|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 13
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Mar 27 2008 - 21:35:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Malicious Word and Excel documents are being used to penetrate sensitive
government and commercial sites. This week's critical Word vulnerability
is another attack vector. In addition Novell's eDirectory has a
critical vulnerability that could lead to disclosure of user data
enabling further attacks, and Firefox and Thunderbird and other Mozilla
products also have newly discovered critically flaws this week.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
Mar 27, 2008 Vol. 7. Week 13
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1
Microsoft Office 1 (#2)
Other Microsoft Products 1
Third Party Windows Apps 4 (#7)
Mac Os 25 (#4)
Linux 1
Solaris 1
Aix 1
Unix 1
Novell 1 (#1)
Cross Platform 24 (#3, #5, #6)
Web Application - Cross Site Scripting 16
Web Application - SQL Injection 23
Web Application 26
Network Device 8
*************************** Sponsored By SANS ***************************
What application security tools work best? How can we ensure our
programmers know common security flaws and consistently eliminate them
from code we are deploying? Attend the Application Security Summit June
2-3 and learn the answers to these and other key application security
questions. As a bonus, register for the GIAC Certified Secure Programmer
exam on May 30.
http://www.sans.org/info/26494
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Novell eDirectory LDAP Request Handling Buffer Overflow
(2) CRITICAL: Microsoft Word Document Handling Vulnerability
(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
(4) HIGH: Apple Aperture and iLife DNG Handling Buffer Overflow
(5) HIGH: SurgeMail LSUB Command Handling Buffer Overflow
(6) MODERATE: Adobe Flash CS3 Professional FLA Parsing Remote Code Execution
Other Software
(7) HIGH: Apple Safari for Windows Multiple Vulnerabilities
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
08.13.1 - Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution
-- Microsoft Office
08.13.2 - Microsoft Jet Database Engine MDB File Parsing Unspecified Remote Code Execution
-- Other Microsoft Products
08.13.3 - Microsoft Internet Explorer 7 "setRequestHeader()" Multiple Vulnerabilities
-- Third Party Windows Apps
08.13.4 - Piczo Fast Picture Uploader "ImageUploader4.ocx" ActiveX Control Buffer Overflow
08.13.5 - ASUS Remote Console DPC Proxy Buffer Overflow
08.13.6 - Orb Networks Orb RPC Request Remote Integer Overflow
08.13.7 - LEADTOOLS Multimedia "LTMM15.DLL" ActiveX Control Arbitrary File Overwrite Vulnerabilities
-- Mac Os
08.13.8 - Apple Mac OS X Authenticated Print Queue Information Disclosure
08.13.9 - Apple Mac OS X "notifyd" Local Denial of Service
08.13.10 - Apple Mac OS X Foundation NSFileManager Insecure Directory Local Privilege Escalation
08.13.11 - Apple Mac OS X AFP Client "afp://" URI Remote Code Execution
08.13.12 - Apple Mac OS X AFP Server Cross-Realm Authentication Bypass
08.13.13 - Apple Mac OS X mDNSResponderHelper Local Format String
08.13.14 - Apple Mac OS X AppKit Bootstrap Namespace Local Privilege Escalation
08.13.15 - Apple Mac OS X Foundation "NSSelectorFromString" Input Validation
08.13.16 - Apple Mac OS X Foundation "NSFileManager" Stack-Based Buffer Overflow
08.13.17 - Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer Overflow Vulnerabilities
08.13.18 - Apple Mac OS X Foundation "NSURLConnection" Cache Management Race Condition Security
08.13.19 - Apple Mac OS X Image RAW Stack-Based Buffer Overflow
08.13.20 - Apple Mac OS X AppKit PPD File Stack Buffer Overflow
08.13.21 - Apple Mac OS X pax Archive Utility Remote Code Execution
08.13.22 - Apple Mac OS X Foundation "NSXML" XML File Processing Race Condition Security
08.13.23 - Apple Mac OS X Application Firewall German Translation Insecure Configuration Weakness
08.13.24 - Apple Mac OS X Help Viewer Remote Applescript Code Execution
08.13.25 - Apple Mac OS X Podcast Producer Podcast Capture Information Disclosure
08.13.26 - Apple Mac OS X libc "strnstr(3)" Off-By-One Denial of Service
08.13.27 - Apple Mac OS X CoreFoundation Time Zone Data Local Privilege Escalation
08.13.28 - Apple Mac OS X CoreServices ".ief" Files Security Policy Violation Weakness
08.13.29 - Apple Mac OS X NetCfgTool Local Privilege Escalation
08.13.30 - Apple Mac OS X Preview PDF Insecure Encryption Weakness
08.13.31 - Apple Mac OS X Printing To PDF Insecure Encryption Weakness
08.13.32 - Apple Mac OS X AppKit NSDocument API's Stack-Based Buffer Overflow
-- Linux
08.13.33 - Gentoo "ssl-cert" eclass Information Disclosure
-- Solaris
08.13.34 - Sun Solaris "rpc.ypupdated" Arbitrary Command Execution
-- Aix
08.13.35 - IBM AIX "usr/sbin/chnfsmnt" Unspecified Vulnerability
-- Unix
08.13.36 - CUPS Multiple Unspecified Input Validation Vulnerabilities
-- Novell
08.13.37 - Novell eDirectory eMBox Utility 'edirutil' Command Unspecified
-- Cross Platform
08.13.38 - Adobe Flash FLA File Processing Remote Code Execution
08.13.39 - MySQL INFORMATION_SCHEMA Remote Denial Of Service
08.13.40 - Apple Safari Web Inspector Remote Code Injection
08.13.41 - HP StorageWorks Library and Tape Tools Unspecified Local Security Bypass
08.13.42 - Asterisk Predictable HTTP Manager Session ID Security Bypass
08.13.43 - Apple Safari WebCore "Kotoeri" Password Field Information Disclosure
08.13.44 - Red Hat "redhat-idm-console" Insecure Startup Script Local Privilege Escalation
08.13.45 - Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow
08.13.46 - Apple Safari CFNetwork Arbitrary Secure Website Spoofing
08.13.47 - CenterIM URI Hanlding Remote Arbitrary Command Execution
08.13.48 - XWine WINE Configuration File Local Arbitrary Command Execution
08.13.49 - xine-lib Multiple Heap Based Remote Buffer Overflow Vulnerabilities
08.13.50 - SurgeMail IMAP LSUB Command Remote Stack Buffer Overflow
08.13.51 - PHP 5 "php_sprintf_appendstring()" Remote Integer Overflow
08.13.52 - Apple Safari File Download Remote Denial of Service
08.13.53 - Apple Safari Window.setTimeout Variant Content Spoofing
08.13.54 - snircd And ircu "set_user_mode" Remote Denial of Service
08.13.55 - Hamachi VPN Local Login Credentials Information Disclosure
08.13.56 - VLC Media Player "MP4_ReadBox_rdrf()" Buffer Overflow
08.13.57 - Novell eDirectory LDAP Extended Request Message Buffer Overflow
08.13.58 - DotNetNuke Prior to 4.8.2 Multiple Remote Vulnerabilities
08.13.59 - SILC Client and Server Key Negotiation Protocol Remote Buffer Overflow
08.13.60 - OpenSSH X connections Session Hijacking
08.13.61 - SILC Server "NEW_CLIENT" Remote Denial of Service
-- Web Application - Cross Site Scripting
08.13.62 - News-Template "print.php" Multiple Cross Site Scripting Vulnerabilities
08.13.63 - Apple Safari WebKit Frame Method Cross-Site Scripting
08.13.64 - Apple Safari Error Page Cross-Site Scripting
08.13.65 - IBM Rational ClearQuest Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities
08.13.66 - Apple Safari Javascript URL Parsing Cross-Site Scripting
08.13.67 - Apple Safari WebCore "document.domain" Cross-Site Scripting
08.13.68 - Apple Safari WebCore "window.open()" Function Cross-Site Scripting
08.13.69 - CS-Cart "index.php" Cross-Site Scripting
08.13.70 - Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
08.13.71 - Apple Safari WebCore "document.domain" Variant Cross-Site Scripting
08.13.72 - Apple Safari WebCore History Object Cross-Site Scripting
08.13.73 - Namazu "namazu.cgi" Cross-Site Scripting
08.13.74 - TinyPortal "index.php" Cross-Site Scripting
08.13.75 - cPanel "manpage.html" Cross-Site Scripting
08.13.76 - Alkacon OpenCms "users_list.jsp" Multiple Cross-Site Scripting Vulnerabilities
08.13.77 - PICTURESPRO Photo Cart Cross-Site Scripting
-- Web Application - SQL Injection
08.13.78 - PEEL Multiple SQL Injection Vulnerabilities and Arbitrary File Upload
08.13.79 - MyBlog SQL Injection and Remote File Include Vulnerabilities
08.13.80 - Iatek PortalApp "links.asp" SQL Injection
08.13.81 - Joomla! and Mambo joovideo Component "id" Parameter SQL Injection
08.13.82 - Joomla! and Mambo Comp Restaurante Component "id" Parameter SQL Injection
08.13.83 - Joomla! and Mambo Accombo Component "id" Parameter SQL Injection
08.13.84 - Easy-Clanpage User "id" Parameter SQL Injection
08.13.85 - Joomla! and Mambo Alberghi Component "id" Parameter SQL Injection
08.13.86 - Joomla! and Mambo Datsogallery Component "id" Parameter SQL Injection
08.13.87 - TopperMod "localita" Parameter SQL Injection
08.13.88 - Iatek Knowledge Base "content_by_cat.asp" SQL Injection
08.13.89 - RunCMS "sections" Module "artid" Parameter SQL Injection
08.13.90 - RunCMS "photo" Module "cid" Parameter SQL Injection
