|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 17
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Apr 24 2008 - 14:19:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It's a bad week!
The widely used Intel wireless driver can get you infected if you are
in range even if you are not connected. Multiple Adobe products have
critical vulnerabilities for which Adobe has not yet made a patch
available. Oracle has a critical (remote code execution) patch update,
but many organizations don't install the patches for long periods of
time. OpenOffice.org appears to have vulnerabilities that will open
infected files even without user approval. Add to that Active X
vulnerabilities in CA-Unicenter and other CA products and in Microsoft
Works, and you have a LOT of people with a lot of vulnerabilities they
do not know how to patch or they will not be patching soon. A bad
week.
BTW the only two practicable, large-scale solution to these problems and
the hundreds of others like them that will be announced over the next
few years is for Microsoft and Apple and the other system vendors to
provide a service to other vendors to patch any software that runs on
their operating systems. Longer term, the Phase II S-CAP initiative
from NSA (with help from NIST) may provide an even more comprehensive
solution.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 24, 2008 Vol. 7. Week 17
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 2 (#5, #7)
Third Party Windows Apps 8 (#1, #6, #8)
Linux 5
Cross Platform 22 (#2, #3, #4)
Web Application - Cross Site Scripting 11
Web Application - SQL Injection 17
Web Application 21
Network Device 2
******************** Sponsored By SANS Europe 2008 ********************
If you live in the US and missed all 4 chances to attend Ed Skoudis'
extraordinary new Penetration Testing and Ethical Hacking course,
(because they were all sold out in less than two weeks), we are running
it again at SANS Europe in Amsterdam June 16-21. It's a great excuse
to take your family to Europe this summer. And if you want to attend
Intrusion Detection, Hacker Exploits, Security Essentials, Firewalls and
Perimeter Protection, Auditing, Pen Testing Wireless, Securing Windows
or other popular SANS courses, they are spread out over Amsterdam,
Brussels and London 3 wonderful cities to visit wherever you live in
the world.
www.sans.org/SecureEurope08
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
with many bonus sessions and a big exhibition of security products:
http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21)
http://www.sans.org/secureeurope08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and online any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Intel Centrino Wireless Driver Buffer Overflow
(2) CRITICAL: Adobe Multiple Products Bitmap Handling Buffer Overflow
(3) HIGH: Oracle Multiple Products Multiple Vulnerabilities (Critical Patch Update April 2008)
(4) HIGH: OpenOffice.org Multiple Vulnerabilities
(5) HIGH: Microsoft Works ActiveX Control Remote Code Execution
(6) HIGH: Computer Associates DSM ActiveX Control Remote Code Execution
(7) MODERATE: Microsoft Heartbeat ActiveX Control Buffer Overflow
Other Software
(8) CRITICAL: Big Ant Enterprise Messaging Buffer Overflow
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
08.17.1 - Microsoft Windows Privilege Escalation
-- Third Party Windows Apps
08.17.2 - Microsoft Works 7 "WkImgSrv.dll" ActiveX Control Remote Code Execution
08.17.3 - Computer Associates DSM "gui_cm_ctrls.ocx" ActiveX Control Remote Code Execution
08.17.4 - ClamAV "libclamav/pe.c" WWPACK File Heap Based Buffer Overflow
08.17.5 - SubEdit Player Subtitle File Remote Buffer Overflow
08.17.6 - Microsoft "HeartbeatCtl" ActiveX Control Remote Buffer Overflow
08.17.7 - Computer Associates eTrust Secure Content Manager Remote Denial of Service
08.17.8 - Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
08.17.9 - Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
-- Linux
08.17.10 - PolicyKit Grant Helper Password Handling Local Format String
08.17.11 - Poppler and Xpdf PDF Rendering Library Embedded Font Remote Code Execution
08.17.12 - GNU Emacs Insecure Temporary File Creation
08.17.13 - Acon Multiple Local Buffer Overflow Vulnerabilities
08.17.14 - grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
-- Cross Platform
08.17.15 - Apple Safari File Download Remote Memory Corruption
08.17.16 - Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow
08.17.17 - OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
08.17.18 - ImageMagick Malformed XCF File Heap-Based Buffer Overflow
08.17.19 - ImageMagick Malformed PCX File Heap-Based Buffer Overflow
08.17.20 - xine-lib NES Sound Format Demuxer "demux_nsf.c" Buffer Overflow
08.17.21 - Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory Corruption
08.17.22 - BS.Player SRT File Remote Buffer Overflow
08.17.23 - Cecilia Insecure Temporary File Creation
08.17.24 - IBM DB2 Universal Database JAR File Processing Multiple Denial of Service Vulnerabilities
08.17.25 - IBM DB2 "NNSTAT" Procedure Arbitrary File Overwrite
08.17.26 - IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2 Procedures Remote Code Execution
08.17.27 - DBMail Authentication Bypass
08.17.28 - MPlayer "sdpplin_parse()" RTSP Integer Overflow
08.17.29 - Firefly Media Server "Content-Length" Buffer Overflow
08.17.30 - MoinMoin Multiple ACL Security Bypass Vulnerabilities
08.17.31 - Blender "radiance_hdr.c" Remote Buffer Overflow
08.17.32 - Multiple Adobe Products Image Header Buffer Overflow
08.17.33 - muCommander "credentials.xml" Local Information Disclosure
08.17.34 - Swfdec Untrusted Sandbox Remote Information Disclosure
08.17.35 - SIPp "call.cpp" Remote Buffer Overflow
08.17.36 - Mozilla Firefox "document.write()" Denial of Service
-- Web Application - Cross Site Scripting
08.17.37 - Apple Safari WebKit URI Handling Cross-Site Scripting
08.17.38 - Blogator-script "bs_auth.php" Cross-Site Scripting
08.17.39 - MyBoard "rep.php" Cross-Site Scripting
08.17.40 - Php-Stats "admin.php" Multiple Cross-Site Scripting Vulnerabilities
08.17.41 - EsContacts "msg" Parameter Multiple Cross-Site Scripting Vulnerabilities
