Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 9
February 28, 2008

SANS Newsletters Home

The only vulnerability rated CRITICAL this week is a buffer overflow in TrendMicro's antivirus tool. No patch available yet. Notice, however, that more than 100 new vulnerabilities were reported this week - lots of them in web applications. We cannot ask programmers to write safe code if we don't teach them how to do it. SANS has just completed the first major course in secure coding in Java. If you know anyone who builds web apps in Java, tell them we have a special 35% discount on the Secure Coding in Java course April 22-25 in Orlando. (in return for the discount we will ask them to provide critical feedback so we can discover ways to make the course even better). Course info at http://www.sans.org/sans2008/description.php?tid=1937 Get the discount code from Mason Brown at mbrown@sans.org. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Microsoft Office
    • 1
    • Third Party Windows Apps
    • 7 (#1, #3, #5, #6)
    • Linux
    • 3
    • BSD
    • 2
    • Solaris
    • 3
    • Unix
    • 3
    • Cross Platform
    • 19 (#2, #4, #7)
    • Web Application - Cross Site Scripting
    • 10
    • Web Application - SQL Injection
    • 38
    • Web Application
    • 18
    • Network Device
    • 3

**************************** Sponsored By SANS **************************

Application security is rapidly passing the other hot areas to be the highest priority investment organizations are making in protecting their growing online presence. Join other professionals at the Application Security Summit June 2-3. Hear what your peers are doing in this space and what the best tools are to address Application Security. http://www.sans.org/info/24649

*************************************************************************

TRAINING UPDATE Where can you find the newest Penetration Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web Application Development, Security Essentials, Forensics, Wireless, Auditing, CISSP, and SANS' other top-rated courses? - - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad bonus sessions and a huge exhibition of security products: http://www.sans.org/sans2008 - - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08 - - San Diego (5/9-5/16) http://www.sans.org/securitywest08 - - Toronto (5/10-5/16) http://www.sans.org/toronto08 - - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Microsoft Office
Third Party Windows Apps
Linux
BSD
Solaris
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links: ***************************

1) Learn what's effective in penetration testing and vulnerability assessments. Penetration Testing and Ethical Hacking Summit June 2-3. http://www.sans.org/info/24654

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Trend Micro OfficeScan Password Handling Buffer Overflow
  • Affected:
    • Trend Micro OfficeScan versions 8.0 and prior

  • Description: OfficeScan is an enterprise antivirus product from Trend Micro. It contains a buffer overflow in its handling of passwords when authenticating users. A specially crafted request containing an overlong password could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Full technical details and multiple proofs-of-concept are publicly available for this vulnerability. Note that some versions of OfficeScan crash rather than allow remote code execution, meaning that on those versions of OfficeScan, this vulnerability is only a denial-of-service. An additional denial-of-service vulnerability is also disclosed in this advisory.

  • Status: Trend Micro has not confirmed, no updates available.

  • References:
  • (2) HIGH: Mozilla Thunderbird MIME Handling Buffer Overflow
  • Affected:
    • Mozilla Thunderbird versions prior to 2.0.0.12

  • Description: Mozilla Thunderbird is an email and news client from the Mozilla Foundation. Thunderbird supports Multipurpose Internet Mail Extensions (MIME), a set of extensions to core email protocols to support non-textual data in email messages. A flaw in parsing certain MIME headers could result in a heap buffer overflow. A specially crafted email message could exploit this buffer overflow to execute arbitrary code with the privileges of the current user. This vulnerability can be exploited whenever an email is viewed in Thunderbird. Some technical details are provided in the advisories, and full technical details are available via source code analysis.

  • Status: Mozilla confirmed, updates available. A workaround is also available, as documented in the iDefense and Mozilla advisories below.

  • References:
  • (3) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
  • Affected:
    • Novell iPrint Client versions 4.32 and prior

  • Description: Novell iPrint is a printing technology from Novell that allows users to submit print jobs from web browsers to remote printers using the Internet Printing Protocol (IPP). Part of its functionality is provided by an ActiveX control. This control contains a buffer overflow vulnerability in its "ExecuteRequest" method. A specially crafted web page that invokes this method with an overlong argument could trigger this buffer overflow. Successfully exploiting this flaw would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: Novell confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism. Note that this will impact normal application functionality.

  • References:
  • (5) HIGH: ActivePDF Server Request Handling Buffer Overflow
  • Affected:
    • ActivePDF Server versions 3.8.5.14 and prior

  • Description: ActivePDF is a popular server application for generating Portable Document Format (PDF) files. It contains a flaw in its handling of user requests. A specially crafted packet set to the server could trigger a buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the vulnerable process. Some technical details are publicly available for this vulnerability.

  • Status: ActivePDF confirmed, updates available. Users can mitigate the impact of this vulnerability by blocking access to TCP port 53535 at the network perimeter.

  • References:
  • (6) HIGH: ICQ Format String Vulnerability
  • Affected:
    • ICQ versions 6 and prior

  • Description: ICQ is a popular instant messaging application. It contains a flaw in its handling of received messages. A specially crafted message containing certain formatting characters could trigger a format string vulnerability. Successfully exploiting this vulnerability could allow an attacker to execute arbitrary code with the privileges of the current user. Note that if a user has ICQ configured to accept incoming messages (the default configuration), no user interaction is required to exploit this vulnerability. Some technical details and a simple proof-of-concept are publicly available for this vulnerability.

