|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 20
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu May 15 2008 - 17:06:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Microsoft's monthly vulnerability announcement included two that demand
immediate action, one in Microsoft Word and one in Microsoft Jet Engine.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
May 15, 2008 Vol. 7. Week
20
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1 (#4)
Microsoft Office 4 (#1, #2, #3)
Other Microsoft Products 5 (#6)
Third Party Windows Apps 2 (#7)
Linux 12 (#5)
HP-UX 2
Solaris 2
Unix 1
Cross Platform 15
Web Application - Cross Site Scripting 20
Web Application - SQL Injection 42
Web Application 21
Network Device 1
********************* Sponsored By Sourcefire, Inc. *********************
SC Magazine Names Snort(R) "Best Network Security."
Learn how Snort is the engine powering the Sourcefire 3DT System. This
IPS is different from others because it shows you everything running on
your network in real time. It also gives you context for your security
events.
Know more real threats. No more wild goose chases.
Call 1.800.917.4134 today.
http://www.sans.org/info/29043
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
with many bonus sessions and a big exhibition of security products:
http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
http://www.sans.org/secureeurope08
- - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Word Multiple Vulnerabilities (MS08-026)
(2) CRITICAL: Microsoft Jet Engine MDB File Parsing Buffer Overflow (MS08-28)
(3) HIGH: Microsoft Publisher Remote Code Execution (MS08-027)
(4) MODERATE: Microsoft Windows CE Multiple Image Processing Vulnerabilities
(5) MODERATE: Debian/Ubuntu OpenSSL Key Generation Weakness
(6) LOW: Microsoft Malware Protection Engine Denial-of-Service Vulnerabilities (MS08-029)
Other Software
(7) HIGH: IDAutomation Barcode ActiveX Control Multiple Vulnerabilities
************************* Sponsored Links: ****************************
1) Join your peers at the Penetration Testing and Ethical Hacking Summit
- - Las Vegas June 2-3.
http://www.sans.org/info/29048
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Windows
08.20.1 - Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary Code Execution Vulnerabilities
-- Microsoft Office
08.20.2 - Microsoft May 2008 Advance Notification Multiple Vulnerabilities
08.20.3 - OpenOffice 'swriter' Unspecified Remote Code Execution Vulnerability
08.20.4 - Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution
08.20.5 - Microsoft Word CSS Handling Memory Corruption Remote Code Execution
-- Other Microsoft Products
08.20.6 - Microsoft Internet Explorer "DisableCachingOfSSLPages" Security Weakness
08.20.7 - Microsoft Outlook Web Access "no-store" HTTP Directive Information Disclosure Weakness
08.20.8 - Microsoft Malware Protection Engine File Processing Remote Denial of Service
08.20.9 - Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial of Service
08.20.10 - Microsoft Publisher Memory Object Handler Data Remote Code Execution
-- Third Party Windows Apps
08.20.11 - Ourgame "GLIEDown2.dll" ActiveX Control Remote Code Execution
08.20.12 - IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities
-- Linux
08.20.13 - Linux Kernel "ssm_i" Emulation Hypervisor Panic Denial of Service
08.20.14 - Linux Kernel IPSec Fragmented ESP Packet Remote Denial of Service
08.20.15 - Linux Kernel "/include/xen/blkif.h" 32-on-64 Support Denial of Service
08.20.16 - Linux Kernel Asynchronous FIFO IO Local Denial of Service
08.20.17 - Linux Kernel x86_64 ptrace Denial of Service
08.20.18 - Linux Kernel Direction Flag Local Memory Corruption
08.20.19 - Linux Kernel "fcntl_setlk()" SMP Ordering Local Denial of Service
08.20.20 - Linux Kernel "sys_utimensat" Local Denial of Service
08.20.21 - Debian OpenSSL Package Random Number Generator Weakness
08.20.22 - Xen Para Virtualized Frame Buffer Backend Local Denial of Service
08.20.23 - Xen Para-Virtualized Framebuffer Message Format Denial of Service
08.20.24 - UUDeview Insecure Temporary File Creation
-- HP-UX
08.20.25 - HP-UX LDAP-UX Unspecified Local Unauthorized Access
08.20.26 - HP FTP Unspecified Remote Denial of Service
-- Solaris
08.20.27 - Sun Solaris TCP SYN Flooding Remote Denial of Service
08.20.28 - Sun Solaris Print Service Unspecified Remote Code Execution
-- Unix
08.20.29 - rdesktop Multiple Remote Memory Corruption Vulnerabilities
-- Cross Platform
08.20.30 - QEMU "vl.c" Security Bypass
08.20.31 - MySQL MyISAM Table Privileges Secuity Bypass
08.20.32 - Sun Ray Kiosk Mode Unspecified Privilege Escalation
08.20.33 - Sun Java System Application Server and Web Server JSP Information Disclosure
08.20.34 - TFTP Server Error Packet Handling Remote Buffer Overflow
08.20.35 - Oracle Application Server Portal Authentication Bypass
08.20.36 - Zarafa Multiple Remote Vulnerabilities
08.20.37 - Firebird "ISC_PASSWORD" Environment Variable Unauthorized Access
08.20.38 - Red Hat Directory Server LDAP Query Patterns Buffer Overflow
08.20.39 - SARG Multiple Unspecified Buffer Overflow Vulnerabilities
08.20.40 - GNU Emacs ".flc" File Processing
08.20.41 - Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
08.20.42 - libvorbis Multiple Remote Vulnerabilities
08.20.43 - Wordnet Multiple Buffer Overflow Vulnerabilities
08.20.44 - Net-SNMP Perl Module Buffer Overflow
-- Web Application - Cross Site Scripting
08.20.45 - SAP Internet Transaction Server Multiple Cross-Site Scripting Vulnerabilities
08.20.46 - Sun Java System Web Server Search Module Cross-Site Scripting
08.20.47 - Tux CMS Multiple Cross-Site Scripting Vulnerabilities
08.20.48 - Sphider "query" Parameter Cross-Site Scripting
08.20.49 - SonicWALL Email Security Error Page Cross-Site Scripting
08.20.50 - ZyWALL 100 HTTP Referer Header Cross-Site Scripting
08.20.51 - Apache HTTP Server 403 Error Cross-Site Scripting
08.20.52 - InfoBiz Server "keywords" parameter Cross-Site Scripting
08.20.53 - cPanel Multiple Cross-Site Scripting Vulnerabilities
08.20.54 - Phoenix View CMS "admin_frame.php" Cross-Site Scripting
08.20.55 - Nagios Unspecified Cross-Site Scripting
08.20.56 - phpInstantGallery Multiple Cross-Site Scripting Vulnerabilities
08.20.57 - CyrixMED "index.php" Cross-Site Scripting
08.20.58 - IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site Scripting
08.20.59 - ActualScripts ActualAnalyzer "view.php" Cross-Site Scripting
08.20.60 - TYPO3 Event Database Extension Unspecified Cross-Site Scripting
08.20.61 - Build A Niche Store "q" Parameter Cross-Site Scripting
08.20.62 - Cisco BBSM Captive Portal "AccesCodeStart.asp" Cross-Site Scripting
08.20.63 - Interspire ArticleLive NX "Query" Field Cross-Site Scripting
08.20.64 - Django Login Form Cross-Site Scripting
-- Web Application - SQL Injection
08.20.65 - OneCMS "asd.php" SQL Injection