08.13.91 - D.E. Classifieds "showCat.php" SQL Injection
08.13.92 - PostNuke "pnVarPrepForStore()" SQL Injection
08.13.93 - XLPortal "index.php" SQL Injection
08.13.94 - PHP-Nuke Platinum "dynamic_titles.php" SQL Injection
08.13.95 - Efestech E-Kontor "id" Parameter SQL Injection
08.13.96 - Joomla! and Mambo Rekry Component "op_id" Parameter SQL Injection
08.13.97 - Joomla! and Mambo Cinema Component "id" Parameter SQL Injection
08.13.98 - Joomla! and Mambo Download3000 Component "id" Parameter SQL Injection
08.13.99 - Bomba Haber "haberoku.php" SQL Injection
08.13.100 - Clever Copy "postview.php" SQL Injection
-- Web Application
08.13.101 - Elastic Path Multiple Input Validation Vulnerabilities
08.13.102 - yehe "envoyer" Arbitrary File Upload
08.13.103 - w-Agora "bn_dir_default" Parameter Multiple Remote File Include Vulnerabilities
08.13.104 - BolinOS Local File Include Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
08.13.105 - phpBB PJIRC Module "irc.php" Local File Include
08.13.106 - DotNetNuke Default "ValidationKey" and "DecriptionKey" Weak Encryption
08.13.107 - Webutil "webutil.pl" Multiple Remote Command Execution Vulnerabilities
08.13.108 - phpAddressBook "index.php" Local File Include
08.13.109 - phpMyChat "setup.php3" Cross-Site Scripting
08.13.110 - My Web Doc Administration Pages Multiple Authentication Bypass Vulnerabilities
08.13.111 - ooComments "PathToComment" Parameter Multiple Remote File Include Vulnerabilities
08.13.112 - Joomla! Custompages Component "cpage" Parameter Remote File Include
08.13.113 - F5 Big-IP Web Management Audit Log HTML Injection
08.13.114 - SLAED CMS "settings[]" Parameter Multiple Local File Include
08.13.115 - PowerBook "page" Parameter Remote File Include
08.13.116 - Cuteflow Bin "login.php" Local File Include
08.13.117 - Le Forum "Fichier_Acceuil" Parameter Remote File Include Vulnerability
08.13.118 - eGroupWare "_bad_protocol_once()" HTML Security Bypass
08.13.119 - HIS WebShop "his-webshop.pl" Directory Traversal
08.13.120 - Destar Add User Unauthorized Access
08.13.121 - phpBB eXtreme Styles Module "admin_xs.php" Local File Include
08.13.122 - Aeries Browser Interface Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.13.123 - Multiple D-Link Products Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
08.13.124 - e107 My_Gallery Plugin "dload.php" Arbitrary File Download
08.13.125 - Joomla! and Mambo Alphacontent Component 'id' Parameter SQL Injection
08.13.126 - TopperMod "mod.php" Local File Include
-- Network Device
08.13.127 - Apple AirPort Extreme Base Station AFP Request Denial of Service
08.13.128 - Belkin F5D7230-4 Wireless G Router IP-Based Authentication State Authentication Bypass
08.13.129 - Belkin F5D7230-4 Wireless G Router "setup_dns.exe" Authentication
08.13.130 - Belkin F5D7230-4 Wireless G Router "setup_virtualserver.exe" Denial of Service
08.13.131 - Linksys WRT54G Wireless-G Router Multiple Remote Authentication Bypass Vulnerabilities
08.13.132 - Speedport W500 "b_banner.stm" Password Information Disclosure
08.13.133 - Mitsubishi Electric GB-50A Multiple Remote Authentication Bypass Vulnerabilities
08.13.134 - Linksys SPA-2102 Phone Adapter Packet Handling Denial of Service
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Novell eDirectory LDAP Request Handling Buffer Overflow
Affected:
Novell eDirectory versions prior to 8.8.2
Description: Novell eDirectory is an enterprise Lightweight Directory
Access Protocol (LDAP) directory server. It contains a flaw in its
handling of LDAP delete requests. A specially crafted delete request
could trigger a buffer overflow vulnerability. Successfully exploiting
this buffer overflow would allow an attacker to execute arbitrary code
with the privileges of the vulnerable process. Note that LDAP
directories often contain user information, which could lead to further
exploits. Some technical details are publicly available for this
vulnerability.
Status: Novell confirmed, updates available.
References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-013/
Novell Security Advisory
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3382120&sliceId=SAL_Public&dialogID=59352034&stateId=0%200%2059350122
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/LDAP
Product Home Page
http://www.novell.com/products/edirectory/
SecurityFocus BID
http://www.securityfocus.com/bid/28434
********************************************************
(2) CRITICAL: Microsoft Word Document Handling Vulnerability
Affected:
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Description: The Microsoft Jet database engine is used to provide
database access and functionality to a variety of applications,
including Microsoft Word. A buffer overflow vulnerability is present in
the database engine, and this overflow can be exploited via a specially
crafted Word document. By exploiting this vulnerability, an attacker
could execute arbitrary code with the privileges of the current user.
Note that, on recent versions of Microsoft Word, documents are not
opened upon receipt without further user interaction. Reports indicate
that this vulnerability is being actively exploited in the wild. It is
currently unknown whether other applications using the Jet datbase
engine are vulnerable. This vulnerability is believed to be related to
a publicly disclosed vulnerability in the Microsoft Jet database engine,
for which full technical details and a proof-of-concept are publicly
available. If this is the case, then this advisory indicates a new
exploitation vector for that vulnerability.
Status: Microsoft confirmed, no updates available. Note that users of
Microsoft Windows Vista and Microsoft Windows Server 2003 Service Pack
2 are not vulnerable.
References:
Microsoft Security Advisory
SANS Internet Storm Center Blog Posting
http://isc.sans.org/diary.html?storyid=4183
http://www.microsoft.com/technet/security/advisory/950627.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/26468
********************************************************
(3) CRITICAL: Mozilla Multiple Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions 2.0.0.12 and prior
Mozilla SeaMonkey versions 1.1.8 and prior
Mozilla Thunderbird versions 2.0.0.12 and prior.
Description: Several products from the Mozilla Foundation, including its
popular Firefox web browser, internet suite SeaMonkey, and email client
Thunderbird, contain multiple vulnerabilities. These vulnerabilities
stem from various input validation vulnerabilities, and the consequences
range from arbitrary remote code execution with the privileges of the
current user to cross-site-scripting and denial-of-service. Full
technical details are available for these vulnerabilities via source
code analysis. Note that Thunderbird is not vulnerable to the remote
code execution vulnerabilities in its default configuration.
Status: Mozilla confirmed, updates available.
References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
http://www.mozilla.org/security/announce/2008/mfsa2008-15.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/28448
********************************************************
(4) HIGH: Apple Aperture and iLife DNG Handling Buffer Overflow
Affected:
Apple Aperture versions 2.x
Apple iLife iPhoto versions 7.x
Description: DNG or "Digital Negative" is an open image format created
by Adobe. Apple's Aperture and iPhoto applications fail to properly
handle certain malformed DNG files. A specially crafted DNG file could
trigger a stack-based buffer overflow in these applications.
Successfully exploiting this overflow would allow an attacker to execute
arbitrary code with the privileges of the current user. Note that user
interaction may be required to exploit this vulnerability, in that the
user must manually load the malicious file into a vulnerable
application.
Status: Apple confirmed, updates available.
References:
Apple Security Advisory
http://support.apple.com/kb/HT1232
Wikipedia Article on the DNG Format
http://en.wikipedia.org/wiki/Digital_Negative_%28file_format%29
SecurityFocus BID
http://www.securityfocus.com/bid/28363
********************************************************
(5) HIGH: SurgeMail LSUB Command Handling Buffer Overflow
Affected:
SurgeMail versions 38k4-4 and prior
Description: SurgeMail is a popular multiplatform mail suite for
enterprises. Its Internet Message Access Protocol (IMAP) component fails
to properly handle the 'LSUB' command. An overlong LSUB command could
trigger a stack-based buffer overflow. Exploiting this buffer overflow
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. A proof-of-concept is publicly available for
this vulnerability. Note that an attacker requires authentication to
exploit this vulnerability.
Status: Vendor confirmed, updates available.
