LAST CHANCE to save $600 Off Online Courses

@RISK: The Consensus Security Vulnerability Alert

Volume: VII, Issue: 39
September 25, 2008

Firefox and Thunderbird and Apple Mac Java plug in and Sun Java Runtime all had critical vulnerabilities reported this week. Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Other Microsoft Products
    • 1
    • Third Party Windows Apps
    • 8 (#5)
    • Linux
    • 2
    • Mac OS X
    • 1 (#2)
    • Solaris
    • 2
    • Cross Platform
    • 12 (#1, #3)
    • Web Application - Cross Site Scripting
    • 15
    • Web Application - SQL Injection
    • 44
    • Web Application
    • 43
    • Network Device
    • 3 (#4)

************************** Sponsored By SANS ****************************

The Forensics & Incident Response Summit October 13-14 is a user-to-user, non-commercial conference on What Works in Forensics & Incident Response. It is the only place where you can learn methods for ensuring practical and accurate incident response and computer forensics for incidents, and hear users share the lessons they've learned. http://www.sans.org/info/33543

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Other Microsoft Products
Third Party Windows Apps
Linux
Solaris
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************************************************************* TRAINING UPDATE -- NETWORK SECURITY 2008: Las Vegas (9/28-10/6) 50 courses; big security tools expo; lots of evening sessions: http://www.sans.org/ns2008/ -- Monterey (10/31-11/6) http://www.sans.org/info/30738 -- Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/ -- Vancouver (11/17-11/22) http://www.sans.org/vancouver08/ and in 100 other cites and on line any time: www.sans.org

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (2) CRITICAL: Apple Mac OS X Java Plugin Multiple Vulnerabilities
  • Affected:
    • Apple Mac OS X versions 10.5.5 and prior
  • Description: The Java Runtime Environment installed by default on Apple Mac OS X contains multiple vulnerabilities. A flaw in the handling of "file://" URLs by Java applets could allow an applet to execute arbitrary commands with the privileges of the current user. Additionally, a flaw in the handling of Hash-based Message Authentication Codes (HMACs), used to validate applet origin, could lead to a memory corruption vulnerability. Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. It is believed that these vulnerabilities are distinct from the vulnerabilities in the Sun Java Runtime Environment discussed below.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities
  • Affected:
    • Sun Java Runtime Environment versions prior to Java 6 update 7
  • Description: The Sun Java Runtime Environment is the standard implementation of the Java Platform Runtime Environment. It contains multiple vulnerabilities in its handling of scripting in applets. A specially crafted applet could exploit one of these vulnerabilities to escalate its privileges. This would allow the applet to access the vulnerable system with the privileges of the current user. Additional vulnerabilities would allow one applet to interact with another, potentially unrelated, applet. The Sun Java Runtime Environment is installed by default on all Apple Mac OS X systems, Sun Solaris systems, most Unix and Linux-based operating systems, and is commonly installed on Microsoft Windows. Some technical details are publicly available for these vulnerabilities. Note that applets are often executed immeditely upon receipt, without first prompting the user.

  • Status: Vendor confirmed, updates available. Note that this update includes fixes for other, previously-discussed vulnerabilities that were addressed in earlier hotfixes.

  • References:
  • (5) HIGH: FLEXnet Connect ActiveX Control Buffer Overflow
  • Affected:
    • FLEXnet Connect versions 6.x
    • Macromedia InstallShield 2008 Premier
  • Description: FLEXnet Connect is a component used by the Macromedia InstallShield installation suite. It contains a buffer overflow in its handling of certain input. A specially crafted web page that instantiated this control could trigger this buffer overflow. Successfully exploiting this buffer overflow would allow an attacker to execute arbitrary code with the privileges of the current user. Some technical details are publicly available for this vulnerability.

  • Status: Vendor confirmed, updates available. Users can mitigate the impact of this vulnerability by disabling the affected control via Microsoft's "kill bit" mechanism using CLSID "E9880553-B8A7-4960-A668-95C68BED571E".

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 39, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 5549 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.


  • 08.39.1 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Malformed PNG File Remote Denial of Service
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. Internet Explorer is exposed to a remote denial of service issue when handling web pages containing a malformed PNG file. The issue occurs in the "CDwnTaskExec::ThreadExec()" function of the "msHhtml.dll" library when grabbing and running tasks synchronously. Microsoft Internet Explorer 7 and 8 Beta 1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496483

  • 08.39.2 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Kantan WEB Server Unspecified Directory Traversal
  • Description: Kantan WEB Server is a web server application for Microsoft Windows. The application is exposed to an unspecified directory traversal issue because it fails to sufficiently sanitize user-supplied input. Kantan WEB Server versions prior to 1.9 are affected.
  • Ref: http://jvn.jp/en/jp/JVN79026329/index.html

  • 08.39.3 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
  • Description: Acritum Femitter Server is an FTP and HTTP server application available for Microsoft Windows. Femitter Server is exposed to multiple issues. Successfully exploiting these issues may allow an attacker to disclose sensitive information or cause the affected application to crash, denying service to legitimate users. Femitter Server version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/31226

  • 08.39.4 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
  • Description: Data Dynamics ActiveReports is an addon for the Microsoft Visual Studio development tool. Data Dynamics ActiveReports ActiveX control is exposed to multiple insecure method issues. Data Dynamics ActiveReports Professional Edition Build version 2.5.0.1314 is affected.
  • Ref: http://vuln.sg/ddarviewer2501314-en.html

  • 08.39.5 - CVE: CVE-2008-2470
  • Platform: Third Party Windows Apps
  • Title: InstallShield Update Service Agent ActiveX Control Buffer Overflow
  • Description: InstallShield Update Service ActiveX control is included with some InstallShield Windows installers. The control is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied input to the "ExecuteRemote()" method of "isusweb.dll".
  • Ref: http://www.kb.cert.org/vuls/id/630017

