Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 6
February 5, 2008

SANS Newsletters Home

One interesting lesson from this week's report is that critical vulnerabilities are more and more often found in products that are NOT automatically updated.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Third Party Windows Apps
    • 14 (#1, #2, #3, #4, #6)
    • Linux
    • 4
    • Aix
    • 1
    • Unix
    • 1
    • Cross Platform
    • 8 (#5, #7)
    • Web Application - Cross Site Scripting
    • 18
    • Web Application - SQL Injection
    • 23
    • Web Application
    • 29
    • Network Device
    • 2

************************* SPONSORED BY SANS *****************************

SANS is presenting a special workshop on Sunday, March 2, 2008, prior to the Gartner Wireless & Mobile Summit which is being held March 3-5 at the Hyatt Regency Chicago in Chicago, Illinois.

SANS instructor Matt Luallen will present: Mobile Information Security = People + Operations + Technology. Matt Luallen is one of the many experts you'll be hearing from at this event, which includes 40 analyst-led sessions presenting the latest research and case studies, as well as actionable recommendations for next steps you can implement immediately. Find out more about this event at http://www.sans.org/info/23443

*************************************************************************

SECURITY TRAINING UPDATE: Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - Las Vegas (3/17 - 3/18) Penetration Testing Summit: (an ultra cool program) http://www.sans.org/pentesting08_summit - - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php - - Prague (2/18-2/23): http://www.sans.org/prague08 - - SANS 2008 (4/18-4/25) In Orlando SANS' biggest program with myriad bonus sessions: http://www.sans.org/sans2008 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Third Party Windows Apps
Linux
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** SPONSORED LINK *************************

1) Learn about testing network security and encryption technology. Complimentary Tested with Spirent Security Testing Seminar. http://www.sans.org/info/23448

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Titan FTP Server Multiple Buffer Overflow Vulnerabilities
  • Affected:
    • Titan FTP Server versions 3.30 and prior

  • Description: Titan FTP Server is a popular enterprise File Transfer Protocol (FTP) server for Microsoft Windows. It contains multiple buffer overflow vulnerabilities in its handling of user-supplied authentication credentials. An overlong username or password passed to the server could trigger these buffer overflows. Successfully exploiting one of these buffer overflows would allow an attacker to execute arbitrary code with the privileges of the vulnerable process (usually SYSTEM). Full technical details and a proof-of-concept are publicly available for this vulnerability. No authentication is required to exploit this vulnerability.

  • Status: Titan has not confirmed, no updates available.

  • References:
  • (2) HIGH: Multiple Yahoo! Jukebox ActiveX Controls Multiple Vulnerabilities
  • Affected:
    • Yahoo! Jukebox mediagrid.dll ActiveX Control
    • Yahoo! Jukebox datagrid.dll ActiveX Control

  • Description: Yahoo! Jukebox is Yahoo's popular music management service. Part of its functionality is provided by two ActiveX controls, "mediagrid.dll" and "datagrid.dll". These controls contain multiple buffer overflow vulnerabilities in their handling of a variety of parameters. A malicious web page that instantiated one of these controls could trigger one of these vulnerabilities, allowing an attacker to execute arbitrary code with the privileges of the current user. Multiple proofs-of-concept and technical details are publicly available for these vulnerabilities.

  • Status: Yahoo! has not confirmed, no updates available. Users can mitigate the impact of these vulnerabilities by disabling the affected controls via Microsoft's "kill bit" mechanism for CLSIDs "22FD7C0A-850C-4A53-9821-0B0915C96139" and "5F810AFC-BB5F-4416-BE63-E01DD117BD6C". Note that this may affect normal application functionality.

  • References:
  • (3) HIGH: Multiple Uploader ActiveX Controls Buffer Overflows
  • Affected:
    • MySpace Uploader ActiveX Control
    • Facebook Photo Uploader 4 ActiveX Control
    • Aurigma ImageUploader ActiveX Control

  • Description: Multiple image uploading ActiveX controls contain buffer overflows in their handling of control properties. These controls are used by several web sites to facilitate image uploading. Most importantly, these controls are used by two extremely popular social networking sites, MySpace and Facebook. A specially crafted web page that instantiates one of these controls could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. A proof-of-concept and full technical details are publicly available for this vulnerability.

  • Status: MySpace has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected controls via Microsoft's "kill bit" mechanism using CLSIDs "48DD0448-9209-4F81-9F6D-D83562940134" and "6E5E167B-1566-4316-B27F-0DDAB3484CF7". Note that this may affect normal application functionality.

  • References:
  • (4) HIGH: eLynx SwiftView Buffer Overflow
  • Affected:
    • eLynx SwiftView versions prior to 8.3.5

  • Description: eLynx SwiftView is a popular enterprise document printing and viewing system. Part of its functionality is provided via a web browser plugin and an ActiveX control. Both the plugin and control contain a buffer overflow vulnerability. A malicious web page that uses the plugin or instantiates the control could trigger this buffer overflow and allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: eLynx confirmed, updates available. Users can mitigate the impact of the ActiveX version of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "7DD62E58-5FA8-11D2-AFB7-00104B64F126". Note that this may affect normal application functionality.