References:
INFIGO Security Advisory (includes proof-of-concept)
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07
Product Home Page
http://www.netwinsite.com/surgemail/
SecurityFocus BID
http://www.securityfocus.com/bid/28377
********************************************************
(6) MODERATE: Adobe Flash CS3 Professional FLA Parsing Remote Code Execution
Affected:
Adobe Flash CS3 Professional version 9.0
Description: Adobe Flash CS3 Professional is a Flash rich content
authoring system from Adobe. It contains a flaw in its handling of "FLA"
files. These files could be likened to source code, and are not usually
intended for end users. A malformed FLA file could trigger a
vulnerability in parsing, allowing an attacker to execute arbitrary code
with the privileges of the current user.
Status: Adobe confirmed, updates available.
References:
Fortiguard Security Advisory
http://www.fortiguardcenter.com/advisory/FGA-2008-07.html
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-03.html
Product Home Page
http://www.adobe.com/products/flash/
SecurityFocus BID
http://www.securityfocus.com/bid/28349
********************************************************
****************
Other Software
****************
(7) HIGH: Apple Safari for Windows Multiple Vulnerabilities
Affected:
Apple Safari for Windows versions 3.1 and prior
Description: Safari is Apple's web browser for Apple Mac OS X and
Microsoft Windows. The Microsoft Windows version contains multiple
vulnerabilities in its handling of input. A specially crafted download
file can trigger a buffer overflow vulnerability, potentially allowing
an attacker to execute arbitrary code with the privileges of the current
user, though this has not been confirmed. Additionally, a site spoofing
vulnerability exists, allowing an attacker to spoof the contents of the
address bar. Proofs-of-concept are publicly available for both of these
vulnerabilities. Note that the Mac OS X version of Safari is currently
not believed to be vulnerable. It is not known if these vulnerabilities
are related to those discussed in last week's edition of RISK.
Status: Apple has not confirmed, no updates available.
References:
Posts by Juan Pablo Lopez Yacubian (contain proofs-of-concept)
http://archives.neohapsis.com/archives/bugtraq/2008-03/0332.html
http://archives.neohapsis.com/archives/bugtraq/2008-03/0324.html
Secunia Security Advisory
http://secunia.com/advisories/29483/
Previous RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=7&i=12#widely3
Product Home Page
http://www.apple.com/safari/download/
SecurityFocus BIDs
http://www.securityfocus.com/bid/28404
http://www.securityfocus.com/bid/28405
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 13, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
08.13.1 CVE: CVE-2008-0951
Platform: Windows
Title: Microsoft Windows Vista NoDriveTypeAutoRun Automatic File
Execution
Description: Microsoft Windows Vista is exposed to an issue that may
result in the automatic execution of a file due to a failure to handle
the "NoDriveTypeAutoRun" registry value.
Ref: http://www.kb.cert.org/vuls/id/889747
______________________________________________________________________
08.13.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Jet Database Engine MDB File Parsing Unspecified
Remote Code Execution
Description: Microsoft Jet Database Engine (Jet) provides data access
to various applications such as Microsoft Access, Microsoft Visual
Basic, and third-party applications. The application is exposed to a
remote code execution issue when handling malicious MDB files. Several
Microsoft Word versions are affected. See the Reference link for
details.
Ref: http://www.securityfocus.com/bid/28398
______________________________________________________________________
08.13.3 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer 7 "setRequestHeader()" Multiple
Vulnerabilities
Description: Microsoft Internet Explorer 7 is exposed to multiple
issues that allow for referer-spoofing, HTTP-request-splitting, and
HTTP-request-smuggling attacks through a user's browser. Microsoft
Internet Explorer 7 is affected.
Ref: http://www.securityfocus.com/archive/1/489960
______________________________________________________________________
08.13.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Piczo Fast Picture Uploader "ImageUploader4.ocx" ActiveX
Control Buffer Overflow
Description: Piczo Fast Picture Uploader ActiveX Control lets users
upload images to a server. The control is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. ImageUploader4.ocx version 4.1.36.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489887
______________________________________________________________________
08.13.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: ASUS Remote Console DPC Proxy Buffer Overflow
Description: ASUS Remote Console is an application that allows users to
control and monitor a remote host. The application is exposed to a
buffer overflow issue in the DPC Proxy. ASUS Remote Console version
2.0.0.19 is affected.
Ref: http://www.securityfocus.com/archive/1/489966
______________________________________________________________________
08.13.6 CVE: CVE-2008-0070
Platform: Third Party Windows Apps
Title: Orb Networks Orb RPC Request Remote Integer Overflow
Description: Orb is an application that allows users to access media
stored on remote computers. The software is exposed to an integer
overflow issue because it fails to bounds check user-supplied data
before copying it into an insufficiently sized buffer. Orb version
2.00.1014 is affected.
Ref: http://secunia.com/secunia_research/2008-5/advisory/
______________________________________________________________________
08.13.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: LEADTOOLS Multimedia "LTMM15.DLL" ActiveX Control Arbitrary
File Overwrite Vulnerabilities
Description: LEADTOOLS Multimedia is a Software Development Kit (SDK)
for creating multimedia applications. The application is exposed to
multiple issues that allow attackers to overwrite arbitrary files.
LEADTOOLS Multimedia version 15 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.13.8 CVE: CVE-2008-0996
Platform: Mac Os
Title: Apple Mac OS X Authenticated Print Queue Information Disclosure
Description: Apple Mac OS X is exposed to a local information
disclosure issue. This issue occurs when printing to authenticated
print queues. When a print job is started, the authentication
credentials may be saved to disk.
Ref: http://www.securityfocus.com/bid/28344
______________________________________________________________________
08.13.9 CVE: CVE-2008-0990
Platform: Mac Os
Title: Apple Mac OS X "notifyd" Local Denial of Service
Description: Apple Mac OS X is exposed to a local denial of service
issue because "notifyd" fails to verify that Mach port death
notifications originated from the kernel.
Ref: http://www.securityfocus.com/bid/28345
______________________________________________________________________
08.13.10 CVE: CVE-2008-0055
Platform: Mac Os
Title: Apple Mac OS X Foundation NSFileManager Insecure Directory
Local Privilege Escalation
Description: Apple Mac OS X Foundation is exposed to a local
privilege escalation issue. This issue affects the "NSFileManager"
when it performs recursive file-copying operations.
Ref: http://www.securityfocus.com/bid/28343
______________________________________________________________________
08.13.11 CVE: CVE-2008-0044
Platform: Mac Os
Title: Apple Mac OS X AFP Client "afp://" URI Remote Code Execution
Description: AFP client is an application that allows users to connect
to AFP servers. Apple Filing Protocol (AFP) is a protocol for file
services for Mac OS X. The application is exposed to remote code
execution issue that affects the AFP Client when handling specially
crafted "afp://" URI.
Ref: http://www.securityfocus.com/bid/28320
______________________________________________________________________
08.13.12 CVE: CVE-2008-0045
Platform: Mac Os
Title: Apple Mac OS X AFP Server Cross-Realm Authentication Bypass
Description: AFP Server is an application that provides file services
including uploading and downloading files onto a user's computer. The
application is exposed to an authentication bypass issue that occurs
in the AFP Server because AFP Server's fail to validate the Kerberos
principal realm names.
Ref: http://www.securityfocus.com/bid/28323
______________________________________________________________________
08.13.13 CVE: CVE-2008-0989
Platform: Mac Os
Title: Apple Mac OS X mDNSResponderHelper Local Format String
Description: Apple Mac OS X is exposed to a local format string issue
because mDNSResponderHelper fails to adequately sanitize user-supplied
data in the local "hostname" before passing it to a formatted-printing
function.
Ref: http://www.securityfocus.com/bid/28339
______________________________________________________________________
08.13.14 CVE: CVE-2008-0049
Platform: Mac Os
Title: Apple Mac OS X AppKit Bootstrap Namespace Local Privilege
Escalation
Description: Apple Mac OS X is exposed to a local privilege escalation
issue that affects Appkit. Specifically, a mach port in NSApplication
is unintentionally available for inter-process communication.
Ref: http://www.securityfocus.com/bid/28340
______________________________________________________________________
08.13.15 CVE: CVE-2008-0054
Platform: Mac Os
Title: Apple Mac OS X Foundation "NSSelectorFromString" Input
Validation
Description: Apple Mac OS X Foundation is exposed to an input
validation issue. This issue affects the "NSSelectorFromString" API.
Specifically, an unexpected selector may be returned when passing a
malformed selector name.
Ref: http://www.securityfocus.com/bid/28341
______________________________________________________________________
08.13.16 CVE: CVE-2008-0056
Platform: Mac Os
Title: Apple Mac OS X Foundation "NSFileManager" Stack-Based Buffer
Overflow
Description: Apple Mac OS X Foundation is exposed to a stack-based
buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input before copying it to an
insufficiently sized buffer.
Ref: http://www.securityfocus.com/bid/28357
______________________________________________________________________
08.13.17 CVE: CVE-2008-0057
Platform: Mac Os
Title: Apple Mac OS X AppKit Legacy Serialization Kit Multiple Integer
Overflow Vulnerabilities
Description: Apple Mac OS X AppKit is exposed to multiple integer
overflow issues when parsing a legacy serialization format.