  • 08.39.6 - CVE: CVE-2007-2241
  • Platform: Third Party Windows Apps
  • Title: ISC BIND Windows UDP Client Handler Denial of Service
  • Description: ISC BIND (Berkley Internet Domain Name) is an implementation of DNS protocols. ISC BIND for Windows is exposed to a denial of service issue because it fails to handle certain UDP packets. BIND versions 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 for the Windows platform are affected.
  • Ref: http://marc.info/?l=bind-announce&m=122180376630150&w=2

  • 08.39.7 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
  • Description: DESlock+ is a data protection software product available for Windows platforms. The application is exposed to multiple local issues. DESlock+ versions 3.2.7 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31273

  • 08.39.8 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Foxmail Email Client "mailto" Buffer Overflow
  • Description: Foxmail Email Client is a mail client application available for Microsoft Windows. Foxmail Email Client is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Foxmail Email Client version 6.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31294

  • 08.39.9 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Chilkat XML ActiveX Control Multiple Vulnerabilities
  • Description: The Chilkat XML ActiveX control is an XML parser application. The Chilkat XML ActiveX control is exposed to multiple issues. An attacker can exploit these issues by enticing an unsuspecting user to view a malicious HTML page. The Chilkat XML ActiveX control DLL "ChilkatUtil.dll" versions 3.0.3.0 and earlier are affected.
  • Ref: http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS

  • 08.39.10 - CVE: Not Available
  • Platform: Linux
  • Title: Openswan IPsec Livetest Insecure Temporary File Creation
  • Description: Openswan is an implementation of IPsec for Linux. The application creates temporary files in an insecure manner. The issue occurs because the "/usr/libexec/ipsec/livetest" script creates files in an insecure manner.
  • Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374

  • 08.39.11 - CVE: Not Available
  • Platform: Linux
  • Title: strongSwan "mpz_export()" Remote Denial of Service
  • Description: strongSwan is an open-source implementation of an IPSec VPN for Linux. The application is exposed to a remote denial of service issue. Specifically, the issue occurs due to a NULL-pointer dereference in the "mpz_export()" function. strongSwan versions 4.2.6 and prior are affected.
  • Ref: http://labs.mudynamics.com/advisories/MU-200809-01.txt

  • 08.39.12 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Text Editors Local Privilege Escalation
  • Description: Sun Solaris text editors are exposed to a local privilege escalation issue. Specifically, the issue occurs in the Solaris text editors like vi(1), ex(1), vedit(1), view(1), and edit(1) when handling tags. Sun Solaris versions 8, 9 and 10 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237987-1

  • 08.39.13 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris UFS Filesystem "acl(2)" Local Denial of Service
  • Description: Sun Solaris is a UNIX-based operating system. Sun Solaris is exposed to a local denial of service issue due to unspecified errors in the Access Control Lists implementation for UFS file systems. Sun Solaris versions 8, 9, 10 and OpenSolaris for SPARC and x86 platforms are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242267-1

  • 08.39.14 - CVE: Not Available
  • Platform: Cross Platform
  • Title: G DATA InternetSecurity/AntiVirus/TotalCare 2008 "GDTdiIcpt.sys" Memory Corruption
  • Description: G DATA InternetSecurity/AntiVirus/TotalCare 2008 are computer security applications. The applications are exposed to an issue that allows local attackers to corrupt kernel memory. This issue occurs because the software fails to sufficiently validate IOCTL requests.
  • Ref: http://www.trapkit.de/advisories/TKADV2008-008.txt

  • 08.39.15 - CVE: CVE-2008-4116
  • Platform: Cross Platform
  • Title: Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow
  • Description: Apple QuickTime is a media player that supports multiple file formats. The application is exposed to a buffer overflow issue because it fails to properly handle long strings in a file with a recognized header but with a nonmatching filetype. QuickTime version 7.5.5 and iTunes version 8.0 are affected.
  • Ref: http://www.securityfocus.com/bid/31212

  • 08.39.16 - CVE: Not Available
  • Platform: Cross Platform
  • Title: FAAD2 Frontend "decodeMP4file()" Heap-Based Buffer Overflow
  • Description: FAAD2 (Freeware Advanced Audio Decoder) is an open source MPEG-4 and MPEG-2 AAC decoder. FAAD2 is exposed to a heap-based buffer overflow occurring in the "decodeMP4file()" function of the "faad2/frontend/main.c" source file. The application's command-line front end fails to adequately validate input from a buffer returned by the decoder library. FAAD2 version 2.6 is affected.
  • Ref: http://www.audiocoding.com/index.html

  • 08.39.17 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Mercurial hgweb "allowpull" Information Disclosure
  • Description: Mercurial is a source control system available for multiple operating platforms. Mercurial is exposed to an information disclosure issue because it fails to honor specific configuration options. This issue occurs in the "hgweb" component used to provide CGI access to a source repositiory. This component fails to honor the "allowpull" configuration option. Mercurial version 1.0.1 is affected. Ref: http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b

  • 08.39.18 - CVE: CVE-2008-3230
  • Platform: Cross Platform
  • Title: FFmpeg "lavf_demux" Animated GIF Processing Remote Denial of Service
  • Description: FFmpeg is a media player. "lavf_demuxer" is a library used to decode image files. FFmpeg is exposed to a remote denial of service issue that occurs when processing specially-crafted animated GIF media files. This error occurs in the source file "libavformat/gifdec.c". FFmpeg version 0.4.9-pre1 is affected.
  • Ref: http://www.securityfocus.com/bid/31234

  • 08.39.19 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Emacspeak "extract-table.pl" Insecure Temporary File Creation
  • Description: Emacspeak is a desktop audio application. The application creates temporary files in an insecure manner. The issue occurs because the "/usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl" script creates files in an insecure manner.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=460435

  • 08.39.20 - CVE: Not Available
  • Platform: Cross Platform
  • Title: fhttpd Basic Authorization Remote Denial of Service
  • Description: fhttpd is a combination FTP and HTTP server. The server is exposed to a remote denial of service issue because it fails to properly handle malformed Basic authorization requests. fhttpd version 0.4.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31265