  • References:
  • (5) MODERATE: UltraVNC Client Protocol Negotiation Buffer Overflow
  • Affected:
    • UltraVNC versions prior to UltraVNC 1.0.4 with Security Update

  • Description: UltaVNC is a client and server package for the Virtual Network Computing (VNC) desktop sharing protocol. Its client component contains a buffer overflow in its handling of protocol negotiation requests. A malicious VNC server could exploit this vulnerability by sending a malformed version string to the client upon connection. A client could also be exploited if the client is run in "listening" mode, in which it acts like a VNC server. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. The UltraVNC server component is not affected. Technical details for this vulnerability are available via source code analysis.

  • Status: UltraVNC confirmed, updates available.

  • References:
  • (6) MODERATE: IrfanView FlashPix Memory Corruption
  • Affected:
    • IrfvanView FlashPix Plugin versions 3.9.8.0 and prior

  • Description: IrfvanView is a popular image viewing application for Microsoft Windows. Its FlashPix plugin allows it to display FlashPix image files. This plugin contains a memory corruption vulnerability. A specially crafted FlashPix file could exploit this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that, depending upon configuration, FlashPix files may be opened automatically by IrfanView, without first prompting the user. A proof-of-concept and technical details are publicly available for this vulnerability.

  • Status: IrfvanView has not confirmed, no updates available.

  • References:
  • (7) HIGH: Gnumeric Excel File Handling Memory Corruption
  • Affected:
    • Gnumeric versions prior to 1.8.1

  • Description: Gnumeric is a popular cross-platform spreadsheet application, developed as part of the GNOME project. It is distributed by default with several Linux and UNIX-like operating system distributions. Versions are also available for Microsoft Windows. Gnumeric contains a memory corruption vulnerability in its handling of Microsoft Excel formatted files. A specially crafted file could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Full technical details are available for this vulnerability via source code analysis.