Ref: http://www.securityfocus.com/bid/28358
______________________________________________________________________
08.13.18 CVE: CVE-2008-0058
Platform: Mac Os
Title: Apple Mac OS X Foundation "NSURLConnection" Cache Management
Race Condition Security
Description: Apple Mac OS X Foundation is exposed to a race condition
security issue that affects the "NSURLConnection" API cache
management, which can cause a deallocated object to receive messages.
Ref: http://www.securityfocus.com/bid/28359
______________________________________________________________________
08.13.19 CVE: CVE-2008-0987
Platform: Mac Os
Title: Apple Mac OS X Image RAW Stack-Based Buffer Overflow
Description: Apple Mac OS X Image RAW is exposed to a stack-based
buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input before copying it to an
insufficiently sized buffer. This issue affects the handling of Adobe
Digital Negative (DNG) image files.
Ref: http://www.securityfocus.com/bid/28363
______________________________________________________________________
08.13.20 CVE: CVE-2008-0997
Platform: Mac Os
Title: Apple Mac OS X AppKit PPD File Stack Buffer Overflow
Description: Apple Mac OS X is exposed to a stack-based buffer
overflow issue because the application fails to perform adequate
boundary checks on user-supplied data. The vulnerability occurs in
AppKit when querying a network printer.
Ref: http://www.securityfocus.com/bid/28364
______________________________________________________________________
08.13.21 CVE: CVE-2008-0992
Platform: Mac Os
Title: Apple Mac OS X pax Archive Utility Remote Code Execution
Description: Apple Mac OS X is exposed to a remote code execution
issue because the application fails to adequately validate
user-supplied data. This issue occurs because the pax command line
utility fails to check an unspecified length value in a
specially-crafted archive before using it as an array index.
Ref: http://www.securityfocus.com/bid/28365
______________________________________________________________________
08.13.22 CVE: CVE-2008-0059
Platform: Mac Os
Title: Apple Mac OS X Foundation "NSXML" XML File Processing Race
Condition Security
Description: Apple Mac OS X Foundation is exposed to a race condition
security issue. This issue affects the error-handling logic of the
"NSXML" API.
Ref: http://www.securityfocus.com/bid/28367
______________________________________________________________________
08.13.23 CVE: CVE-2008-0046
Platform: Mac Os
Title: Apple Mac OS X Application Firewall German Translation Insecure
Configuration Weakness
Description: Apple Mac OS X is exposed to a security weakness that may
result in unsafe firewall configurations. This issue occurs because
the "Set access for specific services and applications" radio button
of the application firewall preference pane is translated into German
incorrectly.
Ref: http://www.securityfocus.com/bid/28368
______________________________________________________________________
08.13.24 CVE: CVE-2008-0060
Platform: Mac Os
Title: Apple Mac OS X Help Viewer Remote Applescript Code Execution
Description: Apple Mac OS X Help Viewer is exposed to a remote
arbitrary Applescript code execution issue due to insufficient
sanitizing of HTML statements on data used in help topic lists.
Ref: http://www.securityfocus.com/bid/28371
______________________________________________________________________
08.13.25 CVE: CVE-2008-0993
Platform: Mac Os
Title: Apple Mac OS X Podcast Producer Podcast Capture Information
Disclosure
Description: Apple Mac OS X is exposed to a local information
disclosure issue because the Podcast Capture application, of Podcast
Producer, supplies password data to a subtask via an unspecified
argument.
Ref: http://www.securityfocus.com/bid/28372
______________________________________________________________________
08.13.26 CVE: CVE-2008-0988
Platform: Mac Os
Title: Apple Mac OS X libc "strnstr(3)" Off-By-One Denial of Service
Description: Apple Mac OS X libc is exposed to an off-by-one denial of
service issue because it fails to adequately bounds check input data.
This issue affects the Libsystem implementation of "strnstr(3)".
Ref: http://www.securityfocus.com/bid/28374
______________________________________________________________________
08.13.27 CVE: CVE-2008-0051
Platform: Mac Os
Title: Apple Mac OS X CoreFoundation Time Zone Data Local Privilege
Escalation
Description: Apple Mac OS X is exposed to a local privilege escalation
issue due to an integer overflow that occurs in CoreFoundation.
Specifically, the vulnerability exists due to the handling of
malformed time zone data.
Ref: http://www.securityfocus.com/bid/28375
______________________________________________________________________
08.13.28 CVE: CVE-2008-0052
Platform: Mac Os
Title: Apple Mac OS X CoreServices ".ief" Files Security Policy
Violation Weakness
Description: Apple Mac OS X is exposed to a weakness that may allow
certain security policies to be violated. The issue occurs in the
CoreServices. Specifically, files ending with the ".ief" can
automatically be opened provided that Safari's "Open Safe file"
preference is enabled.
Ref: http://www.securityfocus.com/bid/28384
______________________________________________________________________
08.13.29 CVE: CVE-2008-0998
Platform: Mac Os
Title: Apple Mac OS X NetCfgTool Local Privilege Escalation
Description: Apple Mac OS X is exposed to a local privilege escalation
issue because "NetCfgTool" uses distributed objects to communicate
with untrusted local programs when handling specially crafted
messages.
Ref: http://www.securityfocus.com/bid/28385
______________________________________________________________________
08.13.30 CVE: CVE-2008-0994
Platform: Mac Os
Title: Apple Mac OS X Preview PDF Insecure Encryption Weakness
Description: Apple Mac OS X is exposed to a weakness due to the use of
the insecure 40-bit RC4 encryption algorithm. This occurs when saving
data to encrypted PDF format from Preview.
Ref: http://www.securityfocus.com/bid/28386
______________________________________________________________________
08.13.31 CVE: CVE-2008-0995
Platform: Mac Os
Title: Apple Mac OS X Printing To PDF Insecure Encryption Weakness
Description: Apple Mac OS X is exposed to a weakness due to the use of
the insecure 40-bit RC4 encryption algorithm. This occurs when
printing to encrypted PDF.
Ref: http://www.securityfocus.com/bid/28387
______________________________________________________________________
08.13.32 CVE: CVE-2008-0048
Platform: Mac Os
Title: Apple Mac OS X AppKit NSDocument API's Stack-Based Buffer
Overflow
Description: Apple Mac OS X is exposed to a stack-based buffer
overflow issue that occurs in AppKit. This issue occurs because the
application fails to perform adequate boundary checks on user-supplied
data.
Ref: http://www.securityfocus.com/bid/28388
______________________________________________________________________
08.13.33 CVE: CVE-2008-1383
Platform: Linux
Title: Gentoo "ssl-cert" eclass Information Disclosure
Description: The "ssl-cert" eclass is a module used by Gebtoo Linux to
generate SSL certificates. Gentoo is exposed to an information
disclosure issue. The issue stems from an incorrect use of the
"ssl-cert" eclass. Multiple ebuilds included in Gentoo Linux are
affected.
Ref: http://www.securityfocus.com/bid/28350
______________________________________________________________________
08.13.34 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "rpc.ypupdated" Arbitrary Command Execution Vulnerability
Description:
Sun Solaris is an enterprise-grade UNIX distribution. Solaris is prone
to an arbitrary command execution vulnerability because it fails to
adequately sanitize user-supplied data. The issue occurs when specially
crafted map names, containing shell escape characters, are sent to
'rpc.ypupdated' via an update command. Attackers can leverage this
issue to execute arbitrary commands on vulnerable computers. Successful
exploits will compromise the compromise the computer. This issue occurs
only when 'rpc.ypupdated' is started using the '-i' command line switch.
This switch is not used by default. Sun Solaris 10 is vulnerable; other
versions may also be affected. Reports indicate that this issue was
originally discovered in 1994.
Ref: http://www.securityfocus.com/bid/28385
______________________________________________________________________
08.13.35 CVE: Not Available
Platform: Aix
Title: IBM AIX "usr/sbin/chnfsmnt" Unspecified Vulnerability
Description: IBM AIX is prone to an unspecified vulnerability. This
issue arises because the "usr/sbin/chnfsmnt" command does not use the
full file path to properly call binaries.
Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ18296
______________________________________________________________________
08.13.36 CVE: CVE-2008-0053
Platform: Unix
Title: CUPS Multiple Unspecified Input Validation Vulnerabilities
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. The application is
exposed to multiple unspecified input validation issues.
Ref: http://www.securityfocus.com/bid/28334
______________________________________________________________________
08.13.37 CVE: CVE-2008-0926
Platform: Novell
Title: Novell eDirectory eMBox Utility "edirutil" Command Unspecified Vulnerability
Description: Novell eDirectory is a directory service application used
to centrally manage computer resources on a network. The application is
exposed to an unspecified issue due to an error in the "edirutil"
command of the eMBox utility. eDirectory versions 8.8 and earlier, and
8.7.3.9 and earlier are affected.