08.17.42 - Wikepage Opus "wiki" Parameter Cross-Site Scripting
08.17.43 - uTorrent WebUI Cross-Site Request Forgery
08.17.44 - Advanced Electron Forum "beg" Parameter Cross-Site Scripting
08.17.45 - ContRay "search" Parameter Cross-Site Scripting
08.17.46 - EncapsGallery Cross-Site Scripting Vulnerability and File Upload
08.17.47 - Akiva WebBoard HTML Injection
-- Web Application - SQL Injection
08.17.48 - Mambo and Joomla! Jom Comment Component User Credential SQL Injection
08.17.49 - XplodPHP AutoTutorials "id" Parameter SQL Injection
08.17.50 - CoBaLT "adminler.asp" SQL Injection
08.17.51 - TLM CMS Multiple SQL Injection Vulnerabilities
08.17.52 - 5th Avenue Shoppe "category_list.php" SQL Injection
08.17.53 - Voice of Web AllMyGuests "AMG_id" SQL Injection
08.17.54 - Simple Customer "contact.php" SQL Injection
08.17.55 - YourFreeWorld Apartment Search Script "listtest.php" SQL Injection
08.17.56 - PHP-Fusion "submit.php" SQL Injection
08.17.57 - XOOPS Recette "detail.php" SQL Injection
08.17.58 - W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
08.17.59 - RedDot CMS "ioRD.asp" SQL Injection
08.17.60 - Tr Script News "news.php" SQL Injection
08.17.61 - XOOPS Article Module "article.php" SQL Injection
08.17.62 - Crazy Goomba "commentaires.php" SQL Injection
08.17.63 - Joomla! and Mambo FlippingBook Component "book_id" Parameter SQL Injection
08.17.64 - WordPress wpSS Spreadsheet Plugin "ss_id" Parameter SQL Injection
-- Web Application
08.17.65 - eGroupWare Unspecified Arbitrary File Upload
08.17.66 - Carbon Communities Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.17.67 - e107 123 FlashChat Module "123flashchat.php" Remote File Include
08.17.68 - SunShop Shopping Cart "adminindex.php" Multiple SQL Injection Vulnerabilities
08.17.69 - Exponent CMS Multiple HTML Injection Vulnerabilities
08.17.70 - Grape Web Statistics "functions.php" Remote File Include
08.17.71 - LightNEasy 1.2.2 Flat Multiple Input Validation Vulnerabilities
08.17.72 - PHP Toolkit Quote Parameter Information Disclosure and Denial of Service
08.17.73 - WordPress "cat" Parameter Directory Traversal
08.17.74 - TorrentFlux Cross-Site Request Forgery and Remote PHP Script Code Execution Vulnerabilities
08.17.75 - Azureus HTML WebUI Cross-Site Request Forgery
08.17.76 - openInvoice Security Bypass Vulnerabilities
08.17.77 - phShoutBox Cookie Security Bypass
08.17.78 - Chimaera Project Aterr Multiple Local File Include Vulnerabilities
08.17.79 - Host Directory PRO Cookie Security Bypass
08.17.80 - PortailPHP "mod_search" Remote File Include
08.17.81 - SMF Audio CAPTCHA Security Bypass
08.17.82 - Acidcat CMS Multiple Input Validation Vulnerabilities
08.17.83 - Kubelance "ipn.php" Local File Include
08.17.84 - S9Y Serendipity HTML Injection and Cross-Site Scripting Vulnerabilities
08.17.85 - QIP Unspecified Remote Memory Corruption
-- Network Device
08.17.86 - Cisco Network Admission Control Shared Secret Information Disclosure
08.17.87 - Multiple Wireless Routers Predictable Default WEP/WPA Key Security Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Intel Centrino Wireless Driver Buffer Overflow
Affected:
Intel Centrino 2200BG Wireless Device Driver
Description: The Intel Centrino 2200BG is a popular wireless network
(802.11) card, commonly used in laptop computers. Its driver for
Microsoft Windows contains a buffer overflow in its handling of wireless
network traffic. A specially crafted wireless network frame could
trigger this vulnerability, allowing an attacker to execute arbitrary
code with kernel level privileges, completely compromising the
vulnerable system. The wireless network interface on the vulnerable
system need only be in range of the attacker; it need not be connected
to any particular wireless network to be vulnerable. Full technical
details and a proof-of-concept are publicly available for this
vulnerability.
Status: Intel confirmed, updates available. The patch can be accessed
through Intel site reverenced below.
References:
Proof-of-Concept
http://milw0rm.com/exploits/5461
Intel Security Advisory
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00001&languageid=en-fr
Wikipedia Article on 802.11, the Wireless Network Protocol
http://en.wikipedia.org/wiki/IEEE_802.11
SecurityFocus BID
Not yet available.
*********************************************************
(2) CRITICAL: Adobe Multiple Products Bitmap Handling Buffer Overflow
Affected:
Adobe Photoshop Album Starter
Adobe After Effects CS3
Adobe Photoshop CS3
Description: Multiple Adobe products contain a buffer overflow in their
handling of the Bitmap (BMP) image format. A specially crafted BMP image
could trigger this buffer overflow. Successfully exploiting this buffer
overflow would allow an attacker to execute arbitrary code with the
privileges of the current user. Full technical details and a
proof-of-concept are publicly available for this vulnerability. Note
that, depending upon configuration, BMP files may be opened
automatically by the vulnerable applications without first prompting the
user.
Status: Adobe confirmed, no updates available.
References:
Advisory from c0ntex (includes proof-of-concept)
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0551.html
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-04.html
Wikipedia Article on the BMP Image Format
http://en.wikipedia.org/wiki/BMP_file_format
Adobe Home Page
http://www.adobe.com
SecurityFocus BID
http://www.securityfocus.com/bid/28874
*********************************************************
(3) HIGH: Oracle Multiple Products Multiple Vulnerabilities (Critical
Patch Update April 2008)
Affected:
Oracle Database
Oracle Sieble Sim Builder
Oracle PeopleSoft PeopleTools
Oracle PeopleSoft Human Capital
HP Oracle for OpenView
Description: Oracle has released its Critical Patch Update for April of
2008. This update address multiple vulnerabilities ranging in severity
from unauthenticated remote code execution with the privileges of the
vulnerable process to SQL injection and information disclosure. Some
technical details are available for several of these vulnerabilities.
Some of these vulnerabilities have been discussed in earlier editions
of RISK.
Status: Oracle confirmed, updates available.
References:
Oracle Critical Patch Update
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
Red Database Security Advisories
http://www.red-database-security.com/advisory/oracle_outln_password_change.html
http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_util.html
http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_idx.html
http://www.red-database-security.com/advisory/oracle_sql_injection_sdo_geom.html
Imperva Security Advisory
http://www.imperva.com/resources/adc/adc_advisories_oracle-dbms-04172008.html
SecurityFocus BID
http://www.securityfocus.com/bid/28725
*********************************************************
(4) HIGH: OpenOffice.org Multiple Vulnerabilities
Affected:
OpenOffice.org versions 2.3 and prior
Description: OpenOffice.org is a popular open source office suite. It
is included by default in a large number of Unix, Unix-like, and Linux
systems. It contains multiple vulnerabilities in its handling of a
variety of file formats. A specially crafted Microsoft Office file,
Microsoft Extended Metafile file, or Quattro Pro file could trigger one
of these vulnerabilities. Successfully exploiting one of these
vulnerabilities would allow an attacker to execute arbitrary code with
the privileges of the current user. Note that, depending upon
configuration, these files may be opened by default with the vulnerable
application without first prompting the user. Full technical details for
these vulnerabilities are publicly available via source code analysis.
OpenOffice.org shares most of its code with the StarOffice suite;
StarOffice is presumed vulnerable to these issues as well.
Status: OpenOffice.org confirmed, updates available.
References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691
OpenOffice.org Security Advisories
http://www.openoffice.org/security/cves/CVE-2008-0320.html
http://www.openoffice.org/security/cves/CVE-2007-5745.html
http://www.openoffice.org/security/cves/CVE-2007-5746.html
http://www.openoffice.org/security/cves/CVE-2007-5745.html
OpenOffice.org Home Page
http://www.openoffice.org/
SecurityFocus BID
http://www.securityfocus.com/bid/28819
*********************************************************
(5) HIGH: Microsoft Works ActiveX Control Remote Code Execution
Affected:
Microsoft Works 7, and possibly prior
Description: Microsoft Works is a popular office suite from Microsoft.
Part of its functionality is provided by an ActiveX control,
"WkImgSrv.dll". This control contains remote code execution
vulnerability. A malicious web page that instantiates this control could
trigger this vulnerability, allowing an attacker to execute arbitrary
code with the privileges of the current user. Technical details, and a
proof-of-concept are publicly available for this vulnerability.
Status: Microsoft has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"00E1DB59-6EFD-4CE7-8C0A-2DA3BCAAD9C6".
References:
Posting by wsn1983 (includes proof-of-concept)
http://www.securityfocus.com/archive/1/491027
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28820
*********************************************************
(6) HIGH: Computer Associates DSM ActiveX Control Remote Code Execution
Affected:
Computer Associates Unicenter Software Delivery
Computer Associates Unicenter Remote Control
Computer Associates Unicenter Desktop Management Bundle
Computer Associates Unicenter Asset Management
Computer Associates Remote Control
Computer Associates Desktop Management Suite
Computer Associates Desktop and Server Management
Computer Associates ARCserve Backup for Laptops and Desktops
Description: Multiple Computer Associates applications contain the
"gui_cm_ctrls.ocx" ActiveX control, used by the "DSM" component of these
applications. This control contains a remote code execution
vulnerability in its handling of various method parameters. A specially
crafted web page that instantiates this control could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Some technical details are publicly
available for this vulnerability.
Status: Computer Associates confirmed, updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"E6239EB3-E0B0-46DA-A215-CFA9B3B740C5".
References:
Computer Associates Security Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
SecurityFocus BID
http://www.securityfocus.com/bid/28809
*********************************************************
(7) MODERATE: Microsoft Heartbeat ActiveX Control Buffer Overflow
Affected:
Microsoft HeartbeatCtl ActiveX Control
Description: The Microsoft HeartbeatCtl ActiveX control is used to play
games on the Microsoft Network (MSN) Games site. This control contains
a buffer overflow in its handling of its "Host" parameter. A specially
crafted web page that instantiated this control could trigger this
buffer overflow, and allow an attacker to execute arbitrary code with
the privileges of the current user. Technical details for this
vulnerability are publicly available.
Status: Microsoft confirmed, updates available. This vulnerability was
silently patched in Microsoft Security Bulletin MS07-069. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"E5D419D6-A846-4514-9FAD-97E826C84822". Note that this will affect
normal application functionality.
References:
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/570089
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28882
*********************************************************
****************
Other Software
****************
(8) CRITICAL: Big Ant Enterprise Messaging Buffer Overflow
Affected:
Big Ant Server versions 2.2 and prior
Description: Big Ant Server is an enterprise instant messaging server.
It contains a buffer overflow in its handling of user requests. A
specially crafted user request could trigger this buffer overflow.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the vulnerable process.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.
Status: Big Ant has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by blocking TCP port 6080 at
the network perimeter.
References:
Proof-of-Concept
http://milw0rm.com/exploits/5451
Big Ant Software Home Page
http://www.bigantsoft.com/
SecurityFocus BID
http://www.securityfocus.com/bid/28795
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 17, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.17.1 CVE: CVE-2008-1436
Platform: Windows
Title: Microsoft Windows Privilege Escalation
Description: Microsoft Windows is exposed to a privilege escalation
issue. Specifically, specially crafted code running in the context of
the NetworkService or LocalService may gain access to resources in
processes that run with the same privileges (NetworkService or
LocalService) but can elevate their privileges to LocalSystem.
Microsoft Windows XP Professional SP2 and all versions and editions of
Windows Server 2003, Windows Vista, and Windows Server 2008 are
affected.
Ref: http://www.securityfocus.com/archive/1/491140
______________________________________________________________________
08.17.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Works 7 "WkImgSrv.dll" ActiveX Control Remote Code
Execution
Description: Microsoft Works 7 "WkImgSrv.dll" ActiveX control is an
application for image manipulation. The application is exposed to a
remote code execution issue because the application fails to perform
adequate checks on user-supplied data. Microsoft Works 7
"WkImgSrv.dll" ActiveX control version 7.03.0616 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.17.3 CVE: CVE-2008-1786
Platform: Third Party Windows Apps
Title: Computer Associates DSM "gui_cm_ctrls.ocx" ActiveX Control
Remote Code Execution
Description: Computer Associates DSM is a desktop and server
management suite. The application is exposed to a remote code
execution issue that occurs because the software fails to sufficiently
validate function arguments used by the "gui_cm_ctrls.ocx" ActiveX
control.
Ref:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
______________________________________________________________________
08.17.4 CVE: CVE-2008-1833
Platform: Third Party Windows Apps
Title: ClamAV "libclamav/pe.c" WWPACK File Heap-Based Buffer Overflow
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. The application is exposed to a heap-based
buffer overflow issue because it fails to properly verify
user-supplied data. ClamAV version 0.92.1 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687
______________________________________________________________________
08.17.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: SubEdit Player Subtitle File Remote Buffer Overflow
Description: SubEdit Player is a media player and subtitles editor for
Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The issue occurs when the application handles
files that contain overly long subtitle data. SubEdit Player Build
4066 is affected.
Ref: http://www.securityfocus.com/bid/28858
______________________________________________________________________
08.17.6 CVE: CVE-2007-6255
Platform: Third Party Windows Apps
Title: Microsoft "HeartbeatCtl" ActiveX Control Remote Buffer Overflow
Description: Microsoft "HeartbeatCtl" is an ActiveX control that
allows users to play multiplayer games on the MSN Games website. The
application is exposed to a remote buffer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
input.
Ref: http://www.kb.cert.org/vuls/id/570089
______________________________________________________________________
08.17.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Computer Associates eTrust Secure Content Manager Remote Denial of Service
Description: Computer Associates eTrust Secure Content Manager is a
gateway application that monitors, filters and blocks possible threats
from computers. The application is exposed to a remote denial of service
issue that occurs in the "eCSqdmn" daemon, which is listening on TCP
port 1882 by default.
Ref: http://aluigi.altervista.org/adv/ecsqdamn-adv.txt
______________________________________________________________________
08.17.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
Description: Foxit Reader is a PDF viewer application available for
Microsoft Windows operating systems. The application is exposed to two
remote memory corruption issues because it fails to handle specially
crafted PDF files. Foxit Reader version 2.2 is affected.
Ref: http://www.vallejo.cc/proyectos/foxitreader2.htm
______________________________________________________________________
08.17.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Apple Safari 3.1.1 For Windows Multiple Denial of Service and
Spoofing Vulnerabilities
Description: Apple Safari is a web browser available for Mac OS X and
Microsoft Windows. The application is exposed to multiple remote
issues. Apple Safari version 3.1.1 for Windows is affected.
Ref: http://www.securityfocus.com/archive/1/491192
______________________________________________________________________
08.17.10 CVE: CVE-2008-1658
Platform: Linux
Title: PolicyKit Grant Helper Password Handling Local Format String
Description: PolicyKit is used to define and handle policies that
allow unprivileged processes to communicate with privileges processes.
The application is exposed to a local format string issue because it
fails to sanitize user-supplied input before passing it to a formatted
printing function. PolicyKit version 0.6 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=439982#add_comment
______________________________________________________________________
08.17.11 CVE: CVE-2008-1693
Platform: Linux
Title: Poppler and Xpdf PDF Rendering Library Embedded Font Remote
Code Execution
Description: The Poppler PDF rendering library is a library that
provides a programming interface for rendering PDF files. It is based
on the Xpdf-3.0 codebase. The application is exposed to a remote code
execution issue because it fails to properly validate user-supplied
data.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0238.html
______________________________________________________________________
08.17.12 CVE: CVE-2008-1694
Platform: Linux
Title: GNU Emacs Insecure Temporary File Creation
Description: Emacs is a freely available text editor. Emacs creates
temporary files in an insecure manner. Specifically, the issue
presents itself because the "ib-src/vcdiff" script file uses a
temporary file with a predictable name. Emacs versions 21.4a and 22.2
are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=208483
______________________________________________________________________
08.17.13 CVE: Not Available
Platform: Linux
Title: Acon Multiple Local Buffer Overflow Vulnerabilities
Description: Acon is a script that adds arabic text support in a Linux
console. This setuid application is exposed to multiple issues because
it fails to perform adequate boundary checks on user-supplied input.
Acon version 1.0.5 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476603
______________________________________________________________________
08.17.14 CVE: Not Available
Platform: Linux
Title: grsecurity Multiple RBAC Local Security Bypass Vulnerabilities
Description: grsecurity is a security application add on to the Linux
kernel using multi-layered detection, prevention, and containment. The
application is exposed to multiple local security bypass issues
because it fails to handle return values to certain functions in the
RBAC (Role-Based Access Control) system. grsecurity versions prior to
2.1.11-2.6.24.5 (2008-04-21) and 2.1.11-2.4.36.2 (2008-04-21) are
affected.
Ref: http://www.securityfocus.com/bid/28889
______________________________________________________________________
08.17.15 CVE: CVE-2008-1024
Platform: Cross Platform
Title: Apple Safari File Download Remote Memory Corruption
Description: Apple Safari is a browser available for multiple
operating systems. The application is exposed to a remote memory
corruption issue that occurs when handling files with large names
during a download operation. Apple Safari versions prior to 3.1.1
running on Microsoft Windows XP and Windows Vista are affected.
Ref: http://www.kb.cert.org/vuls/id/529441
______________________________________________________________________
08.17.16 CVE: CVE-2008-1026
Platform: Cross Platform
Title: Apple Safari WebKit JavaScript Regular Expression Repetition
Counts Buffer Overflow
Description: Apple Safari is a browser available for Mac OS X and
Microsoft Windows. Safari is exposed to a buffer overflow issue
because it fails to properly bounds check user-supplied input before
using it in an insufficiently sized buffer. Safari version 3.1.1
resolves this issue.
Ref: http://support.apple.com/kb/HT1467
______________________________________________________________________
08.17.17 CVE: CVE-2007-5745, CVE-2007-5746, CVE-2007-5747,
CVE-2008-0320
Platform: Cross Platform
Title: OpenOffice Multiple Heap-Based Buffer Overflow Vulnerabilities
Description: OpenOffice is a suite of office applications for multiple
operating platforms. The application is exposed to multiple issues.
OpenOffice 2 versions prior to 2.4 are affected. The OLE and EMF file
issues also affect OpenOffice version 1.1.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
______________________________________________________________________
08.17.18 CVE: CVE-2008-1096
Platform: Cross Platform
Title: ImageMagick Malformed XCF File Heap-Based Buffer Overflow
Description: ImageMagick is an image editing suite that includes a
library and command-line utilities supporting numerous image formats.
It is exposed to a heap-based buffer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
data. ImageMagick versions 6.2.8-0 and earlier are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0145.html
______________________________________________________________________
08.17.19 CVE: CVE-2008-1097
Platform: Cross Platform
Title: ImageMagick Malformed PCX File Heap-Based Buffer Overflow
Description: ImageMagick is an image editing suite that includes a
library and command line utilities supporting numerous image formats.
ImageMagick is exposed to a heap-based buffer overflow issue because
the application fails to perform adequate boundary checks on
user-supplied data. ImageMagick versions 6.2.8-0 and 6.2.4-5 are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0145.html
______________________________________________________________________
08.17.20 CVE: Not Available
Platform: Cross Platform
Title: xine-lib NES Sound Format Demuxer "demux_nsf.c" Buffer Overflow
Description: The "xine-lib" library allows various media players to
play various media formats. The library is a plugin for RealMedia. The
library is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data when processing
it with the NES Sound Format demuxer. xine-lib versions 1.1.12 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/28816
______________________________________________________________________
08.17.21 CVE: CVE-2008-1380
Platform: Cross Platform
Title: Mozilla Firefox/SeaMonkey JavaScript Garbage Collector Memory
Corruption
Description: The Mozilla Foundation has released a security advisory
disclosing a memory corruption issue that affects Mozilla Firefox,
SeaMonkey and potentially Thunderbird. The issue stems from an
unspecified error in the JavaScript garbage collector and was
introduced by security fixes for issues described in MFSA 2008-15 (BID
28448). Mozilla Firefox version 2.0.0.13 and Mozilla SeaMonkey version
1.1.9 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0222.html
______________________________________________________________________
08.17.22 CVE: Not Available
Platform: Cross Platform
Title: BS.Player SRT File Remote Buffer Overflow
Description: BS.Player is a media player designed to handle multiple
media file formats. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The issue occurs when the application handles SRT
files that contain overly long subtitle data. BS.Player version 2.27.959
is affected.
Ref: http://www.securityfocus.com/bid/28811
______________________________________________________________________
08.17.23 CVE: Not Available
Platform: Cross Platform
Title: Cecilia Insecure Temporary File Creation
Description: Cecilia is a graphical user interface to Csound. Cecilia
creates temporary files in an insecure manner. Specifically the issue
presents itself because the "locateCsound()" function in the
"lib/prefs.tcl" file uses a temporary file with a fixed name
"/tmp/csvers". Cecilia version 2.0.5 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476321
______________________________________________________________________
08.17.24 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database JAR File Processing Multiple Denial
of Service Vulnerabilities
Description: IBM DB2 Universal Database Server is exposed to multiple
denial of service issues. IBM DB2 Universal Database versions 8, 9, and
9.5 on Microsoft Windows platforms are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21287889
______________________________________________________________________
08.17.25 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 "NNSTAT" Procedure Arbitrary File Overwrite
Description: IBM DB2 is a database server. The "NNSTAT" procedure
retrieves statistics for one or more nicknames. The application is
exposed to an issue that lets attackers overwrite arbitrary files.
Ref: http://www.securityfocus.com/archive/1/491073
______________________________________________________________________
08.17.26 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2
Procedures Remote Code Execution
Description: IBM DB2 Universal Database Server is exposed to a remote
code execution issue. It may be exploited by authenticated attackers
that issue the "ADMIN_SP_C" or "ADMIN_SP_C2" procedures with
specially-crafted arguments.
Ref: http://www.securityfocus.com/archive/1/491075
______________________________________________________________________
08.17.27 CVE: CVE-2007-6714
Platform: Cross Platform
Title: DBMail Authentication Bypass
Description: DBMail is an application that stores emails in an SQL
based database. The application is exposed to an issue that may let
attackers authenticate without a valid password in some
configurations. This vulnerability is known to occur when the
"authldap" module is used with an Active Directory server.
Ref: http://www.dbmail.org/index.php?page=news&id=44
______________________________________________________________________
08.17.28 CVE: CVE-2008-1558
Platform: Cross Platform
Title: MPlayer "sdpplin_parse()" RTSP Integer Overflow
Description: MPlayer is a media player. MPlayer is exposed to an
interger overflow issue because it fails to perform adequate checks on
externally-supplied input. The vulnerability exists in the
"sdpplin_parse()" function.
Ref: http://www.securityfocus.com/bid/28851
______________________________________________________________________
08.17.29 CVE: CVE-2008-1771
Platform: Cross Platform
Title: Firefly Media Server "Content-Length" Buffer Overflow
Description: Firefly Media Server (formerly known as mt-daapd) is a
multiplatform digital music server. The application is exposed to a
buffer overflow issue because it fails to perform adequate checks on
user-supplied input. The issue exists due to an integer overflow error
in the "ws_getpostvars()" function in the "src/webserver.c" file.
Firefly Media Server versions prior to 0.2.4.2 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=593465&group_id=98211
______________________________________________________________________
08.17.30 CVE: Not Available
Platform: Cross Platform
Title: MoinMoin Multiple ACL Security Bypass Vulnerabilities
Description: MoinMoin is an open source wiki. The application is
exposed to multiple security bypass issues because it fails to
properly handle Access Control List (ACL) entries. MoinMoin versions
prior to 1.6.3 are affected.
Ref: http://moinmo.in/SecurityFixes
______________________________________________________________________
08.17.31 CVE: CVE-2008-1102
Platform: Cross Platform
Title: Blender "radiance_hdr.c" Remote Buffer Overflow
Description: Blender is an open source suite for creating 3D content.
The application is exposed to a buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input. Blender
version 2.45 is affected.
Ref: http://secunia.com/secunia_research/2008-16/advisory/
______________________________________________________________________
08.17.32 CVE: CVE-2008-1765
Platform: Cross Platform
Title: Multiple Adobe Products Image Header Buffer Overflow
Description: Multiple Adobe products are exposed to a buffer overflow
issue because they fail to perform adequate boundary checks on
user-supplied input. The issue occurs when handling malformed image
header data in image files.
Ref: http://www.adobe.com/support/security/advisories/apsa08-04.html
______________________________________________________________________
08.17.33 CVE: Not Available
Platform: Cross Platform
Title: muCommander "credentials.xml" Local Information Disclosure
Description: muCommander is a cross-platform file manager application.
The application is exposed to a local information disclosure issue
because the application fails to set secure permissions for the
"credentials.xml" file. muCommander versions prior to 0.8.2 are
affected.
Ref: http://www.mucommander.com/changes.php
______________________________________________________________________
08.17.34 CVE: CVE-2008-1834
Platform: Cross Platform
Title: Swfdec Untrusted Sandbox Remote Information Disclosure
Description: Swfdec is a decoding and rendering library for Macromedia
Flash animation files. It can be used in conjunction with web browsers
to view Flash files. The application is exposed to a remote
information disclosure issue due to a failure of the software to
securely implement restricted sandboxes for Macromedia Flash animation
files. Swfdec versions prior to 0.6.4 are affected.
Ref: http://lists.freedesktop.org/archives/swfdec/2008-April/001321.html
______________________________________________________________________
08.17.35 CVE: Not Available
Platform: Cross Platform
Title: SIPp "call.cpp" Remote Buffer Overflow
Description: SIPp is an Open Source test tool for the SIP protocol.
The application is exposed to a buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input. SIPp
version 3.0 is affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=593806&group_id=104305
______________________________________________________________________
08.17.36 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox "document.write()" Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue
because it fails to handle excessive data sent in an infinite loop to
the "document.write()" JavaScript function. Firefox version 3 Beta 5
is affected.
Ref: http://www.securityfocus.com/archive/1/491196
______________________________________________________________________
08.17.37 CVE: CVE-2008-1025
Platform: Web Application - Cross Site Scripting
Title: Apple Safari WebKit URI Handling Cross-Site Scripting
Description: Apple Safari is a browser available for Mac OS X and
Microsoft Windows. Safari WebKit is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input.
Safari version 3.1.1 resolves this issue.
Ref: http://support.apple.com/kb/HT1467
______________________________________________________________________
08.17.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Blogator-script "bs_auth.php" Cross-Site Scripting
Description: Blogator-script is a blog application. The application is
exposed to a cross-site scripting issue because it fails to adequately
sanitize user-supplied input to the "msg" parameter of the
"Blogator-script/bs_auth.php" script. Blogator-script version 0.95 is
affected.
Ref: http://www.securityfocus.com/bid/28810
______________________________________________________________________
08.17.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyBoard "rep.php" Cross-Site Scripting
Description: MyBoard is a web-based forum application. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "id" parameter of the "rep.php"
script. MyBoard version 1.0.12 is affected.
Ref: http://www.securityfocus.com/bid/28823
______________________________________________________________________
08.17.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Php-Stats "admin.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Php-Stats a PHP-based tool for creating statistical
information about a file tree. The application is exposed to multiple
cross-site scripting issues because it fails to properly sanitize
user-supplied input to the following parameters of the "admin.php"
script. Php-Stats version 0.1.9.1 is affected.
Ref: http://www.securityfocus.com/bid/28824
______________________________________________________________________
08.17.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EsContacts "msg" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: EsContacts is a PHP-based contact management application.
The application is exposed to multiple cross-site scripting issues
because it fails to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/28825
______________________________________________________________________
08.17.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Wikepage Opus "wiki" Parameter Cross-Site Scripting
Description: Wikepage Opus is a PHP-based blog application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "wiki" parameter of the
"index.php" script. Wikepage Opus version 13 2007.2 is affected.
Ref: http://www.securityfocus.com/archive/1/491065
______________________________________________________________________
08.17.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: uTorrent WebUI Cross-Site Request Forgery
Description: uTorrent WebUI is a web-based administrative interface
for the uTorrent BitTorrent client application. The application is
exposed to a cross-site request forgery issue. uTorrent WebUI version
0.310 beta 2 is affected.
Ref: http://www.securityfocus.com/archive/1/491066
______________________________________________________________________
08.17.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Advanced Electron Forum "beg" Parameter Cross-Site Scripting
Description: Advanced Electron Forum (AEF) is a PHP-based web forum
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the "beg"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/28865
______________________________________________________________________
08.17.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ContRay "search" Parameter Cross-Site Scripting
Description: ContRay is a web-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "search" parameter of the
"cgi-bin/contray/search.cgi" script.
Ref: http://www.securityfocus.com/bid/28883
______________________________________________________________________
08.17.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EncapsGallery Cross-Site Scripting Vulnerability and File
Upload
Description: EncapsGallery is a photo gallery application. The
application is exposed to two issues because it fails to sanitize
user-supplied input. EncapsGallery version 2.0.2 is affected and
version 2.0.4 is affected to the file upload issue only.
Ref: http://www.securityfocus.com/bid/28887
______________________________________________________________________
08.17.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Akiva WebBoard HTML Injection
Description: Akiva WebBoard is a web-based application for social
networking. The application is exposed to an HTML injection issue when
handling specially crafted values of form field parameters of the
profile update page. Akiva WebBoard version 8.0 is affected.
Ref: http://www.securityfocus.com/bid/28895
______________________________________________________________________
08.17.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo and Joomla! Jom Comment Component User Credential SQL
Injection
Description: Jom Comment is a component for the Mambo and Joomla!
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data before
using it in an SQL query. The issue occurs in the username and
password fields. Jom Comment version 2.0 build 345 is affected.
Ref:
http://www.securityfocus.com/bid/28812http://www.securityfocus.com/bid/28812
______________________________________________________________________
08.17.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XplodPHP AutoTutorials "id" Parameter SQL Injection
Description: XplodPHP AutoTutorials is an application for managing
online tutorials. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "viewcat.php" component before using it in an
SQL query. AutoTutorials version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/28808
______________________________________________________________________
08.17.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CoBaLT "adminler.asp" SQL Injection
Description: CoBaLT is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "id" parameter of the
"cobalt/cobalt_v2_yonetim/adminler.asp" script before using it in an
SQL query. CoBaLT version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28831
______________________________________________________________________
08.17.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TLM CMS Multiple SQL Injection Vulnerabilities
Description: TLM CMS is a content management system. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the following scripts and
parameters: "a-bmembres.php: nom" and "goodies.php: idnews". TLM CMS
version 3.1 is affected.
Ref: http://www.securityfocus.com/bid/28837
______________________________________________________________________
08.17.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 5th Avenue Shoppe "category_list.php" SQL Injection
Description: 5th Avenue Shoppe is a shopping cart application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "category_ID"
parameter of the "category_list.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/491069
______________________________________________________________________
08.17.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Voice of Web AllMyGuests "AMG_id" SQL Injection
Description: Voice of Web AllMyGuests is a guestbook. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "AMG_id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/5469
______________________________________________________________________
08.17.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Customer "contact.php" SQL Injection
Description: Simple Customer is a web-based application to keep track
of clients, customers and contacts. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "contact.php" script
before using it in an SQL query. Simple Customer version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/28852
______________________________________________________________________
08.17.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Apartment Search Script "listtest.php" SQL
Injection
Description: Apartment Search Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "r" parameter of the
"listtest.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28853
______________________________________________________________________
08.17.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "submit.php" SQL Injection
Description: PHP-Fusion is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "submit_info[]" parameter of the
"submit.php" script before using it in an SQL query. PHP-Fusion
version 6.00.307 is affected.
Ref: http://www.securityfocus.com/bid/28855
______________________________________________________________________
08.17.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS Recette "detail.php" SQL Injection
Description: Recette is a XOOPS module for cookbook management. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"detail.php" script before using it in an SQL query. XOOPS Recette
version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/28859
______________________________________________________________________
08.17.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
Description: Philboard is a web-based forum. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. Philboard version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/28871
______________________________________________________________________
08.17.59 CVE: CVE-2008-1613
Platform: Web Application - SQL Injection
Title: RedDot CMS "ioRD.asp" SQL Injection
Description: RedDot CMS is a content management application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "LngId" parameter of
the "ioRD.asp" script before using it in an SQL query. RedDot CMS
versions prior to 7.5.1.86 are affected.
Ref: http://www.securityfocus.com/archive/1/491139
______________________________________________________________________
08.17.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tr Script News "news.php" SQL Injection
Description: Tr Script News is a news application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "nb" parameter of the "news.php"
script before using it in an SQL query. Tr Script News version 2.1 is
affected.
Ref: http://www.securityfocus.com/bid/28876
______________________________________________________________________
08.17.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS Article Module "article.php" SQL Injection
Description: Article is a PHP-based component for the XOOPS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "article.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/491150
______________________________________________________________________
08.17.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Crazy Goomba "commentaires.php" SQL Injection
Description: Crazy Goomba is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"commentaires.php" script before using it in an SQL query. Crazy
Goomba version 1.2.1 is affected.
Ref:
http://www.z0rlu.ownspace.org/index.php?/archives/58-Crazy-Goomba-1.2.1-SQL-inj.html
______________________________________________________________________
08.17.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo FlippingBook Component "book_id" Parameter
SQL Injection
Description: The FlippingBook component is an album and presentation
component for the Joomla! and Mambo content managers. The component is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "book_id" parameter of the
"com_flippingbook" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28886
______________________________________________________________________
08.17.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress wpSS Spreadsheet Plugin "ss_id" Parameter SQL
Injection
Description: The WordPress Spreadsheet (wpSS) is a plugin for the
WordPress web-based publishing application. The plugin is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "ss_id" parameter of the "ss_load.php"
script before using it in an SQL query. wpSS versions 0.6 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/28894
______________________________________________________________________
08.17.65 CVE: Not Available
Platform: Web Application
Title: eGroupWare Unspecified Arbitrary File Upload
Description: eGroupWare is a web-based groupware application. The
application is exposed to an arbitrary file upload issue that stems
from an unspecified error related to FCKEditor. eGroupWare versions
prior to 1.4.004 are affected.
Ref: http://www.egroupware.org/news
______________________________________________________________________
08.17.66 CVE: Not Available
Platform: Web Application
Title: Carbon Communities Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Carbon Communities is a forum and bulletin board
application. The application is exposed to multiple input validation
issues. Carbon Communities version 2.4 is affected.
Ref: http://www.securityfocus.com/archive/1/490923
______________________________________________________________________
08.17.67 CVE: Not Available
Platform: Web Application
Title: e107 123 FlashChat Module "123flashchat.php" Remote File
Include
Description: 123 FlashChat is a chat module for the e107 content
manager. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"e107path" parameter of the "123flashchat.php" script.
Ref: http://www.securityfocus.com/bid/28828
______________________________________________________________________
08.17.68 CVE: Not Available
Platform: Web Application
Title: SunShop Shopping Cart "adminindex.php" Multiple SQL Injection
Vulnerabilities
Description: SunShop Shopping Cart is a web-based ecommerce
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "orderby" and "sort" parameters in the "admin/adminindex.php" script
before using it in an SQL query. SunShop Shopping Cart version 4.1.0
is affected.
Ref: http://www.securityfocus.com/bid/28832
______________________________________________________________________
08.17.69 CVE: Not Available
Platform: Web Application
Title: Exponent CMS Multiple HTML Injection Vulnerabilities
Description: Exponent CMS is an open-source content manager
application. It is exposed to multiple HTML injection issues because
it fails to sufficiently sanitize user-supplied input. Exponent CMS
version 0.97.0-alpha and all earlier versions are affected.
Ref:
http://www.exponentcms.org/index.php?action=view&id=64&module=newsmodule&src=%40random44fe03276195
______________________________________________________________________
08.17.70 CVE: Not Available
Platform: Web Application
Title: Grape Web Statistics "functions.php" Remote File Include
Description: Grape Web Statistics is a PHP-based application that
allows site administrators to keep track of web site statistics. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "location"
parameter of the "function.php" script. Grade Web Statistics version
0.2a is affected.
Ref: http://www.securityfocus.com/bid/28838
______________________________________________________________________
08.17.71 CVE: Not Available
Platform: Web Application
Title: LightNEasy 1.2.2 Flat Multiple Input Validation Vulnerabilities
Description: LightNEasy is a web-based content manager. The
application is exposed to multiple input validation issues. LightNEasy
version 1.2.2 flat is affected.
Ref: http://www.securityfocus.com/archive/1/491064
______________________________________________________________________
08.17.72 CVE: CVE-2008-1734
Platform: Web Application
Title: PHP Toolkit Quote Parameter Information Disclosure and Denial
of Service
Description: PHP Toolkit is an application that manages multiple
installations of PHP. The application is exposed to an information
disclosure and denial of service issue because the application does
not quote parameters passed to the "tr" command. This issue only
occurs when converting a file containing a filename with a single
lower case character.
Ref: http://www.securityfocus.com/bid/28844
______________________________________________________________________
08.17.73 CVE: Not Available
Platform: Web Application
Title: WordPress "cat" Parameter Directory Traversal
Description: WordPress is a freely available application for personal
publishing. WordPress is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input to the
"cat" parameter of the "index.php" script. WordPress version 2.3.3 is
affected.
Ref: http://trac.wordpress.org/changeset/7586
______________________________________________________________________
08.17.74 CVE: Not Available
Platform: Web Application
Title: TorrentFlux Cross-Site Request Forgery and Remote PHP Script
Code Execution Vulnerabilities
Description: TorrentFlux is a front end management application for
BitTorrent. TorrentFlux is exposed to a cross-site request forgery and
remote PHP script code execution issue. TorrentFlux version 2.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/491066
______________________________________________________________________
08.17.75 CVE: Not Available
Platform: Web Application
Title: Azureus HTML WebUI Cross-Site Request Forgery
Description: Azureus HTML WebUI is a web-based administrative
interface for the Azureus BitTorrent client application. The
application is exposed to a cross-site request forgery issue. uTorrent
WebUI version 0.310 beta 2 is affected.
Ref:
http://azureus.sourceforge.net/plugin_details.php?plugin=azhtmlwebui
______________________________________________________________________
08.17.76 CVE: Not Available
Platform: Web Application
Title: openInvoice Security Bypass Vulnerabilities
Description: openInvoice is a web-based invoicing tool. The
application is exposed to multiple security bypass issues because it
fails to properly validate user credentials before allowing access to
the admin area. openInvoice version 0.90 Beta is affected.
Ref: http://www.securityfocus.com/bid/28854
______________________________________________________________________
08.17.77 CVE: Not Available
Platform: Web Application
Title: phShoutBox Cookie Security Bypass
Description: phShoutBox is a web-based shoutbox application. The
application is exposed to a security bypass issue because it fails to
properly validate user credentials before allowing access to the admin
area. phShoutBox versions 1.5 Final and earlier are affected.
Ref: http://www.securityfocus.com/bid/28856
______________________________________________________________________
08.17.78 CVE: Not Available
Platform: Web Application
Title: Chimaera Project Aterr Multiple Local File Include
Vulnerabilities
Description: Aterr is a threaded forum system. The application is
exposed to local file include issues because it fails to properly
sanitize user-supplied input to the "class" parameter of the
"include/functions.inc.php" script and "file" parameter of the
"include/common.inc.php" script. Aterr version 0.9.1 is affected.
Ref: http://www.securityfocus.com/bid/28861
______________________________________________________________________
08.17.79 CVE: Not Available
Platform: Web Application
Title: Host Directory PRO Cookie Security Bypass
Description: Host Directory PRO is a web-based application to create
hosting directories. The application is exposed to a security bypass
issue because it fails to properly validate user credentials before
allowing access to the admin area.
Ref: http://www.securityfocus.com/bid/28863
______________________________________________________________________
08.17.80 CVE: Not Available
Platform: Web Application
Title: PortailPHP "mod_search" Remote File Include
Description: PortailPHP is a content management application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input in the "chemin" parameter of
the "mod_search/index.php" script. PortailPHP version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28867
______________________________________________________________________
08.17.81 CVE: Not Available
Platform: Web Application
Title: SMF Audio CAPTCHA Security Bypass
Description: SMF (Simple Machine Forum) is a web-based forum
application. The application is exposed to a security bypass issue that
occurs in the audio CAPTCHA. To circumvent the audio CAPTCHA test, the
attacker would need to perform 14,000 Hamming distance calculations.
Ref: http://www.securityfocus.com/archive/1/491127
______________________________________________________________________
08.17.82 CVE: Not Available
Platform: Web Application
Title: Acidcat CMS Multiple Input Validation Vulnerabilities
Description: Acidcat CMS is an ASP based content manager. The
application is exposed to multiple input validation issues. Acidcat
CMS version 3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/491129
______________________________________________________________________
08.17.83 CVE: Not Available
Platform: Web Application
Title: Kubelance "ipn.php" Local File Include
Description: Kubelance is a PHP-based application that allows users to
post and bid on jobs and projects. The application is exposed to a
local file include issue because it fails to properly sanitize
user-supplied input to the "i" parameter of the "ipn.php" script.
Kubelance version 1.6.4 is affected.
Ref: http://www.securityfocus.com/bid/28873
______________________________________________________________________
08.17.84 CVE: CVE-2008-1385, CVE-2008-1386
Platform: Web Application
Title: S9Y Serendipity HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: Serendipity is a web-log application. The application is
exposed to multiple input validation issues because it fails to
properly sanitize user-supplied input. S9Y Serendipity version 1.3 is
affected.
Ref: http://int21.de/cve/CVE-2008-1386-s9y.html
______________________________________________________________________
08.17.85 CVE: Not Available
Platform: Web Application
Title: QIP Unspecified Remote Memory Corruption
Description: QIP is an instant messenger application. The application
is exposed to a memory corruption issue due to an unspecified error when
processing messages.
Ref: http://www.securityfocus.com/bid/28896
______________________________________________________________________
08.17.86 CVE: CVE-2008-1155
Platform: Network Device
Title: Cisco Network Admission Control Shared Secret Information
Disclosure
Description: Cisco Network Admission Control (NAC) appliance is a
networking device for ensuring endpoint device security policy
compliance. The appliance is exposed to a remote information
disclosure issue because it fails to securely transmit error log data
over the network.
Ref: http://www.securityfocus.com/archive/1/490958
______________________________________________________________________
08.17.87 CVE: Not Available
Platform: Network Device
Title: Multiple Wireless Routers Predictable Default WEP/WPA Key
Security Bypass
Description: Multiple wireless routers are exposed to an issue that
can allow an attacker to predict their default WEP/WPA encryption
keys. Specifically, the algorithm to generate default SSID and
encryption key values are based on a hash of the device's serial
number.
Ref: http://www.securityfocus.com/archive/1/491206
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgQzUoACgkQ+LUG5KFpTkZ3ZgCfVSCcNti2PDEXpmNjzKXaJVpx
9OgAnA8AJDff8j2GOYQMgks4BD9nY0Kt
=4FmJ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]