  • Status: ICQ has not confirmed, no updates available.

  • References:
  • (7) MODERATE: Ghostscript Document Handling Buffer Overflow
  • Affected:
    • GNU Ghostscript versions 8.61 and prior

  • Description: Ghostscript is an open source parsing and display engine for the PostScript (PS) and Portable Document Format (PDF) page description languages. It is the default PS and PDF viewer for a variety of Linux distributions and forms the basis of other PS and PDF viewers. It contains a flaw in its handling of certain PostScript constructions. A specially crafted PS file could trigger this flaw, leading to a stack-based buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Depending upon configuration, Ghostscript may be used to open PostScript documents upon receipt, without further user interaction. Full technical details for this vulnerability and a proof-of-concept are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 9, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 08.09.1 - CVE: Not Available
  • Platform: Microsoft Office
  • Title: Microsoft Word Unspecified Remote Code Execution
  • Description: Microsoft Word is exposed to an unspecified remote code execution issue. Please refer to the following link for further information.
  • Ref: http://www.scmagazineus.com/Olympic-spam-carries-malicious-code-M essageLabs/article/107232/
  • 08.09.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Novell iPrint Client "ienipp.ocx" ActiveX Control Buffer Overflow
  • Description: Novell iPrint Client lets users access printers from remote locations. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Novell iPrint Client versions 4.26 and 4.32 are affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.09.3 - CVE: CVE-2007-4516
  • Platform: Third Party Windows Apps
  • Title: Symantec Storage Foundation for Windows Scheduler Service Denial of Service
  • Description: Symantec Storage Foundation for Windows is a networked storage management tool. The application is exposed to a denial of service issue because it fails to validate user-supplied input. Storage Foundation for Windows version 5.0 is affected. Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=665
  • 08.09.4 - CVE: CVE-2008-6426
  • Platform: Third Party Windows Apps
  • Title: EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
  • Description: EMC RepliStor provides data recovery and protection for Microsoft Windows platforms. The application is exposed to multiple remote heap-based buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input before using it in an insufficiently sized buffer. EMC RepliStor version 6.2 SP2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488410
  • 08.09.5 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Move Media Player Quantum Streaming "qsp2ie07074039.dll" ActiveX Control Buffer Overflow
  • Description: Move Media Player is a web-based multimedia player. Quantum Streaming ActiveX control is a plug-in for Internet Explorer. The control is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied data before copying it into an insufficiently sized buffer. Quantum Streaming "qsp2ie07074039.dll" ActiveX control version 7.7.4.39 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.09.6 - CVE: CVE-2008-0974, CVE-2008-0976, CVE-2008-0977,CVE-2008-0978
  • Platform: Third Party Windows Apps
  • Title: Double-Take Denial of Service and Information Disclosure Vulnerabilities
  • Description: Double-Take is a disaster recovery and backup software application. The application is exposed to multiple remote issues. Double-Take version 5.0.0.2865 and 4.5 are affected.
  • Ref: http://www.securityfocus.com/bid/27951
  • 08.09.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Rising Web Scan Object "OL2005.dll" ActiveX Control Remote Code Execution
  • Description: Rising Web Scan Object is an ActiveX control installed by the online version of Rising Antivirus online scanner. The control is exposed to a remote code execution issue because it fails to properly verify the origin of the dynamic-link library it uses. Rising Web Scan Object "OL2005.dll" version 18.0.0.7 is affected.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.09.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Various IP Security Camera ActiveX Controls "url" Attribute Buffer Overflow
  • Description: D-Link MPEG4 SHM Audio Control, 4xem VatCtrl Class and RTSP MPEG4 SP Control are ActiveX controls for various security cameras. The applications are exposed to a remote buffer overflow issue because they fail to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
  • Ref: http://support.microsoft.com/kb/240797
  • 08.09.9 - CVE: CVE-2007-6418
  • Platform: Linux
  • Title: DSPAM Debian "libdspam7-drv-mysql" Cron Job MySQL Calls Local Information Disclosure
  • Description: DSPAM is a scalable, enterprise-level anti-spam filter. The "libdspam7-drv-mysql" cron job in Debian is exposed to an information disclosure issue because it passes sensitive information as command-line arguments. libdspam7-drv-mysql version 3.6.8-5 is affected.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448519
  • 08.09.10 - CVE: CVE-2008-0932
  • Platform: Linux
  • Title: The SWORD Project Diatheke Unspecified Remote Command Execution
  • Description: Diatheke is a CGI-based, front-end web script for the SWORD Project's Bible software library. The application is exposed to an issue that can result in the execution of arbitrary shell commands. SWORD version 1.5.9 is affected.
  • Ref: http://www.securityfocus.com/bid/27987
  • 08.09.11 - CVE: Not Available
  • Platform: Linux
  • Title: KVM Block Device Backend Local Security Bypass
  • Description: KVM (Kernel-based Virtual Machine) is an open-source virtualization application for Linux. The application is exposed to a local security bypass issue because it fails to validate user-supplied input. Ref: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html
  • 08.09.12 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD "tcp_respond()" Remote Denial of Service
  • Description: OpenBSD is exposed to a remote denial of service issue because of a flaw in the affected kernel when processing certain TCP packets. This issue occurs in the "tcp_respond()" function in the "sys/netinet/tcp_subr.c" source file. When responding to certain TCP packets, the kernel fails to use the correct TCP header, which can trigger a panic. OpenBSD version 4.2 is affected.