Ref:
https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html
______________________________________________________________________
08.13.38 CVE: CVE-2008-1201
Platform: Cross Platform
Title: Adobe Flash FLA File Processing Remote Code Execution
Description: Flash CS3 Professional, Flash Professional, and Flash
Basic are multimedia applications available for Microsoft Windows and
Apple Mac OS X. The applications are exposed to a remote code
execution issue during the processing of malicious FLA files. Flash
CS3 Professional, Flash Professional 8, and Flash Basic 8 on Microsoft
Windows are affected.
Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-07.html
______________________________________________________________________
08.13.39 CVE: CVE-2006-7232
Platform: Cross Platform
Title: MySQL INFORMATION_SCHEMA Remote Denial Of Service
Description: MySQL is an open-source SQL database manager available
for multiple operating systems. The application is exposed to a remote
denial of service issue because it fails to handle certain specially
crafted queries. MySQL versions prior to 5.0.32 and 5.1.14 are
affected.
Ref: http://bugs.mysql.com/bug.php?id=22413
______________________________________________________________________
08.13.40 CVE: CVE-2008-1004
Platform: Cross Platform
Title: Apple Safari Web Inspector Remote Code Injection
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a remote code
injection issue. Specifically, when Web Inspector is used on a
malicious page, script code from that page will execute in the context
of other domains, and be able to access the vulnerable computer's file
system. Apple Safari versions prior to 3.1 running on Apple Mac OS X
10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista are
affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.41 CVE: CVE-2008-0707
Platform: Cross Platform
Title: HP StorageWorks Library and Tape Tools Unspecified Local
Security Bypass
Description: HP StorageWorks Library and Tape Tools (LTT) diagnostic
tool for tape mechanisms, tape automation and magneto-optical
products. The application is exposed to a local security bypass issue.
Ref: http://www.securityfocus.com/bid/28314
______________________________________________________________________
08.13.42 CVE: CVE-2008-1390
Platform: Cross Platform
Title: Asterisk Predictable HTTP Manager Session ID Security Bypass
Description: Asterisk is an open-source PBX application available for
multiple operating platforms. The application is exposed to an issue
that can allow an attacker to predict the "manager" session ID in the
AsteriskGUI HTTP server. This issue is caused by the method that
Asterisk uses to generate session IDs.
Ref: http://downloads.digium.com/pub/security/AST-2008-005.html
______________________________________________________________________
08.13.43 CVE: CVE-2008-1005
Platform: Cross Platform
Title: Apple Safari WebCore "Kotoeri" Password Field Information
Disclosure
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to an information
disclosure issue that affects the "WebCore" component, and allows an
attacker to use "Kotoeri" reverse conversion to display a hidden
password field. Apple Safari versions prior to 3.1 running on Apple
Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista
are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.44 CVE: CVE-2008-0889
Platform: Cross Platform
Title: Red Hat "redhat-idm-console" Insecure Startup Script Local
Privilege Escalation
Description: The "redhat-idm-console" application is a Java-based
remote management console used for managing Red Hat Administration
Server and Red Hat Directory Server. The application is exposed to a
local privilege escalation issue because of insecure permissions on
its startup script. "redhat-idm-console" application version 1.0.0
used with Red Hat Directory Server 8 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0191.html
______________________________________________________________________
08.13.45 CVE: CVE-2008-1010
Platform: Cross Platform
Title: Apple Safari WebKit JavaScript Regular Expression Handling
Buffer Overflow
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to properly bounds check user-supplied input
before using it in an insufficiently sized buffer. Specifically,
WebKit fails to properly handle JavaScript regular expressions. Apple
Safari versions prior to 3.1 running on Apple Mac OS X 10.4.1 and
10.5.2, Microsoft Windows XP, and Windows Vista are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.46 CVE: CVE-2008-0050
Platform: Cross Platform
Title: Apple Safari CFNetwork Arbitrary Secure Website Spoofing
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to an issue that could
allow a malicious HTTPS proxy server to spoof a secure website. The
problem occurs when handling arbitrary data to CFNetwork in a 502 Bad
Gateway error.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.47 CVE: Not Available
Platform: Cross Platform
Title: CenterIM URI Hanlding Remote Arbitrary Command Execution
Description: CenterIM is an instant messaging application based on
CenterICQ. The application is exposed to a remote shell command
execution issue because it fails to sufficiently sanitize
user-supplied data. Specifically, this occurs when handling URIs
supplied via instant messages. CenterIM version 4.22.3 is affected.
Ref: http://www.centerim.org/index.php/Main_Page
______________________________________________________________________
08.13.48 CVE: CVE-2008-0931
Platform: Cross Platform
Title: XWine WINE Configuration File Local Arbitrary Command Execution
Description: XWine is a graphical user interface for WINE. The
application is exposed to an issue that can allow local attackers to
execute arbitrary commands. This issue is due to the "w_export.c"
source file, which sets the permissions of the WINE configuration file
"/etc/wine/config/" to be world-writable. XWine version 1.0.1 is
affected.
Ref: http://www.securityfocus.com/bid/28369
______________________________________________________________________
08.13.49 CVE: Not Available
Platform: Cross Platform
Title: xine-lib Multiple Heap Based Remote Buffer Overflow
Vulnerabilities
Description: xine is a media player application. xine-lib is the core
library for applications that use the xine. The application is exposed
to multiple heap-based buffer overflow issues because it fails to
perform adequate boundary checks on user-supplied input. xine-lib
version 1.1.11 is affected.
Ref: http://www.securityfocus.com/archive/1/489894
______________________________________________________________________
08.13.50 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail IMAP LSUB Command Remote Stack Buffer Overflow
Description: SurgeMail is a commercial email application that contains
an IMAP server; it runs on multiple platforms. The application is
exposed to a remote stack-based buffer overflow issue because it fails
to properly bounds-check user-supplied input. SurgeMail version 3.8k4
is affected.
Ref: http://www.securityfocus.com/archive/1/489959
______________________________________________________________________
08.13.51 CVE: CVE-2008-1384
Platform: Cross Platform
Title: PHP 5 "php_sprintf_appendstring()" Remote Integer Overflow
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to an integer overflow issue because it
fails to properly ensure that integer values are not overrun. PHP
versions 5.2.5 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/489962
______________________________________________________________________
08.13.52 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari File Download Remote Denial of Service
Description: Apple Safari is a web browser available for multiple
operating systems. Safari is exposed to a remote denial of service
issue that occurs when handling files with large names during a
download operation. Safari version 3.1 running on Microsoft Windows is
affected.
Ref: http://www.securityfocus.com/archive/1/489965
______________________________________________________________________
08.13.53 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Window.setTimeout Variant Content Spoofing
Description: Apple Safari is a web browser for multiple operating
platforms. It is produced by Apple and is currently in Beta for the
Windows platform. The application is exposed to a content-spoofing
issue that allows attackers to populate a vulnerable Safari browser
window with arbitrary malicious content. Safari version 3.1 running on
Microsoft Windows is affected.
Ref: http://www.securityfocus.com/archive/1/489972
______________________________________________________________________
08.13.54 CVE: Not Available
Platform: Cross Platform
Title: snircd And ircu "set_user_mode" Remote Denial of Service
Description: snircd is an IRC daemon based on ircu. The application is
exposed to a denial of service issue because the application fails to
sufficiently sanitize user-supplied input. This issue occurs in the
"set_user_mode()" function of the "s_user.c" source file. snircd
versions up to and including 1.3.4, and ircu versions up to and
including 2.10.12.12 are affected.
Ref: http://www.securityfocus.com/archive/1/489990
______________________________________________________________________
08.13.55 CVE: Not Available
Platform: Cross Platform
Title: Hamachi VPN Local Login Credentials Information Disclosure
Description: Hamchi is a freely-available VPN (Virtual Private
Network) application used to securely connect remote computers to
networks. The application is exposed to a local information disclosure
issue because it fails to protect user login credentials. Hamachi
version 1.0.2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/490012
______________________________________________________________________
08.13.56 CVE: CVE-2008-1489
Platform: Cross Platform
Title: VLC Media Player "MP4_ReadBox_rdrf()" Buffer Overflow
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The issue stems from an integer overflow within
the "MP4_ReadBox_rdrf()" function in the "modules/demux/mp4/libmp4.c"
file. VLC media player version 0.8.6e is affected.
Ref:
http://trac.videolan.org/vlc/changeset/09572892df7e72c0d4e598c0b5e076cf330d8b0a
______________________________________________________________________
08.13.57 CVE: CVE-2008-0924
Platform: Cross Platform
Title: Novell eDirectory LDAP Extended Request Message Buffer Overflow
Description: Novell eDirectory is a Lightweight Directory Access
Protocol (LDAP) server that also implements NCP (NetWare Core
Protocol). The application is exposed to a buffer overflow issue when
excessive data as part of an LDAP Extended Request message is copied
into a finite-sized stack buffer without performing adequate boundary
checks. eDirectory versions 8.8.1 and earlier, and 8.7.3.9 and
earlier for Linux, Solaris, and Windows platforms are affected.
