NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 14

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Apr 03 2008 - 18:34:30 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A small number of critical problems, but affecting a whole lot of
computers and people: Both Macs and Windows computers are at risk from
the multiple critical QuickTime vulnerabilities. And a large portion
of the corporate and government and university world is at risk from the
HP OpenView buffer overflows. If that's not enough work for one week,
Internet Storm Center is also seeing (though not reported below) a big
upsurge in attacks using malicious PDFs that are effective and damaging
where people have not patched Adobe Reader.

Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 3, 2008 Vol. 7. Week 14
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Other Microsoft Products 2
Third Party Windows Apps 8 (#2, #3)
Linux 8
BSD 1
Aix 1
Apple 1 (#1)
Unix 1
Novell 1
Cross Platform 24 (#4)
Web Application - Cross Site Scripting 16
Web Application - SQL Injection 12
Web Application 20
Network Device 7

****** SPONSORED BY SANS APP SECURITY AND PEN TESTING PROGRAMS *********
SANS' new penetration testing classes are getting the highest ratings
of any new courses since the Wireless class was launched. If you do pen
testing - either application pen testing or traditional pen testing,
these courses help make sure your tools and skills are state of the art.
   Application Pen Testing
     Fundamentals: http://sans.org/training/description.php?mid=692
     In Depth: http://sans.org/training/description.php?mid=942
   Network Pen Testing: http://www.sans.org/training/description.php?mid=937
And if you hire pen testers, come find out how to find the best ones and
make sure they are doing the job right, at the buyers' summits:
   Web App Security Summit: http://sans.org/info/24609
   Pen Testing and Ethical Hacking Summit: http://sans.org/pentesting08_summit/
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org

*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(2) CRITICAL: HP OpenView Buffer Overflow
(3) HIGH: Macrovision InstallShield "One-Click Install" Remote Code Execution
(4) MODERATE: Opera Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Other Microsoft Products
08.14.1 - Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure
08.14.2 - Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing
-- Third Party Windows Apps
08.14.3 - File Transfer Request File Directory Traversal
08.14.4 - Chilkat Http "ChilkatHttp.dll" ActiveX Control Insecure Method Vulnerabilities
08.14.5 - Quick TFTP Server Pro "mode" Remote Buffer Overflow
08.14.6 - NoticeWare Corporation NoticeWare Email Server Denial of Service
08.14.7 - avast! Home/Professional Local Privilege Escalation
08.14.8 - 2X ThinClientServer TFTP service Directory Traversal
08.14.9 - SLMail Pro Multiple Remote Denial of Service and Memory Corruption Vulnerabilities
08.14.10 - Macrovision InstallShield InstallScript OCI Untrusted Library Remote Code Execution
-- Linux
08.14.11 - Red Hat "capp-lspp-config" Local Privilege Escalation
08.14.12 - policyd-weight Insecure Temporary File Creation
08.14.13 - Perlbal Buffered Upload Remote Denial of Service
08.14.14 - Multiple Applications Missing X11 DISPLAY Variable Local Arbitrary Command Execution
08.14.15 - CDS Software Consortium Invenio Email Notification Alerts Deletion
08.14.16 - Mondo Rescue Prior to 2.2.5 Unspecified
08.14.17 - Linux Audit Daemon "audit_log_user_command()" Local Buffer Overflow
08.14.18 - xine-lib Matroska Demuxer Remote Buffer Overflow
-- BSD
08.14.19 - Multiple BSD Platforms "strfmon()" Function Integer Overflow Weakness
-- Aix
08.14.20 - IBM AIX Kernel Security Advisory 2008.03.26 Multiple Vulnerabilities
-- Unix
08.14.21 - CUPS "gif_read_lzw()" GIF File Buffer Overflow
-- Novell
08.14.22 - Novell NetWare iPrint Request Handling Denial of Service
-- Cross Platform
08.14.23 - Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure
08.14.24 - Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
08.14.25 - HP TCP/IP Services for OpenVMS SSH Unspecified Remote Unauthorized Access
08.14.26 - GnuPG Duplicated Key Import Memory Corruption
08.14.27 - Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote Vulnerabilities
08.14.28 - Cisco IOS Virtual Private Dial-up Network Multiple Denial of Service Vulnerabilities
08.14.29 - TFTP Server Packet Handling Remote Buffer Overflow
08.14.30 - HP Select Identity Local Unauthorized Access
08.14.31 - Cisco IOS Multiple DLSw Denial of Service Vulnerabilities
08.14.32 - IBM solidDB Format String Vulnerability and Multiple Denial of Service Vulnerabilities
08.14.33 - Sun SPARC Enterprise T5120 and T5220 Servers Insecure Default Configuration
08.14.34 - Firebird Relational Database 2.0.0 Remote Denial of Service
08.14.35 - Firebird Relational Database Multiple Remote Vulnerabilities
08.14.36 - Firebird Relational Database Multiple Buffer Overflow Vulnerabilities
08.14.37 - Apache Tomcat AJP Connector Information Disclosure
08.14.38 - Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure
08.14.39 - Apache Tomcat "allowLinking" Accepts NULL Byte in URI Information Disclosure
08.14.40 - lighttpd SSL Error Denial of Service
08.14.41 - Apple Safari Webkit "calculateCompiledPatternLength()" Remote Code Execution
08.14.42 - InspIRCd Prior to 1.1.18 Unspecified
08.14.43 - PowerDNS Remote Cache Poisoning
08.14.44 - OpenSSH ForceCommand Command Execution Weakness
08.14.45 - LANDesk Management Suite TFTP service Directory Traversal
08.14.46 - Sympa "Content-Type" Header Remote Denial of Service
-- Web Application - Cross Site Scripting
08.14.47 - ManageEngine Applications Manager "Search.do" Cross-Site Scripting
08.14.48 - CubeCart Cross-Site Scripting Vulnerabilities
08.14.49 - Blackboard Academic Suite Multiple Cross-Site Scripting Vulnerabilities
08.14.50 - GNB DesignForm Cross-Site Scripting
08.14.51 - PerlMailer Cross-Site Scripting
08.14.52 - DigiDomain Multiple Cross-Site Scripting Vulnerabilities
08.14.53 - Apache Tomcat Cross-Site Scripting
08.14.54 - JV2 Folder Gallery "index.php" Cross-Site Scripting
08.14.55 - JV2 Quick Gallery "index.php" Cross-Site Scripting
08.14.56 - PHPkrm Unspecified Cross Site Scripting
08.14.57 - Jack (tR) Jax LinkLists "jax_linklists.php" Cross-Site Scripting
08.14.58 - lex Guestbook Multiple Cross-Site Scripting Vulnerabilities
08.14.59 - lex Poll "setup.php" Cross-Site Scripting
08.14.60 - PHP Classifieds Multiple Cross Site Scripting and Authentication Bypass Vulnerabilities
08.14.61 - Jax Guestbook "jax_guestbook.php" Cross-Site Scripting
08.14.62 - Nuked-Klan "nuked_nude" Parameter Cross-Site Scripting
-- Web Application - SQL Injection
08.14.63 - Joomla! and Mambo Ahsshop Component "vara" Parameter SQL Injection
08.14.64 - phpAddressBook "index.php" SQL Injection
08.14.65 - Joomla! and Mambo MyAlbum Component "album" Parameter SQL Injection
08.14.66 - eggBlog Unspecifed Cookie SQL Injection
08.14.67 - Smoothflash "admin_view_image.php" SQL Injection
08.14.68 - WordPress "wp-download" Plugin "dl_id" Parameter SQL Injection
08.14.69 - JGS-Treffen "jgs_treffen.php" SQL Injection
08.14.70 - EfesTECH Video "catID" Parameter SQL Injection
08.14.71 - Neat weblog "articleId" Parameter SQL Injection
08.14.72 - Sava's Place Sava's Link Manager 'category' Parameter SQL Injection
08.14.73 - Phorum Multiple Unspecified SQL Injection Vulnerabilities
08.14.74 - FaScript FaPhoto "show.php" SQL Injection
-- Web Application
08.14.75 - TopperMod "mod.php" Local File Include Vulnerability
08.14.76 - Comix "filename" Remote Command Execution
08.14.77 - PECL Alternative PHP Cache Extension "apc_search_paths()" Buffer Overflow
08.14.78 - Terracotta "index.php" Local File Include
08.14.79 - phpMyAdmin Local Information Disclosure
08.14.80 - Invision Power Board "Signature" iFrame Security
08.14.81 - GeeCarts Multiple Input Validation Vulnerabilities
08.14.82 - JAF CMS "website" and "main_dir" Parameters Multiple Remote File Include Vulnerabilities
08.14.83 - Simple Machines Forum Multiple Remote File Include Vulnerabilities
08.14.84 - auraCMS "user.php" Access Validation
08.14.85 - CuteFlow Bin SQL Injection Vulnerability and Multiple Cross Site Scripting Vulnerabilities
08.14.86 - JShop Server "page.php" Local File Include
08.14.87 - KISGB "view_private.php" Local File Include
08.14.88 - mx_blogs Weblogs Module for mxBB "mx_root_path" Parameter Remote File Include
08.14.89 - SudBox Boutique Multiple Administrative Scripts Authentication Bypass Vulnerabilities
08.14.90 - PhpGKit "connexion.php" Remote File Include
08.14.91 - PHP Spam Manager "body.php" Local File Include
08.14.92 - Sava's Place Sava's GuestBook "index.php" Local File Include
08.14.93 - Sava's Place Sava's Link Manager "index.php" Local File Include
08.14.94 - EasyNews Multiple Input Validation Vulnerabilities
-- Network Device
08.14.95 - Aztech ADSL2/2+ 4 Port Router Remote Command Injection
08.14.96 - Cisco IOS Dual-stack Router IPv6 Denial Of Service
08.14.97 - Cisco IOS With OSPF, MPLS VPN, Sup32, Sup720 or RSP720 Denial of Service
08.14.98 - Cisco IOS Multicast Virtual Private Network MDT Data Join Handling
08.14.99 - Siemens SpeedStream 6520 HTTP Request Remote Denial of Service
08.14.100 - HP Compaq Business Notebook PC BIOS Local Denial of Service
08.14.101 - HP Compaq Notebook PC BIOS Local Unauthorized Access
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.4.5

Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. It contains multiple flaws in its
handling of streaming media content. A specially crafted movie file
could trigger one of these flaws and potentially exploit a variety of
vulnerabilities. These vulnerabilities range in severity from arbitrary
code execution with the privileges of the current user to
denial-of-service and information disclosure. Some technical details are
available for some of these vulnerabilities.

Status: Apple confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-014/
http://zerodayinitiative.com/advisories/ZDI-08-015/
http://zerodayinitiative.com/advisories/ZDI-08-016/
http://zerodayinitiative.com/advisories/ZDI-08-017/
http://zerodayinitiative.com/advisories/ZDI-08-018/
http://zerodayinitiative.com/advisories/ZDI-08-019/
Apple Security Advisory
http://support.apple.com/kb/HT1241
QuickTime Home Page
http://www.apple.com/quicktime/
SecurityFocus BID
http://www.securityfocus.com/bid/28583

********************************************************

(2) CRITICAL: HP OpenView Buffer Overflow
Affected:
HP OpenView Network Node Manager versions 7.5.1 and prior

Description: Network Node Manager is the system monitoring component of
the HP OpenView suite of applications. It contains a buffer overflow
vulnerability in its 'ovas.exe' component. A specially crafted request
to this component could trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process (often SYSTEM). Full technical details and a proof-of-concept
are publicly available for this vulnerability. It is not currently known
if OpenView for platforms other than Microsoft Windows is vulnerable.

Status: HP has not confirmed, no updates available.

References:
Proof-of-Concept
http://milw0rm.com/exploits/5342
Product Home Page
http://www.openview.hp.com/products/nnm/
SecurityFocus BID
http://www.securityfocus.com/bid/28569

********************************************************

(3) HIGH: Macrovision InstallShield "One-Click Install" Remote Code Execution
Affected:
Macrovision InstallShield versions 12.0 and prior

Description: Macrovision InstallShield provides a web-based "one-click"
install system. This functionality is provided by an ActiveX control.
This control fails to properly validate its input, allowing users to
load arbitrary libraries and execute arbitrary code. A malicious web
page that instantiated this control could trigger this vulnerability and
execute arbitrary code with the privileges of the current user.
Technical details for this vulnerability are publicly available.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"53D40FAA-4E21-459f-AA87-E4D97FC3245A".

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=649
Macrovision Knowledge Base Article
http://knowledge.macrovision.com/selfservice/microsites/search.do?cmd=displayKC&externalId=Q113640
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28533

********************************************************

(4) MODERATE: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.27

Description: Opera is a popular cross-platform web browser. It contains
memory corruption vulnerabilities in its handling of newsfeeds and the
HTML "CANVAS" tag. A specially crafted web page or newsfeed could
trigger one of these vulnerabilities. Successfully exploiting one of
these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user. Few technical details are
publicly available for these vulnerabilities.

Status: Opera confirmed, updates available.

References:
Opera Security Advisories
http://www.opera.com/support/search/view/881/
http://www.opera.com/support/search/view/882/
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/28585

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 14, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.14.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Crypto API X.509 Certificate Validation Remote
Information Disclosure
Description: Microsoft operating systems provide a Crypto API library
for applications. The application is exposed to an information
disclosure issue because HTTP requests to arbitrary hosts and ports
may be automatically triggered when validating X.509 certificates.
Microsoft Outlook 2007, Microsoft Windows Live Mail 2008 and Microsoft
Office 2007 are affected.
Ref: https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt
______________________________________________________________________

08.14.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer 7 Popup Window Address Bar URI
Spoofing
Description: Internet Explorer is a browser for the Windows operating
system. The application is affected by a URI-spoofing issue on pop-up
windows generated by JavaScript code. Internet Explorer version 7 is
affected.
Ref: http://www.securityfocus.com/archive/1/490286
______________________________________________________________________

08.14.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: File Transfer Request File Directory Traversal
Description: File Transfer is an application that allows users to
transfer files between computers. The application is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input data. File Transfer versions prior to 1.2f are
affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=1829601&group_id=178021&atid=883559
______________________________________________________________________

08.14.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat Http "ChilkatHttp.dll" ActiveX Control Insecure Method
Vulnerabilities
Description: Chilkat Http ActiveX control is a client component for
communicating with HTTP servers. The application is exposed to
multiple issues that allow attackers to overwrite arbitrary files.
Chilkat Http ActiveX control version 2.3 is affected.
Ref: http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Se
curity&argument=Remote_performed_exploits&topic=1207033569.ff.php
______________________________________________________________________

08.14.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Quick TFTP Server Pro "mode" Remote Buffer Overflow
Description: Quick TFTP Server Pro is a Trivial FTP server for
Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to properly bounds check user-supplied data
before storing it in a finite-sized memory buffer.
Ref: http://www.securityfocus.com/bid/28459
______________________________________________________________________

08.14.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: NoticeWare Corporation NoticeWare Email Server Denial of
Service
Description: NoticeWare Email Server is an email server for Microsoft
Windows platforms. The application is exposed to a denial of service
issue due to an unspecified error. NoticeWare Email Server version
4.6.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28559
______________________________________________________________________

08.14.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: avast! Home/Professional Local Privilege Escalation
Description: avast! is an antivirus application for Microsoft Windows.
The application is exposed to a local privilege escalation issue
because it fails to perform adequate sanitization of user-supplied
data. avast! Home/Professional versions prior to 4.8.1169 are
affected.
Ref: http://www.securityfocus.com/archive/1/490321
______________________________________________________________________

08.14.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: 2X ThinClientServer TFTP service Directory Traversal
Description: 2X ThinClientServer is used to deploy and manage thin
clients. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input data. 2X
ThinClientServer 5.0 sp1-r3497 with TFTPd.exe version 3.2.0.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/490324
______________________________________________________________________

08.14.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: SLMail Pro Multiple Remote Denial of Service and Memory
Corruption Vulnerabilities
Description: SLMail Pro is an email server application available for
Microsoft Windows. The application is exposed to multiple remote
issues. SLMailPro version 6.3.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28505
______________________________________________________________________

08.14.10 CVE: CVE-2007-5661
Platform: Third Party Windows Apps
Title: Macrovision InstallShield InstallScript OCI Untrusted Library
Remote Code Execution
Description: Macrovision InstallShield InstallScript OCI (One-Click
Install) is a web-based installer application. The application
is exposed to a remote code execution issue because the ActiveX
control downloads and loads several unsafe DLL files from a website.
Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php
?id=649
______________________________________________________________________

08.14.11 CVE: CVE-2008-0884
Platform: Linux
Title: Red Hat "capp-lspp-config" Local Privilege Escalation
Description: The "capp-lspp-config" script is a component of the
"lspp-eal4-config-ibm" and "capp-lspp-eal4-config-hp" packages. The
"app-lspp-config" script can generate a privilege escalation issue
because it results in the "/etc/pam.d/system-auth-ac" file being
world-writable. "lspp-eal4-config-ibm" and "capp-lspp-eal4-config-hp"
packages are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0193.html
______________________________________________________________________

08.14.12 CVE: Not Available
Platform: Linux
Title: policyd-weight Insecure Temporary File Creation
Description: The "policyd-weight" daemon is a Perl policy daemon for
the Postfix mail transfer agent. The application is exposed to a
security issue that allows attackers to create temporary files in an
insecure manner.
Ref: http://www.securityfocus.com/bid/28480
______________________________________________________________________

08.14.13 CVE: CVE-2008-1532
Platform: Linux
Title: Perlbal Buffered Upload Remote Denial of Service
Description: Perlbal is a Perl-based web server with a reverse proxy
and a load balancer. The application is exposed to a remote denial of
service issue because it fails to handle specially crafted requests.
Perlbal versions prior to 1.70 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=439054
______________________________________________________________________

08.14.14 CVE: CVE-2008-1142
Platform: Linux
Title: Multiple Applications Missing X11 DISPLAY Variable Local
Arbitrary Command Execution
Description: X11 is a windowing and bitmap display protocol used by
multiple applications to build and provide a GUI (Graphical User
Interface). Multiple applications that use X11 are exposed to an issue
that can allow local attackers to execute arbitrary commands. The
issue occurs because the applications use ":0" as the X11 display if
there is no "DISPLAY" environment variable. rxvt version 2.6.4 and
Eterm version 0.9.4 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127
______________________________________________________________________

08.14.15 CVE: Not Available Platform: Linux
Title: CDS Software Consortium Invenio Email Notification Alerts
Deletion
Description: Invenio is a digital library system. The application is
exposed to an issue that allows attackers to delete another user's
email notifications. The vulnerability occurs in the email alert
facility. Invenio version 0.92.1 is affected.
Ref:
http://cdsware.cern.ch/lists/project-cdsware-announce/archive/msg00021.shtml
______________________________________________________________________

08.14.16 CVE: Not Available
Platform: Linux
Title: Mondo Rescue Prior to 2.2.5 Unspecified
Description: Mondo Rescue is a tape backup application for GNU/Linux
platforms. The application is exposed to an unspecified issue
affecting the usage of "/tmp" or MINDI_CACHE instead of
"bkpinfo->tmpdir". Mondo Rescue versions prior to 2.2.5 are affected.
Ref: http://www.securityfocus.com/bid/28522
______________________________________________________________________

08.14.17 CVE: Not Available
Platform: Linux
Title: Linux Audit Daemon "audit_log_user_command()" Local Buffer
Overflow
Description: Linux Audit is a package designed to facilitate the
auditing of actions performed on Linux operating systems. It contains
a daemon that is responsible for receiving and logging audit events.
The application is exposed to a local buffer overflow issue due to a
failure of the software to properly bounds check user-supplied input.
Linux Audit versions prior to 1.7 are affected.
Ref: http://people.redhat.com/sgrubb/audit/ChangeLog
______________________________________________________________________

08.14.18 CVE: CVE-2008-1161
Platform: Linux
Title: xine-lib Matroska Demuxer Remote Buffer Overflow
Description: The "xine" application is a media player. xine-lib is the
core library for applications that use xine. The library is exposed to
a buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. xine-lib versions prior to 1.1.10.1 are
affected.
Ref:
http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=a62d6f482a69;style=gitweb
______________________________________________________________________

08.14.19 CVE: CVE-2008-1391
Platform: BSD
Title: Multiple BSD Platforms "strfmon()" Function Integer Overflow
Weakness
Description: Multiple BSD platforms are exposed to an integer overflow
weakness because the application fails to ensure that integer values
are not overrun. The weakness occurs in the "strfmon()" function
located in the "libc" library. FreeBSD version 6, 7 and NetBSD version
4 are affected.
Ref: http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c
______________________________________________________________________

08.14.20 CVE: Not Available
Platform: Aix
Title: IBM AIX Kernel Security Advisory 2008.03.26 Multiple
Vulnerabilities
Description: IBM AIX is exposed to multiple issues. An unspecified
64-bit process can be restarted via the checkpoint in a manner that
will grant the attacker read and write access to certain areas of
kernel memory and a denial of service issue occurs when a single
remote node reduces the size of a JFS2 filesystem residing on a
concurrent volume group.
Ref: http://www.securityfocus.com/bid/28467
______________________________________________________________________

08.14.21 CVE: CVE-2008-1373
Platform: Unix
Title: CUPS "gif_read_lzw()" GIF File Buffer Overflow
Description: CUPS, Common UNIX Printing System, is a widely used set
of printing utilities for UNIX-based systems. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied GIF image data before
copying it to an insufficiently sized buffer. CUPS version 1.3.6 is
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=438303
______________________________________________________________________

08.14.22 CVE: Not Available
Platform: Novell
Title: Novell NetWare iPrint Request Handling Denial of Service
Description: Novell NetWare is a network operating system. The
application is exposed to a denial of service issue due to an
unspecified error. Novell NetWare version 6.5 is affected.
Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/667/3
842033_f.SAL_Public.html
______________________________________________________________________

08.14.23 CVE: CVE-2005-4703
Platform: Cross Platform
Title: Apache Tomcat Requests Containing MS-DOS Device Names
Information Disclosure
Description: Apache Tomcat is a popular webserver application for
multiple platforms. The application is exposed to an information
disclosure issue when handling requests that contain MS-DOS device
names. Tomcat version 4.0.3 running on Windows is affected.
Ref: http://osvdb.org/ref/20/20033-tomcat-dos-path_disclosure.txt
______________________________________________________________________

08.14.24 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX-like operating systems. The application is exposed to multiple
denial of service issues when handling certain types of packets and
protocols in varying conditions. Wireshark versions 0.99.2 up to and
including 0.99.8 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-02.html
______________________________________________________________________

08.14.25 CVE: CVE-2008-0214
Platform: Cross Platform
Title: HP TCP/IP Services for OpenVMS SSH Unspecified Remote
Unauthorized Access
Description: OpenVMS is a mainframe-like operating system originally
developed by Digital. It is maintained and distributed by HP. HP
OpenVMS SSH using TCP/IP Services for OpenVMS is exposed to an
unauthorized access issue.
Ref: http://www.securityfocus.com/bid/28486
______________________________________________________________________

08.14.26 CVE: CVE-2008-1530
Platform: Cross Platform
Title: GnuPG Duplicated Key Import Memory Corruption
Description: GNU Privacy Guard (GnuPG) is an open-source encryption
application available for numerous platforms. The application is
exposed to a memory corruption issue while importing certain keys with
duplicate IDs from a public keyserver using the "--refresh-keys" or
"--import" options. GnuPG versions 1.4.8 and 2.0.8 are affected.
Ref: https://bugs.gentoo.org/show_bug.cgi?id=214990
______________________________________________________________________

08.14.27 CVE: CVE-2008-1241, CVE-2008-1240, CVE-2007-4879,
CVE-2008-1238, CVE-2008-1236, CVE-2008-1237, CVE-2008-1233,
CVE-2008-1234, CVE-2008-1235
Platform: Cross Platform
Title: Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Multiple Remote
Vulnerabilities
Description: The Mozilla Foundation has released multiple advisories
regarding security issues in Firefox versions 2.0.0.12 and earlier.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-14.html
______________________________________________________________________

08.14.28 CVE: CVE-2008-1151, CVE-2008-1150
Platform: Cross Platform
Title: Cisco IOS Virtual Private Dial-up Network Multiple Denial of
Service Vulnerabilities
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. VPDNs
(Virtual Private Dial-up Networks) transmit private data over a public
network such as the Internet. Cisco IOS is expsoed to multiple denial
of service issues that occur in the VPDN when the Point-to-Point
Tunneling Protocol (PPTP) is enabled.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080326-pptp.shtml
______________________________________________________________________

08.14.29 CVE: Not Available
Platform: Cross Platform
Title: TFTP Server Packet Handling Remote Buffer Overflow
Description: TFTP Server is a multithreaded (Trivial FTP) server. The
application is exposed to a buffer overflow issue because it fails to
properly bounds check user-supplied data before storing it in a
finite-sized memory buffer. TFTP Server version 1.4 running on Windows
is affected.
Ref: http://www.securityfocus.com/bid/28462
______________________________________________________________________

08.14.30 CVE: CVE-2008-0709
Platform: Cross Platform
Title: HP Select Identity Local Unauthorized Access
Description: HP Select Identity is an application used to manage user
identities and access rights. The application is exposed to a local
unauthorized access issue. A local authenticated attacker can exploit
this issue to gain unauthorized access to other users' accounts on the
affected computer.
Ref: http://www.securityfocus.com/bid/28558
______________________________________________________________________

08.14.31 CVE: CVE-2008-1152
Platform: Cross Platform
Title: Cisco IOS Multiple DLSw Denial of Service Vulnerabilities
Description: Cisco IOS contains support for the DLSw (Data-link
Switching) protocol, which is used to send SNA and NetBIOS traffic
over IP. The application is exposed to multiple remote denial of
service issues because the software fails to properly handle malformed
network datagrams.
Ref: http://www.securityfocus.com/archive/1/490107
______________________________________________________________________

08.14.32 CVE: Not Available
Platform: Cross Platform
Title: IBM solidDB Format String Vulnerability and Multiple Denial of
Service Vulnerabilities
Description: IBM solidDB is a relational SQL database. The application
is exposed to multiple issues. solidDB version 06.00.1018 is affected.
Ref: http://www.securityfocus.com/archive/1/490129
______________________________________________________________________

08.14.33 CVE: Not Available
Platform: Cross Platform
Title: Sun SPARC Enterprise T5120 and T5220 Servers Insecure Default
Configuration
Description: Some Sun SPARC Enterprise T5120 and T5220 Servers are
shipped with an insecure default configuration for SSHD. This issue is
due to the improper configuration of the operating system. Only Sun
SPARC Enterprise T5120 and T5220 Servers running the factory-installed
Solaris 10 OS image dated prior to BEL0748000 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231244-1
______________________________________________________________________

08.14.34 CVE: CVE-2007-3527
Platform: Cross Platform
Title: Firebird Relational Database 2.0.0 Remote Denial of Service
Description: Firebird is a Relational Database Management System
(RDBMS) available for multiple operating systems. The application is
exposed to a remote denial of service issue that arises due to an
integer overflow condition. Firebird versions prior to 2.0.1 are
affected.
Ref: http://tracker.firebirdsql.org/browse/CORE-1063
______________________________________________________________________

08.14.35 CVE: CVE-2006-7211, CVE-2006-7212, CVE-2006-7213,
CVE-2006-7214
Platform: Cross Platform
Title: Firebird Relational Database Multiple Remote Vulnerabilities
Description: Firebird is a Relational Database Management System
(RDBMS) available for multiple operating systems. The application is
exposed to multiple security issues. Firebird version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/28474
______________________________________________________________________

08.14.36 CVE: CVE-2007-2606
Platform: Cross Platform
Title: Firebird Relational Database Multiple Buffer Overflow
Vulnerabilities
Description: Firebird is a Relational Database Management System
(RDBMS) available for multiple operating systems. The application is
exposed to multiple unspecified buffer overflow issues affecting the
following source files: "configConfigFile.cpp" and
"msgscheck_msgs.epp". Firebird version 1.5 is affected.
Ref: http://www.securityfocus.com/archive/1/468070
______________________________________________________________________

08.14.37 CVE: CVE-2006-7197
Platform: Cross Platform
Title: Apache Tomcat AJP Connector Information Disclosure
Description: Apache Tomcat is a popular webserver application for
multiple platforms. The application is exposed to an information
disclosure issue because of an error in the AJP connector that causes
inaccurate chunk lengths to be delivered by "send_body_chunks" AJP
messages. Tomcat version 5.5.15 is affected.
Ref: https://issues.apache.org/bugzilla/show_bug.cgi?id=38859
______________________________________________________________________

08.14.38 CVE: CVE-2007-1858
Platform: Cross Platform
Title: Apache Tomcat SSL Anonymous Cipher Configuration Information
Disclosure
Description: Apache Tomcat is a Java-based webserver application for
multiple operating systems. The application is exposed to a remote
information disclosure issue because it uses an insecure cipher to
encrypt sensitive data. Specifically, the application encrypts data
with the anonymous cipher.
Ref: http://tomcat.apache.org/security-5.html
______________________________________________________________________

08.14.39 CVE: CVE-2005-4836
Platform: Cross Platform
Title: Apache Tomcat "allowLinking" Accepts NULL Byte in URI
Information Disclosure
Description: Apache Tomcat is a Java-based webserver for multiple
operating systems. The application is exposed to a remote information
disclosure issue because the HTTP/1.0 connector fails to properly
handle a NULL byte in URIs when "allowLinking" is configured. Tomcat
versions 4.1.15 and later are affected.
Ref: http://tomcat.apache.org/security-4.html
______________________________________________________________________

08.14.40 CVE: CVE-2008-1531
Platform: Cross Platform
Title: lighttpd SSL Error Denial of Service
Description: The "lighttpd" program is a freely available webserver
application. The application is exposed to a remote denial of service
issue. Specifically, triggering an SSL error in one SSL session will
cause all active SSL sessions on the server to terminate. lighttpd
versions 1.4.19 and earlier are affected.
Ref: http://trac.lighttpd.net/trac/ticket/285#comment:18
______________________________________________________________________

08.14.41 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Webkit "calculateCompiledPatternLength()" Remote
Code Execution
Description: Webkit is a web browser framework used in the Apple
Safari browser and other applications. The application is exposed to a
remote code execution issue because it fails to adequately handle
regular expressions with large, nested repetition counts.
Ref: http://trac.webkit.org/projects/webkit/changeset/31388
______________________________________________________________________

08.14.42 CVE: Not Available
Platform: Cross Platform
Title: InspIRCd Prior to 1.1.18 Unspecified
Description: InspIRCd is a modular IRC (Internet Relay Chat) daemon
for multiple operating platforms. The application is exposed to an
unspecified issue. InspIRCd versions prior to 1.1.18 are affected.
Ref: http://www.inspircd.org/forum/showthread.php?t=2945
______________________________________________________________________

08.14.43 CVE: Not Available
Platform: Cross Platform
Title: PowerDNS Remote Cache Poisoning
Description: A remote DNS cache-poisoning issue affects PowerDNS
because it fails to use a secure random number generator when
creating transaction IDs and UDP source ports. PowerDNS versions prior
to 3.1.5 are affected.
Ref: http://doc.powerdns.com/powerdns-advisory-2008-01.html
______________________________________________________________________

08.14.44 CVE: Not Available
Platform: Cross Platform
Title: OpenSSH ForceCommand Command Execution Weakness
Description: OpenSSH is a free implementation of the Secure Shell
protocol suite. It is available for various operating systems. The
application is exposed to a weakness that may allow attackers to
execute arbitrary commands. OpenSSH versions prior to 4.9 are
affected.
Ref: http://marc.info/?l=openssh-unix-dev&m=120692745026265&w=2
______________________________________________________________________

08.14.45 CVE: Not Available
Platform: Cross Platform
Title: LANDesk Management Suite TFTP service Directory Traversal
Description: LANDesk Management Suite is used to manage hardware and
software across a network. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. LANDesk Management Suite version 8.8 as well
as 8.7 SP5 and prior service packs are affected.
Ref: http://community.landesk.com/support/docs/DOC-2659
______________________________________________________________________

08.14.46 CVE: Not Available
Platform: Cross Platform
Title: Sympa "Content-Type" Header Remote Denial of Service
Description: Sympa is a mailing list manager written in Perl. It is
supported on numerous Unix, and Unix-like platforms including Linux,
BSD, Solaris, and others. The application is exposed to a remote
denial of service issue because it fails to handle specially-crafted
"Content-Type" headers. Sympa versions prior to 5.4 are affected.
Ref:
https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=3702&atid=167
______________________________________________________________________

08.14.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine Applications Manager "Search.do" Cross-Site
Scripting
Description: ManageEngine Applications Manager is an enterprise tool
for monitoring and managing application servers. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "query" parameter in the
"Search.do" script.
Ref: http://www.securityfocus.com/bid/28488
______________________________________________________________________

08.14.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CubeCart Cross-Site Scripting Vulnerabilities
Description: CubeCart is a web-based shopping application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "_a" and "Submit"
parameters of the "index.php" script. CubeCart version 4.2.1 is
affected.
Ref: http://www.securityfocus.com/bid/28452
______________________________________________________________________

08.14.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Blackboard Academic Suite Multiple Cross-Site Scripting
Vulnerabilities
Description: Blackboard Academic Suite is an online teaching
application. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input to the following scripts and parameters:
"webapps/blackboard/execute/viewCatalog: searchText" and
"bin/common/announcement.pl: context (requires instructor access)".
Blackboard Academic Suite version 7 is affected.
Ref: http://www.securityfocus.com/archive/1/490096
______________________________________________________________________

08.14.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GNB DesignForm Cross-Site Scripting
Description: DesignForm is a web-based CGI script. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input supplied through the email form. DesignForm
versions prior to 3.9 are affected.
Ref: http://www.securityfocus.com/bid/28471
______________________________________________________________________

08.14.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PerlMailer Cross-Site Scripting
Description: PerlMailer is a web-based CGI script. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input supplied to the CGI email form. PerlMailer
versions prior to 3.02 are affected.
Ref: http://www.securityfocus.com/bid/28472
______________________________________________________________________

08.14.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DigiDomain Multiple Cross-Site Scripting Vulnerabilities
Description: DigiDomain is an ASP-based domain lookup application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "domain" parameter of
the "lookup/lookup_result.asp" script and the "word1" and "word2"
parameters of the "lookup/suggest_result.asp" script. DigiDomain
version 2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/490157
______________________________________________________________________

08.14.53 CVE: CVE-2006-7195
Platform: Web Application - Cross Site Scripting
Title: Apache Tomcat Cross-Site Scripting
Description: Apache Tomcat is a web server application available for
multiple platforms. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to certain headers of the "implicit-objects.jsp" script.
Ref: http://www.securityfocus.com/bid/28481
______________________________________________________________________

08.14.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JV2 Folder Gallery "index.php" Cross-Site Scripting
Description: JV2 Folder Gallery is a PHP-based application for
managing image folders. The application is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input to
the "image" parameter of the "index.php" script. JV2 Folder Gallery
version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/28508
______________________________________________________________________

08.14.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JV2 Quick Gallery "index.php" Cross-Site Scripting
Description: JV2 Quick Gallery is a photo gallery application
implemented in PHP. The application is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input to
the "f" parameter of the "index.php" script. JV2 Quick Gallery version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/28511
______________________________________________________________________

08.14.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHPkrm Unspecified Cross-Site Scripting
Description: PHPkrm is a web-based GnuPG keyring manager. The
application is exposed to an unspecified cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. PHPkrm
version 1.4.2 is affected.
Ref: http://www.securityfocus.com/bid/28510
______________________________________________________________________

08.14.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jack (tR) Jax LinkLists "jax_linklists.php" Cross-Site
Scripting
Description: Jax LinkLists is an PHP-based application that handles
and manages hyperlink lists. The application is exposed to a
cross-site scripting issue because it fails to sanitize user-supplied
input to the "cat" parameter of the "jax_linklists.php" script. Jax
LinkLists version 1.00 is affected.
Ref: http://www.securityfocus.com/bid/28518
______________________________________________________________________

08.14.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: lex Guestbook Multiple Cross-Site Scripting Vulnerabilities
Description: lex Guestbook is a guestbook application implemented in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input to the
following scripts and parameters: "setup.php: language_setup" and
"index.php : test". lex Guestbook version 4.0.5 is affected.
Ref: http://www.securityfocus.com/bid/28519
______________________________________________________________________

08.14.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: lex Poll "setup.php" Cross-Site Scripting
Description: lex Poll is a polling application implemented in PHP.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "language_setup"
parameter of the "setup.php" script. lex Poll version 2.1 is
affected.
Ref: http://www.securityfocus.com/bid/28520
______________________________________________________________________

08.14.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Classifieds Multiple Cross-Site Scripting and
Authentication Bypass Vulnerabilities
Description: PHP Classifieds is a web-based classifieds application
implemented in PHP. The application is exposed to multiple remote
issues. PHP Classifieds version 6.20 is affected.
Ref: http://www.securityfocus.com/bid/28521
______________________________________________________________________

08.14.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jax Guestbook "jax_guestbook.php" Cross-Site Scripting
Description: Jax Guestbook is a guest book application implemented in
PHP. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "language"
parameter of the "guestbook/jax_guestbook.php" script.
Ref: http://www.securityfocus.com/bid/28522
______________________________________________________________________

08.14.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Nuked-Klan "nuked_nude" Parameter Cross-Site Scripting
Description: Nuked-Klan is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "nuked_nude"
parameter of the "index.php" script when the "file" parameter is set
to "XForum". Nuked-Klan version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/28527
______________________________________________________________________

08.14.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Ahsshop Component "vara" Parameter SQL
Injection
Description: Ahsshop is a plugin for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "vara"
parameter of the "com_ahsshop" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28549
______________________________________________________________________

08.14.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpAddressBook "index.php" SQL Injection
Description: phpAddressBook is an address book application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "index.php" script. phpAddressBook version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/490097
______________________________________________________________________

08.14.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo MyAlbum Component "album" Parameter SQL
Injection
Description: MyAlbum is a photo gallery plugin for the Joomla! and
Mambo content managers. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "album" parameter of the "com_album" component before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28496
______________________________________________________________________

08.14.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eggBlog Unspecifed Cookie SQL Injection
Description: eggBlog is a web-log application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. The issue
occurs when handling unspecified cookie data. eggBlog version 4.0 is
affected.
Ref: http://eggblog.net/news.php?id=39
______________________________________________________________________

08.14.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Smoothflash "admin_view_image.php" SQL Injection
Description: Smoothflash is an online gallery implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"admin_view_image.php" script.
Ref: http://www.securityfocus.com/bid/28503
______________________________________________________________________

08.14.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress "wp-download" Plugin "dl_id" Parameter SQL Injection
Description: The "wp-download" program is a plugin for the WordPress
web-based publishing application. The plugin is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "dl_id" parameter of the "wp-download.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28516
______________________________________________________________________

08.14.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JGS-Treffen "jgs_treffen.php" SQL Injection
Description: Woltlab Burning Board is a free web-based bulletin board
package based on PHP and MySQL. JGS-Treffen is an add-on for the
platform. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input to the
"view_id" parameter of the "jgs_treffen.php" script. JGS-Treffen
versions 2.0.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/28530
______________________________________________________________________

08.14.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EfesTECH Video "catID" Parameter SQL Injection
Description: EfesTECH Video is a web-based application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "catID"
parameter of the "default.asp" script before using it in an SQL query.
EfesTECH Video version 5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/490309
______________________________________________________________________

08.14.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Neat weblog "articleId" Parameter SQL Injection
Description: Neat weblog is a blogging application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "articleId"
parameter of the "index.php" script before using it in an SQL query.
Neat weblog version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/28534
______________________________________________________________________

08.14.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Sava's Place Sava's Link Manager "category" Parameter SQL
Injection
Description: Sava's Link Manager is used to track and manage links to
a site. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "category"
parameter of the "viewlinks.php" script before using it in an SQL
query. Sava's Link Manager version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28538
______________________________________________________________________

08.14.73 CVE: CVE-2008-1486
Platform: Web Application - SQL Injection
Title: Phorum Multiple Unspecified SQL Injection Vulnerabilities
Description: Phorum is a web-based forum application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to unspecified parameters
before using it in SQL queries. The Phorum versions prior to 5.2.6 are
affected.
Ref: http://www.phorum.org/phorum5/read.php?64,126815
______________________________________________________________________

08.14.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FaScript FaPhoto "show.php" SQL Injection
Description: FaScript FaPhoto is a photo-gallery application. The
application is exposed to an SQL injection vulnerability because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "show.php" script before using it in an SQL query.
FaScript FaPhoto version 1 is affected.
Ref: http://www.securityfocus.com/bid/28545
______________________________________________________________________

08.14.75 CVE: Not Available
Platform: Web Application
Title: TopperMod "mod.php" Local File Include Vulnerability
Description: TopperMod is a web-based application implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "to" parameter
of the "mod.php" script. TopperMod version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28449
______________________________________________________________________

08.14.76 CVE: CVE-2008-1568
Platform: Web Application
Title: Comix "filename" Remote Command Execution
Description: Comix is an photo gallery application specifically used
for viewing comics. The application is exposed to a remote shell
command execution issue because the application fails to sufficiently
sanitize user-supplied data. The vulnerability occurs when handling
filenames while running the "rar", "unrar" or "jpegtran" programs.
Comix version 3.6.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462840
______________________________________________________________________

08.14.77 CVE: CVE-2008-1488
Platform: Web Application
Title: PECL Alternative PHP Cache Extension "apc_search_paths()"
Buffer Overflow
Description: PECL Alternative PHP Cache (APC) is a framework for PHP
code caching and optimization. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. APC versions prior to 3.0.17 are affected.
Ref: http://pecl.php.net/bugs/bug.php?id=13415
______________________________________________________________________

08.14.78 CVE: Not Available
Platform: Web Application
Title: Terracotta "index.php" Local File Include
Description: Terracotta is a content management system implemented in
PHP. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the
"CurrentDirectory" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/490341
______________________________________________________________________

08.14.79 CVE: CVE-2008-1567
Platform: Web Application
Title: phpMyAdmin Local Information Disclosure
Description: phpMyAdmin is a web-based administration interface for
mySQL databases. The application is exposed to a local information
disclosure issue because it fails to securely protect login
credentials and secret keys. phpMyAdmin versions prior to 2.11.5.1 are
affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
______________________________________________________________________

08.14.80 CVE: Not Available
Platform: Web Application
Title: Invision Power Board "Signature" iFrame Security
Description: Invision Power Board (IP.Board) is a content manager
implemented in PHP. The application is exposed to a security issue
that can aid attackers in social engineering attacks. This issue
permits a registered forum user to insert malicious HTML code
containing iFrame tags into their "Signature" via the application's
user control panel. Invision Power Board version 2.3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/490115
______________________________________________________________________

08.14.81 CVE: Not Available
Platform: Web Application
Title: GeeCarts Multiple Input Validation Vulnerabilities
Description: GeeCarts is a web application implemented in PHP. The
application is exposed to multiple remote file include and cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input to the "id" parameter. All versions of GeeCarts
are affected.
Ref: http://www.securityfocus.com/bid/28470
______________________________________________________________________

08.14.82 CVE: Not Available
Platform: Web Application
Title: JAF CMS "website" and "main_dir" Parameters Multiple Remote
File Include Vulnerabilities
Description: JAF CMS is a content manager implemented in PHP. The
application is exposed to multiple remote file include issues because
it fails to properly sanitize user-supplied input. JAF CMS version
4.0.0 RC2 is affected.
Ref: http://www.securityfocus.com/archive/1/490162
______________________________________________________________________

08.14.83 CVE: Not Available
Platform: Web Application
Title: Simple Machines Forum Multiple Remote File Include
Vulnerabilities
Description: Simple Machines Forum is a web forum implemented in PHP.
The application is exposed to multiple remote file include issues
because it fails to properly sanitize user-supplied input to the
following scripts and parameters: "/Sources/Subs-Graphics.php:
settings[default_theme_dir]" and "/Sources/Themes.php:
settings[theme_dir]". Simple Machines Forum version 1.1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/490264
______________________________________________________________________

08.14.84 CVE: Not Available
Platform: Web Application
Title: auraCMS "user.php" Access Validation
Description: auraCMS is a PHP-based content manager. The application
is exposed to an access validation issue that attackers can leverage
to create unauthorized administrative user accounts. This issue
affects the "user.php" script. auraCMS version 2.2.1 is affected.
Ref: http://www.securityfocus.com/bid/28499
______________________________________________________________________

08.14.85 CVE: Not Available
Platform: Web Application
Title: CuteFlow Bin SQL Injection Vulnerability and Multiple Cross-Site
Scripting Vulnerabilities
Description: CuteFlow Bin is a web-based tool for circulating
documents. The application is exposed to multiple input validation
issues because it fails to sufficiently sanitize user-supplied data.
CuteFlow Bin version 1.5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/490305
______________________________________________________________________

08.14.86 CVE: Not Available
Platform: Web Application
Title: JShop Server "page.php" Local File Include
Description: JShop Server is a web-based, ecommerce application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "xPage" parameter of
the "page.php" script. JShop Server versions 1.x and 2.x are affected.
Ref: http://www.securityfocus.com/bid/28501
______________________________________________________________________

08.14.87 CVE: Not Available
Platform: Web Application
Title: KISGB "view_private.php" Local File Include
Description: KISGB (Keep It Simple Guest Book) is a guestbook
application implemented in PHP. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "tmp_theme" parameter of the "view_private.php" script.
KISGB version 5.1.1 is affected.
Ref: http://www.securityfocus.com/bid/28513
______________________________________________________________________

08.14.88 CVE: Not Available
Platform: Web Application
Title: mx_blogs Weblogs Module for mxBB "mx_root_path" Parameter
Remote File Include
Description: The mx_blogs module is a blogging module for the mxBB
bulletin board application. The application is exposed to a remote
file include issue because it fails to properly sanitize user-supplied
input to the "mx_root_path" parameter of the
"/includes/functions_weblog.php" script. mx_blogs version 2.0.0-beta
is affected.
Ref: http://www.securityfocus.com/bid/28515
______________________________________________________________________

08.14.89 CVE: Not Available
Platform: Web Application
Title: SudBox Boutique Multiple Administrative Scripts Authentication
Bypass Vulnerabilities
Description: SudBox Boutique is a PHP-based ecommerce application. The
application is exposed to multiple authentication bypass issues
because it fails to perform adequate authentication checks. SudBox
Boutique version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/28525
______________________________________________________________________

08.14.90 CVE: Not Available
Platform: Web Application
Title: PhpGKit "connexion.php" Remote File Include
Description: PhpGKit is a framework that allows users to develop
web sites. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"DOCUMENT_ROOT" parameter of the "connexion.php" script. PhpGKit
version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/28526
______________________________________________________________________

08.14.91 CVE: Not Available
Platform: Web Application
Title: PHP Spam Manager "body.php" Local File Include
Description: PHP Spam Manager is a PHP-based application for managing
spam quarantines. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"filename" parameter of the "body.php" script. PHP Spam Manager
version 0.53 beta is affected.
Ref: http://www.securityfocus.com/bid/28529
______________________________________________________________________

08.14.92 CVE: Not Available
Platform: Web Application
Title: Sava's Place Sava's GuestBook "index.php" Local File Include
Description: Sava's GuestBook is a web-based guest book script. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "action" parameter of
the "index.php" script. Sava's GuestBook version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28536
______________________________________________________________________

08.14.93 CVE: Not Available
Platform: Web Application
Title: Sava's Place Sava's Link Manager "index.php" Local File Include
Description: Sava's Link Manager is used to track and manage links to
a site. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the "q"
parameter of the "index.php" script. Sava's Link Manager version 2.0
is affected.
Ref: http://www.securityfocus.com/bid/28537
______________________________________________________________________

08.14.94 CVE: Not Available
Platform: Web Application
Title: EasyNews Multiple Input Validation Vulnerabilities
Description: EasyNews is a web-based news aggregator application. The
application is exposed to multiple input validation issues. EasyNews
version 4.0tr is affected.
Ref: http://www.securityfocus.com/archive/1/490338
______________________________________________________________________

08.14.95 CVE: Not Available
Platform: Network Device
Title: Aztech ADSL2/2+ 4 Port Router Remote Command Injection
Description: Aztech ADSL2/2+ 4 Port Router is a managed router device.
The device is exposed to a remote command injection issue via its web
interface because it fails to adequately sanitize user-supplied input
data. Aztech ADSL2/2+ 4 Port Router with firmware version 3.7.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/490100
______________________________________________________________________

08.14.96 CVE: CVE-2008-1153
Platform: Network Device
Title: Cisco IOS Dual-stack Router IPv6 Denial of Service
Description: Cisco IOS-based, dual-stack routers are exposed to a
denial of service issue. This issue can occur when a specially crafted
IPv6 packet is sent to the device. However, for an exploit to succeed
the device must have certain IPv4 UDP services enabled.
Ref: http://www.securityfocus.com/archive/1/490110
______________________________________________________________________

08.14.97 CVE: CVE-2008-0537
Platform: Network Device
Title: Cisco IOS With OSPF, MPLS VPN, Sup32, Sup720 or RSP720 Denial
of Service
Description: Multiple Cisco products running Cisco IOS (Internetwork
Operating System) with OSPF (Open Shortest Path First) or MPLS VPN
(Multi Protocol Label Switching Virtual Private Networking) are
exposed to a denial of service issue caused by a blocked queue, a
memory leak, or a restart of the device.
Ref: http://www.securityfocus.com/archive/1/490111
______________________________________________________________________

08.14.98 CVE: CVE-2008-1156
Platform: Network Device
Title: Cisco IOS Multicast Virtual Private Network MDT Data Join
Handling
Description: Cisco IOS Multicast Virtual Private Network (MVPN) is an
architecture that includes protocols and procedures for supporting
Multiprotocol Label Switching (MPLS) VPN multicast traffic. The
application is exposed to an issue that occurs when handling specially
crafted Multicast Distribution Tree (MDT) Data Join messages.
Ref: http://www.securityfocus.com/archive/1/490108
______________________________________________________________________

08.14.99 CVE: CVE-2008-1267
Platform: Network Device
Title: Siemens SpeedStream 6520 HTTP Request Remote Denial of Service
Description: Siemens SpeedStream 6520 is a wireless router. The device
is exposed to a remote denial of service issue that affects its web
interface because it fails to handle specially crafted HTTP requests.
Ref: http://www.gnucitizen.org/projects/router-hacking-challenge/
______________________________________________________________________

08.14.100 CVE: CVE-2008-0211
Platform: Network Device
Title: HP Compaq Business Notebook PC BIOS Local Denial of Service
Description: HP Compaq Business Notebooks are exposed to a local
denial of service issue. Attackers can exploit this issue to disrupt
service for legitimate users.
Ref: http://www.securityfocus.com/archive/1/490260
______________________________________________________________________

08.14.101 CVE: CVE-2008-0706
Platform: Network Device
Title: HP Compaq Notebook PC BIOS Local Unauthorized Access
Description: HP Compaq Notebook PC BIOS is exposed to a local
unauthorized access issue. A local attacker can exploit this issue to
gain unauthorized access to the affected computer.
Ref: http://www.securityfocus.com/archive/1/490261
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkf1YAoACgkQ+LUG5KFpTkaJMgCgpMt7vrzlXcvq//zugbdDEkNu
5CwAmwTKgDLJC6BWrxhR/6gSnWHdwqty
=xs0y
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]