  • Ref: http://www.openbsd.org/errata42.html#007_tcprespond
  • 08.09.13 - CVE: Not Available
  • Platform: BSD
  • Title: OpenBSD IPv6 Routing Headers Remote Denial of Service
  • Description: OpenBSD is exposed to a remote denial of service issue because of a flaw in the affected kernel when processing certain TCP packets. This issue occurs in the "ip6_check_rh0hdr()" function in the "sys/netinet6/ip6_input.c" source file and can be exploited by sending a specially crafted packet with malformed IPv6 routing headers. OpenBSD version 4.2 is affected.
  • Ref: http://www.openbsd.org/errata42.html
  • 08.09.14 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris cpc(3CPC) Sub-System Local Denial of Service Vulnerabilities
  • Description: Sun Solaris is an enterprise-grade Unix distribution. The application is exposed to two denial of service issues due to two separate race-condition errors that affect the CPU Performance Counters (cpc(3CPC)) sub-system of the Solaris kernel. Solaris 10 for SPARC and x86 architectures is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231466-1
  • 08.09.15 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris DTrace Dynamic Tracing Framework Information Disclosure
  • Description: Sun Solaris is an enterprise-level Unix distribution. The application is exposed to an information disclosure issue that affects the DTrace dynamic tracing framework because it fails to properly validate access before allowing users to perform certain actions. Solaris 10 for SPARC and x86 platforms is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231803-1
  • 08.09.16 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Internet Protocol "ip(7P)" Security Bypass and Denial of Service Vulnerabilities
  • Description: Sun Solaris is an enterprise-level Unix distribution. The application is exposed to a security-bypass and denial of service issue due to an unspecified error affecting Internet Protocol implementation (ip(7P)). Sun Solaris versions 8, 9 and 10 for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200183-1
  • 08.09.17 - CVE: CVE-2008-0162
  • Platform: Unix
  • Title: splitvt "xprop" Local Privilege Escalation
  • Description: splitvt is a VT100 window splitter, designed to allow the user two command line interfaces in one terminal window. The application is exposed to a local privilege escalation issue because the application fails to drop group privileges prior to executing "xprop".
  • Ref: http://www.securityfocus.com/bid/27936
  • 08.09.18 - CVE: CVE-2008-0882
  • Platform: Unix
  • Title: CUPS "process_browse_data()" Remote Double Free Denial of Service
  • Description: CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix-based systems. The application is exposed to a remote denial of service issue because it fails to protect against a double-free condition. CUPS version 1.3.5 is affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0157.html
  • 08.09.19 - CVE: CVE-2008-0596, CVE-2008-0597
  • Platform: Unix
  • Title: CUPS Multiple Remote Denial of Service Vulnerabilities
  • Description: CUPS, Common Unix Printing System, is a widely used set of printing utilities for Unix-based systems. The application is exposed to two remote denial of service issues. CUPS versions 1.1.17 and 1.1.22 are affected.
  • Ref: http://rhn.redhat.com/errata/RHSA-2008-0153.html
  • 08.09.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Zilab Chat and Instant Messaging (ZIM) Server Multiple Vulnerabilities
  • Description: Zilab Chat and Instant Messaging (ZIM) Server is a chat and Instant Messaging server for Microsoft Windows platforms. The application is exposed to multiple issues that include denial of service conditions and memory-corruption issues. Zilab Chat and Instant Messaging (ZIM) Server versions 2.0 and 2.1 are affected.
  • Ref: http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
  • 08.09.21 - CVE: CVE-2008-0638
  • Platform: Cross Platform
  • Title: Symantec Storage Foundation Veritas Enterprise Administrator Heap Buffer Overflow
  • Description: Symantec Storage Foundation is an online storage manager. Symantec Veritas Enterprise Administrator (VEA) is the management GUI component of Symantec Storage Foundation. The application is exposed to a remote heap-based buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data.
  • Ref: http://www.securityfocus.com/archive/1/488420
  • 08.09.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sybase MobiLink Multiple Heap Buffer Overflow Vulnerabilities
  • Description: Sybase MobiLink is software for the two-way synchronization of data between a central, consolidated database and a number of remote databases. The application is part of Sybase's SQL Anywhere Studio package. The application is exposed to multiple heap-based buffer overflow issues because the software fails to perform adequate boundary checks on user-supplied data. MobiLink version 10.0.1.3629 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488409
  • 08.09.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail Real CGI Executables Remote Buffer Overflow
  • Description: SurgeMail is a mail server application. The application is exposed to a remote buffer overflow issue because it fails to properly bounds check user-supplied input. The issue occurs when handling environment strings. SurgeMail version 38k4 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/488741
  • 08.09.24 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeFTP "Content-Length" Parameter NULL Pointer Denial of Service
  • Description: SurgeFTP is a file-transfer-protocol server available for multiple operating platforms. The application is exposed to a remote denial of service issue because it fails to perform adequate boundary checks on user supplied input. SurgeFTP version 2.3a2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488745
  • 08.09.25 - CVE: Not Available
  • Platform: Cross Platform
  • Title: lighttpd File Descriptor Array Remote Denial of Service
  • Description: lighttpd is a freely available webserver application. The application is exposed to a remote denial of service issue. Specifically under certain circumstances the number of file descriptors given to the application can be larger than the number used by the application to allocate the file descriptor array. This will cause the application to crash. lighttpd version 1.4.18 is affected.
  • Ref: http://trac.lighttpd.net/trac/ticket/1562