Ref:
https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html
______________________________________________________________________
08.13.58 CVE: Not Available
Platform: Cross Platform
Title: DotNetNuke Prior to 4.8.2 Multiple Remote Vulnerabilities
Description: DotNetNuke is an open-source Web Application Framework
used to create and deploy websites. The application is exposed to
multiple issues. DotNetNuke versions prior to 4.8.2 are affected.
Ref:
http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspx
______________________________________________________________________
08.13.59 CVE: Not Available
Platform: Cross Platform
Title: SILC Client and Server Key Negotiation Protocol Remote Buffer
Overflow
Description: SILC (Secure Internet Live Conferencing) is a protocol
which provides secure conferencing services over the Internet. The
application is exposed to a buffer overflow issue that occurs in the
"slic_pcks1'_decode" function of the "slicpkcs1.c" source file. SILC
Client versions prior to 1.1.4, and SILC Server versions prior to 1.1.2
are affected.
Ref: http://www.securityfocus.com/archive/1/490069
______________________________________________________________________
08.13.60 CVE: CVE-2008-1483
Platform: Cross Platform
Title: OpenSSH X connections Session Hijacking
Description: OpenSSH is a free implementation of the Secure Shell
protocol suite. It is available for various operating systems. The
application is exposed to an issue that allows attackers to hijack
forwarded X connections. This issue occurs because the application
fails to properly ensure that TCP ports are not already in use when
assigning the X DISPLAY variable for forwarded X connections. OpenSSH
version 4.3p2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
______________________________________________________________________
08.13.61 CVE: CVE-2008-1429
Platform: Cross Platform
Title: SILC Server "NEW_CLIENT" Remote Denial of Service
Description: SILC (Secure Internet Live Conferencing) is a protocol
that provides secure conferencing services over the Internet. SILC
Server implements a server supporting the SILC protocol. The
application is exposed to a denial of service issue because it fails
to properly handle exceptional conditions. SILC versions prior to
1.1.1 are affected.
Ref: http://silcnet.org/docs/release/SILC%20Server%201.1.1
______________________________________________________________________
08.13.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: News-Template "print.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: News-Template is a PHP-based news application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input to the following
parameters of the "print.php" script: "ide" and "file_name".
Ref: http://www.securityfocus.com/bid/28353
______________________________________________________________________
08.13.63 CVE: CVE-2007-1011
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebKit Frame Method Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, a frame on one site may be able to access methods
of a frame on another site. Apple Safari versions prior to 3.1 running
on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows
Vista are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.64 CVE: CVE-2008-1001
Platform: Web Application - Cross Site Scripting
Title: Apple Safari Error Page Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, the application's error page displays content
from a followed URI. Apple Safari versions prior to 3.1 running on
Microsoft Windows XP, and Windows Vista are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.65 CVE: CVE-2007-4592
Platform: Web Application - Cross Site Scripting
Title: IBM Rational ClearQuest Multiple Parameters Multiple Cross-Site
Scripting Vulnerabilities
Description: IBM Rational ClearQuest is an application for managing
software projects. The application is exposed to multiple cross-site
scripting issues because it fails to adequately sanitize user-supplied
input. Ration ClearQuest versions 2003.06.16, 7.0.0.1, 7.0.0.2,
7.0.1.0, and 7.0.1.1 are affected.
Ref: http://www.securityfocus.com/archive/1/489861
______________________________________________________________________
08.13.66 CVE: CVE-2008-1002
Platform: Web Application - Cross Site Scripting
Title: Apple Safari Javascript URL Parsing Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, malicious JavaScript URLs from a visited page may
be able to access properties of another web page. Apple Safari
versions prior to 3.1 running on Mac OS X 10.4.11, and 10.5.2,
Microsoft Windows XP, and Windows Vista are affected.
Ref: http://www.kb.cert.org/vuls/id/766019
______________________________________________________________________
08.13.67 CVE: CVE-2008-1003
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebCore "document.domain" Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, the "WebCore" component of the browser fails to
properly handle sites that have specifically set the "document.domain"
property, or HTTP and HTTPS sites with the same "document.domain".
Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11, and
10.5.2, Microsoft Windows XP, and Windows Vista are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.68 CVE: CVE-2008-1006
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebCore "window.open()" Function Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, the "window.open()" function of "WebCore" can be
utilized by a malicious web page to change the security context to
that of the victim. Apple Safari versions prior to 3.1 running on Mac
OS X 10.4.11 and 10.5.2, Microsoft Windows XP, and Windows Vista are
affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.69 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CS-Cart "index.php" Cross-Site Scripting
Description: CS-Cart is a PHP-based shopping cart application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "q" parameter of
the "index.php" script. CS-Cart version 1.3.2 is affected.
Ref: http://www.securityfocus.com/archive/1/489857
______________________________________________________________________
08.13.70 CVE: CVE-2008-1007
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, the frame navigation page for Java applets is not
properly enforced. Apple Safari versions prior to 3.1 running on Mac
OS X 10.4.11 and 10.5.2, Microsoft Windows XP, and Windows Vista are
affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.71 CVE: CVE-2008-1008
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebCore "document.domain" Variant Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, the "WebCore" component of the browser fails to
properly handle the "document.domain" property of malicious web sites.
Apple Safari versions prior to 3.1 running on Mac OS X 10.4.11 and
10.5.2, Microsoft Windows XP, and Windows Vista are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.72 CVE: CVE-2008-1009
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebCore History Object Cross-Site Scripting
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Specifically, a problem in WebCore allows frames to set the
"history" object properties in all other frames loaded from the same
web page. Apple Safari versions prior to 3.1 running on Mac OS X
10.4.11 and 10.5.2, Microsoft Windows XP, and Windows Vista are
affected.
Ref: http://docs.info.apple.com/article.html?artnum=307563
______________________________________________________________________
08.13.73 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Namazu "namazu.cgi" Cross-Site Scripting
Description: Namazu is a web-based searching and indexing system. It
is designed to be easy to use for small and medium scale web indexing
and searching, and for personal use. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied UTF-7 encoded input to the "namazu.cgi" script. Namazu
versions prior to 2.0.18 are vulnerable.
Ref: http://namazu.org/security.html
______________________________________________________________________
08.13.74 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TinyPortal "index.php" Cross-Site Scripting
Description: TinyPortal is a web-based portal application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "PHPSESSID" parameter of
the "index.php" script.
Ref: http://www.securityfocus.com/bid/28402
______________________________________________________________________
08.13.75 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: cPanel "manpage.html" Cross-Site Scripting
Description: cPanel is a web-hosting control panel. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "/frontend/x/manpage.html" script.
Ref: http://www.securityfocus.com/archive/1/489963
______________________________________________________________________
08.13.76 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Alkacon OpenCms "users_list.jsp" Multiple Cross-Site Scripting
Vulnerabilities
Description: Alkacon OpenCms is a web-based content manager. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input to the
"searchfilter" and "listSearchFilter" parameters of the
"opencms/system/workplace/admin/accounts/users_list.jsp" script.
OpenCms version 7.0.3 is affected.
Ref: http://www.securityfocus.com/archive/1/489984
______________________________________________________________________
08.13.77 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PICTURESPRO Photo Cart Cross-Site Scripting
Description: Photo Cart is a web-based shopping cart application
implemented in PHP. It is specifically designed for photographers. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "amessage" parameter of
the "index.php" script. Photo Cart version 4.1 is affected.
Ref:
http://www.picturespro.com/community/forums/photo_cart/index.php?see=viewTopic&topic=296795080324075103
______________________________________________________________________
08.13.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PEEL Multiple SQL Injection Vulnerabilities and Arbitrary File
Upload
Description: PEEL is a PHP-based content manager. The application is
exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/28346
______________________________________________________________________
08.13.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyBlog SQL Injection and Remote File Include Vulnerabilities
Description: MyBlog is a blog application implemented in PHP. The
application is exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/28313
______________________________________________________________________
08.13.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Iatek PortalApp "links.asp" SQL Injection
Description: PortalApp (also known as ASPApp) is a web-based content
management system. It is implemented in ASP. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "CatId" parameter of the
"links.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28315
______________________________________________________________________
08.13.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo joovideo Component "id" Parameter SQL
Injection
Description: joovideo is a video component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_joovideo" component before using it in an
SQL query. joovideo version 1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/28318
______________________________________________________________________
08.13.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Comp Restaurante Component "id" Parameter SQL
Injection
Description: Comp Restaurante is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_restaurante" component before using it in
an SQL query. Comp Restaurante version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28324
______________________________________________________________________
08.13.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Accombo Component "id" Parameter SQL
Injection
Description: Accombo is a component for the Joomla! and Mambo content
managers used for advertising accommodations. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "com_accombo"
component before using it in an SQL query. Accombo version 1.4 is
affected.