  • Status: Gnumeric confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 6, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.6.1 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Hero Super Player 3000 M3U Buffer Overflow
  • Description: Hero Super Player 3000 is a media player application for the Windows operating system. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application handles a specially crafted .M3U file and the user clicks the "DelUnselect" button.
  • Ref: http://www.securityfocus.com/bid/27478
  • 08.6.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MailBee Objects "MailBee.dll" ActiveX Control Multiple Insecure Method Vulnerabilities
  • Description: MailBee Objects is a set of components for sending, receiving, and managing email. The application is exposed to mulitple issues that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). MailBee Objects version 5.5 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Namo Web Editor "NamoInstaller.dll" ActiveX Control Arbitrary Command Execution
  • Description: Namo Web Editor ActiveSquare is an ActiveX control. The control is exposed to an issue that lets attackers execute arbitrary commands. "NamoInstaller.dll" version 3.0.0.1 of the Namo Web Editor ActiveSquare 6 control is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Persits Software XUpload "AddFile()" Method ActiveX Control Remote Buffer Overflow
  • Description: The XUpload ActiveX control allows users to upload files to a server. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. "xupload.ocx" 3.0.0.4 of XUpload version 3.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chilkat Email "ChilkatCert.dll" ActiveX Control Insecure Method
  • Description: Chilkat Email is an ActiveX control for sending and receiving email. The control is exposed to an issue that allows attackers to create or overwrite arbitrary data with the privileges of the application using it (typically Internet Explorer). This issue affects the "SaveLastError" attribute of the "ChilkatCert.dll" ActiveX control. "ChilkatCert.dll" library of the Chilkat Email ActiveX control version 7.8 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SafeNET High Assurance Remote and SoftRemote IPSecDrv.SYS Local Privilege Escalation
  • Description: SafeNET High Assurance Remote and SoftRemote are security carrier-grade VPN applications that include FIPS technology, device authentication, and the Advanced Encryption Standard (AES) algorithm. The application is exposed to a local privilege escalation issue because a user-definable offset is used in an indirect system call. "IPSecDrv.sys" version 10.4.0.12 when running on Windows operating systems is affected. The driver is included with SafeNET HighAssurance Remote and SafeNET HighAssurance SoftRemote. This issue may also affect other versions as well as versions running on other operating platforms.
  • Ref: http://www.securityfocus.com/bid/27496
  • 08.6.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: LSrunasE and Supercrypt RC4 Weak Encryption
  • Description: LSrunasE and Supercrypt are utilities used to run commands under a different user account within Windows batch scripts. The application is exposed to a weak encryption issue due to insecure usage of the RC4 encryption algorithm. The issue occurs because the application uses the same keystream to generate encrypted data. LSrunasE version 1.0 and Supercrypt version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27500
  • 08.6.8 - CVE: CVE-2008-0064
  • Platform: Third Party Windows Apps
  • Title: GFL SDK Library Buffer Overflow
  • Description: GFL SDK is an image library for developers. The library is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the error arises in the "libgfl280.dll" file when the library processes RGBE files. GFL SDK version 2.870 is affected. XnView versions 1.91 and 1.92 that use the library and NConvert 4.85 are also affected.
  • Ref: http://secunia.com/secunia_research/2008-1/advisory/
  • 08.6.9 - CVE: CVE-2007-5602
  • Platform: Third Party Windows Apps
  • Title: SwiftView ActiveX Control and Browser Plugin Stack-Based Buffer Overflow
  • Description: SwiftView is an application used to print or view PCL, HPGL, and TIFF files. The application is exposed to a stack-based buffer overflow issue. This issue affects the ActiveX control provided by "svocx.ocx". The browser plugin version of the application is also affected.
  • Ref: http://www.kb.cert.org/vuls/id/639169
  • 08.6.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer Overflow
  • Description: MySpace Uploader ActiveX Control lets MySpace users upload files to the server. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "Action" property of the "MySpaceUploader.ocx" library. MySpace Uploader ActiveX Control versions 1.0.0.4 and 1.0.0.5 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Facebook Photo Uploader 4 "ImageUploader4.1.ocx" ActiveX Control Buffer Overflow
  • Description: Facebook Photo Uploader ActiveX control lets Facebook users upload album and image files to the server. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "Action" property of the "ImageUploader4.1.ocx" library. The "ImageUploader4.1.ocx" version 4.5.57.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Aurigma Image Uploader "ImageUploader4.ocx" ActiveX Control Buffer Overflow
  • Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a server. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. This issue affects the "Action" property of the "ImageUploader4.ocx" library. Image Uploader version 4.5.70.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chilkat FTP "ChilkatCert.dll" ActiveX Control Insecure Method
  • Description: Chilkat FTP is an ActiveX control for sending and receiving files. The control is exposed to an issue that allows attackers to create or overwrite arbitrary data with the privileges of the application using it (typically Internet Explorer). This issue affects the "SavePkcs8File" attribute of the "ChilkatCert.dll" ActiveX control. Chilkat FTP ActiveX version 2.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.6.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: UltraVNC VNCViewer "ClientConnection.cpp" Remote Buffer Overflow
  • Description: UltraVNC is a client/server remote access suite that allows remote users to access desktops as though they are local users. It was formerly known as Ultr@VNC. The application is exposed to a remote buffer overflow issue due to a failure of the application to properly validate user-supplied string lengths before copying them into static process buffers. UltraVNC version 1.0.2 and UltraVNC 104 release candidates released prior to January 25, 2008 are affected.
  • Ref: http://forum.ultravnc.info/viewtopic.php?t=11850
  • 08.6.15 - CVE: CVE-2007-4770, CVE-2007-4771
  • Platform: Linux
  • Title: International Components for Unicode Library (libicu) Multiple Memory Corruption Vulnerabilities
  • Description: The International Components for Unicode (libicu) is a freely-available library for handling Unicode data in applications. The library is exposed to multiple memory corruption issues. The International Components for Unicode versions 3.8.1 and earlier are affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=429025
  • 08.6.16 - CVE: CVE-2007-6151
  • Platform: Linux
  • Title: Linux Kernel "isdn_common.c" Local Buffer Overflow