  • 08.09.26 - CVE: CVE-2008-0894
  • Platform: Cross Platform
  • Title: Apple Safari BMP and GIF Files Remote Denial of Service and Information Disclosure
  • Description: Apple Safari is a web browser available for multiple operating systems. Safari is exposed to a remote issue that may lead to a denial of service condition or information disclosure. This issue occurs when the application tries to handle malformed image files.
  • Ref: http://www.securityfocus.com/archive/1/488264
  • 08.09.27 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mozilla Firefox Domain Extensions Insecure Cookie Access
  • Description: Mozilla Firefox is a web browsing application available for multiple operating platforms. The application is exposed to an issue that allows attackers to set cookies for certain domain extensions. Mozilla Firefox 2 versions are affected.
  • Ref: http://www.securityfocus.com/bid/27950
  • 08.09.28 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Interstage Application Server Single Sign-On Buffer Overflow
  • Description: Fujitsu Interstage Application Server is a Java-based application server. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html
  • 08.09.29 - CVE: CVE-2008-0923
  • Platform: Cross Platform
  • Title: VMWare Products Shared Folders "MultiByteToWideChar()" Variant Directory Traversal
  • Description: Multiple VMWare products are prone to a directory traversal vulnerability that affects shared folders. This issue occurs when the "MultiByteToWideChar()" handles "PathName" parameter arguments. VMware Workstation versions 6.0.2, 5.5.4 and earlier, VMware Player versions 2.0.2, 1.0.4 and earlier, VMware ACE versions 2.0.2, 1.0.2 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/488725
  • 08.09.30 - CVE: Not Available
  • Platform: Cross Platform
  • Title: MyServer Mutltiple HTTP Methods "204 Not Content" Error Remote Denial of Service Vulnerabilities
  • Description: MyServer is a scalable web server application available for Windows and Linux operating platforms. The application is exposed to multiple remote denial of service issues because it fails to adequately handle HTTP method requests that return a "204 No Content" error. MyServer version 0.8.11 is affected.
  • Ref: http://www.securityfocus.com/bid/27981
  • 08.09.31 - CVE: Not Available
  • Platform: Cross Platform
  • Title: SurgeMail and WebMail "Page" Command Remote Format String
  • Description: SurgeMail and WebMail are webmail applications. The applications are exposed to a remote format string issue because they fail to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted printing function. Netwin SurgeMail versions 38k4 beta 39a and earlier, and Netwin WebMail versions 3.1s and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27990
  • 08.09.32 - CVE: Not Available
  • Platform: Cross Platform
  • Title: DNSSEC-Tools libval Security Bypass
  • Description: DNSSEC-Tools is a set of applications and libraries that help in deployment of DNSSEC-related solutions. The application is exposed to a security bypass issue due to an error in the libval DNSSEC validation library. DNSSEC-Tools versions prior to 1.3.2 are affected. Ref: http://dnssec-tools.svn.sourceforge.net/viewvc/dnssec-tools?view=rev&revision=3872
  • 08.09.33 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Decomposer Resource Consumption Denial of Service
  • Description: Symantec Decomposer is an application used to parse certain archives while scanning for malicious content. Decomposer is exposed to an issue that results in denial of service conditions because it fails to adequately parse user-supplied input.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.02.27.html
  • 08.09.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symantec Decomposer Unspecified Remote Buffer Overflow
  • Description: Symantec Decomposer is exposed to a remote unspecified buffer overflow issue because the application fails to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer.
  • Ref: http://www.symantec.com/avcenter/security/Content/2008.02.27.html
  • 08.09.35 - CVE: CVE-2008-0984
  • Platform: Cross Platform
  • Title: VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution
  • Description: VideoLAN VLC media player is a multimedia application available for multiple operating platforms. The application is exposed to a remote code execution issue because it fails to adequately parse specially crafted MP4 files. VideoLAN VLC media player versions prior to 0.8.6e are affected.
  • Ref: http://www.videolan.org/security/sa0802.html
  • 08.09.36 - CVE: CVE-2008-0304
  • Platform: Cross Platform
  • Title: Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
  • Description: Mozilla Thunderbird is a cross-platform mail client for Windows, Linux, and Apple Mac OS X. The application is exposed to a remote heap-based buffer overflow issue because it fails to properly bounds-check user-supplied data. Mozilla Thunderbird versions prior to 2.0.0.12 are affected.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
  • 08.09.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: activePDF Server Packet Processing Remote Heap Overflow
  • Description: activePDF Server is used to generate and convert PDF files. It is available for Microsoft Windows platforms. The application is exposed to a remote heap overflow issue because it fails to perform adequate boundary checks on user-supplied input. activePDF Server versions 3.8.4 and 3.8.5.14 are affected.
  • Ref: http://secunia.com/secunia_research/2007-87/advisory/
  • 08.09.38 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Symark PowerBroker Client Multiple Local Buffer Overflow Vulnerabilities
  • Description: Symark PowerBroker is privilege-management software for various platforms. It facilitates centralized access to all superuser accounts in an enterprise environment. The application is exposed to multiple local buffer overflow issues because it fails to perform adequate boundary checks on user-supplied input. Symark PowerBroker versions from 2.8 upto and including 5.0.1 are affected.
  • Ref: http://www.symark.com/support/PBFeb2008Announcement.html
  • 08.09.39 - CVE: CVE-2008-0780, CVE-2008-0781
  • Platform: Web Application - Cross Site Scripting
  • Title: MoinMoin Multiple Cross-Scripting Vulnerabilities
