Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 7
February 14, 2008

SANS Newsletters Home

What a Week! Vulnerabilities on the most critical list this week: 1 Microsoft, 2 Apple, 1 Novell, 1 Symantec, and 2 Adobe and 1 ClamAV. Add 9 more "high" criticality vulnerabilities and 3 of moderate criticality and you have the most challenging security week in many months.

Note how many of these vulnerabilities are NOT patched by Microsoft's automatic updaters. Too many companies are not updating applications other than Windows products. That's more than dangerous.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Windows
    • 3 (#1, #9, #11)
    • Other Microsoft Products
    • 3 (#10, #11, #12, #13, #14, #18)
    • Third Party Windows Apps
    • 20 (#3, #4, #7, #16)
    • Mac OS
    • 2 (#2, #19)
    • Linux
    • 2
    • BSD
    • 1
    • Novell
    • 2
    • Cross Platform
    • 13 (#5, #6, #8, #15, #17, #20)
    • Web Application - Cross Site Scripting
    • 14
    • Web Application - SQL Injection
    • 24
    • Web Application
    • 23
    • Network Device
    • 1

*************************** Sponsored By SANS ***************************

SANS returns to Denver, Colorado, for SANS Rocky Mountain Bootcamp 2008 June 8-13. A special feature of this event is the evening hands-on lab sessions where senior faculty members will guide you through using the tools presented in class. This may be the most intense and productive learning environment you ever experience! http://www.sans.org/info/23438

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08 - - Prague (2/18-2/23): http://www.sans.org/prague08 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
BSD
Novell
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************** SPONSORED LINK *************************

1) Learn about testing network security and encryption technology. Complimentary Tested with Spirent Security Testing Seminar. http://www.sans.org/info/23928

*********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows WebDAV Mini-Redirector Heap Overflow (MS08-007)
  • Affected:
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista

  • Description: Web Distributed Authoring and Versioning, known as WebDAV, is a protocol allowing filesystem-like access to resources exported via HTTP. The WebDAV mini-redirector is a kernel-level resource in Microsoft Windows that allows systems to transparently access WebDAV resources. The WebDAV mini-redirector contains a heap-based buffer overflow in its handling of WebDAV traffic. A malicious WebDAV server could exploit this vulnerability, allowing an attacker to execute arbitrary code with SYSTEM privileges. Note that WebDAV resources can be accessed by clicking links on web pages or email messages. Technical details are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-001)
  • Affected:
    • Apple Mac OS X versions prior to 10.5.2

  • Description: Apple has released Security Update 2008-001, addressing multiple vulnerabilities in Mac OS X. Vulnerabilities in URL handling, photocasts and web page rendering can lead to arbitrary code execution with the privileges of the current user. Flaws in the handling of network accessible filesystems can lead to arbitrary code execution with root or kernel level privileges. Additional vulnerabilities can lead to denials-of-service or privilege escalation. Some technical details are available via source code analysis, and technical details for other vulnerabilities are publicly available.

  • Status: Apple confirmed, updates available.

  • References:
  • (3) CRITICAL: Apple QuickTime ActiveX Control Multiple Vulnerabilities
  • Affected:
    • Apple QuickTime ActiveX Control versions prior to 7.4.1

  • Description: Apple QuickTime is Apple's streaming media framework, available for both Apple Mac OS X and Microsoft WIndows. On Microsoft Windows, some functionality is provided by an ActiveX control. This ActiveX control contains multiple vulnerabilities in its handling of parameters passed to various methods. A malicious web page that instantiates this control could exploit one of these vulnerabilities to execute arbitrary code with the privileges of the current user. Full technical details and a proof-of-concept are publicly available for these vulnerabilities. Note that the affected control is installed along with Apple iTunes and Apple Safari.

  • Status: Apple has not confirmed, no updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "02BF25D5-8C17-4B23-BC80-D3488ABDDC6B". Note that this may affect normal application functionality.

  • References:
  • (5) CRITICAL: Symantec Backup Exec System Recovery Manager Arbitrary File Upload
  • Affected:
    • Symantec Backup System Recovery Manager versions prior to 7.0.3

  • Description: Symantec Backup Exec System Recovery Manager is a popular enterprise backup component. It contains a web-based administration interface. This interface provides facilities to upload files to the server. The file upload component fails to properly validate the paths given to it by users. A specially crafted request would allow an attacker to upload an arbitrary file to any location on the administration server. The administration server runs with SYSTEM privileges and this vulnerability can be leveraged to run arbitrary code with SYSTEM privileges. A proof-of-concept is publicly available for this vulnerability.

  • Status: Symantec confirmed, updates available.

  • References:
  • (8) CRITICAL: ClamAV Multiple Vulnerabilities
  • Affected:
    • ClamAV versions prior to 0.92.1

  • Description: ClamAV is a popular open source antivirus system. It contains multiple vulnerabilities in its parsing of executables. A specially crafted Portable Executable (PE) file or executable file compressed with the MEW application could trigger a memory corruption vulnerability. Successfully exploiting these vulnerabilities would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Note that, on systems using ClamAV to scan email, it is sufficient for exploitation to have an email transit the system; no user interaction is necessary. Technical details for these vulnerabilities are available via source code analysis.

  • Status: ClamAV confirmed, updates available.

