|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 15
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Apr 10 2008 - 21:01:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Problems with Microsoft Windows, Internet Explorer and Adobe Flash will
catch your attention in this week's RISK, but there are also critical
vulnerabilities in the Autonomy KeyView SDK, a library used by a large
number of applications, including Symantec Mail Security, Lotus Notes,
and activePDF.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 10, 2008 Vol. 7. Week 15
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 4 (#1, #7, #9)
Other Microsoft Products 7 (#2, #5, #6, #10)
Third Party Windows Apps 16
Linux 3
Solaris 1
Unix 2
Novell 1
Cross Plat 11 (#3, #4, #8)
Web Application - Cross Site Scripting 19
Web Application - SQL Injection 28
Web Application 25
Network Device
************************* Sponsored By SANS ***************************
Come to the Penetration Testing and Ethical Hacking Summit: an
interactive User-to-User conference. Hear the hot issues your peers have
faced and how they resolved them. Learn from these lessons in large and
medium size environments. Las Vegas June 2-3.
http://www.sans.org/info/27638
***********************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows GDI Multiple Vulnerabilities (MS08-021)
(2) CRITICAL: Microsoft Internet Explorer Script Decoding Vulnerability (MS08-022)
(3) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
(4) CRITICAL: Autonomy KeyView SDK Multiple Buffer Overflows
(5) HIGH: Microsoft Internet Explorer Data Stream Processing Vulnerability (MS08-024)
(6) HIGH: Microsoft Project Remote Code Execution Vulnerability (MS08-18)
(7) HIGH: Microsoft 'hxvz.dll' ActiveX Control Memory Corruption (MS08-023)
(8) HIGH: TIBCO Enterprise Message Server and Rendezvous Multiple Vulnerabilities
(9) MODERATE: Microsoft Windows DNS Predictable Transaction IDs (MS08-020)
(10) MODERATE: Microsoft Visio Multiple Vulnerabilities (MS08-019)
************************* Sponsored Link ***************************
1) Beyond Traditional Security: Blend Proactive and Reactive Security
to Protect the Enterprise - Learn More
http://www.sans.org/info/27643
*********************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
08.15.1 - Microsoft Windows Kernel Usermode Callback Local Privilege Escalation
08.15.2 - Microsoft Windows GDI Stack Overflow
08.15.3 - Microsoft Windows GDI "CreateDIBPatternBrushPt" Function Heap Overflow
08.15.4 - Microsoft Windows DNS Client Service Response Spoofing
-- Other Microsoft Products
08.15.5 - Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service
08.15.6 - Microsoft Internet Explorer "ieframe.dll" Script Injection
08.15.7 - Microsoft April 2008 Advance Notification Multiple Vulnerabilities
08.15.8 - Microsoft Internet Explorer Header Handling "res://" Information Disclosure
08.15.9 - Microsoft Visio Object Header Remote Code Execution
08.15.10 - Microsoft Visio Memory Validation Remote Code Execution
08.15.11 - Microsoft Internet Explorer Data Stream Handling Remote Code Execution
-- Third Party Windows Apps
08.15.12 - HP OpenView Network Node Manager "OVAS.EXE" Buffer Overflow
08.15.13 - McAfee ePolicy Orchestrator "FrameworkService.exe" Remote Denial of Service
08.15.14 - Symantec AutoFix Support Tool "SYMADATA.DLL" ActiveX Control Remote Buffer Overflow
08.15.15 - Symantec AutoFix Tool ActiveX Control Remote Share "launchProcess()" Insecure Method
08.15.16 - LANDesk Management Suite 8.80.1.1 PXE TFTP Service Directory Traversal
08.15.17 - Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
08.15.18 - Interwoven Worksite Web "iManFile.cab" TransferCtrl Class ActiveX Control Double Free
08.15.19 - Orbit Downloader "Download Failed" Remote Buffer Overflow
08.15.20 - Borland StarTeam Multicast Service "GMWebHandler::parse_request()" Buffer Overflow
08.15.21 - SmarterTools SmarterMail HTTP Request Handling Denial of Service
08.15.22 - Tumbleweed SecureTransport "vcst_eu.dll" ActiveX Control Remote Buffer Overflow
08.15.23 - CDNetworks Nefficient Download "NeffyLauncher.dll" ActiveX Control Multiple Vulnerabilities
08.15.24 - HP OpenView Network Node Manager "ovalarmsrv.exe" Multiple Remote Vulnerabilities
08.15.25 - Microsoft VBScript and JScript Scripting Engines Remote Code Execution
08.15.26 - Microsoft "hxvz.dll" ActiveX Control Memory Corruption
08.15.27 - Microsoft Project Resource Memory Allocation Remote Code Execution
-- Linux
08.15.28 - Gnome Desktop Screensaver NIS Authentication Local Unauthorized Access
08.15.29 - openMosix "libmosix.c" Remote Stack-Based Buffer Overflow
08.15.30 - LICQ File Descriptor Remote Denial of Service
-- Solaris
8.15.31 - Sun Solaris "inetd(1M)" Daemon Insecure Temporary File Creation
-- Unix
08.15.32 - SCO UnixWare Reliant HA "RELIANT_PATH" Local Input Validation
08.15.33 - SCO UnixWare Merge mcd "HISTFILE" Local Input Validation
-- Novell
08.15.34 - Novell eDirectory HTTP HEAD Request Handling Denial of Service
-- Cross Platform
08.15.35 - IBM DB2 Content Manager Unspecified Security
08.15.36 - Apache-SSL Environment Variable Information Disclosure and Privilege Escalation
08.15.37 - XnView FontName Buffer Overflow
08.15.38 - WatchGuard Firebox MS-CHAPv2 Authentication Remote User Enumeration Weakness
08.15.39 - Apple QuickTime Multiple Remote Vulnerabilities
08.15.40 - Opera Web Browser 9.26 Multiple Security Vulnerabilities
08.15.41 - iMatix Xitami Multiple Format String Vulnerabilities
08.15.42 - Computer Associates Alert Notification Server Multiple Remote Buffer Overflow Vulnerabilities
08.15.43 - OTRS SOAP Interface Security Bypass
08.15.44 - FishSound Library Remote Speex Decoding Code Execution
08.15.45 - HP Integrity Servers iLO-2 Management Processors Denial of Service
-- Web Application - Cross Site Scripting
08.15.46 - DivXDB 2002 Multiple Cross-Site Scripting Vulnerabilities
08.15.47 - Tiny Portal "shouts" Cross-Site Scripting
08.15.48 - mcGallery "lang" Parameter Multiple Cross-Site Scripting Vulnerabilities
08.15.49 - Parallels Virtuozzo Containers VZPP Interface File Manger Cross-Site Request Forgery
08.15.50 - Parallels Virtuozzo Containers VZPP Interface Change Password Cross-Site Request Forgery
08.15.51 - Drupal Flickr Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
08.15.52 - Smart Classified ADS and Smart Photo ADS "view.cgi" Multiple Cross-Site Scripting Vulnerabilities
08.15.53 - Simple Gallery "album" Parameter Cross-Site Scripting
08.15.54 - ManageEngine Firewall Analyzer "mindex.do" Cross-Site Scripting
08.15.55 - Poplar Gedcom Viewer Search Page Multiple Cross-Site Scripting Vulnerabilities
08.15.56 - Glossaire "glossaire.php" Cross-Site Scripting
08.15.57 - KwsPHP ConcoursPhoto Module "VIEW" Parameter Cross-Site Scripting
08.15.58 - e-Classifieds "hsx/classifieds.hsx" Cross-Site Scripting
08.15.59 - Alkacon OpenCms "sessions.jsp" Multiple Cross-Site Scripting Vulnerabilities
08.15.60 - PHPizabi Multiple Cross-Site Scripting Vulnerabilities
08.15.61 - Sun Java System Messenger Express "sid" Cross-Site Scripting