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for Unix and Linux platforms. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. MoinMoin versions 1.5.8 and earlier are affected and also MoinMoin versions 1.6.x prior to 1.6.1 are affected.
  • Ref: http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d
  • 08.09.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Tor World CGI Scripts Unspecified Cross-Site Scripting Vulnerabilities
  • Description: Multiple CGI scripts from Tor World are prone to cross-site scripting issues because the scripts fail to sanitize user-supplied input to unspecified parameters.
  • Ref: http://www.securityfocus.com/bid/27919
  • 08.09.41 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: IBM Lotus Quickr QuickPlace Server Calendar "Count" Parameter Cross-Site Scripting
  • Description: Lotus Quickr, the latest evolution of Lotus QuickPlace, is a content collaboration and sharing system available for multiple operating platforms. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "Count" parameter when opening a document in the "QuickPlace Calender" feature. Lotus Quickr version 8.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27925
  • 08.09.42 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: OSSIM Open Source Security Information Management "login.php" Cross-Site Scripting
  • Description: OSSIM (Open Source Security Information Management) is a compilation of common security tools that are managed in a web console. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "dest" parameter of the "/ossim/session/login.php" script. OSSIM version 0.9.9rc5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488450
  • 08.09.43 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Citrix MetaFrame Web Manager "login.asp" Cross-Site Scripting
  • Description: MetaFrame is remote desktop software distributed by Citrix. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input to the "NFuse_Message" parameter of the "login.asp" script.
  • Ref: http://www.securityfocus.com/bid/27948
  • 08.09.44 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: TikiWiki "tiki-edit_article.php" Cross-Site Scripting
  • Description: TikiWiki is a PHP-based wiki application. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to unspecified parameter of the "tiki-special_chars.php" script. TikiWiki versions prior to 1.9.10.1 are affected.
  • Ref: http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498
  • 08.09.45 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Matt's Whois "mwhois.php" Cross-Site Scripting
  • Description: Matt's Whois is lookup script. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "domain" parameter of the "mwhois.php" script.
  • Ref: http://www.securityfocus.com/bid/27974
  • 08.09.46 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Packeteer PacketShaper and PolicyCenter "whatever.htm" Cross-Site Scripting
  • Description: Packeteer PacketShaper is a hardware device for controlling and managing bandwidth. PolicyCenter monitor performance and bandwidth utilization for each web application running on the computer. The application is exposed to cross-site scripting issue because they fail to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/archive/1/488712
  • 08.09.47 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Alkacon OpenCms "tree_files.jsp" Cross-Site Scripting
  • Description: Alkacon OpenCms is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "resource" parameter of the "treefiles.jsp" script.
  • Ref: http://www.securityfocus.com/archive/1/488708
  • 08.09.48 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Plume CMS "manager/xmedia.php" Cross-Site Scripting
  • Description: Plume CMS is a CMS for managing dynamic web content, blogs, and customer forums. The application is exposed to cross-site scripting attacks because it fails to sufficiently sanitize user-supplied input to the "dir" parameter of the "manager/xmedia.php" script. Plume CMS version 1.2.2 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html
  • 08.09.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Manuales Module "cid" Parameter SQL Injection
  • Description: Manuales is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it in an SQL query. Manuales version 0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27933
  • 08.09.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke NukeC Module "id_catg" Parameter SQL Injection
  • Description: NukeC is an advertising module for PHP-Nuke. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id_catg" parameter before using it in an SQL query. NukeC version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/27937
  • 08.09.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS "prayerlist" Module "cid" Parameter SQL Injection
  • Description: The "prayerlist" module is a component for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "classifieds" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488458
  • 08.09.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: RunCMS MyAnnonces Module "cid" Parameter SQL Injection
  • Description: MyAnnonces is a plugin for the RunCMS content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "MyAnnonces" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27902
  • 08.09.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS eEmpregos Module "index.php" SQL Injection
  • Description: eEmpregos is a module for the XOOPS CMS. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488358
  • 08.09.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Highwood Design hwdVideoShare "Itemid" Parameter SQL Injection
  • Description: hwdVideoShare is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "ItemId" parameter of the "com_hwdvideoshare" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27907
  • 08.09.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Okul Module "okulid" Parameter SQL Injection
  • Description: Okul is a module for the PHP-Nuke content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "okulid" parameter of the "Okul" module before using it in an SQL query. Okul version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27909
  • 08.09.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Docum Module "artid" Parameter SQL Injection
  • Description: Docum is a module for the PHP-Nuke content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "Docum" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27912
  • 08.09.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Inhalt Module "cid" Parameter SQL Injection