  • 08.39.21 - CVE: Not Available
  • Platform: Cross Platform
  • Title: ProFTPD Long Command Handling Security
  • Description: ProFTPD is an FTP server implementation for UNIX and Linux platforms. ProFTPD is exposed to a security issue that allows attackers to perform cross-site request-forgery types of attacks. The issues stem from an error in processing of long FTP commands. The application truncates an overly long FTP command and interprets the remaining string as a new FTP command. ProFTPD version 1.3.1 is affected.
  • Ref: http://bugs.proftpd.org/show_bug.cgi?id=3115

  • 08.39.22 - CVE: Not Available
  • Platform: Cross Platform
  • Title: JBoss Enterprise Application Platform Class Files Information Disclosure
  • Description: JBoss Enterprise Application Platform (EAP) is a tool for developing Web 2.0 applications on a pure Java Platform. JBoss EAP is exposed to a remote information disclosure issue that may allow remote attackers to download class files.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458823

  • 08.39.23 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Multiple Vendors IMAP Servers Denial of Service
  • Description: Multiple vendors' IMAP servers are exposed to a remote denial of service issue caused by an unspecified error when handling IMAP login requests. Specifically, multiple long "A0001 LOGIN" requests can cause certain IMAP daemons to stop accepting connections.
  • Ref: http://www.washington.edu/imap/

  • 08.39.24 - CVE: CVE-2008-3969
  • Platform: Cross Platform
  • Title: BitlBee Unspecified Security Bypass Variant
  • Description: BitlBee is an application that enables users to use Instant Messaging (IM) over Internet Relay Chat (IRC). BitlBee is exposed to an unspecified security-bypass issue. BitlBee versions prior to 1.2.3 are affected.
  • Ref: http://bitlbee.org/main.php/changelog.html

  • 08.39.25 - CVE: CVE-2008-3837, CVE-2008-4058, CVE-2008-4059,CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063,CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067,CVE-2008-4068, CVE-2008-4069, CVE-2008-3836, CVE-2008-3835,CVE-2008-0016
  • Platform: Cross Platform
  • Title: Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
  • Description: The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox versions 2.0.0.16 and prior, Firefox versions 3.0.1 and prior, Thunderbird versions 2.0.0.16 and prior and SeaMonkey versions 1.1.11 and prior.
  • Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-39.html

  • 08.39.26 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sama Educational Management System "Error.asp" Cross-Site Scripting
  • Description: Sama Educational Management System is a web application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "Message" parameter of the "Error.asp" script.
  • Ref: http://www.securityfocus.com/archive/1/496506

  • 08.39.27 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kantan WEB Server Unspecified Cross-Site Scripting
  • Description: Kantan WEB Server is an HTTP server for Microsoft Windows platforms. Kantan WEB Server is exposed to an unspecified cross-site scripting issue because it fails to properly sanitize user-supplied input. Kantan WEB Server versions prior to 1.9 are affected.
  • Ref: http://jvn.jp/en/jp/JVN94163107/index.html

  • 08.39.28 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Quick.Cms.Lite "admin.php" Cross-Site Scripting
  • Description: Quick.Cms.Lite is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input passed to the "admin.php" script. Quick.Cms.Lite version 2.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496435

  • 08.39.29 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Quick.Cart "admin.php" Cross-Site Scripting
  • Description: Quick.Cart is a PHP-based shopping cart application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input passed to the "admin.php" script. Quick.Cart version 3.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496477

  • 08.39.30 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Parallels H-Sphere "login.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: H-Sphere is an automation solution for multiserver hosting; it is available for Linux, BSD, and Windows platforms. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input passed to the "err", "errcode", and "login" parameters of the "login.php" script. H-Sphere versions 3.0.0 Patch 9 and 3.1 Patch 1 are affected.
  • Ref: http://www.securityfocus.com/bid/31256

  • 08.39.31 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: LooYu Web IM Cross-Site Scripting
  • Description: LooYu Web IM is an instant message and chat application for use within a web browser. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input. LooYu Web IM Home Edition, LooYu Web IM Enterprise, and LooYu Web Professional are affected.
  • Ref: http://www.securityfocus.com/archive/1/496531

  • 08.39.32 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: eXtrovert software Thyme "add_calendars.php" Cross-Site Scripting
  • Description: eXtrovert software Thyme is a web-based calendar application. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "callback" of the "add_calendars.php" script. Thyme version 1.3 is affected. Ref: http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html

  • 08.39.33 - CVE: CVE-2008-3098
  • Platform: Web Application - Cross Site Scripting
  • Title: fuzzylime (cms) "usercheck.php" Cross-Site Scripting
  • Description: fuzzylime (cms) is a web-based content management system. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "user" parameter of the "usercheck.php" script. fuzzylime (cms) versions prior to 3.03 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496589

  • 08.39.34 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: BLUEPAGE CMS "index.php" Multiple Cross-Site Scripting Vulnerabilities
  • Description: BLUEPAGE CMS is a PHP-based content management application. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. BLUEPAGE CMS version 2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496582

  • 08.39.35 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: xt:Commerce Session Fixation and Cross-Site Scripting Vulnerabilities
  • Description: xt:Commerce is an ecommerce application. xt:Commerce is exposed to multiple issues. The attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. xt:Commerce version 3.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496583

  • 08.39.36 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: DataSpade "index.asp" Multiple Cross-Site Scripting Vulnerabilities
  • Description: DataSpade is a front end database application that can interface with Microsoft Access and SQL Server. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. DataSpade version 1.0 is affected.
  • Ref: http://pridels-team.blogspot.com/2008/09/dataspade-xss-vuln.html

  • 08.39.37 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Achievo "dispatch.php" Cross-Site Scripting
  • Description: Achievo is a web-based resource-management tool. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "atkaction" parameter of the "dispatch.php" script. Achievo version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31325