  • Description: The Linux kernel is exposed to a local buffer overflow issue because it fails to properly bounds check user-supplied input before copying it into an insufficiently sized buffer. This issue occurs in the the "isdn_ioctl()" function in the "isdn_common.c" source file. The struct "iocts" is not NULL terminated, which can allow specially-crafted IOCTL data to overrun a memory buffer. Linux kernel versions prior to 2.6.25 are affected. Ref: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=eafe1aa37e6ec2d56f14732b5240c4dd09f0613a
  • 08.6.17 - CVE: CVE-2007-6694
  • Platform: Linux
  • Title: Linux Kernel PowerPC "chrp/setup.c" NULL Pointer Dereference Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue. This issue occurs in the "chrp_show_cpuinfo()" function of the "chrp/setup.c" source file. Specifically, a NULL-pointer dereference exception occurs when the "of_get_property()" function fails. When a failure does occur, the "strcmp()" function is called, which causes the kernel to access a dereferenced pointer. Linux kernel versions 2.4.21 through 2.6.18-53 running on the PowerPC architecture are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0055.html
  • 08.6.18 - CVE: CVE-2007-4130
  • Platform: Linux
  • Title: Linux Kernel Page Faults Using NUMA Local Denial of Service
  • Description: The Linux kernel is exposed to a local denial of service issue because it fails to properly handle certain page faults when using NUMA (Non-Uniform Memory Access) methods. This issue arises when invalid bitmasks are processed by the "set_mempolicy()" function in the "mm/mempolicy.c" source file during page faults. Linux kernel versions 2.6.9 and earlier are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0055.html
  • 08.6.19 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "piox25.c/piox25remote.sh" Local Buffer Overflow
  • Description: AIX is a UNIX operating system from IBM. The application is exposed to a local buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Specifically the issue can be triggered by supplying overly long input to "piox25.c" and "piox25remote.sh".
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ13739
  • 08.6.20 - CVE: Not Available
  • Platform: Unix
  • Title: PatchLink Update Multiple Insecure Temporary File Creation Vulnerabilities
  • Description: PatchLink Update is an application for managing patches and vulnerabilities in a medium to large sized enterprise. The "logtrimmer" log rotation utility and the "rebootTask" script create temporary files with predictable filenames in an insecure manner.
  • Ref: http://www.securityfocus.com/archive/1/487103
  • 08.6.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IrfanView FPX File Remote Memory Corruption
  • Description: IrfanView is an image viewer that supports multiple file formats. The application is exposed to a remote memory corruption issue because it fails to handle specially crafted ".FPX" files. IrfanView version 4.10 is affected.
  • Ref: http://www.securityfocus.com/bid/27479
  • 08.6.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Hardware Management Console Pegasus CIM Server Denial of Service
  • Description: IBM Hardware Management Console enables an administrator to manage the configuration and operation of partitions in a computer and to monitor the computer for hardware problems. IBM Hardware Management Console is exposed to a denial of service issue due to an unspecified error in the Pegasus CIM Server. Hardware Management Console version V7 R3.2.0 is affected. Ref: https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#specific
  • 08.6.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Informix Storage Manager Multiple Buffer Overflow Vulnerabilities
  • Description: IBM Informix Dynamic Server is an application server that runs on various platforms. Informix Storage Manager (ISM) is distributed as part of IBM Informix Dynamic Server (IDS). The application is exposed to multiple buffer overflow issues because it fails to properly bounds-check user-supplied data. IBM Informix Dynamic Server versions 10.00.xC8, 11.10.xC2 and earlier on Microsoft Windows platforms are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21294211
  • 08.6.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Firebird Username Remote Buffer Overflow
  • Description: Firebird is a relational database that runs on Windows, Linux, and UNIX systems. The application is exposed to a remote buffer overflow issue because it fails to properly check boundaries on user-supplied data before using it in a finite-sized buffer. The problem occurs when the application processes usernames and can be exploited by remote attackers to cause a stack overflow by supplying a specially-crafted, overly long username. Firebird versions 2.1 Beta 2, 2.0.3, 2.0.2, 2.0.0, 1.0.3, 2.1 Beta 1, 2.1 Alpha 1, 2.0.1 and 1.5.4 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570816
  • 08.6.25 - CVE: CVE-2008-0387
  • Platform: Cross Platform
  • Title: Firebird Relational Database "protocol.cpp" XDR Protocol Remote Memory Corruption
  • Description: Firebird is a Relational Database Management System (RDBMS) available for multiple operating systems. The application is exposed to an integer overflow issue because it fails to ensure that integer values aren't overrun.
  • Ref: http://www.securityfocus.com/archive/1/487173
  • 08.6.26 - CVE: CVE-2008-0386
  • Platform: Cross Platform
  • Title: Xdg-Utils "xdg-open" and "xdg-email" Multiple Remote Command Execution Vulnerabilities
  • Description: Xdg-Utils is a set of utilities allowing various applications to easily integrate with the free desktop configurations. The application is exposed to multiple remote command execution issues because it fails to sufficiently sanitize user-supplied data to the "xdg-open" and "xdg-email" shell scripts.
  • Ref: http://www.securityfocus.com/bid/27528
  • 08.6.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution
  • Description: Gnumeric is an open-source spreadsheet application. The application is exposed to a remote arbitrary code execution issue due to integer overflow and signedness errors when the application tries to process the XLS HLINK opcodes. Specifically the "excel_read_HLINK()" function in "plugins/excel/ms-excel-read.c" is affected. Gnumeric version 1.6.3 is affected.
  • Ref: http://bugzilla.gnome.org/show_bug.cgi?id=505330
  • 08.6.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java RunTime Environment XML Parsing Unspecified
  • Description: Sun Java Runtime Environment (JRE) is exposed to an unspecified issue that can occur when parsing malicious XML content. This issue affects trusted Java applications running on sites that have the "external general entities" property set to FALSE. JDK and JRE versions 6 Update 3 and earlier are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
  • 08.6.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tripwire Enterprise Login Page Cross-Site Scripting
  • Description: Tripwire Enterprise is a configuration audit and control system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the application's web-based server management login page. Tripwire Enterprise version 7.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487229
  • 08.6.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: SunGard Banner Student "add1" Parameter Cross-Site Scripting