  • Description: Inhalt is a module for the content management system PHP-Nuke. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27886
  • 08.09.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iScripts MultiCart "productdetails.php" SQL Injection
  • Description: iScripts MultiCart is a web-based ecommerce application. The application is exposed to an SQL injection issue because it fails to properly sanitize the "productid" parameter of the "productdetails.php" script. MultiCart version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27916
  • 08.09.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo 'com_clasifier' Component "cat_id" Parameter SQL Injection
  • Description: The "com_pccookbook" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cat_id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27917
  • 08.09.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_joomlavvz" Component "id" Parameter SQL Injection
  • Description: The "com_joomlavvz" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488424
  • 08.09.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo COM_MOST SQL Injection
  • Description: The "com_most" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "secid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488454
  • 08.09.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_asortyment" Component "katid" Parameter SQL Injection
  • Description: The "com_most" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "katid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488459
  • 08.09.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_inter" Component "id" Parameter SQL Injection
  • Description: The "com_inter" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488703
  • 08.09.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo Referenzen Component "id" Parameter SQL Injection
  • Description: Referenzen is a reference component for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "detail" parameter of the "com_referenzen" component before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488422
  • 08.09.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: OSSIM Open Source Security Information Management "modifyportform.php" SQL Injection
  • Description: OSSIM (Open Source Security Information Management) is a compilation of common security tools that are managed in a web console. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "portname" parameter of the "/ossim/port/modifyportform.php" script before using it in an SQL query. OSSIM version 0.9.9rc5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488450
  • 08.09.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: beContent "news.php" SQL Injection
  • Description: beContent is a web-based application framework. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "news.php" script before using it in an SQL query. beContent version .031 is affected.
  • Ref: http://www.securityfocus.com/bid/27928
  • 08.09.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Classifieds Module SQL Injection
  • Description: Classifieds is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Details" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488440
  • 08.09.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS Tiny Event SQL Inejction
  • Description: Tiny Event is an event calendar module for the XOOPS content management system. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "print" option of "index.php" before using it in an SQL query. Tiny Event version 1.01 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488451
  • 08.09.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Downloads Module "sid" Parameter SQL Injection
  • Description: Downloads is a module for the PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488452
  • 08.09.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Recipe Module "recipeid" Parameter SQL Injection
  • Description: Recipe is a cookbook module for PHP-Nuke. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "recipieid" parameter of the "modules.php" script when the "name" parameter is set to "Recipe". Recipe version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488649
  • 08.09.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_hello_world" Component 'id' Parameter SQL Injection
  • Description: The "com_hello_world" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488652
  • 08.09.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Gallery Module "aid" Parameter SQL Injection
  • Description: Gallery is a photo gallery module for PHP-Nuke. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "aid" parameter when the "module" parameter is set to "aid". Gallery version 1.3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488649
  • 08.09.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Sections Module "artid" Parameter SQL Injection
  • Description: Sections is a module for PHP-Nuke content manager. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "artid" parameter.
  • Ref: http://www.securityfocus.com/archive/1/488653
  • 08.09.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: auraCMS "lihatberita" Module "id" Parameter SQL Injection
  • Description: auraCMS is a content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter when the "pilih" parameter is set to "lihatberita".
  • Ref: http://www.securityfocus.com/archive/1/488652
  • 08.09.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_publication" Component "pid" Parameter SQL Injection
  • Description: The "com_publication" component is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_publication" module before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488690
  • 08.09.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_blog" Component "pid" Parameter SQL Injection
  • Description: "com_blog" is a module for the Joomla! and Mambo content managers. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "pid" parameter of the "com_blog" component.
  • Ref: http://www.securityfocus.com/bid/27971
  • 08.09.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Gary's Cookbook "id" Parameter SQL Injection
  • Description: Gary's Cookbook ("com_garyscookbook") is a component module for the Joomla! and Mambo content management systems. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_garyscookbook" component.
  • Ref: http://www.securityfocus.com/archive/1/488696