  • 08.39.38 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Achievo "atknodetype" Parameter Cross-Site Scripting
  • Description: Achievo is a web-based resource-management tool. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "atknodetype" parameter of the "dispatch.php" script. Achievo version 1.3.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31326

  • 08.39.39 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: phpMyAdmin Cross-Site Scripting
  • Description: phpMyAdmin is a web-based administration interface for MySQL databases. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data. The issues exists due to an error in the "PMA_escapeJsString()" function in the "libraries/js_escape.lib.php" script and can be exploited to bypass certain filters using NULL-byte characters. phpMyAdmin versions prior to 2.11.9.2 are affected.
  • Ref: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1

  • 08.39.40 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Datalife Engine CMS "admin.php" Cross-Site Scripting
  • Description: Datalife Engine CMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to the "admin.php" script. Datalife Engine CMS version 7.2 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496605

  • 08.39.41 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: SoftAcid Hotel Reservation System "city.asp" SQL Injection
  • Description: SoftAcid Hotel Reservation System (HRS) is an ASP-based reservation management application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "city" parameter of the "city.asp" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31211

  • 08.39.42 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Cars & Vehicle "page.php" SQL Injection
  • Description: The Cars & Vehicle script is a web-based script. The Cars & Vehicle script is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "lnkid" parameter of the "page.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31214

  • 08.39.43 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Add a link Security Bypass and SQL Injection Vulnerabilities
  • Description: Add a link is a web-based application. The application is exposed to multiple security issues. Exploiting the security bypass issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. Add a link version 4 and prior versions are affected.
  • Ref: http://www.securityfocus.com/bid/31228

  • 08.39.44 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Drupal Mailhandler Module Multiple SQL Injection Vulnerabilities
  • Description: Mailhandler is a PHP-based component for Drupal. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to unspecified scripts and parameters. Mailhandler versions prior to 5.x-1.4 and prior to 6.x-1.4 are affected.
  • Ref: http://drupal.org/node/309769

  • 08.39.45 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: ProArcadeScript "random" Parameter SQL Injection
  • Description: ProArcadeScript is an online arcade portal. ProArcadeScript is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "random" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31238

  • 08.39.46 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Diesel Joke Site "picture_category.php" SQL Injection
  • Description: Diesel Joke Site is a web-based joke forum. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "picture_category.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31240

  • 08.39.47 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Simple Random Objects Extension Unspecified SQL Injection
  • Description: TYPO3 Simple Random Objects is an extension for the TYPO3 content manager. Simple Random Objects is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Simple Random Objects has the extension key "mw_random_objects". Simple Random Objects version 1.0.3 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.48 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 auto BE User Registration "autobeuser" Component SQL Injection
  • Description: The auto BE User Registration extension (autobeuser) is for registering users for the TYPO3 content manager. The "autobeuser" extension is exposed to an unspecified SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. auto BE User Registration version 0.0.2 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.49 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 My Quiz and Poll Extension Unspecified SQL Injection
  • Description: My Quiz and Poll is an extension for the TYPO3 content manager. My Quiz and Poll is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. My Quiz and Poll versions prior to 0.1.4 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.50 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Swigmore institute Extension Unspecified SQL Injection
  • Description: TYPO3 Swigmore institute is an extension for the TYPO3 content manager. The Swigmore institute extension "cgswigmore" is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Swigmore institute versions prior to 0.1.2 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.51 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 FE address edit for tt_address & direct mail Extension Unspecified SQL Injection
  • Description: FE address edit for tt_address & direct mail (dmaddredit) is an extension for the TYPO3 content manager. The "dmaddredit" extension is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. "dmaddredit" version 0.4.0 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.52 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Diocese of Portsmouth Church Search Extension Unspecified SQL Injection
  • Description: TYPO3 Diocese of Portsmouth Church Search is an extension for the TYPO3 content manager. Diocese of Portsmouth Church Search is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Diocese of Portsmouth Church Search versions prior to 0.1.1 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.53 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 HBook Extension Unspecified SQL Injection
  • Description: HBook (h_book) is an extension for the TYPO3 content manager. The "h_book" extension is exposed to an unspecified SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. HBook version 2.3.0 is affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.54 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHP Pro Bid Multiple SQL Injection Vulnerabilities
  • Description: PHP Pro Bid is a PHP-based auction application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied input to the "order_type" parameter of the "categories.php" script. PHP Pro Bid version 6.04 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496533

  • 08.39.55 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Random Prayer Version 2 Extension Unspecified SQL Injection
  • Description: TYPO3 Random Prayer Version 2 (ste_prayer2) is an extension for the TYPO3 content manager. The "ste_prayer2" extension is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. "ste_prayer2" versions prior to 0.0.3 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.56 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: TYPO3 Another Backend Login Extension Unspecified SQL Injection
  • Description: TYPO3 Another Backend Login (wrg_anotherbelogin) is an extension for the TYPO3 content manager. The "wrg_anotherbelogin" extension is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. "wrg_anotherbelogin" versions prior to 0.0.4 are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.57 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MyFWB Page Variable SQL Injection
  • Description: MyFWB is a web-based content management system. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "page" variable before using it in an SQL query.
  • Ref: http://www.securityfocus.com/archive/1/496553

  • 08.39.58 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: jPortal "humor.php" SQL Injection
  • Description: jPortal is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "humor.php" script before using it in an SQL query. jPortal version 2 is affected.
  • Ref: http://www.securityfocus.com/bid/31274

  • 08.39.59 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Plaincart "index.php" SQL Injection
  • Description: Plaincart is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "p" parameter of the "index.php" script before using it in an SQL query. Plaincart version 1.1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31275

  • 08.39.60 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Diesel Pay "index.php" SQL Injection
  • Description: Diesel Pay is a web-based script. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "area" parameter of the "index.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31276

  • 08.39.61 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Oceandir "show_vote.php" SQL Injection
  • Description: Oceandir is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "show_vote.php" script before using it in an SQL query. Oceandir versions prior to 2.9 are affected.
  • Ref: http://www.securityfocus.com/bid/31277