  • Description: Banner is a software suite for administering colleges and other institutions. Banner Student is an information system for students, prospects, and faculty. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the emergency contact address field "add1" of the "ss/bwgkoemr.P_UpdateEmrgContacts" script. Banner Student version 7.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487250
  • 08.6.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Yamaha RT Series Routers Cross-Site Request Forgery
  • Description: Yamaha routers are network devices designed for home and small-office setups. Multiple Yamaha routers are exposed to a cross-site request forgery issue. Attackers exploit this issue by tricking a user into visiting a malicious web page. Yamaha routers in the RT and SRT series are affected.
  • Ref: http://www.securityfocus.com/bid/27491
  • 08.6.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Endian Firewall "userlist.php" Cross-Site Scripting
  • Description: Endian Firewall is a threat management appliance that protects users from spam, viruses and various other threats. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. Specifically, the web interface fails to sanitize user-supplied data to the "psearch" parameter of the "userslist.php" script. Endian Firewall version 2.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27477
  • 08.6.33 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mambo MOStlyCE Module "connector.php" Cross-Site Scripting
  • Description: MOStlyCE is a WYSIWYG editor module included with the Mambo content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Command" parameter of the "mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php" script. MOStlyCE version 2.4 included with Mambo 4.6.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487128
  • 08.6.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eTicket "index.php" Cross-Site Scripting
  • Description: eTicket is an open-source support-ticket system based on osTicket. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "index.php" script. eTicket version 1.5.6-RC4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487133
  • 08.6.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drake CMS "index.php" Cross-Site Scripting
  • Description: Drake CMS is a content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "option" parameter of the "index.php" script. Drake CMS version 0.4.9 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-drake_cms.html
  • 08.6.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: trixbox "index.php" Multple Cross-Site Scripting Vulnerabilities
  • Description: trixbox (formerly Asterisk@Home) is a line of Asterisk-based IP-PBX products. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "user/index.php" and "maint/index.php" scripts. trixbox version 2.4.2.0 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-trixbox.html
  • 08.6.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: F5 BIG-IP Application Security Manager "report_type" Cross-Site Scripting
  • Description: F5 BIG-IP Application Security Manager is a web and operational infrastructure security product module for BIG-IP. The web management interface is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "report_type" parameter of the "rep_request.php" script. F5 BIG-IP Application Security Manager version 9.4.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487118
  • 08.6.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Nucleus CMS "action.php" Cross-Site Scripting
  • Description: Nucleus CMS is a web-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "action.php" script. Nucleus CMS version 3.31 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487255
  • 08.6.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AmpJuke "index.php" Cross-Site Scripting
  • Description: AmpJuke is a PHP-based, music streaming application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "limit" parameter of the "index.php" script. AmpJuke version 0.7.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487258
  • 08.6.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Hal Networks Multiple Products Cross-Site Scripting Vulnerabilities
  • Description: Hal Networks products provide shopping cart functionality using various technologies. The application is exposed to cross-site scripting issue because they fail to properly sanitize user-supplied input to unspecified parameters.
  • Ref: http://www.securityfocus.com/bid/27513
  • 08.6.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: webSPELL "index.php" Cross-Site Scripting
  • Description: webSPELL is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "sort" parameter of the "index.php" script. webSPELL version 4.01.02 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487312
  • 08.6.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Mercantec SoftCart Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities
  • Description: Mercantec SoftCart is a shopping-cart application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affected the "License_Plate", "License_State", "Ticket_Date", and "Ticket_Number" parameters of "SoftCart.exe". Mercantec SoftCart version 5.1.2.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27524
  • 08.6.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OpenBSD bgplg "cmd" Parameter Cross-Site Scripting
  • Description: OpenBSD bgplg is a CGI script used to for web-based read-only access to limited Border Gateway Protocol daemon (bgpd(8)) information. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "cmd" parameter script. bgplg shipped with OpenBSD version 4.1 is affected.
  • Ref: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/bgplg/bgplg.c
  • 08.6.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Livelink ECM UTF-7 Cross-Site Scripting
  • Description: Livelink ECM is an enterprise content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. The application fails to set the HTTP Content-Type "charset" in the response header or HTML body, which allows remote attackers to inject arbitrary UTF-7 script code. Livelink ECM versions up to and including 9.7.0 are affected.
  • Ref: http://www.withdk.com/2008/01/31/livelink-utf-7-xss-vulnerability/
  • 08.6.45 - CVE: CVE-2008-0178
  • Platform: Web Application - Cross Site Scripting
  • Title: Liferay Enterprise Portal User-Agent HTTP Header Cross-Site Scripting
  • Description: Liferay Enterprise Portal is a Java-based web portal for enterprises. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "Enterprise Admin Session Monitoring" portion of the application. Specifically, the application fails to sanitize the HTTP "User-Agent" header, which allows remote attackers to inject arbitrary script code. Liferay Enterprise Portal version 4.3.6 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/326065
  • 08.6.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Uniwin eCart Professional "rp" Cross-Site Scripting Vulnerabilities
  • Description: Uniwin eCart Professional is a shopping cart application implemented in ASP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "rp" parameter in the "cartView.asp" script and multiple unspecified scripts. Uniwin eCart Professional versions prior to 2.0.16 are affected.
  • Ref: http://www.securityfocus.com/bid/27560