Ref: http://www.securityfocus.com/bid/28325/references
______________________________________________________________________
08.13.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easy-Clanpage User "id" Parameter SQL Injection
Description: Easy-Clanpage is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter when
the "section" parameter is set to "user" before using it in an SQL
query. Easy-Clanpage version 2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/489888
______________________________________________________________________
08.13.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Alberghi Component "id" Parameter SQL
Injection
Description: The Alberghi component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_alberghi" component before using it in an
SQL query. Alberghi version 2.1.3 is affected.
Ref: http://www.securityfocus.com/bid/28331
______________________________________________________________________
08.13.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Datsogallery Component "id" Parameter SQL
Injection
Description: The Datsogallery is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_datsogallery" component before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28361
______________________________________________________________________
08.13.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TopperMod "localita" Parameter SQL Injection
Description: TopperMod is a web-based application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "localita" POST
parameter of the "mod.php" script before using it in an SQL query.
TopperMod version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28447
______________________________________________________________________
08.13.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Iatek Knowledge Base "content_by_cat.asp" SQL Injection
Description: Iatek Knowledge Base is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "catid" parameter of the "content_by_cat.asp" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/28376
______________________________________________________________________
08.13.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS "sections" Module "artid" Parameter SQL Injection
Description: The "sections" module is one of the core modules of the
RunCMS content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "artid" parameter of the "sections" module before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/28378
______________________________________________________________________
08.13.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS "photo" Module "cid" Parameter SQL Injection
Description: The "photo" module is one of the core modules of the
RunCMS content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cid" parameter of the "photo" module before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28395
______________________________________________________________________
08.13.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: D.E. Classifieds "showCat.php" SQL Injection
Description: D.E. Classifieds is a web-based classifieds application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cat_id" parameter of the "showCat.php" module before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28396
______________________________________________________________________
08.13.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PostNuke "pnVarPrepForStore()" SQL Injection
Description: PostNuke is a content management system (CMS). The
application is prone to an SQL injection vulnerability because it
fails to sufficiently sanitize user-supplied data. The
"pnVarPrepForStore()" function is responsible for sanitizing
user-supplied input. PostNuke version 0.764 is affected.
Ref: http://www.securityfocus.com/bid/28407/references
______________________________________________________________________
08.13.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XLPortal "index.php" SQL Injection
Description: XLPortal is a web-based portal application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "query" parameter of
the "index.php" script before using it in an SQL query. XLPortal
version 2.2.4 is affected.
Ref: http://www.securityfocus.com/bid/28408
______________________________________________________________________
08.13.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Platinum "dynamic_titles.php" SQL Injection
Description: PHP-Nuke Platinum is a web content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the
"includes/dynamic_titles.php" script. PHP-Nuke Platinum version
7.6.b.5 is affected.
Ref: http://www.securityfocus.com/bid/28410
______________________________________________________________________
08.13.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Efestech E-Kontor "id" Parameter SQL Injection
Description: Efestech E-Kontor is a web-based application implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "index.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28412
______________________________________________________________________
08.13.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Rekry Component "op_id" Parameter SQL
Injection
Description: Rekry is a plugin for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "op_id"
parameter of the "com_rekry" component before using it in an SQL
query. Rekry version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/28422
______________________________________________________________________
08.13.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Cinema Component "id" Parameter SQL Injection
Description: Cinema is a component for the Joomla! and Mambo content
managers. The application is exposed to a SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "com_cinema" component before using it in an SQL
query. Cinema version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28427
______________________________________________________________________
08.13.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Download3000 Component "id" Parameter SQL
Injection
Description: Download3000 is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_d3000" component before using it in an SQL
query. Download3000 version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28428
______________________________________________________________________
08.13.99 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bomba Haber "haberoku.php" SQL Injection
Description: Bomba Haber is a news script implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "haber" parameter of
the "haberoku.php" script before using it in an SQL query. Bomba Haber
version 2.0 is affected.
Ref: http://php.arsivimiz.com/goster/461
______________________________________________________________________
08.13.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Clever Copy "postview.php" SQL Injection
Description: Clever Copy is a scalable website portal and news-posting
system written in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "ID" parameter of the "postview.php" script before using it in an
SQL query. Clever Copy version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/28437
______________________________________________________________________
08.13.101 CVE: Not Available
Platform: Web Application
Title: Elastic Path Multiple Input Validation Vulnerabilities
Description: Elastic Path is a web-based ecommerce application. The
application is exposed to multiple input validation issues because it
fails to properly sanitize user-supplied input. Elastic Path versions
4.1 and 4.1.1 are affected.
Ref: http://weblog.nomejortu.com/?p=37
______________________________________________________________________
08.13.102 CVE: Not Available
Platform: Web Application
Title: yehe "envoyer" Arbitrary File Upload
Description: yehe is an online editor application. The application is
exposed to an arbitrary file upload issue that lets an attacker upload
and execute arbitrary code in the context of the affected web server
process. This issue occurs because the application fails to
sufficiently sanitize user-supplied data via the "envoyer"
functionality. yehe version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28355
______________________________________________________________________
08.13.103 CVE: Not Available
Platform: Web Application
Title: w-Agora "bn_dir_default" Parameter Multiple Remote File Include
Vulnerabilities
Description: w-Agora is a web publishing and forum application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"bn_dir_default" parameter. w-Agora version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/28366
______________________________________________________________________
08.13.104 CVE: Not Available
Platform: Web Application
Title: BolinOS Local File Include Vulnerability and Multiple
Cross-Site Scripting Vulnerabilities
Description: BolinOS is a PHP-based content manager. The application
is exposed to multiple issues because it fails to adequately sanitize
user-supplied input. BolinOS version 4.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/490058
______________________________________________________________________
08.13.105 CVE: Not Available
Platform: Web Application
Title: phpBB PJIRC Module "irc.php" Local File Include
Description: PJIRC is an IRC module for phpBB. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "phpEx" parameter of the
"irc/irc.php" script.
Ref: http://www.securityfocus.com/archive/1/490070
______________________________________________________________________
08.13.106 CVE: Not Available
Platform: Web Application
Title: DotNetNuke Default "ValidationKey" and "DecriptionKey" Weak
Encryption
Description: DotNetNuke is an open-source Web Application Framework
used to create and deploy web sites. The application is exposed to a
weak encryption issue due to a design flaw in the affected
application. DotNetNuke version 4.8.1 is affected.
Ref: http://www.securityfocus.com/archive/1/489957
______________________________________________________________________
08.13.107 CVE: Not Available
Platform: Web Application
Title: Webutil "webutil.pl" Multiple Remote Command Execution
Vulnerabilities
Description: Webutil is a collection of networking tools implemented
in Perl. The application is exposed to multiple issues that attackers
can leverage to execute arbitrary commands. These issues occur because
the application fails to adequately sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/489961
______________________________________________________________________
08.13.108 CVE: Not Available
Platform: Web Application
Title: phpAddressBook "index.php" Local File Include
Description: phpAddressBook is a PHP-based contacts application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "skin" parameter of
the "index.php" script. phpAddressBook version 2.11 is affected.
Ref: http://www.securityfocus.com/archive/1/489971
______________________________________________________________________
08.13.109 CVE: Not Available
Platform: Web Application
Title: phpMyChat "setup.php3" Cross-Site Scripting
Description: phpMyChat is a web-based chat application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "Lang" parameter of the
"setup.php3" script. phpMyChat version 0.14.5 is affected.
Ref: http://www.securityfocus.com/bid/28399
______________________________________________________________________
08.13.110 CVE: Not Available
Platform: Web Application
Title: My Web Doc Administration Pages Multiple Authentication Bypass
Vulnerabilities
Description: My Web Doc is a web-based, database-driven document
handling application. The application is exposed to multiple
authentication bypass issues. My Web Doc 2000 Final is affected.
Ref: http://www.securityfocus.com/bid/28400
______________________________________________________________________
08.13.111 CVE: Not Available
Platform: Web Application
Title: ooComments "PathToComment" Parameter Multiple Remote File
Include Vulnerabilities
Description: ooComments is a web-based comment portal application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"PathToComment" parameter of the following scripts: "class_admin.php"
and "class_comments.php". ooComments version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28401
______________________________________________________________________
08.13.112 CVE: Not Available
Platform: Web Application
Title: Joomla! Custompages Component "cpage" Parameter Remote File
Include
Description: The Joomla! Custompages component is a PHP-based module
for the Joomla! content manager. The application is exposed to a
remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "cpage" parameter of the "index.php"
script. Custompages version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28409
______________________________________________________________________
08.13.113 CVE: Not Available
Platform: Web Application
Title: F5 Big-IP Web Management Audit Log HTML Injection
Description: F5 Big-IP is a security and networking device that
provides web access control, application level security and network
performance optimization. The application is exposed to an HTML
injection issue in the web management interface. The application fails
to sufficiently sanitize user-supplied input when creating audit log
entries. F5 Big-IP version 9.4.3 is affected.
Ref: http://www.securityfocus.com/archive/1/489991
______________________________________________________________________
08.13.114 CVE: Not Available
Platform: Web Application
Title: SLAED CMS "settings[]" Parameter Multiple Local File Include Vulnerabilities
Description: PowerPHPBoard is a PHP-based bulletin board application.