  • 08.39.62 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Mevin Productions Basic PHP Events Lister "id" Parameter SQL Injection
  • Description: Basic PHP Events Lister is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "event.php" script before using it in an SQL query. Basic PHP Events Lister version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31278

  • 08.39.63 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: PHPKB Multiple SQL Injection Vulnerabilities
  • Description: PHPKB is a knowledgebase application. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "ID" parameter of the "email.php" and "question.php" scripts. PHPKB version 1.5 Professional is affected.
  • Ref: http://www.securityfocus.com/bid/31279

  • 08.39.64 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media Real Estate Portal "index.php" SQL Injection
  • Description: Real Estate Portal is a web-based application. It is used to publish real estate listings. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "ad" parameter of the "index.php" script before using it in an SQL query. Real Estate Portal version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31280

  • 08.39.65 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: NetArt Media Jobs Portal Multiple SQL Injection Vulnerabilities
  • Description: Jobs Portal is a web-based application implemented in PHP. It is used to publish jobs listings. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input to the "news_id" and "job" parameters of the "index.php" script. Jobs Portal version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31281

  • 08.39.66 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 6rbScript "singerid" Parameter SQL Injection
  • Description: 6rbScript is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "singerid" parameter of the "section.php" script before using it in an SQL query. 6rbScript version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31282

  • 08.39.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: AvailScript Article Script "view.php" SQL Injection
  • Description: AvailScript Article Script is a PHP-based script for managing articles. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "v" parameter of the "view.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31283

  • 08.39.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Diesel Job Site "job-info.php" SQL Injection
  • Description: Diesel Job Site is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "job_id" parameter of the "job-info.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31284

  • 08.39.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: e107 my_gallery Plugin "image_gallery.php" SQL Injection
  • Description: e107 my_gallery plugin is an image gallery plugin for the e107 content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "image" parameter of the "image_gallery.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31286

  • 08.39.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Invision Power Board "name" parameter SQL Injection
  • Description: Invision Power Board is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "name" parameter before using it in an SQL query. Invision Power Board versions 2.3.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31288

  • 08.39.71 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: rgb72 WCMS "index.php" SQL Injection
  • Description: rgb72 WCMS is an ASP-based content manager. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "news_detail.asp" script before using it in an SQL query. rgb72 WCMS version 1.0b is affected.
  • Ref: http://www.securityfocus.com/bid/31298

  • 08.39.72 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WSN Links "comments.php" SQL Injection
  • Description: WSN Links is a web-based directory application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "comments.php" script before using it in an SQL query. WSN Links version 4.0.34P is affected.
  • Ref: http://www.securityfocus.com/bid/31302

  • 08.39.73 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MapCal "id" Parameter SQL Injection
  • Description: MapCal is an event calendar that displays events on an online map. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "index.php" script file before using it in an SQL query. MapCal version 0.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496576

  • 08.39.74 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: WSN Links "vote.php" SQL Injection
  • Description: WSN Links is a web-based directory application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "id" parameter of the "vote.php" script before using it in an SQL query. WSN Links version 2.23 is affected.
  • Ref: http://www.securityfocus.com/bid/31305

  • 08.39.75 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BuzzScripts BuzzyWall "search.php" SQL Injection
  • Description: BuzzyWall is a web-based wallpaper gallery. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "search" parameter of the "search.php" script before using it in an SQL query. BuzzyWall version 1.3.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31308

  • 08.39.76 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: E-Php Shopping Cart Script "search_results.php" SQL Injection
  • Description: E-Php Shopping Cart Script is a web-based shopping cart. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "search_results.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31319

  • 08.39.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Agares Media Arcadem Pro "articleblock.php" SQL Injection
  • Description: Arcadem Pro is an arcade script. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "articlecat" parameter of the "articleblock.php" script before using it in an SQL query.
  • Ref: https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032

  • 08.39.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: BlueCUBE CMS "tienda.php" SQL Injection
  • Description: BlueCUBE CMS is a web-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "tienda.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31323

  • 08.39.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: University of Queensland Fez "list.php" SQL Injection
  • Description: Fez is a web-based application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input to the "parent_id" parameter of the "list.php" script before using it in an SQL query. Fez versions 1.3 and 2.0 RC1 are affected.
  • Ref: http://www.securityfocus.com/bid/31324

  • 08.39.80 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: 6rbScript "cat.php" SQL Injection
  • Description: 6rbScript is a web application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "CatID" parameter of the "cat.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31329

  • 08.39.81 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: CJ Ultra Plus "SID" Cookie Parameter SQL Injection
  • Description: CJ Ultra Plus is a web-based forum application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "SID" cookie parameter. CJ Ultra Plus versions 1.0.4 and earlier are affected.
  • Ref: http://www.milw0rm.com/exploits/6536

  • 08.39.82 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: iGaming CMS Multiple SQL Injection Vulnerabilities
  • Description: iGaming CMS is a PHP-based content manager for gaming web sites. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied input. iGaming CMS version 1.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31340

  • 08.39.83 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: JETIK-WEB "sayfa.php" SQL Injection
  • Description: JETIK-WEB is a content manager implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "kat" parameter of the "sayfa.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31343

  • 08.39.84 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Greatclone Hotscripts Clone "showcategory.php" SQL Injection
  • Description: Hotscripts Clone is a web-based application implemented in PHP. It is used to create a script hosting site similar to Hotscripts. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter of the "showcategory.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/31345

  • 08.39.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Attachmax Multiple Security Vulnerabilities
  • Description: Attachmax is a PHP-based application for sharing videos. Attachmax is exposed to multiple issues. An attacker may exploit these issues to obtain sensitive information that will aid in further attacks. Attachmax version 2.1 (Dolphin) is affected.
  • Ref: http://www.securityfocus.com/archive/1/496427

  • 08.39.86 - CVE: Not Available
  • Platform: Web Application
  • Title: osCommerce "create_account.php" Information Disclosure
  • Description: osCommerce is a web-based shopping cart application. The application is exposed to an information disclosure issue because it fails to sanitize user-supplied input. An attacker can exploit this issue by submitting malicious requests to the "DOB" POST parameter via the "create_account.php" script. osCommerce version 2.2RC 2a is affected.
  • Ref: http://www.securityfocus.com/archive/1/496417

  • 08.39.87 - CVE: Not Available
  • Platform: Web Application
  • Title: phpRealty "view.php" Remote File Include
  • Description: phpRealty is a PHP-based application for managing real-estate listings. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "INC" parameter of the "manager/static/view.php" script. phpRealty versions 0.3 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31213

  • 08.39.88 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP-Crawler "footer.php" Remote File Include
  • Description: PHP-Crawler is a PHP-based search engine application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "footer_file" parameter of the "footer.php" script. PHP-Crawler version 0.8 is affected.
  • Ref: http://www.securityfocus.com/bid/31217

  • 08.39.89 - CVE: Not Available
  • Platform: Web Application
  • Title: Technote "twindow_notice.php" Remote File Include
  • Description: Technote is a PHP-based web application. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "shop_this_skin_path" parameter of the "technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php" script. Technote version 7 is affected.
  • Ref: http://www.securityfocus.com/bid/31222

  • 08.39.90 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Link to Us "Link page header" Field HTML Injection
  • Description: The Link to Us module is a PHP-based component for Drupal that allows users to link directly to the content contained in a Drupal site. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the "Link page header" field of the "Link to us" page before using it in dynamically generated content. Link to Us versions prior to 5.x-1.1 are affected.
  • Ref: http://drupal.org/node/309861

  • 08.39.91 - CVE: Not Available
  • Platform: Web Application
  • Title: x10 Automatic MP3 Script "web_root" Parameter Multiple Remote File Include Vulnerabilities
  • Description: x10 Automatic MP3 Script is a PHP-based search engine. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the "web_root" parameter of the "includes/function_core.php" and "templates/layout_lyrics.php" scripts. x10 Automatic MP3 Script version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/31225

  • 08.39.92 - CVE: CVE-2008-3662
  • Platform: Web Application
  • Title: Gallery Prior to 2.2.6 Multiple Vulnerabilities
  • Description: Gallery is a web-based application to organize photo albums. The application is exposed to multiple issues. An attacker may leverage these issues to obtain potentially sensitive information or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Gallery versions prior to 2.2.6 and 1.5.9 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496509

  • 08.39.93 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Mailsave Module MIME Type HTML Injection
  • Description: Mailsave is a PHP-based component for Drupal. The application is exposed to an HTML injection issue because it fails to properly sanitize user-supplied input to the MIME media types in email messages with attached files before using it in dynamically generated content. Mailsave versions prior to 5.x-3.3 and prior to 6.x-1.3 are affected.
  • Ref: http://drupal.org/node/309802

  • 08.39.94 - CVE: Not Available
  • Platform: Web Application
  • Title: Denora IRC Stats CTCP String Handling Remote Denial of Service
  • Description: Denora IRC Stats is an Internet Relay Chat application. Denora IRC Stats is exposed to a remote denial of service issue because it fails to properly handle CTCP (Client-To-Client Protocol) version replies. Denora IRC Stats versions prior to 1.4.1 are affected.
  • Ref: http://www.securityfocus.com/bid/31233

  • 08.39.95 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Talk Module Multiple Remote Vulnerabilities
  • Description: The Talk module is a PHP-based component for Drupal that provides a secondary page for comments associated with a given node. Talk is exposed to multiple remote issues. Talk versions prior to 5.x-1.3 and Talk 6.x-1.5 are affected.
  • Ref: http://drupal.org/node/309758

  • 08.39.96 - CVE: Not Available
  • Platform: Web Application
  • Title: Cyask "collect.php" Information Disclosure
  • Description: Cyask is a web application. Cyask is exposed to an information disclosure issue because it fails to sanitize user-supplied input to the "neturl" parameter of the "collect.php" script. Cyask versions 3.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/archive/1/496511

  • 08.39.97 - CVE: Not Available
  • Platform: Web Application
  • Title: AssetMan "search_inv.php" Session Fixation
  • Description: AssetMan is an asset management application. AssetMan is exposed to a session fixation issue caused by a design error when handling sessions. Specifically, an attacker can predefine a victim user's session ID by setting the cookie value through the "order_by" parameter of the "search_inv.php" script. AssetMan version 2.5b is affected.
  • Ref: http://www.securityfocus.com/bid/31248

  • 08.39.98 - CVE: Not Available
  • Platform: Web Application
  • Title: HyperStop WebHost Directory Database Disclosure
  • Description: HyperStop WebHost Directory is a web-based application. The application is exposed to an information disclosure issue. Specifically, attackers may be able to download the application database through the "admin/backup/db" script. HyperStop WebHost Directory version 1.2 is affected.
  • Ref: http://www.securityfocus.com/bid/31249

  • 08.39.99 - CVE: Not Available
  • Platform: Web Application
  • Title: phpShop Unspecified Session Fixation
  • Description: phpShop is a PHP-based shopping-cart application. phpShop is exposed to a session fixation issue caused by a design error when handling sessions. phpShop version 0.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31251

  • 08.39.100 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 "kw_secdir" Extension Unspecified Remote Code Execution
  • Description: "kw_secdir" is a third-party extension for the TYPO3 content manager. The application is exposed to an unspecified remote code execution issue. "kw_secdir" versions 1.0.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.101 - CVE: Not Available
  • Platform: Web Application
  • Title: TYPO3 File List Extension Unspecified Information Disclosure
  • Description: File List ("file_list") is an extension for the TYPO3 content manager. The "file_list" extension is exposed to an unspecified information disclosure issue. "file_list" versions 0.2.1 and earlier are affected. Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/

  • 08.39.102 - CVE: Not Available
  • Platform: Web Application
  • Title: Advanced Electron Forum BBCode "preg_replace" PHP Code Injection Vulnerabilities
  • Description: Advanced Electron Forum is a web-based forum. The application is exposed to issues that let attackers inject arbitrary PHP code. This is due to an input validation issue when the "preg_replace" function is used.
  • Ref: http://www.securityfocus.com/archive/1/496552

  • 08.39.103 - CVE: Not Available
  • Platform: Web Application
  • Title: Explay CMS Cookie Authentication Bypass
  • Description: Explay CMS is a PHP-based content management system. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Explay CMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31270

  • 08.39.104 - CVE: Not Available
  • Platform: Web Application
  • Title: Explay CMS Multiple HTML Injection Vulnerabilities
  • Description: Explay CMS is a PHP-based content management system. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data. Explay CMS version 2.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31271

  • 08.39.105 - CVE: Not Available
  • Platform: Web Application
  • Title: Epic Games Unreal Tournament 3 UT3 WebAdmin Directory Traversal
  • Description: UT3 WebAdmin is the official web administration tool for the Unreal Tournament 3 multiplayer first-person shooter game. UT3 WebAdmin does not ship with Unreal Tournament 3 by default and it must be downloaded separately. The application is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. UT3 WebAdmin versions 1.3 to 1.6 are affected.
  • Ref: http://www.securityfocus.com/archive/1/496581

  • 08.39.106 - CVE: CVE-2008-3661
  • Platform: Web Application
  • Title: Drupal Insecure Cookie Disclosure Weakness
  • Description: Drupal is a web-based content manager. The application is exposed to a weakness that may allow the attacker to sniff the traffic and obtain cookie data. Specifically, the issue arises when SSL is used to encrypt data but the session cookie does not have the "secure" flag enabled.
  • Ref: http://int21.de/cve/CVE-2008-3661-drupal.html

  • 08.39.107 - CVE: Not Available
  • Platform: Web Application
  • Title: Rianxosencabos CMS Cookie Authentication Bypass
  • Description: Rianxosencabos CMS is a PHP-based content manger. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Rianxosencabos CMS version 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/31292

  • 08.39.108 - CVE: Not Available2008.2.1 are affected.
  • Platform: Web Application
  • Title: ClanSphere Multiple Information Disclosure Vulnerabilities
  • Description: ClanSphere is a PHP-based content manager. ClanSphere is exposed to multiple unspecified information disclosure issues. These issues affect "getusers" and "listimg". ClanSphere versions prior to
  • Ref: http://www.clansphere.net/index/news/view/id/306

  • 08.39.109 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB Prior to 1.4.2 Multiple Security Vulnerabilities
  • Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board application. The application is exposed to multiple security issues, including a cross-site scripting issue and multiple unspecified security issues. MyBB versions prior to 1.4.2 are affected.
  • Ref: http://community.mybboard.net/thread-37792.html

  • 08.39.110 - CVE: Not Available
  • Platform: Web Application
  • Title: Rianxosencabos CMS "useradmin.php" Access Validation
  • Description: Rianxosencabos CMS is a PHP-based content manager. The application is exposed to an access validation issue that attackers can leverage to create user accounts (including administrative accounts) and delete arbitrary user accounts. This issue occurs because authentication isn't required to access the "index.php" script when the "s" parameter is set to "admin" and the "accion" parameter is set to "lista". Rianxosencabos CMS version 0.9 is affected.
  • Ref: http://www.securityfocus.com/bid/31296

  • 08.39.111 - CVE: Not Available
  • Platform: Web Application
  • Title: AvailScript Job Portal Script Remote File Upload
  • Description: AvailScript Job Portal Script is a web-based application. The application is exposed to an issue that allows an attacker to upload arbitrary script code and execute it in the context of the web server process.
  • Ref: http://www.securityfocus.com/bid/31297

  • 08.39.112 - CVE: Not Available
  • Platform: Web Application
  • Title: 6rbScript "section.php" Local File Include
  • Description: 6rbScript is a web-based application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "name" parameter of the "section.php" script. 6rbScript version 3.3 is affected.
  • Ref: http://www.securityfocus.com/bid/31299

  • 08.39.113 - CVE: Not Available
  • Platform: Web Application
  • Title: UNAK-CMS Cookie Authentication Bypass
  • Description: UNAK-CMS is a PHP-based content manager. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. This issue occurs in the "engine/unak_core.php" script.
  • Ref: http://www.securityfocus.com/bid/31301

  • 08.39.114 - CVE: Not Available
  • Platform: Web Application
  • Title: openElec "form.php" Local File Include
  • Description: openElec is a PHP-based election management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "obj" parameter of the "scr/form.php" script. openElec version 3.01 is affected.
  • Ref: http://www.securityfocus.com/bid/31307

  • 08.39.115 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBlog "add.php" Cookie Authentication Bypass
  • Description: MyBlog is PHP-based weblog application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. MyBlog version 0.9.8 is affected.
  • Ref: http://www.securityfocus.com/bid/31311

  • 08.39.116 - CVE: Not Available
  • Platform: Web Application
  • Title: rgb72 WCMS "change_password.asp" Account Creation Access Validation
  • Description: rgb72 WCMS is a ASP-based content manager. The application is exposed to an access validation issue that attackers can leverage to create unauthorized administrative user accounts. This issue occurs because the application fails to validate certain HTTP POST requests sent to the "change_password.asp" scripts. rgb72 WCMS version 1.0b is affected.
  • Ref: http://www.securityfocus.com/bid/31314

  • 08.39.117 - CVE: Not Available
  • Platform: Web Application
  • Title: BLUEPAGE CMS "PHPSESSID" Session Fixation
  • Description: BLUEPAGE CMS is a PHP-based content manager. BLUEPAGE CMS is exposed to a session fixation issue caused by a design error when handling sessions. Specifically, an attacker can predefine a victim user's session ID by setting the "PHPSESSID" parameter of the "index.php" script. BLUEPAGE CMS version 2.5 is affected.
  • Ref: http://www.securityfocus.com/archive/1/496582

  • 08.39.118 - CVE: Not Available
  • Platform: Web Application
  • Title: PHP iCalendar Cookie Authentication Bypass
  • Description: PHP iCalendar is a web-log application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. PHP iCalendar versions 2.24 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31320

  • 08.39.119 - CVE: CVE-2008-3663
  • Platform: Web Application
  • Title: SquirrelMail Insecure Cookie Disclosure Weakness
  • Description: SquirrelMail is a web-based email client. The application is exposed to a weakness that may allow the attacker to sniff the traffic and obtain cookie data. Specifically, the issue arises when SSL is used to encrypt data but the session cookie doesn't have the "secure" flag enabled. SquirrelMail version 1.4.15 is affected.
  • Ref: http://int21.de/cve/CVE-2008-3663-squirrelmail.html

  • 08.39.120 - CVE: Not Available
  • Platform: Web Application
  • Title: Vignette Content Management Unspecified Security Bypass
  • Description: Vignette Content Management is a web-based content manager. The application is exposed to a security bypass issue due to an unspecified error. Vignette Content Management versions 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, 7.5 and all associated service packs are affected.
  • Ref: http://dialog.vignette.com/hm?g=1.2jds7.bky8.rs.0.27gqh.htk8&h=1

  • 08.39.121 - CVE: Not Available
  • Platform: Web Application
  • Title: BaseBuilder "main.inc.php" Remote File Include
  • Description: BaseBuilder is a PHP-based web application. It facilitates a database framework and allows for the creation of databases. The application is exposed to a remote file include issue because it fails to sufficiently sanitize user-supplied input to the "mj_config[src_path]" parameter of the "main.inc.php" script. BaseBuilder versions 2.0.1 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31330

  • 08.39.122 - CVE: Not Available
  • Platform: Web Application
  • Title: pfSense DHCPREQUEST Hostname HTML Injection
  • Description: pfSense is an open-source customized distribution of FreeBSD operating system. It is designed to be used as a firewall and a router. pfSense is exposed to an HTML injection issue because its administrative web interface fails to sufficiently sanitize user-supplied input before using it in dynamically generated content. pfSense version 1.0.1 is affected.
  • Ref: http://www.securityfocus.com/bid/31334

  • 08.39.123 - CVE: Not Available
  • Platform: Web Application
  • Title: Omnicom Content Platform "browser.asp" Parameter Directory Traversal
  • Description: Omnicom Content Platform is a web-based application. Omnicom Content Platform is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input to the "root" parameter of the "browse.php" script. Omnicom Content Platform version 2.0 is affected.
  • Ref: http://www.securityfocus.com/bid/31338

  • 08.39.124 - CVE: Not Available
  • Platform: Web Application
  • Title: OpenRat "insert.inc.php" Remote File Include
  • Description: OpenRat is a PHP-based content manager. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "tpl_dir" parameter of the "themes/default/include/html/insert.inc.php" script. OpenRat version 0.8-beta4 is affected.
  • Ref: http://www.securityfocus.com/bid/31339

  • 08.39.125 - CVE: Not Available
  • Platform: Web Application
  • Title: Sofi WebGUI "modstart.php" Remote File Include
  • Description: Sofi WebGUI is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "mod_dir" parameter of the "hu/modules/reg-new/modstart.php" script. Sofi WebGUI version 0.6.0.pre-release-3 is affected.
  • Ref: http://www.securityfocus.com/bid/31341

  • 08.39.126 - CVE: CVE-2008-3102
  • Platform: Web Application
  • Title: Mantis Insecure Cookie Disclosure Weakness
  • Description: Mantis is a web-based bug tracking system; it is implemented in PHP. The application is exposed to a weakness that may allow the attacker to sniff the traffic and obtain cookie data.
  • Ref: http://int21.de/cve/CVE-2008-3102-mantis.html

  • 08.39.127 - CVE: Not Available
  • Platform: Web Application
  • Title: Ol' Bookmarks Multiple Input Validation Vulnerabilities
  • Description: Ol' Bookmarks is PHP-based application to manage bookmarks. The application is exposed to multiple issues because it fails to sufficiently sanitize user-supplied data. Ol' Bookmarks versions 0.7.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/31348

  • 08.39.128 - CVE: Not Available
  • Platform: Network Device
  • Title: Cisco 871 Integrated Services Router Cross-Site Request Forgery
  • Description: The Cisco 871 Integrated Services Router is a network device designed for small-office setups. The router is exposed to a cross-site request forgery issue. Attackers can exploit this issue by tricking a victim into visiting a malicious web page. The 871 Integrated Services Router under IOS version 12.4 is affected.
  • Ref: http://www.cisco.com/en/US/products/ps6200/

  • 08.39.129 - CVE: Not Available
  • Platform: Network Device
  • Title: Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution
  • Description: Xerox WorkCentre/WorkCentre Pro are multifunction network printers. Xerox WorkCentre/WorkCentre Pro are exposed to a remote code execution issue because their ESS/Network Controllers fail to properly bounds check user-supplied data before copying it to an insufficiently sized memory buffer. The issue occurs because of errors within the Samba code that handles printer-sharing services for SMB (Server Message Block) clients.
  • Ref: http://www.securityfocus.com/bid/31255

  • 08.39.130 - CVE: Not Available
  • Platform: Network Device
  • Title: Multiple Sagem F@st Routers DHCP Hostname HTML Injection
  • Description: Sagem F@st routers are network routers that ship with a web-based administration interface. Multiple Sagem F@st routers are exposed to an HTML injection issue because they fail to properly sanitize user-supplied input before using it in dynamically generated content. Sagem F@st routers versions 1200, 1240, 1400, 1400W, 1500, 1500-WG and 2404 are affected.
  • Ref: http://www.securityfocus.com/bid/31331

(c) 2008. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/