  • References:
  • (9) HIGH: Microsoft OLE Memory Corruption (MS08-008)
  • Affected:
    • Microsoft Windows 2000
    • Microsoft Windows XP
    • Microsoft Windows Server 2003
    • Microsoft Windows Vista
    • Microsoft Visual Basic 6.0

  • Description: Microsoft Object Linking and Embedding (OLE) is Microsoft Windows component used for application communication and control. It is related to the ActiveX suite of technologies. OLE contains a flaw in its handling of certain user requests. A specially crafted web page could exploit this flaw, leading to a memory corruption. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (10) HIGH: Microsoft Word Memory Corruption (MS08-009)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office Word Viewer 2003

  • Description: Microsoft Word contains a flaw in its handling of certain Word documents. A specially crafted Word document could trigger a memory corruption vulnerability in Word. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that on recent versions of Microsoft Office, Word documents are not opened upon receipt without user interaction. Some technical details are publicly available for this vulnerability.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (12) HIGH: Microsoft Office Publisher Multiple Vulnerabilities (MS08-012)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003

  • Description: Microsoft Office Publisher contains multiple vulnerabilities in its handling of Publisher files. A specially crafted Publisher file could trigger a memory corruption vulnerability upon opening. Some technical details are publicly available for this vulnerability. Note that on recent versions of Microsoft Office, Publisher files are not opened upon receipt without user intervention.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (13) HIGH: Microsoft Office Memory Corruption (MS08-013)
  • Affected:
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office 2004 for Mac

  • Description: Microsoft Office allows document authors to embed objects in documents. A document with a specially crafted embedded object could trigger a memory corruption vulnerability in Office. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that on recent versions of Microsoft Office, documents are not opened upon receipt without user intervention.

  • Status: Microsoft confirmed, updates available.

  • References:
  • (15) HIGH: IBM DB2 Universal Database Administration Server Memory Corruption
  • Affected:
    • IBM DB2 Universal Database versions prior to 9 Fix Pack 4

  • Description: IBM DB2 Universal Database (DB2) is IBM's enterprise database. It provides an administrative interface (known as the Administration Server). The Administration Server contains a memory corruption vulnerability due to a failure to validate client input. A specially crafted request could trigger this vulnerability, and it is believed that this vulnerability might allow remote code execution with the privileges of the vulnerable process. Some technical details are available for this vulnerability. Note that an additional local privilege escalation vulnerability was also found in the main DB2 system.

  • Status: IBM confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 523 at the network perimeter, if possible.

  • References:
  • (17) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
  • Affected:
    • Sun Java Runtime Environment versions prior to 6 Update 1
    • Sun Java Development Kit versions prior to 6 Update 1

  • Description: Sun's Java Runtime Environment contains multiple vulnerabilities in its handling of Java applets and applications. A specially crafted applet or application could bypass the normal sandbox provided by the runtime environment. Bypassing the sandbox environment would allow an otherwise untrusted applet or application to modify files or execute arbitrary commands with the privileges of the current user. Note that Java applets embedded in web pages are often run without first prompting the user. Sun's Java Runtime Environment is installed on Apple Mac OS X and many Unix, Linux, and Unix-like systems by default. It is also installed on a large number of Microsoft Windows systems.

  • Status: Sun confirmed, updates available.

  • References:
  • (18) MODERATE: Microsoft Internet Information Services ASP Remote Code Execution (MS08-006)
  • Affected:
    • Microsoft Windows XP
    • Microsoft Windows Server 2003

  • Description: Microsoft Active Server Pages (ASP) is a Microsoft technology for dynamically generating web pages. A flaw in the handling of certain ASP functions could trigger a remote code execution vulnerability on a vulnerable server. Note that an attacker would need access to upload or otherwise insert ASP code into a web page. Note that ASP.NET is not affected by this vulnerability, and the vulnerable versions of the software are not installed by default on recent versions of Microsoft Windows. Note that a proof-of-concept for this vulnerability is available to members of Immunity Security's Partners' Program.

  • Status: Microsoft confirmed, updates available. References; Microsoft Security Bulletin http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx Proof-of-Concept https://www.immunityinc.com/downloads/immpartners/iisasp.py SecurityFocus BID http://www.securityfocus.com/bid/27676

  • (19) MODERATE: Apple iPhoto Format Photocast Format String Vulnerability
  • Affected:
    • Apple iPhoto versions prior to 7.1.2

  • Description: Apple iPhoto, Apple's photo management application, contains a vulnerability in its handling of "photocasts", or syndicated collections of photos. A specially crafted photocast could trigger this vulnerability, allowing an attacker to execute arbitrary code with the privileges of the current user. Note that the victim must explicitly subscribe to a malicious photocast to be vulnerable.

  • Status: Apple confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.7.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
  • Description: Microsoft has provided advance notification for twelve security bulletins releasing on February 12, 2008. The highest severity rating for these issues is "Critical".
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
  • 08.7.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Titan FTP Server USER/PASS Commands Buffer Overflow
  • Description: Titan FTP Server is an FTP implementation that is available for Microsoft Windows operating systems. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue presents itself when overly long arguments are passed through the "USER" and "PASS" commands.
  • Ref: http://www.securityfocus.com/archive/1/487431
  • 08.7.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow
  • Description: Ipswitch WS_FTP client is an FTP implementation that is available for Microsoft Windows operating systems. The application is exposed to a buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue presents itself when attackers send excessively long arguments to an "opendir" command via SFTP. Ipswitch WS_FTP client version 6.1.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487441
  • 08.7.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Facebook Photo Uploader 4 ActiveX Control "ExtractIptc/ExtractExif" Buffer Overflow Vulnerabilities
  • Description: Facebook Photo Uploader ActiveX control lets Facebook users upload album and image files to the server. The control is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. These issues affect the "ExtractIptc" and "ExtractExif" properties of the "ImageUploader4.ocx" library. "ImageUploader4.ocx" version 4.5.57.0 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.7.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Aurigma Image Uploader ActiveX Controls "ExtractIptc/ExtractExif" Buffer Overflow Vulnerabilities
  • Description: Aurigma Image Uploader ActiveX Control lets users manage and upload images to a server. The control is exposed to multiple buffer overflow issues because it fails to perform adequate boundary checks on user-supplied data. These issues affect the "Extractlptc" and "ExtractExif" properties of the "ImageUploader4.ocx" and the "ImageUploader5.ocx" libraries. Aurigma ImageUploader4 versions 4.5.70.0, 4.5.126.0 and 4.6.17.0 are affected. Aurigma ImageUploader5 version 5.0.10.0 is also affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.7.6 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Music JukeBox MediaGrid "mediagrid.dll" ActiveX Control Remote Buffer Overflow
  • Description: Yahoo! Music JukeBox is a music player for Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the second parameter passed to the "AddBitmap()" function of the "mediagrid.dll" ActiveX control. "mediagrid.dll" version 2.2.2.56 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/340860
  • 08.7.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Music JukeBox "datagrid.dll" ActiveX Control Remote Buffer Overflow
  • Description: Yahoo! Music JukeBox is a music player for Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the first parameter passed to the "AddButton()" function of the "datagrid.dll" ActiveX control. "datagrid.dll" version 2.2.2.56 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/101676
  • 08.7.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Namo Web Editor "NamoInstaller.dll" ActiveX Control Remote Buffer Overflow
  • Description: Namo Web Editor ActiveSquare is an ActiveX control that provides rich documents creation and upload functionality. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the "Install()" function of the "NamoInstaller.dll" ActiveX control. "NamoInstaller.dll" version 3.0.0.1 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.7.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer Overflow
  • Description: Yahoo! Music Jukebox is a music player for Windows. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue affects the first parameter passed to the "AddImage()" function of the "datagrid.dll" ActiveX control. "datagrid.dll" version 2.2.2.56 is affected.
  • Ref: http://www.kb.cert.org/vuls/id/101676
  • 08.7.10 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Xlight FTP Server LDAP Blank Password Authentication Bypass
  • Description: Xlight FTP Server is an FTP server available for Microsoft Windows. The application is exposed to an authentication bypass issue in the LDAP authentication mechanism. Specifically, the application allows users to login with blank passwords when a password is required. Xlight FTP versions prior to 2.83 are affected.
  • Ref: http://www.xlightftpd.com/whatsnew.htm
  • 08.7.11 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Print Manager Plus PQCore Remote Denial of Service
  • Description: Print Manager Plus is a commercially-available print management application available for Microsoft Windows platforms. The application is exposed to a remote denial of service issue when excessively long messages are sent to the application over TCP port 48101. Messages of approximately 600 bytes may trigger this issue. This occurs due to an improperly bounded "vswprintf()" function call while creating a log message. Print Manager Plus versions prior to 7.0.127.16 are affected.
  • Ref: http://aluigi.altervista.org/adv/pqcorez-adv.txt
  • 08.7.12 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Titan FTP Server DELE Command Remote Buffer Overflow
  • Description: Titan FTP Server is an FTP implementation that is available for Microsoft Windows operating systems. The application is exposed to a remote buffer overflow issue because it fails to bounds check user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue presents itself when overly long arguments are passed through the "DELE" command. Titan FTP Server version 6.05 build 550 is affected.
  • Ref: http://www.securityfocus.com/bid/27611
  • 08.7.13 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SAPlpd Multiple Remote Vulnerabilities
  • Description: SAP GUI is an interface to the SAP database application. It includes SAPlpd, a line printer daemon for providing printing interoperability for Unix operating systems. The application is exposed to multiple remote issues. SAPlpd, as included with SAP GUI version 7.10 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487508
  • 08.7.14 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinCom LPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass
  • Description: WinCom LPD Total is a commercial line printer daemon available for Microsoft Windows platforms. The application is exposed to multiple issues. WinCom LPD Total version 3.0.2.623 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487507
  • 08.7.15 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Nero Media Player M3U Buffer Overflow
  • Description: Nero Media Player is a media player for the Windows operating system. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application handles a specially crafted .M3U file with an overly long URI. Nero Media Player versions 1.4.0.35b and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/487578
  • 08.7.16 - CVE: CVE-2008-0457
  • Platform: Third Party Windows Apps
  • Title: Symantec Backup Exec System Recovery Manager FileUpload Class Unauthorized File Upload
  • Description: Symantec Backup Exec System Recovery Manager is exposed to an issue that allows arbitrary unauthorized files to be uploaded to any location on the affected server. This issue exists in the "FileUpload" class on the Symantec LiveState Apache Tomcat server and can be leveraged to execute arbitrary code with SYSTEM-level privileges.