  • 08.09.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Softbiz Jokes and Funny Pictures Script "sbcat_id" Parameter SQL Injection
  • Description: Softbiz Jokes and Funny Pictures Script is a web-based application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "sbcat_id" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/488706
  • 08.09.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_wines" Component "id" Parameter SQL Injection
  • Description: "com_wines" is a winebook component module for the Joomla! and Mambo content management systems. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_wines" component.
  • Ref: http://www.securityfocus.com/archive/1/488698
  • 08.09.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Galore Simple Shop SQL Injection
  • Description: Simple Shop is a shopping-cart component module for the Joomla! and Mambo content management systems. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "section" parameter of the "com_simpleshop" component.
  • Ref: http://www.securityfocus.com/archive/1/488692
  • 08.09.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: XOOPS XM-Memberstats Module SQL Injection
  • Description: XOOPS XM-Memberstats is a member statistics module for the XOOPS content manager. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "letter" and "sortby" parameters of the "xmmemberstats/index.php" script. XOOPS XM-Memberstats version 2.0e is affected.
  • Ref: http://www.securityfocus.com/bid/27979
  • 08.09.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Sell Module "cid" Parameter SQL Injection
  • Description: "Sell" is a shopping-cart module for the PHP-Nuke content management system. The component is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "modules.php" script when the "name" parameter is set to "Sell".
  • Ref: http://www.securityfocus.com/archive/1/488718
  • 08.09.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PORAR Webboard "question.asp" SQL Injection
  • Description: PORAR Webboard is a web-based bulletin board application implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "QID" parameter of the "question.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/27989
  • 08.09.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP-Nuke Kose_Yazilari Module "artid" Parameter Multiple SQL Injection Vulnerabilities
  • Description: Kose_Yazilari module for the PHP-Nuke content managers. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "artid" parameter of the "Kose_Yazilari" module when performing the "viewarticle" or "printpage" operations.
  • Ref: http://www.securityfocus.com/bid/27991
  • 08.09.85 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MiniNuke "members.asp" SQL Injection
  • Description: MiniNuke is a content management system implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter of the "members.asp" script.
  • Ref: http://www.securityfocus.com/bid/28000
  • 08.09.86 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Nukedit "email" Parameter SQL Injection
  • Description: Nukedit is a content manager implemented in ASP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "email" parameter of the "utilities/login.asp" script.
  • Ref: http://www.securityfocus.com/bid/28009
  • 08.09.87 - CVE: Not Available
  • Platform: Web Application
  • Title: Schoolwires Academic Portal SQL Injection and Cross-Site Scripting Vulnerabilities
  • Description: Schoolwires Academic Portal is a content management system implemented in ASP. The application is exposed to an SQL injection issue and a cross-site scripting issue because the application fails to sufficiently sanitize user-supplied input to the "c" parameter of the "browse.asp" script.
  • Ref: http://www.securityfocus.com/bid/27903
  • 08.09.88 - CVE: Not Available
  • Platform: Web Application
  • Title: PunBB Password Reset Weak Random Number Security Bypass
  • Description: PunBB is a bulletin-board application. The application is exposed to an issue that can allow an attacker to determine the password of an arbitrary user due to a design flaw in its "Password Reset" functionality. This issue occurs when a user generates a random password and its associated activation link with this feature. PunBB versions prior to 1.2.17 are affected.
  • Ref: http://www.securityfocus.com/archive/1/488408
  • 08.09.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Globsy "globsy_edit.php" Local File Include
  • Description: Globsy is a PHP framework for the Google Talk network. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "globsy_edit.php" script. Globsy version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/27910
  • 08.09.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Invision Power Board BBCode Handling Unspecified HTML Injection
  • Description: Invision Power Board (IP.Board) is a content manager. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Invision Power Board version 2.3.4 released prior to February 20, 2008 is affected.
  • Ref: http://forums.invisionpower.com/index.php?showtopic=269961
  • 08.09.91 - CVE: Not Available
  • Platform: Web Application
  • Title: DrBenHur.com DBHcms "mod.extmanager.php" Remote File Include
  • Description: DrBenHur.com DBHcms is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "do" parameter of the "dbhcms/mod/mod.extmanager.php" script. DrBenHur.com DBHcms versions 1.1.4 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27996
  • 08.09.92 - CVE: Not Available
  • Platform: Web Application
  • Title: Aeries Student Information System Multiple Input Validation Vulnerabilities
  • Description: Aeries Student Information System is a school administration application implemented in ASP. The application is exposed to multiple input validation issues. Aeries Student Information System versions 3.8.2.8 and 3.7.2.2 are affected.
  • Ref: http://www.securityfocus.com/archive/1/488428
  • 08.09.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Quantum Game Library "CONFIG[gameroot]" Parameter Multiple Remote File Include Vulnerabilities
  • Description: Quantum Game Library is a PHP-based application that centralizes common game elements. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "CONFIG[gameroot]" parameter of the following scripts: "server_request.php" and "qlib/smarty.inc.php". Quantum Game Library version 0.7.2c is affected.
  • Ref: http://www.securityfocus.com/bid/27945