08.15.62 - URLStreet "seeurl.php" Multiple Cross-Site Scripting Vulnerabilities
08.15.63 - Woltlab Burning Board WCF Cross-Site Scripting and Information Disclosure Vulnerabilities
08.15.64 - Swiki HTML Injection and Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.15.65 - Writer's Block "permalink.php" SQL Injection
08.15.66 - Joomla! and Mambo actualite Component "id" Parameter SQL Injection
08.15.67 - Nuked-Klan HTTP Referer Header SQL Injection
08.15.68 - Xpose PRO "mail.html" SQL Injection
08.15.69 - Software Zone "view_product.php" SQL Injection
08.15.70 - Comdev News Publisher "index.php" SQL Injection
08.15.71 - Joomla! and Mambo Joomlearn LMS Component "cat" Parameter SQL Injection
08.15.72 - Terong PHP Photo Gallery "index.php" SQL Injection
08.15.73 - KwsPHP Galerie Module "id_gal" Parameter SQL Injection
08.15.74 - KwsPHP Archives Module "id" Parameter SQL Injection
08.15.75 - Module jeuxflash for KwsPHP "cat" Parameter SQL Injection
08.15.76 - PIGMy-SQL "getdata.php" SQL Injection
08.15.77 - Blogator-script "sond_result.php" SQL Injection
08.15.78 - Blogator-script "init_pass2.php" SQL Injection
08.15.79 - Prozilla Cheats SQL Injection
08.15.80 - Prozilla Forum SQL Injection
08.15.81 - Site Sift Listings SQL Injection
08.15.82 - Pixel Motion Blog SQL Injection
08.15.83 - Oxygen Bulletin Board "member.php" SQL Injection
08.15.84 - MyBulletinBoard Custom Pages Module "pages" Parameter SQL Injection
08.15.85 - ProZilla Freelancers "project.php" SQL Injection
08.15.86 - Links Directory "links.php" SQL Injection
08.15.87 - Drake CMS HTTP "Via" Header SQL Injection
08.15.88 - iScripts SocialWare "events.php" SQL Injection
08.15.89 - My Gaming Ladder SQL Injection
08.15.90 - 724CMS SQL Injection
08.15.91 - Prozilla Gaming Directory SQL Injection
08.15.92 - Prozilla Software Index SQL Injection
-- Web Application
08.15.93 - EasySite "EASYSITE_BASE" Parameter Multiple Remote File Include Vulnerabilities
08.15.94 - suPHP Multiple Local Privilege Escalation Vulnerabilities
08.15.95 - Online FlashQuiz Joomla! Component "db_config.inc.php" Remote File Include
08.15.96 - DaZPHP "makepost.php" Local File Include
08.15.97 - sabros.us "thumbnails.php" Local File Include
08.15.98 - Blogator-script "incl_page" Parameter Multiple Remote File Include Vulnerabilities
08.15.99 - PhpBlock "basicfogfactory.class.php" Remote File Include
08.15.100 - Drupal Webform Module Multiple Unspecified HTML Injection Vulnerabilities
08.15.101 - kses Multiple Input Validation Vulnerabilities
08.15.102 - Secure Computing WebWasher Malformed URL Remote Denial of Service
08.15.103 - NukeET "mensaje" Parameter HTML Injection
08.15.104 - RobotStats "DOCUMENT_ROOT" Parameter Multiple Remote File Include Vulnerabilities
08.15.105 - Web Server Creator "langfile" Parameter Remote File Include
08.15.106 - Dragoon "calendrier.php" Local File Include
08.15.107 - F5 BIG-IP Web Management Interface "NEW_VALUE" Parameter Remote Code Injection
08.15.108 - Prozilla Top Sites Multiple Security Bypass Vulnerabilities
08.15.109 - Prozilla Reviews Security Bypass
08.15.110 - Pixel Motion Blog Arbitrary File Upload
08.15.111 - LinPHA Maps Plugin "db_handler.php" Local File Include
08.15.112 - Mole "viewsource.php" Multiple Local File Include Vulnerabilities
08.15.113 - Dragoon "header.inc.php" Remote File Include
08.15.114 - Wikipage Opus "index.php" Multiple Directory Traversal Vulnerabilities
08.15.115 - iScripts SocialWare Arbitrary File Upload
08.15.116 - Advanced Software Engineering ChartDirector For PHP Information Disclosure
08.15.117 - Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
-- Network Device
08.15.118 - Cisco Unified Communication Disaster Recovery Framework Remote Command Execution
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows GDI Multiple Vulnerabilities (MS08-021)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: The GDI is the Graphics Device Interface, the portion of
the Microsoft Windows operating system that handles graphical operations
on behalf of applications. It contains multiple vulnerabilities in
various methods. These methods can be accessed in a variety of ways, but
are vulnerable to remote attacks due to the way they parse Windows
Metafile (WMF) and Enhanced Metafile (EMF) files. These files are
commonly used as graphics file formats. A specially crafted WMF or EMF
file could trigger one of the GDI vulnerabilities. Successfully
exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user.
Depending upon configuration, WMF and EMF files may be opened upon
receipt without first prompting the user. Some technical details are
publicly available for these vulnerabilities.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-020/
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=682
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=681
Microsoft Windows GDI Home Page
http://msdn2.microsoft.com/en-us/library/ms536795.aspx
Microsoft Knowledge Base Article on Image Formats
http://support.microsoft.com/default.aspx?scid=kb;en-us;320314
SecurityFocus BIDs
http://www.securityfocus.com/bid/28571
http://www.securityfocus.com/bid/28570
******************************************
(2) CRITICAL: Microsoft Internet Explorer Script Decoding Vulnerability (MS08-022)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Description: Microsoft Internet Explorer allows websites to encode
scripts embedded in web pages, to help prevent copying and modification
of such scripts. A flaw in the decoding process leads to a remote code
execution vulnerability. A specially crafted web page could trigger this
flaw, allowing an attacker to execute arbitrary code with the privileges
of the current user. Note that such scripts would be executed
automatically upon viewing a malicious web page, and may not be visible
to the user. Note that a vulnerability is available to members of
Immunity Security's early update program.
Status: Microsoft confirmed, updates available. Systems using Microsoft
Internet Explorer version 7 are not vulnerable.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-022.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/28551
******************************************
(3) CRITICAL: Adobe Flash Player Multiple Vulnerabilities
Affected:
Adobe Flash Player versions prior to 9.0.124.0
Description: Adobe Flash is the most popular rich content system for web
browsers. Its Player component, used to display such content, contains
multiple vulnerabilities. A specially crafted Flash file could trigger
one of these vulnerabilities, with consequences ranging from arbitrary
code execution with the privileges of the current user to
cross-site-scripting and other vulnerabilities. Flash content is
normally displayed without first prompting the user. Some technical
details are publicly available for these vulnerabilities. Note that
Adobe Flash Player is distributed by default with Microsoft Windows,
Apple Mac OS X, and many Unix, Unix-like, and Linux operating system
distributions.
Status: Adobe confirmed, updates available.
References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-021/
IBM Internet Security Systems Advisory
http://www.iss.net/threats/289.html
Adobe Flash Home Page
http://www.adobe.com/products/flash/
SecurityFocus BIDs
http://www.securityfocus.com/bid/28696
http://www.securityfocus.com/bid/28695
http://www.securityfocus.com/bid/28697
http://www.securityfocus.com/bid/28694
******************************************
(4) CRITICAL: Autonomy KeyView SDK Multiple Buffer Overflows
Affected:
Autonomy KeyView SDK versions 10.x
Verity KeyView SDK versions 9.x and prior
Multiple applications using these APIs, including:
IBM Lotus Notes versions 8.x and prior
activePDF DocConverter
Symantec Mail Security
Description: The Autonomy and Verity KeyView Software Developer Kits
(SDKs) are used by a variety of applications to automatically parse and
display various types of media. These SDKs contain multiple buffer
overflows in their handling of a variety of media types. A specially
crafted HTML, graphics, folio, or email file could trigger one of these
buffer overflows and execute arbitrary code with the privileges of the
vulnerable process. Numerous applications use the affected SDKs,
including applications such as IBM Lotus Notes, activePDF DocConverter,
and Symantec Mail Security. Technical details are publicly available for
several of these vulnerabilities. In the case of several vulnerable
products, no user interaction is required to exploit these
vulnerabilities; an email message transiting a vulnerable server is
sufficient for exploitation.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/advisories/28209/
IBM Security Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21298453
Product Home Page
http://www.autonomy.com/content/Products/KeyView/index.en.html
SecurityFocus BID
http://www.securityfocus.com/bid/28454
******************************************
(5) HIGH: Microsoft Internet Explorer Data Stream Processing Vulnerability (MS08-024)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Internet Explorer contains a flaw in its handling
of data streams. A specially crafted web page that is designed to
exploit this vulnerability could trigger this flaw, allowing an attacker
to execute arbitrary code with the privileges of the current user. It
is believed that the method of exploitation would not first prompt the
user before triggering the vulnerability. Few technical details are
publicly available for this vulnerability.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/28552
******************************************
(6) HIGH: Microsoft Project Remote Code Execution Vulnerability (MS08-18)
Affected:
Microsoft Project 2000
Microsoft Project 2002
Microsoft Project 2003
Description: Microsoft Project is a popular project management
application. It contains a flaw in its handling of Project files. A
specially crafted Project file could trigger this flaw, leading to a
memory corruption vulnerability. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. Note that, on recent versions of
Microsoft Project, Project files are not opened without first prompting
the user by default.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-018.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/28607
******************************************
(7) HIGH: Microsoft 'hxvz.dll' ActiveX Control Memory Corruption (MS08-023)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Windows contains an ActiveX control known as
'hxvz.dll'. When this control is instantiated by Microsoft Internet
Explorer, it can cause a memory corruption vulnerability. A malicious
web page that instantiates this control could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that this update also disables some
third-party ActiveX controls that are known to contain vulnerabilities.
Status: Microsoft confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSIDs
"314111b8-a502-11d2-bbca-00c04f8ec294" and
"314111c6-a502-11d2-bbca-00c04f8ec294".
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28606
******************************************
(8) HIGH: TIBCO Enterprise Message Server and Rendezvous Multiple Vulnerabilities
Affected:
TIBCO Enterprise Message Service versions 4.x
TIBCO iProcess Suite
Description: The TIBCO Enterprise Message Service is an enterprise
inter-application message-passing service. TIBCO Rendezvous is an
enterprise process coordination system. These products contain multiple
vulnerabilities in their handling of a variety of messages. A specially
crafted message sent to or via these services could trigger one of these
vulnerabilities, potentially allowing an attacker to execute arbitrary
code with the privileges of the vulnerable process. On some
installations of these applications, this could result in arbitrary code
execution with SYSTEM or root privileges.
Status: Vendor confirmed, updates available.
References:
TIBCO Security Advisories
http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt
http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt
Vendor Home Page
http://www.tibco.com/
Product Home Pages
http://www.tibco.com/software/messaging/enterprise_messaging_service/default.jsp
http://www.tibco.com/software/messaging/rendezvous/default.jsp
SecurityFocus BID
http://www.securityfocus.com/bid/28717
******************************************
(9) MODERATE: Microsoft Windows DNS Predictable Transaction IDs (MS08-020)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Description: The Domain Name System (DNS) is the system by which
human-readable domain names are resolved into IP addresses. DNS requests
are paired with responses by using a unique "transaction ID" per
request-response pair. Microsoft Windows fails to create truly random
transaction IDs for DNS requests and responses. An attacker who could
observe several requests from a Microsoft Windows system could predict
subsequent transaction IDs. This would allow an attacker to spoof
responses from a DNS server, possibly redirecting vulnerable machines
to arbitrary sites or otherwise disrupting normal DNS resolution. Some
technical details are publicly available for this vulnerability.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx
Wikipedia Article on the Domain Name System
http://en.wikipedia.org/wiki/Domain_Name_System
SecurityFocus BID
http://www.securityfocus.com/bid/28553
******************************************
(10) MODERATE: Microsoft Visio Multiple Vulnerabilities (MS08-019)
Affected:
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Description: Microsoft Visio contains flaws in its handling of various
file formats. A specially crafted Viso or DXF file could trigger one of
these flaws, leading to various memory corruption vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the current
user. Note that some user interaction is required to exploit these
vulnerabilities. In the case of DXF files, Visio must be explicitly
instructed to open the file; it will not be opened by Visio
automatically in its default configuration.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/28555
http://www.securityfocus.com/bid/28556
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 15, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.15.1 CVE: CVE-2008-1084
Platform: Windows
Title: Microsoft Windows Kernel Usermode Callback Local Privilege
Escalation
Description: Microsoft Windows is exposed to a local privilege
escalation issue. The flaw stems from insufficient validation of data
from usermode callbacks to the Kernel. A locally logged-in user can
exploit this issue to gain kernel-level access to the operating
system.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-025.mspx
______________________________________________________________________
08.15.2 CVE: CVE-2008-1087
Platform: Windows
Title: Microsoft Windows GDI Stack Overflow
Description: Microsoft Windows is exposed to a stack-based overflow
issue that resides in the GDI graphics library and can be triggered by
a malformed EMF image file. Specifically, this issue is caused by an
error in processing of filename parameters in EMF image files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-021.mspx
______________________________________________________________________
08.15.3 CVE: CVE-2008-1083
Platform: Windows
Title: Microsoft Windows GDI "CreateDIBPatternBrushPt" Function Heap
Overflow
Description: Microsoft Windows is exposed to a heap-based overflow
issue that resides in the GDI graphics library and can be triggered by
a malformed EMF or WMF image file. Specifically, the cause of the
issue is an error in performing integer calculations based on data
supplied within EMF/WMF image files.
Ref: http://www.securityfocus.com/archive/1/490584
______________________________________________________________________
08.15.4 CVE: CVE-2008-0087
Platform: Windows
Title: Microsoft Windows DNS Client Service Response Spoofing
Description: Microsoft Windows operating systems are exposed to an
issue that lets attackers spoof DNS clients. This issue occurs because
the software fails to employ properly secure random numbers when
creating DNS transaction IDs.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx
______________________________________________________________________
08.15.5 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer XDR Prototype Hijacking Denial of
Service
Description: Microsoft Internet Explorer is a browser available for
Microsoft Windows. Internet Explorer is exposed to a denial of service
issue that occurs when handling the XDR (XDomainRequest) object.
Microsoft Internet Explorer version 8 Beta 1 is affected.
Ref: http://www.0x000000.com/?i=543
______________________________________________________________________
08.15.6 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer "ieframe.dll" Script Injection
Description: Microsoft Internet Explorer is a web browser application
for the Windows operating system. The application is exposed to a
script injection issue when handling specially-crafted requests to
"acr_error.htm" via the "res://" protocol. Internet Explorer version 8
is affected.
Ref: http://www.0x000000.com/?i=544
______________________________________________________________________
08.15.7 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft April 2008 Advance Notification Multiple
Vulnerabilities
Description: Microsoft has released advance notification that the
vendor will be releasing eight security bulletins on April 8, 2008.
The highest severity rating for these issues is "Critical".
Ref: http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx
______________________________________________________________________
08.15.8 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Header Handling "res://"
Information Disclosure
Description: Microsoft Internet Explorer is a browser application for
the Windows operating system. The application is exposed to an
information disclosure issue when handling specially crafted "res://"
protocol handlers in a "header()" forward of a malicious web page.
Internet Explorer 7 is affected.
Ref: http://www.0x000000.com/?i=547
______________________________________________________________________
08.15.9 CVE: CVE-2008-1089
Platform: Other Microsoft Products
Title: Microsoft Visio Object Header Remote Code Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. The application is
exposed to a remote code execution issue because it fails to
adequately handle user-supplied data. Specifically, this issue occurs
when the application opens Visio files that contain specially crafted
object header data.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
______________________________________________________________________
08.15.10 CVE: CVE-2008-1090
Platform: Other Microsoft Products
Title: Microsoft Visio Memory Validation Remote Code Execution
Description: Microsoft Visio is an application for visualizing and
communicating complex drawings and diagrams. The application is
exposed to a remote code execution issue because it fails to
adequately handle user-supplied data. The software fails to properly
allocate memory when specially crafted Visio files are loaded into
memory from disk.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-019.mspx
______________________________________________________________________
08.15.11 CVE: CVE-2008-1085
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Data Stream Handling Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for Windows
operating systems. The application is exposed to a remote code
execution issue because it fails to adequately handle specially
crafted data streams.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-024.mspx
______________________________________________________________________
08.15.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "OVAS.EXE" Buffer Overflow
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. The application is exposed to a buffer
overflow issue because the application fails to properly bounds check
user-supplied data. Network Node Manager version 7.51 running on
Microsoft Windows is affected.
Ref: http://www.securityfocus.com/bid/28569
______________________________________________________________________
08.15.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: McAfee ePolicy Orchestrator "FrameworkService.exe" Remote
Denial of Service
Description: McAfee ePolicy Orchestrator is a suite of applications
that provides antivirus, antispyware, system firewalls, host IPS,
content filtering, and patch management. The application is exposed to
a remote denial of service issue in its "FrameworkService.exe"
executable. McAfee ePolicy Orchestrator version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/28573
______________________________________________________________________
08.15.14 CVE: CVE-2008-0312
Platform: Third Party Windows Apps
Title: Symantec AutoFix Support Tool "SYMADATA.DLL" ActiveX Control
Remote Buffer Overflow
Description: Symantec AutoFix Support Tool is an application used for
detecting and fixing support issues online. The "SYMADATA.DLL" ActiveX
control is a component of the application. The ActiveX control is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input.
Ref:
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
______________________________________________________________________
08.15.15 CVE: CVE-2008-0313
Platform: Third Party Windows Apps
Title: Symantec AutoFix Tool ActiveX Control Remote Share
"launchProcess()" Insecure Method
Description: The Symantec AutoFix Tool is a technical support
application that scans a user's computer for possible errors affecting
Norton products and provides the user with options for addressing any
errors that are discovered. The application's "SYMADATA.DLL" ActiveX
control library is exposed to an issue due to an error in the
"launchProcess()" method.
Ref:
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
______________________________________________________________________
08.15.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: LANDesk Management Suite 8.80.1.1 PXE TFTP Service Directory
Traversal
Description: LANDesk Management Suite is used to manage hardware and
software across a network. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input data. LANDesk Management Suite version 8.80.1.1
is affected.
Ref: http://www.securityfocus.com/archive/1/490390
______________________________________________________________________
08.15.17 CVE: CVE-2008-1328, CVE-2008-1329
Platform: Third Party Windows Apps
Title: Computer Associates ARCserve Backup for Laptops and Desktops
Multiple Remote Vulnerabilities
Description: Computer Associates ARCserve Backup for Laptops and
Desktops is an automated backup solution that runs on Microsoft
Windows operating systems. The application is exposed to multiple
remote issues.
Ref:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105
______________________________________________________________________
08.15.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: Interwoven Worksite Web "iManFile.cab" TransferCtrl Class
ActiveX Control Double Free
Description: Interwoven Worksite Web is a project and document
management application. The Worksite Web TransferCtrl Class ActiveX
control is exposed to a double free issue that occurs when the
TransferCtrl Class "server()" method uses a JavaScript variable that
can be freed by the JavaScript engine while the control continues to
maintain a reference to the memory location. WorkSite Web versions
prior to 8.2 SP1 P2 are affected.
Ref:
http://www.mwrinfosecurity.com/publications/mwri_interwoven-worksite-activex-control-remote-code-execution_2008-03-10.pdf
______________________________________________________________________
08.15.19 CVE: CVE-2008-1602
Platform: Third Party Windows Apps
Title: Orbit Downloader "Download Failed" Remote Buffer Overflow
Description: Orbit Downloader is a peer-to-peer file download
application for Windows platforms. The application is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. Orbit Downloader versions prior
to 2.6.5 are affected.
Ref: http://www.securityfocus.com/archive/1/490458
______________________________________________________________________
08.15.20 CVE: CVE-2008-0311
Platform: Third Party Windows Apps
Title: Borland StarTeam Multicast Service
"GMWebHandler::parse_request()" Buffer Overflow
Description: Borland CaliberRM is an enterprise software requirements
management system available for Microsoft Windows. The application is
exposed to a remote stack-based buffer overflow issue that occurs
because the application fails to perform adequate boundary checks on
user-supplied data. Borland StarTeam Multicast Service version 6.4
included in Borland CaliberRM 2006, 2007 and 2008 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=675
______________________________________________________________________
08.15.21 CVE: Not Available
Platform: Third Party Windows Apps
Title: SmarterTools SmarterMail HTTP Request Handling Denial of
Service
Description: SmarterTools SmarterMail is a Windows mail server
intended as an alternative to Microsoft Exchange. The application is
exposed to a denial of service issue when handling specially crafted
HTTP GET, HEAD, PUT, POST, and TRACE requests. SmarterMail version 5.0
is affected.
Ref: http://www.securityfocus.com/bid/28610
______________________________________________________________________
08.15.22 CVE: Not Available
Platform: Third Party Windows Apps
Title: Tumbleweed SecureTransport "vcst_eu.dll" ActiveX Control Remote
Buffer Overflow
Description: Tumbleweed SecureTransport is a secure file transfer
application available for Microsoft Windows. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/archive/1/490536
______________________________________________________________________
08.15.23 CVE: Not Available
Platform: Third Party Windows Apps
Title: CDNetworks Nefficient Download "NeffyLauncher.dll" ActiveX
Control Multiple Vulnerabilities
Description: CDNetworks Nefficient Download is an ActiveX control used
for downloading and upgrading game files. The application is exposed
to an arbitrary file upload issue and an authentication bypass issue
that affect the "NeffyLauncher.dll" ActiveX control library.
NeffyLauncher.dll version 1.0.5 is affected.
Ref: http://www.securityfocus.com/archive/1/490535
______________________________________________________________________
08.15.24 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP OpenView Network Node Manager "ovalarmsrv.exe" Multiple
Remote Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is an automated
network topology application used to assist network administration and
analysis. The application is exposed to multiple issues affecting the
"ovalarmsrv.exe" process. HP OpenView Network Node Manager version
7.53 is affected.
Ref: http://www.securityfocus.com/archive/1/490541
______________________________________________________________________
08.15.25 CVE: CVE-2008-0083
Platform: Third Party Windows Apps
Title: Microsoft VBScript and JScript Scripting Engines Remote Code
Execution
Description: VBScript and JScript are scripting engines for Microsoft
Windows. The applications are exposed to a remote code execution issue
because they fail to adequately decode user-supplied script code when
processing web documents. These versions are affected: VBScript versions 5.6
and earlier; JScript versions 5.6 and earlier.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-022.mspx
______________________________________________________________________
08.15.26 CVE: CVE-2008-1086
Platform: Third Party Windows Apps
Title: Microsoft "hxvz.dll" ActiveX Control Memory Corruption
Description: Microsoft "hxvz.dll" ActiveX control is exposed to a
remote memory corruption issue. Remote attackers can exploit this
issue to execute arbitrary code in the context of the application
using the ActiveX control (typically Internet Explorer).
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680
______________________________________________________________________
08.15.27 CVE: CVE-2008-1088
Platform: Third Party Windows Apps
Title: Microsoft Project Resource Memory Allocation Remote Code
Execution
Description: Microsoft Project is a project management application for
the Microsoft Windows operating system. Project is exposed to a remote
code-execution issue when allocating memory resources while opening
Project files.
Ref: http://www.kb.cert.org/vuls/id/155563
______________________________________________________________________
08.15.28 CVE: CVE-2008-0887
Platform: Linux
Title: Gnome Desktop Screensaver NIS Authentication Local Unauthorized
Access
Description: Gnome Desktop is exposed to a local unauthorized access
issue that occurs when the screensaver is activated and the
application uses NIS authentication. Specifically, the application
allows attackers to unlock the desktop with no password if there is no
network connection to the NIS.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0197.html
______________________________________________________________________
08.15.29 CVE: Not Available
Platform: Linux
Title: openMosix "libmosix.c" Remote Stack-Based Buffer Overflow
Description: openMosix is a Linux kernel extension for clustering. The
application is exposed to a stack-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. openMosix version 2.4.20-3 is affected.
Ref: http://www.securityfocus.com/archive/1/490534
______________________________________________________________________
08.15.30 CVE: Not Available
Platform: Linux
Title: LICQ File Descriptor Remote Denial of Service
Description: LICQ is a Linux qt-based messaging application. The
application is exposed to a denial of service issue because it fails
to handle exceptional conditions.
Ref: http://www.securityfocus.com/archive/1/490563
______________________________________________________________________
08.15.31 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "inetd(1M)" Daemon Insecure Temporary File Creation
Description: Sun Solaris is an enterprise-grade Unix distribution. Sun
Solaris "inetd(1M)" creates temporary files in an insecure manner.
This issue arises when "Debug Logging" has been enabled. Sun Solaris
version 10 for SPARC and x86 platforms is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233284-1
______________________________________________________________________
08.15.32 CVE: Not Available
Platform: Unix
Title: SCO UnixWare Reliant HA "RELIANT_PATH" Local Input Validation
Description: Reliant HA is an optional, high availability clustering
add-on for SCO Unixware 7 systems. The application is exposed to a
local input validation issue because it fails to adequately sanitize
user-supplied input to the "RELIANT_PATH" parameter. Reliant HA
version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/28624
______________________________________________________________________
08.15.33 CVE: Not Available
Platform: Unix
Title: SCO UnixWare Merge mcd "HISTFILE" Local Input Validation
Description: UnixWare is a Unix operating system maintained by SCO
Group. The application is exposed to a local input validation issue
because it fails to adequately sanitize user supplied input to the
"HISTFILE" environment variable.
Ref: http://www.securityfocus.com/bid/28625
______________________________________________________________________
08.15.34 CVE: Not Available
Platform: Novell
Title: Novell eDirectory HTTP HEAD Request Handling Denial of Service
Description: Novell eDirectory is a directory service application used
to centrally manage computer resources on a network. The application
is exposed to a denial of service issue when handling
specially-crafted HTTP HEAD requests. eDirectory version 8.8.2 is
affected.
Ref: http://www.securityfocus.com/bid/28572
______________________________________________________________________
08.15.35 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Content Manager Unspecified Security
Description: IBM DB2 is a database server designed to run on various
platforms, including Linux, AIX, Solaris, and Microsoft Windows. DB2
Content Manager is exposed to an unspecified security issue affecting
the "AllowedTrustedLogin" privilege. IBM DB2 versions prior to 8.3 Fix
Pack 8 are affected.
Ref: http://www.securityfocus.com/bid/28567
______________________________________________________________________
08.15.36 CVE: CVE-2008-0555
Platform: Cross Platform
Title: Apache-SSL Environment Variable Information Disclosure and
Privilege Escalation
Description: Apache-SSL is a secure web server based on Apache and
SSLeay/OpenSSL. The application is exposed to a remote information
disclosure and privilege escalation issue because it fails to
adequately validate user-supplied input. Apache-SSL version
apache_1.3.34+ssl_1.57 is affected.
Ref: http://www.securityfocus.com/archive/1/490386
______________________________________________________________________
08.15.37 CVE: CVE-2008-0069
Platform: Cross Platform
Title: XnView FontName Buffer Overflow
Description: XnView is a photo viewer available for multiple
platforms. The application is exposed to a buffer overflow issue
because the application fails to bounds check user-supplied data
before copying it into an insufficiently sized buffer. XnView version
1.92.1 is affected.
Ref: http://secunia.com/secunia_research/2008-6/advisory
______________________________________________________________________
08.15.38 CVE: CVE-2008-1618
Platform: Cross Platform
Title: WatchGuard Firebox MS-CHAPv2 Authentication Remote User
Enumeration Weakness
Description: WatchGuard Firebox is the firewall solution designed and
distributed by WatchGuard. Firebox is designed as an enterprise level
firewall with security features and filtering customizations. The
application is exposed to a user enumeration weakness. This issue
occurs in the "MS-CHAPv2" authentication handshake protocol.
WatchGuard Firebox version prior to 10 is affected.
Ref: http://www.mwrinfosecurity.com/content/publications.php
______________________________________________________________________
08.15.39 CVE: CVE-2008-1013, CVE-2008-1014, CVE-2008-1015,
CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1019,
CVE-2008-1020, CVE-2008-1021, CVE-2008-1022, CVE-2008-1023
Platform: Cross Platform
Title: Apple QuickTime Multiple Remote Vulnerabilities
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to multiple remote issues
that may allow remote attackers to disclose sensitive information,
execute arbitrary code, and carry out denial-of-service attacks.
Ref: http://www.securityfocus.com/bid/28583
______________________________________________________________________
08.15.40 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.26 Multiple Security Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to multiple security
issues. Opera versions prior to 9.27 are affected.
Ref: http://www.opera.com/support/search/view/882/
______________________________________________________________________
08.15.41 CVE: Not Available
Platform: Cross Platform
Title: iMatix Xitami Multiple Format String Vulnerabilities
Description: Xitami is a freely available webserver package
distributed by iMatix. It is available for Unix, Linux, and Microsoft
platforms. The application is exposed to multiple format string issues
because it fails to properly sanitize user-supplied input before
including it in the format-specifier argument of a formatted printing
function. Xitami version 2.5c2 is affected.
Ref: http://www.bratax.be/advisories/b013.html
______________________________________________________________________
08.15.42 CVE: CVE-2007-4620
Platform: Cross Platform
Title: Computer Associates Alert Notification Server Multiple Remote
Buffer Overflow Vulnerabilities
Description: Computer Associates Alert Notification Server provides
alerting capabilities to multiple CA products. The application is
exposed to multiple remote buffer overflow issues because it fails to
bounds check user-supplied input before copying it into an
insufficiently sized memory buffer.
Ref: http://www.securityfocus.com/archive/1/490474
______________________________________________________________________
08.15.43 CVE: CVE-2008-1515
Platform: Cross Platform
Title: OTRS SOAP Interface Security Bypass
Description: OTRS is a ticket request system implemented in PERL. The
application is exposed to a security bypass issue because it fails to
properly validate user credentials before performing certain actions.
OTRS versions 2.1.x prior to 2.1.8, and 2.2.x prior to 2.2.6 are
affected.
Ref: http://otrs.org/advisory/OSA-2008-01-en/
______________________________________________________________________
08.15.44 CVE: CVE-2008-1686
Platform: Cross Platform
Title: FishSound Library Remote Speex Decoding Code Execution
Description: FishSound is a library that provides a programming
interface for encoding and decoding audio data using the Xiph.org
protocols. The FishSound "libfishsound" library is exposed to a remote
code execution issue due to a failure of the application to properly
bounds check user-supplied data. FishSound versions prior to 0.9.1 are
affected.
Ref: http://www.ocert.org/advisories/ocert-2008-2.html
______________________________________________________________________
08.15.45 CVE: CVE-2008-0711
Platform: Cross Platform
Title: HP Integrity Servers iLO-2 Management Processors Denial of
Service
Description: HP Integrity Servers running iLO-2 Management Processors
(iLO-2 MP) are exposed to a denial of service issue that exists due to
an unspecified error in the embedded management console. HP Integrity
Server model numbers rx2660, rx3600, rx6600 with iLO-2 MP firmware
versions F.01.58 and earlier, and HP Integrity Blade Server model
bl860c with iLO-2 MP firmware versions T.01.22 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/28673
______________________________________________________________________
08.15.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DivXDB 2002 Multiple Cross-Site Scripting Vulnerabilities
Description: DivXDB 2002 is a PHP-based application for managing DivX
related website content. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input. DivXDB 2002 version 0.94b is affected.
Ref: http://www.securityfocus.com/bid/28566
______________________________________________________________________
08.15.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tiny Portal "shouts" Cross-Site Scripting
Description: Tiny Portal is a web portal application implemented in
PHP. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "shout"
parameter of the "index.php" script. Tiny Portal version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/28630
______________________________________________________________________
08.15.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: mcGallery "lang" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: mcGallery is photo gallery application implemented in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied input
to the "lang" parameter. mcGallery version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28587
______________________________________________________________________
08.15.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Parallels Virtuozzo Containers VZPP Interface File Manger
Cross-Site Request Forgery
Description: Parallels Virtuozzo Containers is a operating system
virtualization application that includes a web-based control interface
called VZPP. The application is exposed to a cross-site request
forgery issue affecting VZPP's file management utilities in
"/vz/cp/vzdir/infrman/envs/files/". Virtuozzo Containers versions
3.0.0-25.4.swsoft, and 4.0.0-365.6.swsoft are affected.
Ref: http://www.securityfocus.com/archive/1/490409
______________________________________________________________________
08.15.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Parallels Virtuozzo Containers VZPP Interface Change Password
Cross-Site Request Forgery
Description: Parallels Virtuozzo Containers is a operating-system
virtualization application that includes a web-based control interface
called VZPP. The application is exposed to a cross-site request
forgery issue affecting VZPP's password changing utility in
"/vz/cp/pwd". Virtuozzo Containers version 3.0.0-25.4.swsoft is
affected.
Ref: http://www.securityfocus.com/archive/1/490409
______________________________________________________________________
08.15.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Flickr Module Multiple Unspecified Cross-Site Scripting
Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The Flickr module allows Drupal
users to access the Flickr API. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to unspecified parameters. Flickr module
5.x versions prior to 5.x-1.3, and 6.x versions prior to 6.x-1.0-alpha1
are affected.
Ref: http://drupal.org/node/241939
______________________________________________________________________
08.15.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Smart Classified ADS and Smart Photo ADS "view.cgi" Multiple
Cross-Site Scripting Vulnerabilities
Description: Smart Classified ADS is a web-based classifieds
application and Smart Photo ADS is web-based photo gallery
application. The applications are implemented in Perl. The application
is exposed to multiple cross-site scripting issues because the
application fails to sufficiently sanitize user-supplied input to the
"AdNum" and "Department" parameters of the "view.cgi" script.
Ref: http://www.securityfocus.com/bid/28595
______________________________________________________________________
08.15.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Simple Gallery "album" Parameter Cross-Site Scripting
Description: Simple Gallery is a PHP-based image gallery application.
The application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "album"
parameter of the "index.php" script. Simple Gallery version 2.2 is
affected.
Ref: http://www.securityfocus.com/bid/28596
______________________________________________________________________
08.15.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine Firewall Analyzer "mindex.do" Cross-Site Scripting
Description: ManageEngine Firewall Analyzer is an enterprise tool for
monitoring and managing firewall logs. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "displayName" parameter in the "mindex.do"
script. ManageEngine Firewall Analyzer version 4.0.3 is affected.
Ref: http://www.securityfocus.com/bid/28604
______________________________________________________________________
08.15.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Poplar Gedcom Viewer Search Page Multiple Cross-Site Scripting
Vulnerabilities
Description: Poplar Gedcom Viewer is a PHP-based web application
designed for dynamic viewing and editing of genealogy. The application
supports GEDCOM and GENDEX file formats. The application is exposed to
multiple cross-site scripting issues because it fails to sanitize
user-supplied input. This issue affects the "text" and "ul" parameters
that are used by the "search" page via the "index.php" script. Poplar
Gedcom Viewer version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28608/info
______________________________________________________________________
08.15.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Glossaire "glossaire.php" Cross-Site Scripting
Description: Glossaire is a web-based application implemented in PHP.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "letter" parameter of the
"glossaire.php" script. Glossaire version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28609
______________________________________________________________________
08.15.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: KwsPHP ConcoursPhoto Module "VIEW" Parameter Cross-Site
Scripting
Description: KwsPHP is a content management system implemented in PHP.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "VIEW" parameter of the
"ConcoursPhoto" module.
Ref: http://www.securityfocus.com/bid/28612
______________________________________________________________________
08.15.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: e-Classifieds "hsx/classifieds.hsx" Cross-Site Scripting
Description: e-Classifieds is a web-based classifieds application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "db" parameter of the
"hsx/classifieds.hsx" script. e-Classifieds Corporate edition is
affected.
Ref: http://www.securityfocus.com/bid/28613
______________________________________________________________________
08.15.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Alkacon OpenCms "sessions.jsp" Multiple Cross-Site Scripting
Vulnerabilities
Description: Alkacon OpenCms is a web-based content manager. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input to the
"searchfilter" and "listSearchFilter" parameters of the
"system/workplace/admin/workplace/sessions.jsp" script. OpenCms
version 7.0.3 is affected.
Ref: http://www.securityfocus.com/archive/1/490498
______________________________________________________________________
08.15.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHPizabi Multiple Cross-Site Scripting Vulnerabilities
Description: PHPizabi is a social networking platform implemented in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input. PHPizabi
version 0.848b C1 is affected.
Ref: http://www.securityfocus.com/bid/28648
______________________________________________________________________
08.15.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Java System Messenger Express "sid" Cross-Site Scripting
Description: Sun Java System Messenger Express is a webmail
application. Sun Java System Messenger Express is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "sid" parameter of the "mail.html" script.
Sun Java System Messenger Express version 6.1-13-15 is affected.
Ref: http://www.securityfocus.com/bid/28649
______________________________________________________________________
08.15.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: URLStreet "seeurl.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: URLStreet is an application for managing favorite links
on a web site. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input to the "language" "order" and "filter" parameters of the
"seeurl.php" script. URLStreet version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28650
______________________________________________________________________
08.15.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Woltlab Burning Board WCF Cross-site Scripting and Information
Disclosure Vulnerabilities
Description: WoltLab Community Framework (WCF) included in Woltlab
Burning Board is prone to multiple security issues. Multiple
information disclosure issues exist because the application includes
the stack trace in the HTML comments returned to the user when it
fails to load and instantiate classes based on user-supplied input.
WCF version 1.0.6 included in WoltLab Burning Board version 3.0.5 is affected.
Ref: http://www.securityfocus.com/bid/28678
______________________________________________________________________
08.15.64 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Swiki HTML Injection and Cross-Site Scripting Vulnerabilities
Description: Swiki is a wiki application for the Comanche web server
and Squeak programming language/environment. Squeak is an open-source
implementation of Smalltalk. The application is exposed to multiple
input validation issues because it fails to properly sanitize
user-supplied input. Swiki version 1.5 is affected.
Ref: http://www.securityfocus.com/archive/1/490561
______________________________________________________________________
08.15.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Writer's Block "permalink.php" SQL Injection
Description: Writer's Block is a content management application
implemented in PHP. The application is expsoed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "PostID" parameter of the "permalink.php" script before using it
in an SQL query. Writer's Block version 3.8 is affected.
Ref: http://www.securityfocus.com/archive/1/490376
______________________________________________________________________
08.15.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo actualite Component "id" Parameter SQL
Injection
Description: actualite is a plugin for the Joomla! and Mambo content
managers. The component is expsoed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "com_actualite" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28565
______________________________________________________________________
08.15.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nuked-Klan HTTP Referer Header SQL Injection
Description: Nuked-Klan is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the HTTP Referer header
before using it in an SQL query. Nuked-Klan version 1.7.6 is affected.
Ref: http://www.securityfocus.com/bid/28578
______________________________________________________________________
08.15.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Xpose PRO "mail.html" SQL Injection
Description: Xpose PRO is a web-based picture gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the 'reed' parameter of
the 'mail.html' script before using it in an SQL query. Xpose PRO
version 3.05 is affected.
Ref: http://www.securityfocus.com/bid/28618
______________________________________________________________________
08.15.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Software Zone "view_product.php" SQL Injection
Description: Software Zone is a web-based application for selling
software online. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cat_id" parameter of the "view_product.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28620
______________________________________________________________________
08.15.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Comdev News Publisher "index.php" SQL Injection
Description: News Publisher is a web-based news publishing application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "arcmonth" parameter of the "index.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28622
______________________________________________________________________
08.15.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Joomlearn LMS Component "cat" Parameter SQL
Injection
Description: Joomlearn LMS is a plugin for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cat" parameter of the "com_lms" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/490410
______________________________________________________________________
08.15.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Terong PHP Photo Gallery "index.php" SQL Injection
Description: Terong PHP Photo Gallery is a photo gallery application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "photo_id" parameter of the "index.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/28626
______________________________________________________________________
08.15.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KwsPHP Galerie Module "id_gal" Parameter SQL Injection
Description: KwsPHP is a content manager implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id_gal" parameter of
the "galerie" module before using it in an SQL query. KwsPHP version
1.3.456 is affected.
Ref: http://www.securityfocus.com/bid/28590
______________________________________________________________________
08.15.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KwsPHP Archives Module "id" Parameter SQL Injection
Description: KwsPHP is a content manager implemented in PHP. The
application is exposed to an SQL injection vulnerability because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "archives" module before using it in an SQL query.
KwsPHP version 1.3.456 is affected.
Ref: http://www.securityfocus.com/bid/28592
______________________________________________________________________
08.15.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Module jeuxflash for KwsPHP "cat" Parameter SQL Injection
Description: KwsPHP is a content manager; Module jeuxflash is a module
for Kwsphp. The module is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "cat"
parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28601
______________________________________________________________________
08.15.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PIGMy-SQL "getdata.php" SQL Injection
Description: PIGMy-SQL is a photo gallery application implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "getdata.php" script before using it in an SQL query.
PIGMy-SQL version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/28634
______________________________________________________________________
08.15.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blogator-script "sond_result.php" SQL Injection
Description: Blogator-script is a blog application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id_art" parameter
of the "sond_result.php" script before using it in an SQL query.
Blogator-script version 0.95 is affected.
Ref: http://www.securityfocus.com/archive/1/490500
______________________________________________________________________
08.15.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blogator-script "init_pass2.php" SQL Injection
Description: Blogator-script is a blog application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "init_pass2.php" script before using it in an SQL query.
Blogator-script version 0.95 is affected.
Ref: http://www.securityfocus.com/archive/1/490501
______________________________________________________________________
08.15.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Cheats SQL Injection
Description: Prozilla Cheats is a web application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "view_reviews.php" script before using it in an SQL query.
Prozilla Cheats version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28640
______________________________________________________________________
08.15.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Forum SQL Injection
Description: Prozilla Forum is a web application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "forum" parameter
of the "forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28643
______________________________________________________________________
08.15.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Site Sift Listings SQL Injection
Description: Site Sift Listings is a web directory implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28644
______________________________________________________________________
08.15.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pixel Motion Blog SQL Injection
Description: Pixel Motion Blog is a web-log application implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "categorie"
parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28644
______________________________________________________________________
08.15.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Oxygen Bulletin Board "member.php" SQL Injection
Description: Oxygen Bulletin Board is a bulletin board application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "member" parameter of the "member.php" script before using it in
an SQL query. Oxygen Bulletin Board version 1.1.3 is affected.
Ref: http://www.securityfocus.com/bid/28651
______________________________________________________________________
08.15.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyBulletinBoard Custom Pages Module "pages" Parameter SQL
Injection
Description: MyBulletinBoard Custom Pages is a web page design module
for MyBulletinBoard. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "page" parameter of the "page.php" script before using it in an
SQL query. Custom Pages module version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28652
______________________________________________________________________
08.15.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProZilla Freelancers "project.php" SQL Injection
Description: ProZilla Freelancers is a web application implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "project"
parameter of the "project.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28653
______________________________________________________________________
08.15.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Links Directory "links.php" SQL Injection
Description: Links Directory is a web application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat_id" parameter
of the "links.php" script before using it in an SQL query. Links
Directory version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28655
______________________________________________________________________
08.15.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drake CMS HTTP "Via" Header SQL Injection
Description: Drake CMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the HTTP "Via" header before using it
in an SQL query. This issue occurs in the
"/components/guestbook/guestbook.php" source file. Drake CMS version
0.4.11 is affected.
Ref: http://www.securityfocus.com/bid/28656
______________________________________________________________________
08.15.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iScripts SocialWare "events.php" SQL Injection
Description: iScripts SocialWare is a web-based application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to properly sanitize the "id" parameter of the
"events.php" script.
Ref: http://www.securityfocus.com/bid/28669
______________________________________________________________________
08.15.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: My Gaming Ladder SQL Injection
Description: My Gaming Ladder is a set of scripts for managing ladders
and tournaments; it is implemented in PHP. The application is exposed
to an SQL injection issue because it fails to properly sanitize the
"ladderid" parameter of the "ladder.php" script. My Gaming Ladder
versions 7.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/28671
______________________________________________________________________
08.15.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 724CMS SQL Injection
Description: 724Networks Content Management Server (724CMS) is a
web-based content manager implemented in PHP. The application is
exposed to an SQL injection issue because it fails to properly
sanitize the "ID" parameter of the "index.php" script. 724CMS versions
4.01 and earlier are affected.
Ref: http://www.securityfocus.com/bid/28672
______________________________________________________________________
08.15.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Gaming Directory SQL Injection
Description: Prozilla Gaming Directory is a web application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cat_id" parameter of the "directory.php" script before using it
in an SQL query. Prozilla Gaming Directory version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28676
______________________________________________________________________
08.15.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Software Index SQL Injection
Description: Prozilla Software Index is a web application implemented
in PHP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cid"
parameter of the "showcategory.php" script before using it in an SQL
query. Prozilla Software Index version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28677
______________________________________________________________________
08.15.93 CVE: Not Available
Platform: Web Application
Title: EasySite "EASYSITE_BASE" Parameter Multiple Remote File Include
Vulnerabilities
Description: EasySite is a PHP-based application used to create portal
web sites. The application is exposed to multiple remote file include
issues because it fails to sufficiently sanitize user-supplied input
to the "EASYSITE_BASE" parameter. EasySite version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28563
______________________________________________________________________
08.15.94 CVE: Not Available
Platform: Web Application
Title: suPHP Multiple Local Privilege Escalation Vulnerabilities
Description: suPHP is a utility used to execute PHP scripts with the
permissions of their owners. The application is expsoed to multiple
local privilege escalation issues due to various race conditions that
occur in the application. suPHP versions prior to 0.6.3 are affected.
Ref: http://article.gmane.org/gmane.comp.php.suphp.general/348
______________________________________________________________________
08.15.95 CVE: Not Available
Platform: Web Application
Title: Online FlashQuiz Joomla! Component "db_config.inc.php" Remote
File Include
Description: The Elearningforce Online FlashQuiz component
(com_onlineflashquiz) for Joomla! is a PHP-based quizzing application.
The component is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the "base_dir"
parameter of the
"component/com_onlineflashquiz/quiz/common/db_config.inc.php" script.
Online FlashQuiz version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/28574
______________________________________________________________________
08.15.96 CVE: Not Available
Platform: Web Application
Title: DaZPHP "makepost.php" Local File Include
Description: DaZPHP is a news script application implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "prefixdir"
parameter of the "makepost.php" script. DaZPHP version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/28582
______________________________________________________________________
08.15.97 CVE: Not Available
Platform: Web Application
Title: sabros.us "thumbnails.php" Local File Include
Description: sabros.us is a web-based content management system
implemented in PHP. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"img" parameter of the "thumbnails.php" script. sabros.us version 1.75
is affected.
Ref: http://www.securityfocus.com/bid/28623
______________________________________________________________________
08.15.98 CVE: Not Available
Platform: Web Application
Title: Blogator-script "incl_page" Parameter Multiple Remote File
Include Vulnerabilities
Description: Blogator-script is a web-based application implemented in
PHP. The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input to the
"incl_page" parameter. Blogator-script version 0.95 is affected.
Ref: http://www.securityfocus.com/bid/28627
______________________________________________________________________
08.15.99 CVE: Not Available
Platform: Web Application
Title: PhpBlock "basicfogfactory.class.php" Remote File Include
Description: PhpBlock is a map engine implemented in PHP. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "PATH_TO_CODE"
parameter of the "basicfogfactory.class.php" script. PhpBlock version
A8.4 is affected.
Ref: http://www.securityfocus.com/bid/28588
______________________________________________________________________
08.15.100 CVE: Not Available
Platform: Web Application
Title: Drupal Webform Module Multiple Unspecified HTML Injection
Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The Webform module is used to
create questionnaires, contact forms, surveys, and other forms. The
application is exposed to multiple HTML injection issues because it
fails to properly sanitize user-supplied input before using it in
dynamically generated content. Webform 5.x versions prior to 5.x-1.10
and 5.x-2.0-beta3, as well as, 6.x versions prior to 6.x-1.0-beta3 are
affected.
Ref: http://drupal.org/node/242053
______________________________________________________________________
08.15.101 CVE: Not Available
Platform: Web Application
Title: kses Multiple Input Validation Vulnerabilities
Description: The kses application is a PHP-based script designed to
filter HTML and XHTML input to eliminate cross-site scripting attacks.
The script is exposed to multiple input-validation issues due to flaws
in the "kses_bad_protocol_once()" function.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=78745&release_id=585464
______________________________________________________________________
08.15.102 CVE: Not Available
Platform: Web Application
Title: Secure Computing WebWasher Malformed URL Remote Denial of
Service
Description: WebWasher is a web-based security solution available for
various operating systems. The application is exposed to a remote
denial of service issue that occurs when handling malformed URL's.
WebWasher 6.3.0 prior to build 3150 and WebWasher 5.3.0 prior to build
3159
Ref: http://www.securityfocus.com/archive/1/490406
______________________________________________________________________
08.15.103 CVE: Not Available
Platform: Web Application
Title: NukeET "mensaje" Parameter HTML Injection
Description: NukeET is a PHP-based content manager. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. NukeET version 3.4 is affected.
Ref: http://www.mrzayas.es/2008/04/04/xploitnukeet3/
______________________________________________________________________
08.15.104 CVE: Not Available
Platform: Web Application
Title: RobotStats "DOCUMENT_ROOT" Parameter Multiple Remote File
Include Vulnerabilities
Description: RobotStats is a PHP-based application that monitors and
analyzes web robots that visit a web site. The application is exposed
to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "DOCUMENT_ROOT"
parameter in the following scripts: "graph.php" and
"robotstats.inc.php". RobotStats version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/28615
______________________________________________________________________
08.15.105 CVE: Not Available
Platform: Web Application
Title: Web Server Creator "langfile" Parameter Remote File Include
Description: Web Server Creator is a web-based portal creation
application. The component is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"langfile" parameter of the "/news/include/createdb.php" script. Web
Server Creator version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/28631
______________________________________________________________________
08.15.106 CVE: Not Available
Platform: Web Application
Title: Dragoon "calendrier.php" Local File Include
Description: Dragoon is a content management system implemented in
PHP. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "cal[lng]"
parameter of the "calendrier.php" script. Dragoon version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/28638
______________________________________________________________________
08.15.107 CVE: Not Available
Platform: Web Application
Title: F5 BIG-IP Web Management Interface "NEW_VALUE" Parameter Remote
Code Injection
Description: F5 BIG-IP is a scalable application server device. The
application is exposed to a remote code injection issue because the
application fails to sufficiently sanitize user-supplied data to the
"NEW_VALUE" parameter. F5 BIG-IP version 9.4.3 is affected.
Ref: http://www.securityfocus.com/archive/1/490496
______________________________________________________________________
08.15.108 CVE: Not Available
Platform: Web Application
Title: Prozilla Top Sites Multiple Security Bypass Vulnerabilities
Description: Prozilla Top Sites is a web-based application implemented
in PHP. The application is exposed to multiple security bypass issues
because it fails to properly validate user credentials before performing
certain actions. Prozilla Top Sites version 1.0 is vulnerable; other
versions may also be vulnerable.
Ref: http://www.securityfocus.com/bid/28641
______________________________________________________________________
08.15.109 CVE: Not Available
Platform: Web Application
Title: Prozilla Reviews Security Bypass
Description: Prozilla Reviews is a web-based application implemented
in PHP. The application is exposed to a security-bypass issue because
it fails to properly validate user credentials before performing
certain actions. Prozilla Reviews version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28642
______________________________________________________________________
08.15.110 CVE: Not Available
Platform: Web Application
Title: Pixel Motion Blog Arbitrary File Upload
Description: Pixel Motion Blog is a web-log application implemented in
PHP. The application is exposed to an issue that lets an attacker
upload and execute arbitrary script code in the context of the
affected web server process. The issue occurs because the application
fails to sufficiently sanitize user-supplied input when uploading
templates in the "admin/modif_config.php" script.
Ref: http://www.securityfocus.com/bid/28646
______________________________________________________________________
08.15.111 CVE: Not Available
Platform: Web Application
Title: LinPHA Maps Plugin "db_handler.php" Local File Include
Description: LinPHA is a web-based image gallery application
implemented in PHP. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input.
LinPHA version 1.3.2 is affected.
Ref: http://www.securityfocus.com/bid/28654
______________________________________________________________________
08.15.112 CVE: Not Available
Platform: Web Application
Title: Mole "viewsource.php" Multiple Local File Include
Vulnerabilities
Description: Mole (Make Our Life Easy) is a PHP code generator
application. The application is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input to
the "dirn" and "fname" parameters of the "viewsource.php" script. Mole
version 2.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28659
______________________________________________________________________
08.15.113 CVE: Not Available
Platform: Web Application
Title: Dragoon "header.inc.php" Remote File Include
Description: Dragoon is a PHP-based content manager. The component is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "root" parameter of
the "/includes/header.inc.php" script. Dragoon version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/28660
______________________________________________________________________
08.15.114 CVE: Not Available
Platform: Web Application
Title: Wikipage Opus "index.php" Multiple Directory Traversal
Vulnerabilities
Description: Wikepage Opus is a PHP-based blog application. The
application is exposed to multiple directory traversal issues because
the application fails to sufficiently sanitize user-supplied input to
the following parameters of the "index.php" script: "template",
"Admin" and "Recent_changes". Wikepage Opus version 13 2007.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/490538
______________________________________________________________________
08.15.115 CVE: Not Available
Platform: Web Application
Title: iScripts SocialWare Arbitrary File Upload
Description: iScripts SocialWare is a web-based application
implemented in PHP. The application is exposed to an issue that lets
an attacker upload and execute arbitrary script code in the context of
the affected web server process. The issue occurs because the
application fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/28669
______________________________________________________________________
08.15.116 CVE: Not Available
Platform: Web Application
Title: Advanced Software Engineering ChartDirector For PHP Information
Disclosure
Description: Advanced Software Engineering ChartDirector is a chart
component for Windows and web applications. The application is exposed
to an information disclosure issue because it fails to properly
sanitize user-supplied input to the "file" parameter of the
"phpdemo/viewsource.php" script. ChartDirector for PHP version 4.1 is
affected.
Ref: http://www.securityfocus.com/bid/28674
______________________________________________________________________
08.15.117 CVE: CVE-2007-5399, CVE-2007-5405, CVE-2007-5406,
CVE-2007-6020, CVE-2008-0066, CVE-2008-1101
Platform: Web Application
Title: Autonomy KeyView Module Multiple Buffer Overflow
Vulnerabilities
Description: Autonomy KeyView is a component used in multiple
applications. It adds high-speed filtering, the ability to export
documents to web-ready HTML and valid XML, and high-fidelity viewing
capabilities. The application is exposed to multiple stack and
heap-based buffer overflow issues because it fails to perform adequate
boundary checks on user-supplied data before copying it to
insufficiently sized buffers. Multiple products using the KeyView
module are affected.
Ref: http://secunia.com/secunia_research/2007-95/advisory/
______________________________________________________________________
08.15.118 CVE: CVE-2008-1154
Platform: Network Device
Title: Cisco Unified Communication Disaster Recovery Framework Remote
Command Execution
Description: The Disaster Recover Framework allows administrators to
backup system configurations onto a backup device such as a local tape
drive or a remote server. Multiple Cisco Unified Communication
products are exposed to a remote command execution issue that occurs
in the Disaster Recovery Framework.
Ref: http://www.securityfocus.com/archive/1/490420
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkf+uVYACgkQ+LUG5KFpTkZaewCfc4wy1DIoJHS41vjVJegrxMGt
JHYAn3RxzMGCskCaQmMDZkJN2vlJRHOF
=GGqq
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]