  • Ref: http://seer.entsupport.symantec.com/docs/297171.htm
  • 08.7.17 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: GlobalLink "HanGamePlugincn18.dll" ActiveX Control Buffer Overflow
  • Description: GlobalLink is an online gaming portal application. The application is exposed to a buffer overflow issue because the application fails to perform adequate boundary checks on user-supplied data. The issue exists in the "hgs_startNotify()" method of the "HanGamePluginCn18.dll" ActiveX control. GlobalLink versions 2.8.1.2 beta and 2.6.1.29 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.7.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: dBpowerAMP Audio Player M3U Buffer Overflow
  • Description: dBpowerAMP Audio Player is an audio player that plays various media formats. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. This issue occurs when the application fails to handle malformed audio ".M3U" files. dBpowerAMP Audio Player version 2.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487605
  • 08.7.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Symantec Altiris Notification Server Agents Shatter Attack Privilege Escalation
  • Description: Symantec Altiris Notification Server Agents provide core components used by each Altiris solution and support the entire Altiris Infrastructure. The application is susceptible to shatter attacks that can result in an escalation of privileges. Shatter attacks are a technique used to bypass security restrictions between processes running in the same session.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.02.06.html
  • 08.7.20 - CVE: CVE-2008-0640
  • Platform: Third Party Windows Apps
  • Title: Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
  • Description: Symantec Ghost Solution Suite is an application used for enterprise-wide remote PC deployment, recovery, cloning, and migration. It enables administrators to deploy or restore an operating system image or application onto a PC and migrate user settings and profiles to customize the PC. The application is exposed to an authentication bypass issue because the application does not authenticate network connections between the Ghost console and the Ghost Management Agent. Symantec Ghost Solution Suite versions 1.1, 2.0.0 and 2.0.1 are affected.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.02.07.html
  • 08.7.21 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Check Point VPN SecureClient/SecuRemote Local Login Credentials Information Disclosure
  • Description: Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is a Virtual Private Network application used to securely connect remote computers to enterprise networks. The application is exposed to an information disclosure issue because it fails to protect user login credentials. Ref: https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenter.psml
  • 08.7.22 - CVE: CVE-2008-0043
  • Platform: Mac Os
  • Title: Apple iPhoto Photocast Subscription Remote Format String
  • Description: iPhoto is a photograph editing and publishing tool available as part of iLife and is available for Apple Mac OSX. The application is exposed to a format string issue. The problem occurs when an unsuspecting user subscribes to a malicious photocast. iPhoto versions prior to 7.1.2 are affected.
  • Ref: http://docs.info.apple.com/article.html?artnum=307398
  • 08.7.23 - CVE: CVE-2008-0486
  • Platform: Linux
  • Title: MPlayer "demux_audio.c" Remote Stack-Based Buffer Overflow
  • Description: MPlayer is a movie player application that supports multiple media formats. The application is exposed to a remote stack-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input prior to copying it to an insufficiently sized buffer. This issue occurs when the "libmpdemux/demux_audio.c" source file uses a user-supplied "length" value to index the "comment" buffer from a specially-crafted FLAC file. MPlayer version 1.0 rc2 is affected.
  • Ref: http://www.coresecurity.com/?action=item&id=2103
  • 08.7.24 - CVE: CVE-2008-0485
  • Platform: Linux
  • Title: MPlayer "demux_mov.c" Remote Code Execution
  • Description: MPlayer is an application for playing movies. It runs on Linux operating systems. The application is exposed to a remote code execution issue because it fails to handle specially-crafted "MOV" files. This issue affects the "libmpdemux" library from the "demux_mov.c" source file and is due to an arbitrary pointer de-reference. MPlayer version 1.0rc2 is affected.
  • Ref: http://www.coresecurity.com/?action=item&id=2102
  • 08.7.25 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD PRNG DNS Cache Poisoning and Predictable IP ID Weakness
  • Description: A PRNG originating in OpenBSD is exposed to a weakness that exposes DNS cache poisoning and predictable IP ID sequence issues. This issue is due to a flaw in the linear congruential generator (LCG) pseudo-random number generator algorithm. The flaw allows attackers to compute the internal state of the PRNG, allowing them to predict subsequent numbers. The BIND 9 server included in OpenBSD from versions 3.3 through to 4.2 is affected.
  • Ref: http://www.trusteer.com/docs/dnsopenbsd.html
  • 08.7.26 - CVE: Not Available
  • Platform: Novell
  • Title: Novell Netmail IMAP "AUTHENTICATE GSSAPI" Buffer Overflow
  • Description: Novel Platformil is a commercially available email and calendar server application. The application is exposed to a stack-based buffer overflow issue because the application fails to perform sufficient bounds checks on user-supplied data. This issue affects the IMAP "AUTHENTICATE GSSAPI" command.
  • Ref: http://www.securityfocus.com/bid/27567
  • 08.7.27 - CVE: Not Available726376_f.SAL_Public.html
  • Platform: Novell
  • Title: Novell Challenge Response Client Local Clipboard Disclosure Weakness
  • Description: Novell Challenge Response Client is an authentication module for Novell Client software. The application is exposed to a local information disclosure weakness due to a failure of the software to properly restrict access to potentially sensitive information.
  • Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/686/3
  • 08.7.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
  • Description: IBM DB2 Universal Database Server is a database server designed to run on various platforms including Linux, AIX, Solaris, and Microsoft Windows. The application is exposed to multiple local issues. IBM DB2 Universal Database Server versions prior to 8.2 Fixpak 16 are affected. Ref: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
  • 08.7.29 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Rasterbar Software libtorrent "bdecode_recursive()" Remote Denial of Service
  • Description: Rasterbar Software libtorrent is a freely-available library that implements the BitTorrent protocol. It is implemented in C++. The library is exposed to a remote denial of service issue due to a failure of the library to properly handle unexpected network data. Libtorrent versions prior to 0.12.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=572524
  • 08.7.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Avaya Distributed Office IP Tables Remote Denial of Service
  • Description: Avaya Distributed Office is a centrally managed communications platform. The application is exposed to a denial of service issue due to the implementation of "iptables", which is used for packet filtering. Avaya Distributed Office version 1.1.1_41.03 is affected. Ref: http://support.avaya.com/japple/css/japple?temp.documentID=334284&temp.productID=154235&temp.releaseID=331129&temp.bucketID=126655&PAGE=Document
  • 08.7.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Ipswitch FTP Log Server Denial of Service
  • Description: WS_FTP is an FTP server available for Microsoft Windows. The FTP Log Server is a daemon used for logging operations of the FTP server. WS_FTP Log Server shipped with WS_FTP is exposed to a remote denial of service issue in the FTP Log Server. This issue occurs when handling more than 20 UDP packets containing more than 4096 bytes of data within a time frame of less then one second. This will cause the logging operation to terminate. WS_FTP running FTP Log Server version 7.9.14.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487506
  • 08.7.32 - CVE: CVE-2008-0212
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager Unspecified Denial of Service
  • Description: HP OpenView Network Node Manager is a fault-management application for IP networks. The application is exposed to an unspecified denial of service issue. HP OpenView Network Node Manager versions 6.41, 7.01, and 7.51 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487586
  • 08.7.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
  • Description: dBpowerAMP Audio Player is affected by a buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied input. dBpoweramp Audio Player Release 2 is affected.
  • Ref: http://www.securityfocus.com/bid/27639
  • 08.7.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Adobe Reader Multiple Unspecified Security Vulnerabilities
  • Description: Adobe Reader is a freely available, proprietary application to access PDF documents. The application is exposed to multiple security issues due to unspecified errors. Adobe Reader versions prior to 8.1.2 are affected. Ref: http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
  • 08.7.35 - CVE: CVE-2008-0177
  • Platform: Cross Platform
  • Title: KAME Project IPv6 IPComp Header Denial of Service
  • Description: The KAME project aims to provide a free stack of IPv6, IPsec, and Mobile IPv6 for BSD variants. IPComp (IP payload compression) is a protocol used to reduce the size of IP datagrams. The application is exposed to a denial of service issue because it does not properly process IPv6 packets that contain the IPComp header.
  • Ref: http://www.kb.cert.org/vuls/id/110947
  • 08.7.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun Java RunTime Environment Read and Write Permission Multiple Privilege Escalation Vulnerabilities
  • Description: Sun Java Runtime Environment (JRE) is an enterprise development platform. JRE is exposed to multiple privilege escalation issues when running untrusted applications or applets. The issue occurs because an application or applet can grant itself unauthorized privileges on the behalf of an unsuspecting user. JDK and JRE version 6 Updates 1 and earlier, as well as 5.0 Updates 13 and earlier are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
  • 08.7.37 - CVE: CVE-2008-0553
  • Platform: Cross Platform
  • Title: TCL/TK Tk Toolkit "ReadImage()" GIF File Buffer Overflow
  • Description: TCL/TK Tk Toolkit is a GUI-based Tcl (Tool Command Language) toolkit. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied GIF image data before copying it to an insufficiently sized buffer. TCL/TK versions prior to 8.5.1 are affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
  • 08.7.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: WS_FTP Server Manager Authentication Bypass and Information Disclosure Vulnerabilities
  • Description: WS_FTP Server Manager is the web administration interface for WS_FTP server. The application is also known as WS_FTP WebService. The application is exposed to multiple remote issues. WS_FTP Server Manager version 6.1.0.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487682
  • 08.7.39 - CVE: Not Available
  • Platform: Cross Platform
  • Title: TinTin++ and WinTin++ "#chat" Command Multiple Security Vulnerabilities
  • Description: TinTin++ is a MUD client that includes chat functionality. WinTin++ is the client ported to Microsoft Windows computers. The "#chat" command of TinTin++ and WinTin++ binds to TCP port 4050 in order to receive messages and files from other clients. The application is exposed to multiple security issues. TinTin++ and WinTin++ version 1.97.9 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487687
  • 08.7.40 - CVE: CVE-2008-0214
  • Platform: Cross Platform
  • Title: HP Select Identity 4.20 and Prior Unspecified Remote Unauthorized Access
  • Description: HP Select Identity is an application used to manage user identities and access rights. The application is exposed to an unspecified unauthorized access issue.
  • Ref: http://www.securityfocus.com/archive/1/487694
  • 08.7.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Domain Trader "catalog.php" Cross-Site Scripting
  • Description: Domain Trader is a domain parking and auction application. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "id" parameter of the "catalog.php" script. Domain Trader version 2.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487433
  • 08.7.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: WP-Footnotes WordPress Plugin Multiple Remote Vulnerabilities
  • Description: WP-Footnotes is a plugin for the WordPress application that adds footnote functionality. The application is exposed to multiple cross-site scripting issues because the application fails to properly sanitize user-supplied input. WP-Footnotes Plugin version 2.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487430
  • 08.7.43 - CVE: CVE-2006-4220
  • Platform: Web Application - Cross Site Scripting
  • Title: Novell GroupWise WebAccess Multiple Cross-Site Scripting Vulnerabilities
  • Description: Novell GroupWise WebAccess is a secure, mobile option for GroupWise collaboration software. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input to the "User.html", "Error", "User.Theme.index" and "User.lang" parameters of the "webacc" servlet. Novell GroupWise WebAccess version 7 is affected. Ref: http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.html#b4qb42z
  • 08.7.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: CruxCMS "search.php" Cross-Site Scripting
  • Description: CruxCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search" parameter of the "search.php" script. CruxCMS version 3.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27588
  • 08.7.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM OS/400 HTTP Server Expect Header Cross-Site Scripting
  • Description: IBM OS/400 HTTP Server is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. The probl: Third ccurs when the server receives a malformed Expect header. Specifically, the server will include the header in a generated error page without escaping the data. Ref: ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
  • 08.7.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: HispaH Youtube Clone "load_message.php" Cross-Site Scripting
  • Description: HispaH Youtube Clone is a web-based application that allows users to build sites that are similar to YouTube. The application is exposed to a cross-site scripting issue because the application fails to properly sanitize user-supplied input to the "lang[please_wait]" parameter of the "siteadmin/editor_files/includes/load_message.php" script.
  • Ref: http://www.securityfocus.com/bid/27598
  • 08.7.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: AstroSoft HelpDesk Multiple Cross-Site Scripting Vulnerabilities
  • Description: AstroCart HelpDesk is an ASP-based helpdesk application. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/487487
  • 08.7.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DevTracker Module For bcoos and E-xoops Multiple Cross-Site Scripting Vulnerabilities