  • 08.09.94 - CVE: Not Available
  • Platform: Web Application
  • Title: phpProfiles "body_comm.inc.php" Remote File Include
  • Description: phpProfiles is a profile management application implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "body_comm.inc.php" script. phpProfiles version 4.5.2 is affected.
  • Ref: http://www.securityfocus.com/bid/27952
  • 08.09.95 - CVE: Not Available
  • Platform: Web Application
  • Title: PHPEcho CMS "Smarty.class.php" Remote File Include
  • Description: PHPEcho CMS is a content management system implemented in PHP. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "smarty_compile_path" parameter of the "Smarty.class.php" script. PHPEcho CMS version 2.0-rc3 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488661
  • 08.09.96 - CVE: Not Available
  • Platform: Web Application
  • Title: LWS php Download Manager "body.inc.php" Local File Include
  • Description: LWS php Download Manager is a web-based application that provides download and file masking functionality. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "content" parameter of the "include/body.inc.php" script. php Download Manager versions 1.1 and 1.0 are affected.
  • Ref: http://www.securityfocus.com/bid/27961
  • 08.09.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Portail Web Php Multiple Remote And Local File Include Vulnerabilities
  • Description: Portail Web Php is a PHP-based content manager. The application is exposed to multiple remote and local file include issues because it fails to sufficiently sanitize input. Portail Web Php versions 2.5.1.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/27962
  • 08.09.98 - CVE: Not Available
  • Platform: Web Application
  • Title: LWS php User Base "header.inc.php" Remote File Include
  • Description: LWS php User Base is a PHP-based user management system. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "menu" parameter of the "templates/default/header.inc.php" script. php User Base version 1.3 BETA is affected.
  • Ref: http://www.securityfocus.com/bid/27963
  • 08.09.99 - CVE: Not Available
  • Platform: Web Application
  • Title: LWS php User Base "unverified.inc.php" Local File Include
  • Description: LWS php User Base is a PHP-based user management system. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "template" parameter of the "include/unverified.inc.php" script. php User Base version 1.3 BETA is affected.
  • Ref: http://www.securityfocus.com/bid/27964
  • 08.09.100 - CVE: Not Available
  • Platform: Web Application
  • Title: phpRaider Resistance Field HTML Injection
  • Description: phpRaider is a web-based raid management application for MMORPGs (Massive Multiplayer Online Role Playing Game). The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "resistance" field of character profiles. phpRaider version 1.0.7 is affected.
  • Ref: http://www.securityfocus.com/bid/27976
  • 08.09.101 - CVE: Not Available
  • Platform: Web Application
  • Title: WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
  • Description: Sniplets is a text insertion plugin for WordPress. The application is exposed to multiple input validation issues. WordPress Sniplets version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/488734
  • 08.09.102 - CVE: Not Available
  • Platform: Web Application
  • Title: H-Sphere SiteStudio Unspecified Issues
  • Description: H-Sphere SiteStudio is a web-based application for site design. The application is exposed to an unspecified issue. H-Sphere SiteStudio versions prior to 1.8b are affected.
  • Ref: http://www.psoft.net/misc/hs_ss_technical_update.html
  • 08.09.103 - CVE: CVE-2008-0124
  • Platform: Web Application
  • Title: S9Y Serendipity "Real Name" Field HTML Injection
  • Description: Serendipity is a blog application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This issue affects the "Real Name" field parameter in the "Dialogue" page contained in the "Personal Settings" section. Serendipity versions prior to 1.3-beta1 are affected.
  • Ref: http://int21.de/cve/CVE-2008-0124-s9y.html
  • 08.09.104 - CVE: Not Available
  • Platform: Web Application
  • Title: IBM ISS Internet Scanner HTML Injection
  • Description: IBM ISS Internet Scanner is a vulnerability assessment application. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to an unspecified parameter before saving it as an HTML report. Internet Scanner version 7.0 Service Pack 2 (build 7.2.2005.52) is affected.
  • Ref: http://www.iss.net/products/Internet_Scanner/product_main_page.html
  • 08.09.105 - CVE: Not Available
  • Platform: Network Device
  • Title: Vocera Communications System PEAP Certificate Verification Security Bypass
  • Description: The Vocera Communications System badge devices are VOIP (Voice Over IP) phone devices. The Vocera Communications System is exposed to a security bypass issue in its PEAP implementation. This is due to a failure of the software to properly validate server certificates. Vocera Communications System badge devices are affected. Ref: http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060453.html
  • 08.09.106 - CVE: Not Available
  • Platform: Network Device
  • Title: ZyXEL Gateway Products Multiple Vulnerabilities
  • Description: ZyXEL gateway products are devices for home and small-office applications that provide gateway functionality and support various interfaces. The application is exposed to multiple issues.
  • Ref: http://www.securityfocus.com/archive/1/488431
  • 08.09.107 - CVE: Not Available
  • Platform: Network Device
  • Title: Nortel UNIStim IP Phone Remote Ping Denial of Service
  • Description: Nortel UNIStim IP Phones are voice-over-IP products that utilize the proprietary Unified Networks IP Stimulus (UNIStim) protocol. The application is exposed to a remote denial of service issue because the software fails to properly handle unexpected network datagrams. Phones with firmware 0604DAS are affected.
  • Ref: http://www.securityfocus.com/archive/1/488782

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

The quality of a SANS course is "exceptional" and the instructors are true experts with real experience.
-Todd Coston, Kern Community College District

SANS Golden Gate 2013 - San Francisco

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"The perfect balance of theory and hands-on experience."
- James D. Perry II, University of Tennessee

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd