  • Description: Drupal is an open-source content manager that is available for several platforms. Drupal is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input before using it in dynamically generated content. This issue can be triggered when an input format is deleted. Drupal versions prior to 5.13 and 6.7 are affected.
  • Ref: http://drupal.org/node/345441
  • 08.51.91 - CVE: Not Available
  • Platform: Web Application
  • Title: phpAddEdit "Addedit-login.php" Authentication Bypass
  • Description: phpAddEdit is a web-application. The application is exposed to an authentication bypass issue that occurs in the "Addedit-login.php" script because it fails to adequately verify user-supplied input used for cookie-based authentication. phpAddEdit version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32779
  • 08.51.92 - CVE: Not Available
  • Platform: Web Application
  • Title: InSun FeedCms "lang" Parameter Local File Include
  • Description: InSun FeedCms is a web-based content management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "index.php" script. FeedCms version 1.07.03.19Beta is affected.
  • Ref: http://www.securityfocus.com/bid/32783
  • 08.51.93 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP Support Tickets New Ticket Arbitrary File Upload
  • Description: PHP Support Tickets is a help desk application. The application is exposed to an unspecified issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. Specifically, the application fails to sufficiently sanitize file extensions before uploading the files when creating a new ticket. PHP Support Tickets version 2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32785
  • 08.51.94 - CVE: Not Available
  • Platform: Web Application
  • Title: SUMON Multiple Remote Command Execution Vulnerabilities
  • Description: SUMON is a web-based application. SUMON is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. SUMON versions up to and including 0.7.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32788
  • 08.51.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Analysis of High-Performance Access CGI Session Identifier Session Hijacking
  • Description: Analysis of High-Performance Access CGI is a web-based application implemented in Perl. The application is exposed to a session hijacking issue because the application fails to generate secure random session identifiers. Analysis of High-Performance Access CGI versions 4.01 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/32794
  • 08.51.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Social Groupie "create_album.php" Arbitrary File Upload
  • Description: Social Groupie is a social networking application. The application is exposed to an issue that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/32795
  • 08.51.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Roundcube Webmail "preg_replace" Remote Code Execution
  • Description: RoundCube Webmail is a web-based IMAP client. Roundcube Webmail is exposed to a remote code execution issue because the application fails to sufficiently sanitize user-supplied input to the "preg_replace()" function of an unspecified script. Round Cube Webmail versions 0.2-1 alpha and 0.2-2 beta are affected.
  • Ref: http://chuggnutt.com/html2text.php
  • 08.51.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Moodle "texed.php" Remote Command Execution
  • Description: Moodle is a content manager for online courseware. Moodle is exposed to an issue that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input to the "pathname" parameter of the "texed.php" script. Moodle version 1.9.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/499215
  • 08.51.99 - CVE: Not Available
  • Platform: Web Application
  • Title: Simple Text-File Login script "slogin_lib.inc.php" Remote File Include
  • Description: Simple Text-File Login script (SiTeFiLo) is a PHP-based application used to authenticate users. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "slogin_path" parameter of the "slogin_lib.inc.php" script. Simple Text-File Login script version 1.0.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32811
  • 08.51.100 - CVE: Not Available
  • Platform: Web Application
  • Title: Mediatheka "index.php" Local File Include
  • Description: Mediatheka is a web application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "index.php" script. Mediatheka version 4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/32815
  • 08.51.101 - CVE: Not Available
  • Platform: Web Application
  • Title: The Rat CMS Admin Security Bypass
  • Description: The Rat CMS is a web-based content manager. The application is exposed to a security bypass issue. Specifically, an attacker can exploit the issue by accessing ".php" files in the "admin" directory. The Rat CMS Pre-Alpha version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/32816
  • 08.51.102 - CVE: Not Available
  • Platform: Web Application
  • Title: CFAGCMS "index.php" Multiple Remote File Include Vulnerabilities
  • Description: CFAGCMS is a content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "main" and "right" parameters of the "index.php" script. CFAGCMS version 1 is affected.
  • Ref: http://www.securityfocus.com/bid/32817
  • 08.51.103 - CVE: Not Available
  • Platform: Web Application
  • Title: AutositePHP Multiple Local File Include and File Overwrite Vulnerabilities
  • Description: AutositePHP is a PHP-based content manager. The application is exposed to local file include issues and a file overwrite issue because it fails to properly sanitize user-supplied input. AutositePHP version 2.0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/32818
  • 08.51.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple AvailScript Products Arbitrary File Upload Vulnerabilities
  • Description: AvailScript create scripts for web-based applications. AvailScript Article and AvailScript Classmate scripts are exposed to multiple issues that let remote attackers upload and execute arbitrary script code on an affected computer with the privileges of the web server process.
  • Ref: http://www.securityfocus.com/bid/32821
  • 08.51.105 - CVE: Not Available
  • Platform: Web Application
  • Title: CMS ISWEB SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: CMS ISWEB is a web-based content manager. CMS ISWEB is exposed to an SQL injection issue and a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. CMS ISWEB version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/32823
  • 08.51.106 - CVE: Not Available
  • Platform: Web Application
  • Title: Flatnux "index.php" HTML Injection
  • Description: Flatnux is a web-based content manager. Flatnux is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "index.php" script.
  • Ref: http://www.securityfocus.com/bid/32826
  • 08.51.107 - CVE: Not Available
  • Platform: Web Application
  • Title: GeekiGeeki Multiple File Disclosure Vulnerabilities
  • Description: GeekiGeeki is a wiki application. The application is exposed to multiple file disclosure issues because it fails to properly sanitize user-supplied input passed to the "handle_edit()" and "handle_raw()" functions in the "geekigeeki.py" script. GeekiGeeki versions prior to 3.0 are affected.
  • Ref: http://www.securityfocus.com/bid/32831
  • 08.51.108 - CVE: Not Available
  • Platform: Web Application
  • Title: BabbleBoard "username" HTML Injection
  • Description: BabbleBoard is a bulletin board application. BabbleBoard is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input. Specifically, this issue affects the "username" text box when registering a new user. BabbleBoard version 1.1.6 is affected.
  • Ref: http://www.securityfocus.com/bid/32840
  • 08.51.109 - CVE: Not Available
  • Platform: Web Application
  • Title: phpList Unspecified Local File Include
  • Description: phpList is a newsletter manager. The application is exposed to an unspecified local file include issue because it fails to properly sanitize user-supplied input. phpList versions prior to 2.10.8 are affected.
  • Ref: http://www.phplist.com/?lid=273
  • 08.51.110 - CVE: Not Available
  • Platform: Web Application
  • Title: phpBB Account Re-Activation Authentication Bypass
  • Description: phpBB is a web application. phpBB is exposed to an authentication bypass issue because it fails to properly enforce privilege requirements when re-activating disabled accounts. phpBB versions prior to 3.0.4 are affected.
  • Ref: http://www.phpbb.com/support/documents.php?mode=changelog&version=3
  • 08.51.111 - CVE: Not Available
  • Platform: Web Application
  • Title: Injader SQL Injection and HTML Injection Vulnerabilities
  • Description: Injader is a content manager. The application is exposed to multiple input-validation issues. Injader versions prior to 2.1.2 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=229782&amp;release_id=646897
  • 08.51.112 - CVE: CVE-2008-5249, CVE-2008-5250
  • Platform: Web Application
  • Title: MediaWiki Cross-Site Scripting and Multiple HTML Injection Vulnerabilities
  • Description: MediaWiki is a wiki application. The application is exposed to multiple cross-site scripting and HTML injection issues because it fails to sufficiently sanitize user-supplied data. MediaWiki versions prior to 1.13.3, 1.12.1 and 1.6.11 are affected. Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.html
  • 08.51.113 - CVE: Not Available
  • Platform: Web Application
  • Title: The Rat CMS "login.php" Multiple SQL Injection Vulnerabilities
  • Description: The Rat CMS is a PHP-based content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The Rat CMS Alpha version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/32845
  • 08.51.114 - CVE: Not Available
  • Platform: Web Application
  • Title: WorkSimple Information Disclosure Vulnerability and Remote File Include
  • Description: WorkSimple is a weblog application. The application is exposed to multiple remote security issues. WorkSimple version 1.2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32849
  • 08.51.115 - CVE: Not Available
  • Platform: Web Application
  • Title: Aperto Blog Multiple Local File Include Vulnerabilities
  • Description: Aperto Blog is a PHP-based blog application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input. Aperto Blog version 0.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/32850
  • 08.51.116 - CVE: Not Available
  • Platform: Web Application
  • Title: eZ Publish Weak Activation Token Remote Privilege Escalation
  • Description: eZ Publish is a content manager. eZ Publish is exposed to a remote privilege escalation issue that occurs in the registration view ("/user/register") page. eZ Publish versions 3.9.2 and 4.0.1 are affected.
  • Ref: http://www.securityfocus.com/bid/32852
  • 08.51.117 - CVE: Not Available
  • Platform: Web Application
  • Title: icash ClickAndEmail SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: icash ClickAndEmail is a web application. The application is exposed to multiple input validation issues. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  • Ref: http://www.securityfocus.com/bid/32857
  • 08.51.118 - CVE: CVE-2008-5576
  • Platform: Web Application
  • Title: sCssBoard "admin/forums.php" Authentication Bypass
  • Description: sCssBoard is a web application. The application is exposed to an authentication bypass isssue that occurs in the "admin/forums.php" script because it fails to adequately verify user-supplied input passed as the "current_users[users_level]" parameter. sCssBoard version 1.12 is affected.
  • Ref: http://www.securityfocus.com/bid/32871
  • 08.51.119 - CVE: Not Available
  • Platform: Web Application
  • Title: RSMScript Cookie Authentication Bypass and HTML Injection Vulnerabilities
  • Description: RSMScript is a web-based application. The application is exposed to multiple issues because it fails to properly sanitize user-supplied input. RSMScript version 1.21 is affected.
  • Ref: http://www.securityfocus.com/bid/32886
  • 08.51.120 - CVE: Not Available
  • Platform: Network Device
  • Title: Nokia N70 and N73 Malformed OBEX Name Header Remote Denial of Service
  • Description: Nokia N70 and N73 phones are capable of Bluetooth wireless communication, including support for the Object Exchange (OBEX) protocol. These phones are exposed to a remote denial of service issue. Specifically, they fail to handle OBEX requests where the "Name" header contains specific malformed characters. N70 and N73 phones are affected.
  • Ref: http://www.securityfocus.com/archive/1/499157

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

The level of expertise is unprecedented. People like Ed are hard to find!
-Steve O'Brien, City of Bend

SANS 2010-sky-c

Contact us: (301) 654-SANS(7267)
Monday - Friday 9am-8pm EST/EDT