  • 08.6.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Bigware Shop "main_bigware_53.tpl.php" SQL Injection
  • Description: Bigware Shop is a PHP-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pollid" parameter of the "main_bigware_53.tpl.php" script before using it in an SQL query. Bigware Shop version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27489
  • 08.6.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo LaiThai Multiple SQL Injection And Unspecified Vulnerabilities
  • Description: Mambo LaiThai is a Thai implementation of the Mambo content manager. The application is exposed to multiple issues. Mambo LaiThai version 4.5.5 is affected.
  • Ref: http://sourceforge.net/project/shownotes.php?release_id=571300
  • 08.6.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin fGallery SQL Injection
  • Description: WebPress is a web-based publishing application implemented in PHP. fGallery plugin for WordPress provides image gallery functionality. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "album" parameter of the "fim_rss.php" script before using it in an SQL query. fGallery version 2.4.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27464
  • 08.6.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin WP-Cal SQL Injection
  • Description: WebPress is a web-based publishing application. WP-Cal plugin for WordPress provides calendar functionality. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "wp-forum.php" script before using it in an SQL query. WP-Cal version 0.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27465
  • 08.6.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpIP Management Multiple SQL Injection Vulnerabilities
  • Description: phpIP Management is a web-based IP address management application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data. phpIP Management version 4.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27468
  • 08.6.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla com_fq Component "index.php" SQL Injection
  • Description: com_fq is a faq component module for Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "listid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27501
  • 08.6.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo Newsletter Component "Itemid" Parameter SQL Injection
  • Description: Mambo is a PHP-based content manager. The Newsletter component of the application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter of "index.php" before using it in an SQL query. Mambo version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27502
  • 08.6.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! com_mamml Component "index.php" SQL Injection
  • Description: Joomla com_mamml is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "listid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27503
  • 08.6.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin wp-AdServe SQL Injection
  • Description: WebPress is a web-based publishing application implemented in PHP. wp-AdServe plugin for WordPress provides advertising server functionality. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "adclick.php" script before using it in an SQL query. wp-AdServe version 0.2 is affected.
  • Ref: http://wordpress.org/extend/plugins/adserve/
  • 08.6.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo/Joomla Glossary "com_glossary" Component SQL Injection
  • Description: Mambo and Joomla are PHP-based content managers. The "com_glossary" component for Mambo/Joomla is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Specifically, this issue affects the "catid" parameter. "com_glossary" version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27505
  • 08.6.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Coppermine Photo Gallery Multiple SQL Injection Vulnerabilities
  • Description: Coppermine Photo Gallery is a web-based, photo gallery application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified parameters of the "reviewcom.php" and "util.php" scripts before using it in an SQL query. Coppermine Photo Gallery versions prior to 1.4.15 are affected.
  • Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
  • 08.6.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo/Joomla "com_musepoes" Component "aid" Parameter SQL Injection
  • Description: Mambo and Joomla are PHP-based content managers. The "com_musepoes" component for Mambo/Joomla is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27507
  • 08.6.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mambo/Joomla "com_buslicense" Component "aid" Parameter SQL Injection
  • Description: Mambo and Joomla are PHP-based content managers. The "com_buslicense" component for Mambo/Joomla is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27508
  • 08.6.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! com_recipes Component "id" Parameter SQL Injection
  • Description: The com_recipes component is a recipe module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27519
  • 08.6.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! EstateAgent Component "index.php" SQL Injection
  • Description: The Joomla! EstateAgent component is a module for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "objid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27520
  • 08.6.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! com_jokes Component "cat" Parameter SQL Injection
  • Description: The "com_jokes" component is a module for the Joomla! content manager. The application is exposed to a SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27522
  • 08.6.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ibProArcade "overwrite_order" Parameter SQL Injection
  • Description: ibProArcade is a PHP-based arcade system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "overwrite_order" parameter of the "index.php" script before using it in an SQL query. ibProArcade version 3.3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27523
  • 08.6.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress WassUp Plugin "spy.php" SQL Injection
  • Description: WassUp is a WordPress plugin for tracking website statistics. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "to_date" parameter of the "spy.php" script before using it in an SQL query. WassUp version 1.4.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27525
  • 08.6.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ELOG "logbook" HTML Injection
  • Description: ELOG is a web-log application written for use on Microsoft Windows and Linux/Unix platforms. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "logbook" script. ELOG versions prior to 2.7.2 are affected.
  • Ref: http://midas.psi.ch/elog/download/ChangeLog
  • 08.6.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: DeltaScripts PHP Links "vote.php" SQL Injection
  • Description: DeltaScripts PHP Links is a web-based link directory. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "vote.php" script before using it in an SQL query. PHP Links versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27530
  • 08.6.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo com_restaurant Component "id" Parameter SQL Injection
  • Description: The "com_restaurant" component is a restaurant module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_restaurant" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27551