  • Description: bcoos and E-xoops are two content community management systems. DevTracker is a module for bcoos and E-xoops. The application is exposed to multiple cross-site scripting issues because it fails to sanitize user-supplied input. These issues affect the "order_by" and "direction" parameters of the "index.php" script. bcoos versions 1.1.11 and earlier and E-xoops versions 1.0.8 and earlier are affected. Ref: http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html
  • 08.7.49 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: RaidenHTTPD Prior to 2.0.22 Unspecified Cross-Site Scripting
  • Description: RaidenHTTPD is a web server application. The application is exposed to an unspecified cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. RaidenHTTPD version 2.0.19 is affected.
  • Ref: http://www.securityfocus.com/bid/27628
  • 08.7.50 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: MyNews "hash" Parameter Cross-Site Scripting
  • Description: MyNews is a web-based news publishing application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "hash" parameter of the "index.php" script, when used in combination with the "admin" action. MyNews versions 1.6.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27652
  • 08.7.51 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Pagetool "search_term" Parameter Cross-Site Scripting
  • Description: Pagetool is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "search_term" parameter of the "index.php" script when the "name" parameter is set to "pagetool_search". Pagetool version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27653
  • 08.7.52 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Webmin Search Feature Cross-Site Scripting
  • Description: Webmin is a web-based system administration application for Unix-based computers. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "Search" input box. Webmin version 1.390 and Usermin version 1.300 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487656
  • 08.7.53 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting
  • Description: IBM WebSphere is a commercial web application server, which runs on a number of platforms including Linux and Unix variants and Microsoft Windows operating environments. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter when returning error pages from the caching proxy server. The issue arises when CGI mapping rules are enabled. IBM WebSphere versions 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2 and 6.1 are affected.
  • Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21294776
  • 08.7.54 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LinPHA Multiple Cross-Site Scripting Vulnerabilities
  • Description: LinPHA is a PHP-based image gallery application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input data. LinPHA versions prior to 1.3.3 are affected. Ref: http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup
  • 08.7.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Archimede Net 2000 "E-Guest_show.php" SQL Injection
  • Description: Archimede Net 2000 is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "display" parameter of the "telefonia/E-Guest_show.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27563
  • 08.7.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: The Everything Development Engine "index.pl" SQL Injection
  • Description: The Everything Development Engine is a Perl-based web management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "node_id" parameter of the "index.pl" script before using it in an SQL query. The Everything Development Engine version Pre-1.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487436
  • 08.7.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: phpShop "index.php" SQL Injection
  • Description: phpShop is a PHP-based shopping cart application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. This occurs because input-sanitization code in the "index.php" script fails to properly ensure that only valid data is passed. phpShop version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487435
  • 08.7.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin Wordspew SQL Injection
  • Description: WebPress is a web-based publishing application implemented in PHP. Wordspew is a plugin for WordPress. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "wordspew-rss.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27583
  • 08.7.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! mosDirectory Component "catid" Parameter SQL Injection
  • Description: mosDirectory is an information-directory component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter before using it in an SQL query. Joomla! mosDirectory version 2.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27585
  • 08.7.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WordPress Plugin ShiftThis Newsletter SQL Injection
  • Description: WebPress is a web-based publishing application implemented in PHP. ShiftThis Newsletter is a plugin for WordPress. The plugin is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "newsletter" parameter of the "shiftthis-preview.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27586
  • 08.7.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple OS CMS "login.php" SQL Injection
  • Description: Simple OS CMS is an PHP-based content management system (CMS). The application is exposed to a SQL injection issue because it fails to adequately sanitize user-supplied input to the "username" parameter of the "login.php" script. Simple OS CMS version 0.1c beta is affected.
  • Ref: http://www.securityfocus.com/bid/27589
  • 08.7.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Codice CMS "login.php" SQL Injection
  • Description: Codice CMS is a content management system (CMS). The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "username" parameter of the "login.php" script.
  • Ref: http://www.securityfocus.com/bid/27592
  • 08.7.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: A-Blog Cross-Site Scripting Vulnerability and SQL Injection
  • Description: A-Blog is a PHP-based web-log application. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied data to the "words" parameter of the "search.php" script. A-Blog version 0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27594
  • 08.7.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo com_marketplace Component "catid" Parameter SQL Injection
  • Description: The "com_marketplace" component is a classified ad module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "com_marketplace" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27600
  • 08.7.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iTechBids Gold "bidhistory.php" SQL Injection
  • Description: iTechBids Gold is an online auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "item_id" parameter of the "bidhistory.php" script before using it in an SQL query.TechBids Gold version 3 is affected.
  • Ref: http://www.securityfocus.com/bid/27601
  • 08.7.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Awesom! for Joomla! and Mambo SQL Injection
  • Description: Awesom! (Amazon Web Services for Opensource Mambo) is a component that lets web site developers create lists of products to feature on their Mambo-driven sites using information provided by Amazon through Amazon Web Services. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "listid" parameter of the "com_awesom" component before using it in an SQL query. Awesom! version 0.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27607
  • 08.7.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_shambo2" Component SQL Injection
  • Description: com_shambo2 is a component module available for the Joomla! and Mambo content management systems. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter of the "com_shambo2" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27609