The application is exposed to multiple local file include issues
because it fails to properly sanitize user-supplied input to the
"settings[footer]" parameter of the "footer.inc.php" script and the
"settings[header]" parameter of the "header.inc.php" script.
PowerPHPBoard version 1.00b is affected.
Ref: http://www.securityfocus.com/archive/1/490011
______________________________________________________________________
08.13.115 CVE: Not Available
Platform: Web Application
Title: PowerBook "page" Parameter Remote File Include
Description: PowerBook is a PHP-based guestbook application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "pb_inc/admincenter/index.php" script. PowerBook version 1.21 is
affected.
Ref: http://www.securityfocus.com/archive/1/490008
______________________________________________________________________
08.13.116 CVE: Not Available
Platform: Web Application
Title: Cuteflow Bin "login.php" Local File Include
Description: Cuteflow Bin web-based document circulation tool. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "language" parameter
of the "login.php" script. Cuteflow Bin version 1.5.0 is affected.
Ref: http://www.securityfocus.com/bid/28419
______________________________________________________________________
08.13.117 CVE: Not Available
Platform: Web Application
Title: Le Forum "Fichier_Acceuil" Parameter Remote File Include
Vulnerability
Description: Le Forum is a PHP-based forum application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "Fichier_Acceuil"
parameter of the "fora-acc.php3" script.
Ref: http://www.securityfocus.com/bid/28423
______________________________________________________________________
08.13.118 CVE: Not Available
Platform: Web Application
Title: eGroupWare "_bad_protocol_once()" HTML Security Bypass
Description: eGroupWare is a PHP-based groupware application for
managing and distributing business related data. The application is
exposed to an issue that allows arbitrary code to bypass HTML
filtering policies. The issue occurs due to an error in the
"_bad_protocol_once()" function of the
"phpgwapi/inc/class.kses.inc.php" script. eGroupWare versions prior to
1.4.003 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=78745&release_id=585464
______________________________________________________________________
08.13.119 CVE: Not Available
Platform: Web Application
Title: HIS WebShop "his-webshop.pl" Directory Traversal
Description: HIS WebShop is an ecommerce shopping application
implemented in Perl. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the "t" parameter of the
"cgi-bin/his-webshop.pl" script. HIS WebShop version 2.50 is affected.
Ref: http://www.securityfocus.com/archive/1/490016
______________________________________________________________________
08.13.120 CVE: Not Available
Platform: Web Application
Title: Destar Add User Unauthorized Access
Description: Destar is a web-based interface for managing the Asterisk
PBX. The application is exposed to an unauthorized access issue that
occurs because the application allows unprivileged attackers to add
new users. Destar version 0.2.2-5 is affected.
Ref: http://www.securityfocus.com/bid/28426
______________________________________________________________________
08.13.121 CVE: Not Available
Platform: Web Application
Title: phpBB eXtreme Styles Module "admin_xs.php" Local File Include
Description: eXtreme Styles is a module for phpBB. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "phpEx" parameter of the
"admin/admin_xs.php" script. eXtreme Styles version 2.3.1 is affected.
Ref: http://www.securityfocus.com/bid/28432
______________________________________________________________________
08.13.122 CVE: Not Available
Platform: Web Application
Title: Aeries Browser Interface Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Aeries Browser Interface is a web portal for student
information. It is an ASP-based component of the Aeries Student
Information System. The application is exposed to multiple issues
because it fails to sufficiently sanitize user-supplied input. Aeries
Browser Interface version 3.8.3.14 is affected.
Ref: http://www.securityfocus.com/archive/1/490033
______________________________________________________________________
08.13.123 CVE: CVE-2008-1266, CVE-2008-1253, CVE-2008-1258
Platform: Web Application
Title: Multiple D-Link Products Multiple Cross-Site Scripting and
Denial of Service Vulnerabilities
Description: Multiple D-Link products are exposed to multiple
cross-site scripting issues because they fail to properly handle
user-supplied input.
Ref: http://www.securityfocus.com/bid/28439
______________________________________________________________________
08.13.124 CVE: Not Available
Platform: Web Application
Title: e107 My_Gallery Plugin "dload.php" Arbitrary File Download
Description: The e107 My_Gallery plugin is a photo gallery module for
the e107 content manager. The application is exposed to an issue that
lets attackers download arbitrary files because it fails to
sufficiently sanitize user-supplied input to the "file" parameter of
the "dload.php" script. My_Gallery version 2.3 is affected.
Ref: http://www.securityfocus.com/archive/1/490041
______________________________________________________________________
08.13.125 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo Alphacontent Component "id" Parameter SQL
Injection
Description: Alphacontent is a plugin for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_alphacontent" component before using it in
an SQL query. Alphacontent version 2.5.8 is affected.
Ref: http://www.securityfocus.com/bid/28443
______________________________________________________________________
08.13.126 CVE: Not Available
Platform: Web Application
Title: TopperMod "mod.php" Local File Include
Description: TopperMod is a web-based application implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "to" parameter
of the "mod.php" script. TopperMod version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28449
______________________________________________________________________
08.13.127 CVE: CVE-2008-1012
Platform: Network Device
Title: Apple AirPort Extreme Base Station AFP Request Denial of
Service
Description: Apple Airport Extreme is a wireless network device for
sharing network resources. The device is exposed to a remote denial of
service issue because it fails to properly handle malformed AFP
requests. AirPort Extreme running firmware versions prior to 7.3.1 are
affected.
Ref: http://support.apple.com/kb/HT1226
______________________________________________________________________
08.13.128 CVE: CVE-2008-1242
Platform: Network Device
Title: Belkin F5D7230-4 Wireless G Router IP-Based Authentication
State Authentication Bypass
Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi
networking router. The device is exposed to an authentication bypass
issue due to the way it maintains authentication states. This issue
occurs because authentication states are maintained based on the IP
address of users. Belkin F5D7230-4 running firmware version 9.01.10 is
affected.
Ref: http://www.securityfocus.com/archive/1/489009
______________________________________________________________________
08.13.129 CVE: CVE-2008-1244
Platform: Network Device
Title: Belkin F5D7230-4 Wireless G Router "setup_dns.exe"
Authentication
Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi
networking router. The device is exposed to an issue due to a lack of
authentication when users access "cgi-bin/setup_dns.exe". Belkin
F5D7230-4 running firmware version 9.01.10 is affected.
Ref: http://www.securityfocus.com/archive/1/489009
______________________________________________________________________
08.13.130 CVE: CVE-2008-1245
Platform: Network Device
Title: Belkin F5D7230-4 Wireless G Router "setup_virtualserver.exe"
Denial of Service
Description: The Belkin F5D7230-4 Wireless G Router is a Wi-Fi
networking router. The application is exposed to a denial of service
issue when "cgi-bin/setup_virtualserver.exe" handles an HTTP POST
request containing invalid data and a "Connection: Keep-Alive" header.
Belkin F5D7230-4 running firmware version 9.01.10 is affected.
Ref: http://www.securityfocus.com/archive/1/489009
______________________________________________________________________
08.13.131 CVE: CVE-2008-1247
Platform: Network Device
Title: Linksys WRT54G Wireless-G Router Multiple Remote Authentication
Bypass Vulnerabilities
Description: Linksys WRT54G Wireless-G Router is exposed to multiple
authentication bypass issues because the device fails to properly
check authorization before it allows users to perform certain
administration actions. Firmware version v1.00.9 is affected.
Ref: http://www.securityfocus.com/bid/28381
______________________________________________________________________
08.13.132 CVE: CVE-2008-1252
Platform: Network Device
Title: Speedport W500 "b_banner.stm" Password Information Disclosure
Description: Speedport W500 is a wireless router. The application is
exposed to an information disclosure issue because the "b_banner.stm"
login page contains the router password in plain text.
Ref: http://www.securityfocus.com/bid/28382
______________________________________________________________________
08.13.133 CVE: Not Available
Platform: Network Device
Title: Mitsubishi Electric GB-50A Multiple Remote Authentication
Bypass Vulnerabilities
Description: The Mitsubishi GB-50A is a network-enabled air
conditioning control device. The device has a web interface for
administrative and user access. The issue occurs because the device
uses a set of Java applets to control functionality.
Ref: http://www.securityfocus.com/archive/1/489970
______________________________________________________________________
08.13.134 CVE: Not Available
Platform: Network Device
Title: Linksys SPA-2102 Phone Adapter Packet Handling Denial of
Service
Description: Linksys SPA-2102 Phone Adapter is a device that allows
analog telephony devices to connect to Voice-over-IP (VoIP) data
networks. The device is exposed to a denial of service issue that
occurs when handling an excessive number of packets in quick
succession. Linksys SPA-2102 Phone Adapter running firmware version
3.3.6 is affected.
Ref: http://www.securityfocus.com/archive/1/489995
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkfsTaEACgkQ+LUG5KFpTkbZUACgl+50iVbx2BOa9QKlTwjmQ/VV
IjcAoIXsfX7yXyMyheatj817NM5QjGaY
=gS3Q
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]