  • 08.6.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo AkoGallery Component "id" Parameter SQL Injection
  • Description: The AkoGallery component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "com_akogallery" before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27557
  • 08.6.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Catalog Component "id" Parameter SQL Injection
  • Description: CatalogShop is a third-party, e-commerce component for Mambo and Joomla!. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of "index.php" when the "option" parameter is set to "com_catalogshop". CatalogShop version 1.0 b1 is affected.
  • Ref: http://www.securityfocus.com/bid/27558
  • 08.6.70 - CVE: Not Available
  • Platform: Web Application
  • Title: Smart Publisher "/admin/op/disp.php" Remote Code Execution
  • Description: Smart Publisher is a PHP-based application that allows users to develop and publish static and dynamic web sites. The application is exposed to an issue that lets remote attackers execute arbitrary code because it fails to properly sanitize user-supplied input to the "filedata" parameter of the "/admin/op/disp.php" script. Smart Publisher version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27488
  • 08.6.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Bubbling Library "dispatcher.php" Multiple Local File Include Vulnerabilities
  • Description: Bubbling Library provides a set of plugins for building event-driven web applications. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "uri" parameter. Bubbling Library version 1.32 is affected.
  • Ref: http://www.securityfocus.com/bid/27482
  • 08.6.72 - CVE: Not Available
  • Platform: Web Application
  • Title: VB Marketing "tseekdir.cgi" Local File Include
  • Description: VB Marketing is web-based application implemented in Perl. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "location" parameter of the "tseekdir.cgi" script.
  • Ref: http://www.securityfocus.com/bid/27475
  • 08.6.73 - CVE: Not Available
  • Platform: Web Application
  • Title: phpMyClub "page_courante" Parameter Local File Include
  • Description: phpMyClub is a PHP-based content manager (CMS) designed for sport associations. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page_courante" parameter. phpMyClub version 0.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27480
  • 08.6.74 - CVE: Not Available
  • Platform: Web Application
  • Title: ClanSphere "install.php" Local File Include
  • Description: Clansphere is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" parameter of the "install.php" script. ClanSphere version 2007.4.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487132
  • 08.6.75 - CVE: Not Available
  • Platform: Web Application
  • Title: Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload
  • Description: MOStlyCE is a WYSIWYG editor module included with the Mambo content manager. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. The issue occurs when the module's "Image Manager" utility is installed. MOStlyCE version 2.4 included with Mambo version 4.6.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487128
  • 08.6.76 - CVE: Not Available
  • Platform: Web Application
  • Title: ASPired2Protect Login Page Authentication Bypass
  • Description: ASPired2Protect is an ASP-based file protection system with an Access database. The application is exposed to an authentication bypass issue because it fails to adequately check user-supplied input to the Login page.
  • Ref: http://www.securityfocus.com/archive/1/487137
  • 08.6.77 - CVE: Not Available
  • Platform: Web Application
  • Title: CandyPress Multiple Input Validation Vulnerabilities
  • Description: CandyPress is an ASP-based, e-commerce application. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. CandyPress version 4.1.1.26 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487058
  • 08.6.78 - CVE: Not Available
  • Platform: Web Application
  • Title: WebCalendar Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
  • Description: WebCalendar is a web-based calendar implemented in PHP. The application is exposed to multiple HTML injection and cross-site scripting issues because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. WebCalendar version 1.1.6 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.html
  • 08.6.79 - CVE: Not Available
  • Platform: Web Application
  • Title: Gerd Tentler Simple Forum Multiple Input Validation Vulnerabilities
  • Description: Gerd Tentler Simple Forum is web-based forum software. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied input. Simple Forum version 3.2 is affected.
  • Ref: http://www.milw0rm.com/exploits/4989
  • 08.6.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Bubbling Library Multiple Local File Include Vulnerabilities
  • Description: Bubbling Library provides a set of plug-ins for building event-driven web applications. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input data. Bubbling Library version 1.32 is affected.
  • Ref: http://www.securityfocus.com/bid/27466
  • 08.6.81 - CVE: Not Available
  • Platform: Web Application
  • Title: phpCMS "parser/parser.php" Local File Include
  • Description: phpCMS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "parser/parser.php" script. phpCMS version 1.2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487251
  • 08.6.82 - CVE: Not Available
  • Platform: Web Application
  • Title: Connectix Boards "part_userprofile.php" Remote File Include
  • Description: Connectix Boards is a PHP-based forum application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "template_path" parameter of the "templates/Official/part_userprofile.php" script. Connectix Boards versions 0.8.1 and 0.8.2 are affected.
  • Ref: http://www.securityfocus.com/bid/27506
  • 08.6.83 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery "showdoc.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: Coppermine Photo Gallery is a web-based, photo gallery application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to the "h" and "t" parameters of the "docs/showdoc.php" script. Coppermine Photo Gallery versions prior to 1.4.15 are affected.
  • Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
  • 08.6.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Coppermine Photo Gallery Multiple Remote Command Execution Vulnerabilities
  • Description: Coppermine Photo Gallery is a web-based, photo gallery application. The application is exposed to multiple issues that attackers can leverage to execute arbitrary commands. These issues occur because the application fails to adequately sanitize user-supplied input. Coppermine Photo Gallery versions prior to 1.4.15 are affected.
  • Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
  • 08.6.85 - CVE: Not Available
  • Platform: Web Application
  • Title: SQLiteManager "confirm.php" Remote File Include
  • Description: SQLiteManager is a web-based application for managing SQLite databases. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "spaw_root" parameter of the "spaw/dialogs/confirm.php" script. SQLiteManager version 1.2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27515
  • 08.6.86 - CVE: Not Available
  • Platform: Web Application
  • Title: DeltaScripts PHP Links "smarty.php" Remote File Include