  • 08.7.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo SOBI2 Component SQL Injection
  • Description: SOBI2 (Sigsiu Online Business Index 2) is a component for Joomla! and Mambo that lets users create and manage business catalogs. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of the "om_sobi2" component before using it in an SQL query. SOBI2 RC version 2.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/27617
  • 08.7.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RMSOFT Gallery System For XOOPS "images.php" SQL Injection
  • Description: RMSOFT Gallery System is an image gallery module for XOOPS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "user" parameter of the "images.php" script before using it in an SQL query. RMSOFT Gallery System version 2.0 is affected.
  • Ref: http://www.milw0rm.com/exploits/5062
  • 08.7.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: All Club CMS "index.php" SQL Injection
  • Description: All Club CMS is a PHP-based content manager. The application is exposed to an SQL injection issue because it fails to adequately sanitize user-supplied input to the "username" parameter of the "login.php" script. All Club CMS version 0.0.1f is affected.
  • Ref: http://www.securityfocus.com/bid/27624
  • 08.7.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: photokorn "pic" Parameter SQL Injection
  • Description: photokorn is a PHP-based photo gallery application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pic" parameter of the "index.php" script before using it in an SQL query. photokorn version 1.543 is affected.
  • Ref: http://www.securityfocus.com/bid/27627
  • 08.7.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Astanda Directory Project "detail.php" SQL Injection
  • Description: Astanda Directory Project is a search engine. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "link_id" parameter of the "detail.php" script before using it in an SQL query. Astanda Directory Project versions 1.2 and 1.3 are affected.
  • Ref: http://www.securityfocus.com/bid/27646
  • 08.7.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo com_downloads Component "filecatid" Parameter SQL Injection
  • Description: The "com_downloads" component is a module for downloading files for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "filecatid" parameter of the "com_downloads" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27648
  • 08.7.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo YNews Component "id" Parameter SQL Injection
  • Description: YNews is a news script component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "index.php" script when the "options" parameter is set to "com_ynews". YNews version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27649
  • 08.7.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mihalism Multi Host "users.php" SQL Injection
  • Description: Mihalism Multi Host is an image hosting application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Username" form field parameter of the "users.php" script before using it in an SQL query. The affected form field is used when "lost_pass rd_go" is passed to the affected script as an argument to the "act" parameter. Mihalism Multi Host version 3.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27651
  • 08.7.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: osCommerce "customer_testimonials.php" SQL Injection
  • Description: osCommerce is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "testimonial_id" parameter of the "customer_testimonials.php" script before using it in an SQL query. osCommerce version 3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487678
  • 08.7.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo com_sermon Component "gid" Parameter SQL Injection
  • Description: The "com_sermon" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "gid" parameter of the "com_sermon" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27673
  • 08.7.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo com_doc Component "sid" Parameter SQL Injection
  • Description: The "com_doc" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter of the "com_doc" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27679
  • 08.7.79 - CVE: Not Available
  • Platform: Web Application
  • Title: LightBlog "cp_upload_image.php" Arbitrary File Upload
  • Description: LightBlog is a PHP-based web-log application. The application is exposed to a vulnerability that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied input. This issue affects the "cp_upload_image.php" script. LightBlog version 9.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487398
  • 08.7.80 - CVE: Not Available
  • Platform: Web Application
  • Title: Joomla! and Mambo NeoReferences Component "catid" Parameter SQL Injection
  • Description: The NeoReferences is a reference component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "catid" parameter of "index.php" when the option parameter is set to "com_neoreferences". NeoReferences version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27564
  • 08.7.81 - CVE: CVE-2001-0800
  • Platform: Web Application
  • Title: IRIX "lpsched" Remote Command Execution
  • Description: The "lpsched" utility in IRIX starts the "lp" printing service. The application is exposed to a remote shell command execution issue due to not sanitizing shell meta-characters. Ref: ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
  • 08.7.82 - CVE: Not Available
  • Platform: Web Application
  • Title: iTechClassifieds "ViewCat.php" Input Validation
  • Description: iTechClassifieds is a commercially available classified-ad application. The application is exposed to an input validation issue because the application fails to properly sanitize user-supplied input to the "CatID" parameter of the "ViewCat.php" script. The contents of this parameter is used in an SQL query, and is also returned to the user in dynamically-generated HTML content.
  • Ref: http://www.securityfocus.com/archive/1/487439
  • 08.7.83 - CVE: Not Available
  • Platform: Web Application
  • Title: DMSGuestbook Multiple Input Validation Vulnerabilities
  • Description: DMSGuestbook is a guestbook plugin for WordPress. The application is exposed to multiple input validation issues. RunCMS version 1.6 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487437
  • 08.7.84 - CVE: Not Available
  • Platform: Web Application
  • Title: Gelato CMS "Comments.php" HTML Injection
  • Description: Gelato CMS is a PHP-based content manager. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input data. This issue occurs in the "comments" form field parameter of the "comment.php" script. Gelato CMS version 0.95 is affected.
  • Ref: http://www.securityfocus.com/bid/27587
  • 08.7.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Anon Proxy Server Remote Authentication Buffer Overflow
  • Description: Anon Proxy Server is a web-based anonymous proxy server. It is implemented in PHP and C. The application is exposed to a remote buffer overflow issue due to a failure of the application to sufficiently bounds check user-supplied input. Anon Proxy Server versions prior to 0.103 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487446
  • 08.7.86 - CVE: Not Available
  • Platform: Web Application
  • Title: BlogPHP "index.php" SQL Injection Vulnerability and Cross-Site Scripting
  • Description: BlogPHP is a web-log application. The application is exposed to multiple input validation issues because the application fails to sufficiently sanitize user-supplied input. BlogPHP version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27591/references
  • 08.7.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Openads Delivery Engine Remote Code Execution
  • Description: Openads (formerly known as phpAdsNew) is a PHP-based ad server. The application is exposed to an issue that lets remote attackers execute arbitrary code because it fails to sufficiently sanitize user-supplied input to an unspecified parameter of the Delivery Engine. Openads versions prior to 2.4.3 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487486
  • 08.7.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Textpattern 4.0.5 Multiple Security Vulnerabilities
  • Description: Textpattern is a content manager. The application is exposed to multiple security issues. Textpattern version 4.0.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487483
  • 08.7.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Magnolia CE "ActivationHandler" URL Security Bypass
  • Description: Magnolia CE is a content management system implemented in Java. The application is exposed to a security bypass issue because it fails to check permissions in the "/ActivationHandler" URL when adding content to the web site. Magnolia CE versions prior to 3.5.4 are affected.
  • Ref: http://jira.magnolia.info/browse/MAGNOLIA-2021
  • 08.7.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Portail Web Php "site_path" Multiple Remote File Include Vulnerabilities
  • Description: PHP Web Portail is a web portal. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "site_path" parameter. Portail Web Php version 2.5.1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27616
  • 08.7.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Download Management for PHP-Fusion Multiple Local File Include Vulnerabilities
  • Description: Download Management is a module for PHP-Fusion CMS that provides file management functionality. The application is exposed to multiple local file include issues because it fails to properly sanitize user-supplied input to the "settings[locale]" parameter of the "infusion.php" and "download_management.php" scripts. Download Management version 1.00 is affected.
  • Ref: http://www.securityfocus.com/bid/27618
  • 08.7.92 - CVE: Not Available
  • Platform: Web Application
  • Title: VHD Web Pack "index.php" Local File Include
  • Description: VHD Web Pack (Virtual Hard Drive Web Pack) is a web-based application for online file storing and sharing. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "page" parameter of the "index.php" script. VHD Web Pack version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27621
  • 08.7.93 - CVE: Not Available
  • Platform: Web Application
  • Title: XOOPS "lang" Parameter Local File Include
  • Description: XOOPS is a PHP-based content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "lang" HTTP POST parameter of the "htdocs/install/index rd_go" is passed to the affected script as an argument to the "act" parameter. Mihalism Multi Host version 3.0.0 is affected. ` Ref: http://www.securityfocus.com/bid/27651
  • 08.7.94 - CVE: CVE-2008-0564
  • Platform: Web Application
  • Title: Mailman "list templates" and "list info" Multiple HTML Injection Vulnerabilities
  • Description: Mailman is a mailing list manager. The application is exposed to multiple HTML injection issues because it fails to properly sanitize user-supplied input. The issues occur when editing the "list templates" and "list info" attributes. Mailman version 2.1.9 is affected. Ref: http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
  • 08.7.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Documentum Products "dmclTrace.jsp" Arbitrary File Overwrite
  • Description: Documentum Administrator is a tool used to deploy and configure new Documentum environments. Documentum Webtop is a browser-based tool for accessing Documentum repositories. The application is exposed to an issue that could permit an attacker to overwrite arbitrary files because of a failure to validate user-supplied input. This issue affects the "filename" attribute of the "dmclTrace.jsp" script. Documentum Administrator version 5.3.0.313 and Documentum Webtop version 5.3.0.317 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487603
  • 08.7.96 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "wp-admin/options.php" Remote Code Execution
  • Description: WordPress allows users to generate news pages and web logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to an arbitrary code execution issue because it fails to properly sanitize user-supplied input. This issue affects "wp-admin/options.php". WordPress versions 2.3.2 and earlier and WordPress MU versions prior to 1.3.2 are affected. Ref: http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
  • 08.7.97 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenSiteAdmin "path" Multiple Remote File Include Vulnerabilities
  • Description: OpenSiteAdmin is a project that lets users create a content management system for web sites. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "path" parameter. OpenSiteAdmin version 0.9.1 Beta is affected.
  • Ref: http://www.securityfocus.com/bid/27640
  • 08.7.98 - CVE: CVE-2008-0215
  • Platform: Web Application
  • Title: HP Storage Essentials SRM Unspecified Remote Unauthorized Access
  • Description: HP Storage Essentials SRM (Storage Resource Management) is exposed to an unspecified unauthorized-access issue. Storage Essentials SRM Standard and Enterprise versions prior to 6.0.0 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487653
  • 08.7.99 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress "xmlrpc.php" Post Edit Unauthorized Access
  • Description: WordPress allows users to generate news pages and web-logs dynamically; it is implemented in PHP with a MySQL database. The application is exposed to an unauthorized access issue in the "xmlrpc.php" script when editing posts. Specifically, the application allows attackers to edit other user's posts without proper authorization. WordPress versions prior to 2.3.3 are affected.
  • Ref: http://wordpress.org/development/2008/02/wordpress-233/
  • 08.7.100 - CVE: Not Available
  • Platform: Web Application
  • Title: mini-pub "sFileName" Parameter Multiple Input Validation Vulnerabilities
  • Description: mini-pub is a news publishing script. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. mini-pub version 0.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/487695
  • 08.7.101 - CVE: Not Available
  • Platform: Web Application
  • Title: MODx HTML Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
  • Description: MODx is a content management system (CMS) and web-application framework. The application is exposed to multiple input validation issues because it fails to properly sanitize user-supplied input. MODx versions 0.9.6.1 and 0.9.6.1p1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/487696
  • 08.7.102 - CVE: Not Available
  • Platform: Network Device
  • Title: MicroTik RouterOS SNMP SET Denial of Service
  • Description: MicroTik RouterOS is an operating system that converts PCs into routers. The application is exposed to a denial of service issue and can be triggered by sending specially-crafted SNMP SET UDP packets to a device running the affected application. RouterOS versions up to and including version 3.2 are affected.
  • Ref: http://www.securityfocus.com/bid/27599

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

Consistently some of the best training available. It is apparent that SANS updates their course content and SANS instructors are established experts in the field.
-Ryan Macfarlane, FBI

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"SANS is far more in-depth than other training I have attended."
- Frank Rajnai, Sears Canada Inc