  • Description: DeltaScripts PHP Links is a web-based link directory. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "full_path_to_public_program" parameter of the "includes/smarty.php" script. PHP Links versions 1.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27529
  • 08.6.87 - CVE: Not Available
  • Platform: Web Application
  • Title: ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple Remote File Include Vulnerabilities
  • Description: ChronoEngine ChronoForms is a component for the Joomla! content manager. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter. ChronoForms version 2.3.5 is affected.
  • Ref: http://www.securityfocus.com/bid/27531
  • 08.6.88 - CVE: Not Available
  • Platform: Web Application
  • Title: VirtueMart Information Disclosure
  • Description: VirtueMart is a web-based shopping application. The application is exposed to an information disclosure issue because it fails to properly sanitize user-supplied input to an unspecified parameter when viewing a product. The parameter is then used in the script to read a template file. VirtueMart versions 1.0.13a and earlier are affected. Ref: http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127
  • 08.6.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Mindmeld "MM_GLOBALS["home"]" Multiple Remote File Include Vulnerabilities
  • Description: Mindmeld is a knowledge-sharing system. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "MM_GLOBALS["home"]" parameter. Mindmeld version 1.2.0.10 is affected.
  • Ref: http://www.securityfocus.com/bid/27538
  • 08.6.90 - CVE: Not Available
  • Platform: Web Application
  • Title: sflog! "index.php" Multiple Local File Include Vulnerabilities
  • Description: sflog! is a PHP-based, web log application. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "permalink" and "section" parameters of the "index.php" script. sflog! version 0.96 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487368
  • 08.6.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal OpenID Module "claimed_id" Provider Spoofing
  • Description: OpenID is a decentralized authentication system. An OpenID module is available for Drupal. The OpenID module is exposed to an issue that allows attackers to set up malicious OpenID Providers to spoof a legitimate OpenID Authority. This issue occurs because the module fails to adequately verify "claimed_id" values returned by an OpenID Provider. OpenID versions prior to 5.x-1.1 are affected.
  • Ref: http://drupal.org/node/216022
  • 08.6.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Secure Site Module Authentication Bypass
  • Description: Drupal is a content manager. The Secure Site module is a third-party add-on that allows HTTP-based authentication for Drupal-based web sites. The application is exposed to an authentication bypass issue because of an error in the IP-authentication feature. Secure Site for Drupal versions 5.x and 4.7.x are affected.
  • Ref: http://drupal.org/node/216019
  • 08.6.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Comment Upload Module Upload Validation Function Arbitrary File Upload
  • Description: The Drupal Comment Upload module is a module for Drupal content management that allows users to attach files to comments. The application is exposed to an arbitrary file upload issue because it fails to sufficiently sanitize user-supplied input. The issue exists in the upload validation function when handling incorrect data.
  • Ref: http://drupal.org/node/216024
  • 08.6.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Project Issue Tracking Module Multiple Input Validation Vulnerabilities
  • Description: Drupal is a content manager. The Project Issue Tracking module is a third-party add-on that provides issue tracking functionality for Drupal-based web sites. The module is exposed to multiple input validation issues because it fails to adequately sanitize user-supplied input.
  • Ref: http://drupal.org/node/216063
  • 08.6.95 - CVE: CVE-2008-0180
  • Platform: Web Application
  • Title: Liferay Enterprise Portal User Profile Greeting HTML Injection
  • Description: Liferay Enterprise Portal is a web-based portal application implemented in Java. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Greeting" form field parameter located in the user profile. Liferay Enterprise Portal versions prior to 4.4.0 and 4.3.7 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/732449
  • 08.6.96 - CVE: CVE-2008-0179
  • Platform: Web Application
  • Title: Liferay Enterprise Portal "User-Agent" HTTP Header Script Injection
  • Description: Liferay Enterprise Portal is a Java-based web portal for enterprises. The application is exposed to a script injection issue because it fails to properly sanitize user-supplied input. Specifically, the user-supplied input from the "User-Agent" HTTP header isn't sanitized when the application uses it to generate "Forgot Password" emails. Liferay Enterprise Portal versions prior to 4.4.0 and 4.3.7 are affected.
  • Ref: http://www.kb.cert.org/vuls/id/888209
  • 08.6.97 - CVE: CVE-2008-0181
  • Platform: Web Application
  • Title: Liferay Enterprise Portal Admin Portlet Shutdown Message HTML Injection
  • Description: Liferay Enterprise Portal is a web-based portal implemented in Java. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the message displayed to all users when the application is shut down. Liferay Enterprise Portal version 4.4.0 and versions 4.3.7 and earlier are affected.
  • Ref: http://www.kb.cert.org/vuls/id/217825
  • 08.6.98 - CVE: Not Available
  • Platform: Web Application
  • Title: Nilsons Blogger "comments.php" Local File Include
  • Description: Nilsons Blogger is a web-based blogging application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "thispost" parameter of the "comments.php" script. Nilsons Blogger version 0.11 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487384
  • 08.6.99 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco PIX/ASA Enable Login Prompt Privilege Escalation
  • Description: Cisco PIX and ASA security appliances are potentially exposed to a privilege escalation issue. This issue occurs when users with privilege level 0 attempt to connect to vulnerable devices locally through the console, or remotely via telnet. Cisco PIX/ASA operating system Finesse versions 7.1 and 7.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/486959
  • 08.6.100 - CVE: Not Available
  • Platform: Network Device
  • Title: 2Wire Routers "H04_POST" Access Validation
  • Description: 2Wire routers are network devices designed for home and small-office setups. Multiple 2Wire routers are exposed to an access validation issue because they fail to adequately authenticate users prior to performing certain actions. This issue occurs when the devices handle "xslt" requests for the "H04_POST" page that contain arbitrary "PASSWORD" parameter data and a valid user name passed to the "PASSWORD_CONF" parameter. 2Wire routers that have the "H04_POST" page are affected.
  • Ref: http://www.securityfocus.com/bid/27516

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

SANS always provides the best training and trainers with a vast amount of knowledge.
-Mike Brennan, SSIC

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS always provides you what you need to become a better security professional at the right price."
- Rasik Vekaria, BP