08.20.66 - RunCMS "pm.class.php" Multiple SQL Injection Vulnerabilities
08.20.67 - VisualShapers EzContents Multiple SQL Injection Vulnerabilities
08.20.68 - Musicbox "viewalbums.php" SQL Injection
08.20.69 - Shader TV Multiple SQL Injection Vulnerabilities
08.20.70 - gameCMS Lite "index.php" SQL Injection
08.20.71 - PostcardMentor "step1.asp" SQL Injection
08.20.72 - FipsCMS "print.asp" SQL Injection
08.20.73 - Galleristic "index.php" SQL Injection
08.20.74 - YouTube Clone Script "group_posts.php" SQL Injection
08.20.75 - HispaH Model Search "cat.php" SQL Injection
08.20.76 - SazCart "prodid" Parameter SQL Injection
08.20.77 - Ktools PhotoStore "gallery.php" SQL Injection
08.20.78 - Ktools PhotoStore Multiple SQL Injection Vulnerabilities
08.20.79 - Advanced Links Management "read.php" SQL Injection
08.20.80 - Joomla! and Mambo Datsogallery Component "sub_votepic.php" SQL Injection
08.20.81 - OtherLogic "vocourse.php" SQL Injection
08.20.82 - Joomla! and Mambo xsstream-dm Component 'movie' Parameter SQL Injection
08.20.83 - QuickUpCMS Multiple SQL Injection Vulnerabilities
08.20.84 - Vortex CMS "index.php" SQL Injection
08.20.85 - WordPress WP Photo Album Plugin "photo" Parameter SQL Injection
08.20.86 - AJ Article "featured_article.php" SQL Injection
08.20.87 - AJ Auction "classifide_ad.php" SQL Injection
08.20.88 - AJ Classifieds "index.php" SQL Injection
08.20.89 - AJ Dating "view_profile.php" SQL Injection
08.20.90 - ZeusCart "category_list.php" SQL Injection
08.20.91 - Editorial "admin/index.php3" SQL Injection
08.20.92 - Battle.net Clan Script "members.php" SQL Injection
08.20.93 - Mega File Hosting Script "members.php" SQL Injection
08.20.94 - PHP Classifieds Script "fatherID" Parameter Multiple SQL Injection Vulnerabilities
08.20.95 - ABSoft Advanced Image Hosting Script "out.php" SQL Injection
08.20.96 - AJ HYIP Acme "topic_detail.php" SQL Injection
08.20.97 - Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
08.20.98 - e107 BLOG Engine "comment.php" SQL Injection
08.20.99 - EQdkp "user_id" Parameter SQL Injection
08.20.100 - Zogo-shop "products.php" SQL Injection
08.20.101 - Meto Forum "forum/kategori.asp" SQL Injection
08.20.102 - Meto Forum Multiple SQL Injection Vulnerabilities
08.20.103 - CaLogic Calendars "userreg.php" SQL Injection
08.20.104 - The Real Estate Script "dpage.php" SQL Injection
08.20.105 - EMO Realty Manager "news.php" SQL Injection
08.20.106 - Kalptaru Infotech Automated Link Exchange Portal "linking.page.php" SQL Injection
-- Web Application
08.20.107 - CMS Faethon Cross-Site Scripting Vulnerability and Remote File Include
08.20.108 - Nuke ET Journal Module Security Bypass and HTML Injection Vulnerabilities
08.20.109 - mvnForum Quick Reply Feature HTML Injection
08.20.110 - Forum Rank System "settings["locale"]" Parameter Multiple Local File Include Vulnerabilities
08.20.111 - SazCart "_saz[settings]" Multiple Remote File Include Vulnerabilities
08.20.112 - myWebland miniBloggie "del.php" Security Bypass
08.20.113 - OpenKM Document Export Security Bypass
08.20.114 - Cyberfolio "derniers_commentaires.php" Remote File Include
08.20.115 - Admidio "get_file.php" Local File Include
08.20.116 - txtCMS "index.php" Local File Include
08.20.117 - BlogPHP Multiple HTML Injection, Cross-Site Scripting and Cookie Manipulation Vulnerabilities
08.20.118 - PhpBlock Multiple Remote File Include Vulnerabilities
08.20.119 - ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities
08.20.120 - BIGACE "GLOBALS[_BIGACE][DIR]" Parameter Multiple Remote File Include Vulnerabilities
08.20.121 - IBD Micro CMS "microcms-admin-login.php" Multiple SQL Injection Vulnerabilities
08.20.122 - Claroline Multiple Remote File Include Vulnerabilities
08.20.123 - Fusebox "fusebox5.php" Remote File Include
08.20.124 - PhpMyAgenda "infoevent.php3" Remote File Include
08.20.125 - CMS Made Simple "modules/FileManager/postlet/javaUpload.php" Arbitrary File Upload
08.20.126 - TYPO3 WT Gallery Extension Multiple Input Validation Vulnerabilities
08.20.127 - WGCC Web Group Communication Center Cross-Site Scripting and SQL Injection Vulnerabilities
-- Network Device
08.20.128 - Citrix Access Gateway Standard and Advanced Edition Unspecified Authentication Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Word Multiple Vulnerabilities (MS08-026)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Word Viewer 2003
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Description: Microsoft Word contains several vulnerabilities in its
handling of Rich Text Format (RTF) and Microsoft Word documents. A
specially crafted RTF or Word document could trigger one of these
vulnerabilities, leading to a memory corruption condition. Successfully
exploiting this flaw would allow an attacker to execute arbitrary code
with the privileges of the current user. Note that on recent versions
of Microsoft Word, documents are not opened upon receipt without first
prompting the user. Some technical information is publicly available for
these vulnerabilities.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-026.mspx
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-023/
iDefense Security Bulletin
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=700
Wikipedia Article on RTF
http://en.wikipedia.org/wiki/Rich_Text_Format
SecurityFocus BID
http://www.securityfocus.com/bid/29105
***********************************************
(2) CRITICAL: Microsoft Jet Engine MDB File Parsing Buffer Overflow (MS08-28)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Description: The Microsoft Jet Engine is a database engine used by a
variety of Microsoft applications. This engine is included by default
in some versions of Microsoft Windows. The engine contains a stack-based
buffer overflow in its handling of "MDB" database files. A specially
crafted MDB file could trigger this buffer overflow, allowing an
attacker to execute arbitrary code with the privileges of the current
user. Note that MDB files by default are considered an "unsafe" file
type by Microsoft applications and will not be opened without first
prompting the user. A new attack vector has been discovered, however,
that is capable of bypassing this restriction. It is believed that this
advisory or its exploitation vector is related to an issue discussed in
a previous edition of RISK. If this is the case, then full technical
details and a proof-of-concept are publicly available for this
vulnerability.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-028.mspx
TippingPoint DVLabs Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-04
Previous RISK Entry
https://www.sans.org/newsletters/risk/display.php?v=7&i=13#widely2
Proof-of-Concept (binary file)
http://www.securityfocus.com/data/vulnerabilities/exploits/26468.mdb
SecurityFocus BID
http://www.securityfocus.com/bid/26468
***********************************************
(3) HIGH: Microsoft Publisher Remote Code Execution (MS08-027)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Description: Microsoft Publisher contains a flaw in its handling of
Publisher files. A specially crafted Publisher file could lead to a
memory corruption condition within Publisher. Successfully exploiting
this vulnerability would allow an attacker to execute arbitrary code
with the privileges of the current user. Note that on recent versions
of Microsoft Word, documents are not opened upon receipt without first
prompting the user. Some technical information is publicly available for
these vulnerabilities.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-027.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/29158
***********************************************
(4) MODERATE: Microsoft Windows CE Multiple Image Processing Vulnerabilities
Affected:
Microsoft Windows CE 5.0
Description: Windows CE is Microsoft's version of its Windows operating
system for consumer and embedded electronics. It is a popular operating
system for smartphones and other devices. Windows CE contains several
flaws in its handling of JPEG and GIF image files. A specially crafted
image file loaded by a Windows CE application could trigger one of these
flaws. Successfully exploiting one of these vulnerabilities would allow
an attacker to execute arbitrary code with the privileges of the
vulnerable process. On most commons hardware platforms, successful
exploitation would allow complete control of the vulnerable device.
These flaws would affect any application that uses the operating system
routines to parse images, included email and web browser applications.
Status: Microsoft confirmed, updates available.
References:
Microsoft Knowledge Base Article
http://support.microsoft.com/kb/948812
Microsoft Windows CE Home Page
http://www.microsoft.com/windows/embedded/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/29147
***********************************************
(5) MODERATE: Debian/Ubuntu OpenSSL Key Generation Weakness
Affected:
OpenSSL as distributed in Debian Linux versions 4.0 and prior
OpenSSL as distributed in Ubuntu Linux versions 8.04 and prior
Other Linux distributions based on Debian are likely vulnerable
Description: OpenSSL is an open source cryptography library that
provides a variety of cryptographic services, as well as an
implementation of the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols. It is used by numerous applications, including
Mozilla Firefox and OpenSSH. OpenSSL is included by most Linux
distributions, including the Debian Linux distribution. The Debian
project patched OpenSSL for their distribution and this patch introduced
a weakness in the random number generation algorithm for secure keys.
These keys are used for authentication in a variety of situations, most
notably by the SSH server included in the operating system. These keys
are, due to this flaw, easily guessable. Successfully guessing the key
would allow an attacker to eavesdrop on encrypted sessions and
potentially bypass authentication altogether. A public proof-of-concept
is available that can enumerate through the entire keyspace very
rapidly. Full technical details are publicly available for this
vulnerability. Note that other Linux distributions based on Debian (such
as Ubuntu) are likely vulnerable.
Status: Debian confirmed, updates available. Users of Debian-derived
distributions are advised to check with their vendor for updates.
References:
Technical Description and Tools from H. D. Moore
http://metasploit.com/users/hdm/tools/debian-openssl/
Proof-of-Concept
http://milw0rm.com/exploits/5622
OpenSSL Home Page
http://www.openssl.org/
Debian Home Page
http://www.debian.org
SecurityFocus BID
http://www.securityfocus.com/bid/29179
***********************************************
(6) LOW: Microsoft Malware Protection Engine Denial-of-Service Vulnerabilities (MS08-029)
Affected:
Microsoft Windows Live OneCare
Microsoft Antigen for Exchange
Microsoft Antigen for SMTP Gateway
Microsoft Windows Defender
Microsoft Forefront Client Security
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
Description: The Microsoft Malware Protection Engine is an anti-malware
and antivirus engine used by a variety of Microsoft products. It
contains multiple denial-of-service vulnerabilities. A specially crafted
file, when analyzed by the engine, could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
could cause the malware protection engine to restart, or cause the
system to become slow or unresponsive. Note that on email systems, a
specially crafted email message transiting the server is sufficient for
exploitation. Additionally, depending upon configuration, receipt of a
malicious file is sufficient for exploitation.
Status: Microsoft confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/29073
http://www.securityfocus.com/bid/29060
***********************************************
****************
Other Software
****************
(7) HIGH: IDAutomation Barcode ActiveX Control Multiple Vulnerabilities
Affected:
IDAutomation Barcode AciveX Controls
Description: IDAutomation provides a variety of barcode related tools
an technologies, including several ActiveX controls used for barcode
production and analysis. Several of these controls contain arbitrary
file overwrite vulnerabilities. A malicious web page that instantiated
one of these controls could trigger one of these vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to overwrite arbitrary files with the privileges of the current
user. These vulnerabilities could be leveraged to execute arbitrary
code. Full technical details and a proof-of-concept are publicly
available.
Status: IDAutomation has not confirmed, no updates available. Users can
mitigate the impact of these vulnerabilities by disabling the affected
controls via Microsoft's "kill bit" mechanism for CLSIDs
"0C3874AA-AB39-4B5E-A768-45F3CE6C6819",
"DB67DB99-616A-4CAB-A3A1-2EF644F254E7",
"E97EE6EB-7FBE-43B1-B6D8-C4D86C78C5A0" and
"eba15b30-80b4-11dc-b31d-0050c2490048".
References:
Advisory by Shinnai
http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1210750552.ff.php&page=last
Proof-of-Concept
http://www.shinnai.altervista.org/xplits/TXT_0REurGhkWARENTl1BhSX.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://idautomation.com/
SecurityFocus BID
http://www.securityfocus.com/bid/29204
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 20, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.20.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows CE JPEG And GIF Processing Multiple Arbitrary
Code Execution Vulnerabilities
Description: Microsoft Windows CE is a compact version of the Windows
operating system for embedded systems. The application is exposed to
multiple issues that allow attackers to execute arbitrary code.
Ref: http://support.microsoft.com/kb/948812
______________________________________________________________________
08.20.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
Description: Microsoft has released advance notification for patches
that it will release for May 2008. The highest severity rating for these
issues is 'Critical'. Three 'Critical' bulletins affect the following:
Microsoft Word, Microsoft Publisher, Microsoft Office, and Microsoft Jet
Database Engine 4.0. One 'Moderate' bulletin affects the following:
Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, and
Microsoft Forefront Security.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-may.mspx
______________________________________________________________________
08.20.3 CVE: Not Available
Platform: Office
Title: OpenOffice 'swriter' Unspecified Remote Code Execution
Vulnerability Description: OpenOffice is prone to a remote
code-execution vulnerability. Remote attackers can exploit this issue
by enticing a victim into opening maliciously crafted file.
Ref: http://www.securityfocus.com/bid/29142
______________________________________________________________________
08.20.4 CVE: CVE-2008-1091
Platform: Microsoft Office
Title: Microsoft Word RTF Malformed String Handling Memory Corruption
Remote Code Execution
Description: Microsoft Word is exposed to a remote code execution
issue that occurs because of memory-calculation errors when handling
malformed strings in a Rich Text Format (RTF) document. This causes a
heap-based buffer overflow.
Ref: http://www.kb.cert.org/vuls/id/543907
______________________________________________________________________
08.20.5 CVE: CVE-2008-1434
Platform: Microsoft Office
Title: Microsoft Word CSS Handling Memory Corruption Remote Code
Execution
Description: Microsoft Word is exposed to a remote code execution
issue that occurs because of memory calculation errors when handling
malformed CSS (Cascading Style Sheet) values in Word documents.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-026.mspx
______________________________________________________________________
08.20.6 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer "DisableCachingOfSSLPages" Security
Weakness
Description: Microsoft Internet Explorer is a browser application for
the Windows operating system. The application is exposed to a weakness
that may allow attackers to extract potentially sensitive information.
Internet Explorer 7 is affected.
Ref: http://www.kb.cert.org/vuls/id/468843
______________________________________________________________________
08.20.7 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Outlook Web Access "no-store" HTTP Directive
Information Disclosure Weakness
Description: Microsoft Outlook Web Access is a web-based email client
application that is bundled with Microsoft Exchange. Microsoft Outlook
Web Access is exposed to a weakness that may allow sensitive
information to be unintentionally stored on the local computer.
Ref: http://www.kb.cert.org/vuls/id/829876
______________________________________________________________________
08.20.8 CVE: CVE-2008-1437
Platform: Other Microsoft Products
Title: Microsoft Malware Protection Engine File Processing Remote
Denial of Service
Description: Microsoft Malware Protection Engine is a component in
several Microsoft security products. The Malware Protection Engine
"mpengine.dll" is exposed to a remote denial of service issue because
it fails to properly validate user-supplied input when parsing
specially-crafted files.
Ref: http://secway.org/advisory/AD20080514.txt
______________________________________________________________________
08.20.9 CVE: CVE-2008-1438
Platform: Other Microsoft Products
Title: Microsoft Malware Protection Engine Disk Space Exhaustion
Remote Denial of Service
Description: Microsoft Malware Protection Engine is a component in
several Microsoft security products. The Malware Protection Engine
"mpengine.dll" is exposed to a remote denial of service issue because
it fails to properly validate certain data structures when parsing
specially-crafted files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-029.mspx
______________________________________________________________________
08.20.10 CVE: CVE-2008-0119
Platform: Other Microsoft Products
Title: Microsoft Publisher Memory Object Handler Data Remote Code
Execution
Description: Microsoft Publisher is exposed to a remote code execution
issue. The issue is caused by an error when calculating object handler
data.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-027.mspx
______________________________________________________________________
08.20.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ourgame "GLIEDown2.dll" ActiveX Control Remote Code Execution
Description: Ourgame "GLIEDown2.dll" ActiveX control is exposed to a
remote code execution issue because it fails to sufficiently verify
user-supplied input. GlobalLink version 2.8.1.2 beta is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.20.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: IDAutomation Barcode ActiveX Controls Multiple Arbitrary File
Overwrite Vulnerabilities
Description: IDAutomation provides various ActiveX control barcode
libraries that integrate with Microsoft Access, Excel, Infopath,
Internet Explorer, Visual Basic and C++. The application is exposed to
multiple issues that allow attackers to overwrite arbitrary files.
Ref:
http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1210750552.ff.php&page=last
______________________________________________________________________
08.20.13 CVE: CVE-2008-1619
Platform: Linux
Title: Linux Kernel "ssm_i" Emulation Hypervisor Panic Denial of
Service
Description: The Linux Kernel is exposed to a denial of service issue.
Attackers can exploit this issue in certain virtualized environments
via certain network traffic. Specifically, "ssm_i" emulation by a
privileged user in a fully virtualized guest can cause a dom0 panic on
the hypervisor. The Linux Kernel IA-64 architecture is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
______________________________________________________________________
08.20.14 CVE: CVE-2007-6282
Platform: Linux
Title: Linux Kernel IPSec Fragmented ESP Packet Remote Denial of
Service
Description: The Linux Kernel is exposed to a remote denial of service
issue. This issue occurs in the IPsec protocol implementation.
Specifically, the kernel fails to handle network packets that are sent
in small fragmented pieces. When the kernel reassembles the packets,
it will crash after a certain period of time.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0237.html
______________________________________________________________________
08.20.15 CVE: CVE-2007-5498
Platform: Linux
Title: Linux Kernel "/include/xen/blkif.h" 32-on-64 Support Denial of
Service
Description: The Linux kernel is exposed to a denial of service issue
due to a a lack of sanity checks when handling values when running
32-bit paravirtualized guests on a 64-bit host. This issue affects the
"blkif_get_x86_32_req()" and "blkif_get_x86_64_req()" functions when
handling "req->nr_segments" values.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
______________________________________________________________________
08.20.16 CVE: CVE-2007-5001
Platform: Linux
Title: Linux Kernel Asynchronous FIFO IO Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. It occurs when performing asynchronous input and output on a
FIFO special file. Linux kernel versions prior to 2.4.21 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0211.html
______________________________________________________________________
08.20.17 CVE: CVE-2008-1615
Platform: Linux
Title: Linux Kernel x86_64 ptrace Denial of Service
Description: The Linux kernel is exposed to a denial of service issue
when process traces are performed on 64-bit computers. The issue
affects "/kernel/syscalls/ptrace/x86_64-cs" and
"/kernel/syscalls/ptrace/x86_64-cs-biarch".
Ref: http://rhn.redhat.com/errata/RHSA-2008-0237.html
______________________________________________________________________
08.20.18 CVE: CVE-2008-1367
Platform: Linux
Title: Linux Kernel Direction Flag Local Memory Corruption
Description: The Linux kernel is exposed to an issue that causes
kernel memory corruption. The vulnerability is due to the x86
implementation of the directory flags (DF) used when compiling an
application with GCC.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0233.html
______________________________________________________________________
08.20.19 CVE: CVE-2008-1669
Platform: Linux
Title: Linux Kernel "fcntl_setlk()" SMP Ordering Local Denial of
Service
Description: The Linux kernel is exposed to a local denial of service
issue. The issue occurs in the "fcntl_setlk()" function on SMP
systems. Linux kernel versions prior to 2.6.25.2 and 2.4.36.4 are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0211.html
______________________________________________________________________
08.20.20 CVE: Not Available
Platform: Linux
Title: Linux Kernel "sys_utimensat" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. The issue occurs if "utimensat()" is called with either both
times set to "UTIME_NOW" or one of them set to "UTIME_NOW" and the
other set to "UTIME_OMIT". kernel versions 2.6.22 through to 2.6.25.2
are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
______________________________________________________________________
08.20.21 CVE: CVE-2008-0166
Platform: Linux
Title: Debian OpenSSL Package Random Number Generator Weakness
Description: OpenSSL is an open-source implementation of the SSL
protocol that is used by a number of other projects, including but not
restricted to, Apache, Sendmail, and Bind. It is commonly found on
Linux and UNIX systems. The Debian OpenSSL package is exposed to a
random-number-generator weakness. OpenSSL package for Debian versions
prior to 0.9.8c-4etch3 are affected.
Ref: http://www.securityfocus.com/bid/29179
______________________________________________________________________
08.20.22 CVE: CVE-2008-1943
Platform: Linux
Title: Xen Para Virtualized Frame Buffer Backend Local Denial of
Service
Description: Xen is an open-source hypervisor or virtual machine
monitor. Xen is exposed to a local denial of service issue that occurs
because the hypervisor's para-virtualized frame buffer (PFVP) fails to
perform sufficient validation on the frontend framebuffer description.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0194.html
______________________________________________________________________
08.20.23 CVE: CVE-2008-1944
Platform: Linux
Title: Xen Para-Virtualized Framebuffer Message Format Denial of
Service
Description: Xen is an open-source hypervisor or virtual machine
monitor. Xen is exposed to a denial of service issue because the
software fails to adequately verify user-supplied data.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0194.html
______________________________________________________________________
08.20.24 CVE: Not Available
Platform: Linux
Title: UUDeview Insecure Temporary File Creation
Description: UUDeview is a freely available utility that encodes and
decodes binary files. UUDeview creates temporary files in an insecure
manner. Specifically, the issue presents itself because the
"tempnam()" function of the "uulib/uunconc.c" file uses a temporary
file with a predictable name. UUDeview version 0.5.20 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480972
______________________________________________________________________
08.20.25 CVE: CVE-2008-1659
Platform: HP-UX
Title: HP-UX LDAP-UX Unspecified Local Unauthorized Access
Description: LDAP-UX is an implementation of the Lightweight Directory
Access Protocol (LDAP) protocol. The application is exposed to a local
unauthorized issue.
Ref: http://www.securityfocus.com/bid/29078
______________________________________________________________________
08.20.26 CVE: CVE-2008-0713
Platform: HP-UX
Title: HP FTP Unspecified Remote Denial of Service
Description: FTP running on HP-UX is exposed to a remote denial of
service issue. Technical details are currently unavailable.
Ref: http://www.securityfocus.com/archive/1/491966
______________________________________________________________________
08.20.27 CVE: Not Available
Platform: Solaris
Title: Sun Solaris TCP SYN Flooding Remote Denial of Service
Description: Sun Solaris is exposed to a denial of service issue that
occurs due to the TCP implementation. Computers undergoing a TCP SYN
flood condition may be unable to accept new network connections.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200864-1
______________________________________________________________________
08.20.28 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Print Service Unspecified Remote Code Execution
Description: Sun Solaris print service controls printing on Sun
Solaris operating systems. Print service is susceptible to an
unspecified remote code-execution issue that allows remote attackers
to execute arbitrary machine code with SYSTEM-level privileges on
affected computers.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1
______________________________________________________________________
08.20.29 CVE: CVE-2008-1801, CVE-2008-1802, CVE-2008-1803
Platform: Unix
Title: rdesktop Multiple Remote Memory Corruption Vulnerabilities
Description: rdesktop is a remote desktop client that speaks the
Remote Desktop Protocol (RDP). The application is exposed to multiple
memory corruption issues. rdesktop version 1.5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491811
______________________________________________________________________
08.20.30 CVE: CVE-2008-2004
Platform: Cross Platform
Title: QEMU "vl.c" Security Bypass
Description: QEMU is a processor emulator used to virtualize computer
systems and to run guest operating systems within a host. The
application is exposed to a security bypass issue because it fails to
properly restrict access to certain functionality. QEMU version 0.9.1
is affected.
Ref:
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277
______________________________________________________________________
08.20.31 CVE: Not Available
Platform: Cross Platform
Title: MySQL MyISAM Table Privileges Secuity Bypass
Description: MySQL is an open-source SQL database application
available for multiple operating platforms. The application is exposed
to a security bypass issue because it allows attackers to bypass
certain privilege checks when creating a MyISAM table with certain
unspecified "DATA DIRECTORY" and "INDEX DIRECTORY" options. MySQL
versions 4 (prior to 4.1.24) and 5 (prior to 5.0.60) are affected.
Ref: http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-60.html
______________________________________________________________________
08.20.32 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Kiosk Mode Unspecified Privilege Escalation
Description: Sun Ray Server Software is a virtual desktop server
application available for Sun and Linux operating systems. The
application is exposed to an unspecified privilege escalation issue
that affects the software when it is running in Kiosk Mode, and is
only exploitable by attackers with administrative privileges in the
Sun Ray Web Administration GUI.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236944-1
______________________________________________________________________
08.20.33 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Application Server and Web Server JSP
Information Disclosure
Description: Sun Java Web Server is an enterprise-level web server.
Sun Java Application Server is an enterprise-level application server.
The application is exposed to an information disclosure issue that
permit unauthorized attackers to gain access to JSP source code.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201255-1
______________________________________________________________________
08.20.34 CVE: Not Available
Platform: Cross Platform
Title: TFTP Server Error Packet Handling Remote Buffer Overflow
Description: TFTP Server is a multithreaded Trivial File Transfer
Protocol (TFTP) server. The application is exposed to a buffer
overflow issue because it fails to properly bounds check user-supplied
data before storing it in a finite-sized memory buffer. TFTP Server SP
version 1.4 running on Windows is affected.
Ref: http://www.securityfocus.com/bid/29111
______________________________________________________________________
08.20.35 CVE: Not Available
Platform: Cross Platform
Title: Oracle Application Server Portal Authentication Bypass
Description: Oracle Application Server Portal is a solution for
building, deploying, and maintaining portals. The application is
exposed to an authentication bypass issue because the application
fails to properly restrict access to certain resources. Oracle
Application Server Portal version 10g is affected.
Ref: http://www.securityfocus.com/archive/1/491865
______________________________________________________________________
08.20.36 CVE: Not Available
Platform: Cross Platform
Title: Zarafa Multiple Remote Vulnerabilities
Description: Zarafa is an application that allows users to share email
and calendars via Microsoft Outlook. The application is exposed to
multiple HTML injection issues. Zarafa Script versions prior to 6.02
are affected.
Ref: http://download.zarafa.com/zarafa/release/docs/changelog.en.txt
______________________________________________________________________
08.20.37 CVE: CVE-2008-1880
Platform: Cross Platform
Title: Firebird "ISC_PASSWORD" Environment Variable Unauthorized
Access
Description: Firebird is an open-source relational database available
for multiple operating platforms. The application is exposed to an
issue that can result in unauthorized access. Firebird version
2.0.3.12981.0 is affected.
Ref: http://www.securityfocus.com/bid/29123
______________________________________________________________________
08.20.38 CVE: CVE-2008-1677
Platform: Cross Platform
Title: Red Hat Directory Server LDAP Query Patterns Buffer Overflow
Description: Red Hat Directory Server is a centralization server based
on the Lightweight Directory Access Protocol (LDAP). The server is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data when processing
LDAP query patterns.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=444712
______________________________________________________________________
08.20.39 CVE: CVE-2008-1922
Platform: Cross Platform
Title: SARG Multiple Unspecified Buffer Overflow Vulnerabilities
Description: SARG (Squid Analysis Report Generator) is an application
that logs websites that users visit. The application is exposed to
multiple remote issues.
Ref: http://www.securityfocus.com/bid/29141
______________________________________________________________________
08.20.40 CVE: Not Available
Platform: Cross Platform
Title: GNU Emacs ".flc" File Processing
Description: Emacs is a freely available text editor. Emacs processes
fast-lock files in an insecure manner. Specifically, the issue is
triggered when a source file is opened and a crafted fast-lock ".flc"
file resides in the same directory. Emacs version 21.3.1 is affected.
Ref: http://tracker.xemacs.org/XEmacs/its/issue378
______________________________________________________________________
08.20.41 CVE: Not Available
Platform: Cross Platform
Title: Multiple Platform IPv6 Address Publication Denial of Service
Vulnerabilities
Description: Multiple operating systems are exposed to remote denial
of service issues that occur when affected operating systems are
acting as IPv6 routers. These issues are due to how the affected
operating systems handle IPv6 route advertisements. Microsoft Windows
XP, Microsoft Windows Server 2003, and Linux are exposed to these
issues.
Ref:
http://blog.ncircle.com/blogs/vert/archives/2008/05/xp_ipv6_dos_ipv6_networking_is.html
______________________________________________________________________
08.20.42 CVE: CVE-2008-1419, CVE-2008-1420, CVE-2008-1423
Platform: Cross Platform
Title: libvorbis Multiple Remote Vulnerabilities
Description: The libvorbis library allows media applications to play
Ogg Vorbis files. Applications using the libvorbis library are exposed
to multiple remote issues. libvorbis version 1.2.0 is affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0270.html
______________________________________________________________________
08.20.43 CVE: Not Available
Platform: Cross Platform
Title: Wordnet Multiple Buffer Overflow Vulnerabilities
Description: Wordnet is a lexical database of English. Wordnet is
exposed to multiple buffer overflow issues because the application
fails to properly bounds check user-supplied input. WordNet versions
2.0, 2.1 and 3.0 are exposed.
Ref: https://bugs.gentoo.org/show_bug.cgi?id=211491
______________________________________________________________________
08.20.44 CVE: Not Available
Platform: Cross Platform
Title: Net-SNMP Perl Module Buffer Overflow
Description: Net-SNMP is a set of tools and libraries. It provides a
Perl SNMP module. The application is exposed to a remote buffer
overflow issue because the software fails to properly bounds check
user-supplied data before copying it to an insufficiently sized
buffer. Net-SNMP versions 5.4.1, 5.2.4 and 5.1.4 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694
______________________________________________________________________
08.20.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SAP Internet Transaction Server Multiple Cross-Site Scripting
Vulnerabilities
Description: SAP Internet Transaction Server (ITS) facilitates
communications between SAP R/3 systems and Web users, allowing users
to access R/3 applications over the web. The application is exposed to
multiple cross-site scripting issues because the software fails to
sufficiently sanitize user-supplied data to the "~service" parameter
of the "scripts/wgate.dll" script and other unspecified parameters.
SAP Internet Transaction Server version 6200.1017.50954.0, Build
730827 (win32/IIS 5.0) is affected.
Ref: http://www.securityfocus.com/bid/29103
______________________________________________________________________
08.20.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Java System Web Server Search Module Cross-Site Scripting
Description: Sun Java System Web Server is an enterprise level web
server application. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the Search Module.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231467-1
______________________________________________________________________
08.20.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tux CMS Multiple Cross-Site Scripting Vulnerabilities
Description: Tux CMS is a PHP-based content manager. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. These issues affect the "q" parameter of
the "index.php" script and the "returnURL" parameter of the
"tux-login.php" script, as well as input supplied to the
"tux-syndication/atom.php" script. Tux CMS version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/29090
______________________________________________________________________
08.20.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sphider "query" Parameter Cross-Site Scripting
Description: Sphider is a PHP-based search engine application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "query"
parameter of the "search.php" script. Sphider version 1.3.4 is
affected.
Ref: http://www.securityfocus.com/archive/1/491712
______________________________________________________________________
08.20.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SonicWALL Email Security Error Page Cross-Site Scripting
Description: SonicWALL Email Security is an application that protects
email communications. It provides antispam, antivirus, antiphishing,
and policy/compliance management capabilities. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input when displaying URI address data in an
error page. SonicWALL Email Security version 6.1.1 is affected.
Ref: http://www.securityfocus.com/bid/29107
______________________________________________________________________
08.20.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ZyWALL 100 HTTP Referer Header Cross-Site Scripting
Description: ZyWALL 100 is an internet security appliance. The
appliance is exposed to a cross-site scripting issue that occurs in
the web-based management interface.
Ref: http://www.securityfocus.com/archive/1/491818
______________________________________________________________________
08.20.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Apache HTTP Server 403 Error Cross-Site Scripting
Description: Apache HTTP servers are exposed to a cross-site scripting
issue. This issue occurs because the application fails to sufficiently
sanitize UTF-7 characters.
Ref: http://www.securityfocus.com/archive/1/491862
______________________________________________________________________
08.20.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: InfoBiz Server "keywords" parameter Cross-Site Scripting
Description: InfoBiz Server is modular web-based system that provides
CMS, CRM, e-commerce and e-marketing solution. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "keywords" parameter of the
"search_results.php" script.
Ref: http://www.securityfocus.com/bid/29116
______________________________________________________________________
08.20.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: cPanel Multiple Cross-Site Scripting Vulnerabilities
Description: cPanel is a web-hosting control panel. The application is
exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/491864
______________________________________________________________________
08.20.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Phoenix View CMS "admin_frame.php" Cross-Site Scripting
Description: Phoenix View CMS is a web-based content management
system. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the
"ltarget" parameter of the "admin_frame.php" script. Phoenix View CMS
Pre Alpha2 is affected.
Ref: http://www.securityfocus.com/bid/29130
______________________________________________________________________
08.20.55 CVE: CVE-2007-5803
Platform: Web Application - Cross Site Scripting
Title: Nagios Unspecified Cross-Site Scripting
Description: Nagios is an open-source application designed to monitor
networks and services for interruptions and to notify administrators
when various events occur. The software is exposed to an unspecified
cross-site scripting issue because it fails to sanitize user-supplied
input.
Ref: http://www.securityfocus.com/bid/29140
______________________________________________________________________
08.20.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpInstantGallery Multiple Cross-Site Scripting Vulnerabilities
Description: phpInstantGallery is an image-gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/29152
______________________________________________________________________
08.20.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CyrixMED "index.php" Cross-Site Scripting
Description: CyrixMED is a patient management application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "msg_erreur" parameter of
the "index.php" script. CyrixMED version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/29153
______________________________________________________________________
08.20.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site
Scripting
Description: IBM Lotus Quickr is web-based collaboration software.
The application is exposed to an unspecified cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input.
Lotus Quickr versions prior to 8.1 Hotfix 5 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018711
______________________________________________________________________
08.20.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ActualScripts ActualAnalyzer "view.php" Cross-Site Scripting
Description: ActualAnalyzer is a web-based application that collects
site statistics. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"language" parameter of the "view.php" script.
Ref: http://www.majorsecurity.de/index_2.php?major_rls=major_rls52
______________________________________________________________________
08.20.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Event Database Extension Unspecified Cross-Site Scripting
Description: Event Database is an extension for TYPO3. The application
is exposed to an unspecified cross-site scripting issue because it
fails to properly sanitize user-supplied input. Event Database
(rlmp_eventdb) versions prior to 1.1.2 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080513-3/
______________________________________________________________________
08.20.61 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Build A Niche Store "q" Parameter Cross-Site Scripting
Description: Build A Niche Store is a web-based application designed
to create affiliate websites for auctions. The application is exposed
to a cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "q" parameter of the application's search
script. Build A Niche Store version 3.0 is affected.
Ref: https://vuln.intranet.qualys.com:8443/sans/edit.php?id=20.46
______________________________________________________________________
08.20.62 CVE: CVE-2008-2165
Platform: Web Application - Cross Site Scripting
Title: Cisco BBSM Captive Portal "AccesCodeStart.asp" Cross-Site
Scripting
Description: Cisco BBSM (Building Broadband Service Manager) is a
device that provides public and guest Internet access control features
and functionality to wired and wireless networks. The application is
exposed to a cross-site scripting issue that occurs in the Captive
Portal because the application fails to sufficiently sanitize
user-supplied input to the "msg" parameter of the
"AccessCodeStart.asp" script. Cisco BBSM version 5.3 is affected.
Ref: http://www.securityfocus.com/bid/29191
______________________________________________________________________
08.20.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Interspire ArticleLive NX "Query" Field Cross-Site Scripting
Description: ArticleLive NX is a PHP-based content manager. The
application is expsoed to cross-site scripting attacks because it
fails to sufficiently sanitize user-supplied input to the "Query"
field of the search form.
Ref: http://www.securityfocus.com/bid/29203
______________________________________________________________________
08.20.64 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Django Login Form Cross-Site Scripting
Description: Django is a Python-based framework for building web
applications. The application is exposed to cross-site scripting
attacks because it fails to sufficiently sanitize user-supplied input
to the "action" attribute of the login form. Django versions 0.91,
0.95, and 0.96 are affected.
Ref: http://www.djangoproject.com/weblog/2008/may/14/security/
______________________________________________________________________
08.20.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OneCMS "asd.php" SQL Injection
Description: OneCMS is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "sitename" parameter of the
"asd.php" script before using it in an SQL query. OneCMS version 2.5
is affected.
Ref: http://www.securityfocus.com/bid/29102
______________________________________________________________________
08.20.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS "pm.class.php" Multiple SQL Injection Vulnerabilities
Description: RunCMS is a content manager implemented in PHP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "msg_image"
and "msg_attachment" parameters used by the "store()" function in the
"modules/messages/class/pm.class.php" script file before using the
data in an SQL query. RunCMS version 1.6.1 is affected.
Ref: http://www.securityfocus.com/bid/29069
______________________________________________________________________
08.20.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Visual Shapers ezContents Multiple SQL Injection Vulnerabilities
Description: ezContents is a CMS solution. This application is exposed to
multiple SQL injection issues because the application fails to
sanitize user-supplied input before using it in an SQL query.
exContents version 2.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491813
______________________________________________________________________
08.20.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Musicbox "viewalbums.php" SQL Injection
Description: Musicbox is a web-based application for hosting a music
site. The application is exposed to an SQL injection issue because it
fails to properly sanitize user-supplied input to the "artistId"
parameter of the "viewalbums.php" script before using it in an SQL
query. Musicbox versions 2.3.7 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29100
______________________________________________________________________
08.20.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Shader TV Multiple SQL Injection Vulnerabilities
Description: Shader TV is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "sid" parameter of the
following scripts: "kanal.asp","google.asp", and "hakk.asp".
Ref: http://www.securityfocus.com/bid/29091
______________________________________________________________________
08.20.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: gameCMS Lite "index.php" SQL Injection
Description: gameCMS Lite is a PHP-based content management
application for gaming-related web sites. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "systemId" parameter of the "index.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29093
______________________________________________________________________
08.20.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PostcardMentor "step1.asp" SQL Injection
Description: PostcardMentor is a web-based application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "cat_fldAuto"
parameter of the "step1.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29094
______________________________________________________________________
08.20.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: fipsCMS "print.asp" SQL Injection
Description: fipsCMS is a content manager implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "lg" parameter of the
"/modules/print.asp" script file before using it in an SQL query.
fipsCMS version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/29095
______________________________________________________________________
08.20.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Galleristic "index.php" SQL Injection
Description: Galleristic is a web-based photo album application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/29096
______________________________________________________________________
08.20.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YouTube Clone Script "group_posts.php" SQL Injection
Description: YouTube Clone Script is a PHP-based application for
sharing videos. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"tid" parameter of the "group_posts.php" script before using it in an
SQL query. YouTube Clone Script version 2.6 is affected.
Ref: http://forums.buyscripts.in/viewtopic.php?f=7&t=3389
______________________________________________________________________
08.20.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HispaH Model Search "cat.php" SQL Injection
Description: HispaH Model Search is a web-based application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "cat" parameter of the
"cat.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/5577
______________________________________________________________________
08.20.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SazCart "prodid" Parameter SQL Injection
Description: SazCart is a PHP-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "prodid" parameter of
the "index.php" script before using it in an SQL query. SazCart
version 1.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/491892
______________________________________________________________________
08.20.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ktools PhotoStore "gallery.php" SQL Injection
Description: PhotoStore is a web-based application for displaying and
selling photographs. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "gid" parameter of the "gallery.php" script before using it in an
SQL query. PhotoStore version 3.4.3 is affected.
Ref: http://www.securityfocus.com/bid/29132
______________________________________________________________________
08.20.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ktools PhotoStore Multiple SQL Injection Vulnerabilities
Description: PhotoStore is a web-based application for displaying and
selling photographs. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data.
Ref: http://www.milw0rm.com/exploits/5582
______________________________________________________________________
08.20.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Advanced Links Management "read.php" SQL Injection
Description: Advanced Links Management is a web-based links management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"CatId" parameter of the "read.php" script before using it in an SQL
query. Advanced Links Management version 1.5.2 is affected.
Ref: http://www.milw0rm.com/exploits/5581
______________________________________________________________________
08.20.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Datsogallery Component "sub_votepic.php" SQL
Injection
Description: Datsogallery is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "sub_votepic.php" script before using it in an
SQL query. Datsogallery version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/29138
______________________________________________________________________
08.20.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OtherLogic "vocourse.php" SQL Injection
Description: OtherLogic is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"vocourse.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/491900
______________________________________________________________________
08.20.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo xsstream-dm Component "movie" Parameter SQL
Injection
Description: The xsstream-dm component is an application for the
Joomla! and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "movie" parameter of the "com_xsstream-dm"
component before using it in an SQL query. xsstream-dm version 0.01
Beta is affected.
Ref: http://www.securityfocus.com/archive/1/491943
______________________________________________________________________
08.20.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuickUpCMS Multiple SQL Injection Vulnerabilities
Description: QuickUpCMS is a web-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/29145
______________________________________________________________________
08.20.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vortex CMS "index.php" SQL Injection
Description: Vortex CMS is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pageid" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29146
______________________________________________________________________
08.20.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress WP Photo Album Plugin "photo" Parameter SQL Injection
Description: The WP Photo Album (WPPA) program is a plugin for the
WordPress web-based publishing application. The plugin is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "photo" parameter before using it in an SQL
query.
Ref: http://me.mywebsight.ws/web/wppa
______________________________________________________________________
08.20.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Article "featured_article.php" SQL Injection
Description: AJ Article is a knowledgebase system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "artid" parameter of the
"featured_article.php" script before using it in an SQL query. AJ
Article version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29149
______________________________________________________________________
08.20.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Auction "classifide_ad.php" SQL Injection
Description: AJ Auction is a web-based auction system. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "item_id" parameter of the
"classifide_ad.php" script before using it in an SQL query. AJ Auction
versions 6.2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29150
______________________________________________________________________
08.20.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Classifieds "index.php" SQL Injection
Description: AJ Classifieds is a web-based classifieds system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "posting_id" parameter
of the "index.php" script before using it in an SQL query. AJ
Classifieds version 2008 is affected.
Ref: http://www.securityfocus.com/bid/29151
______________________________________________________________________
08.20.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Dating "view_profile.php" SQL Injection
Description: AJ Dating is a web-based dating application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user_id" parameter of
the "view_profile.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29154
______________________________________________________________________
08.20.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZeusCart "category_list.php" SQL Injection
Description: ZeusCart is an ecommerce application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cid" parameter of the
"category_list.php" script before using it in an SQL query. ZeusCart
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29155
______________________________________________________________________
08.20.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Editorial "admin/index.php3" SQL Injection
Description: Editorial is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"admin/index.php3" script when the "action" attribute is set to "mod"
before using that data in an SQL query.
Ref: http://www.securityfocus.com/bid/29161
______________________________________________________________________
08.20.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Battle.net Clan Script "members.php" SQL Injection
Description: Battle.net Clan Script is a clan management application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "showmember"
parameter of the "members.php" script before using it in an SQL query.
Battle.net Clan Script version 1.5.3 is affected.
Ref: http://www.securityfocus.com/bid/29166
______________________________________________________________________
08.20.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mega File Hosting Script "members.php" SQL Injection
Description: Mega File Hosting Script is a file-hosting script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "fid" parameter of the
"members.php" script before using it in an SQL query. Mega File
Hosting Script version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/29167
______________________________________________________________________
08.20.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Classifieds Script "fatherID" Parameter Multiple SQL
Injection Vulnerabilities
Description: PHP Classifieds Script is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/29169
______________________________________________________________________
08.20.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ABSoft Advanced Image Hosting Script "out.php" SQL Injection
Description: Advanced Image Hosting Script is an image-hosting
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"t" parameter of the "out.php" script before using it in an SQL query.
Advanced Image Hosting Script version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/29172
______________________________________________________________________
08.20.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ HYIP Acme "topic_detail.php" SQL Injection
Description: AJ HYIP Acme is an HYIP manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"topic_detail.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29173
______________________________________________________________________
08.20.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jenkins Software RakNet Autopatcher Multiple Unspecified SQL
Injection Vulnerabilities
Description: RakNet is a network library designed to be used with
online games. It is available for Microsoft Windows and Unix
platforms. Autopatcher is a component of RakNet that facilitates
automated updating. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to unspecified parameters before using it in SQL
queries. RakNet versions prior to 3.23 are affected.
Ref: http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0
______________________________________________________________________
08.20.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 BLOG Engine "comment.php" SQL Injection
Description: e107 BLOG Engine is a blog plugin for the e107 content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "rid"
parameter of the "comment.php" script before using it in an SQL query.
e107 BLOG Engine version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/29181
______________________________________________________________________
08.20.99 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EQdkp "user_id" Parameter SQL Injection
Description: EQdkp is a PHP-based web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user_id" cookie parameter before
using it in an SQL query. EQdkp version 1.3.2f is affected.
Ref: http://www.securityfocus.com/bid/29184
______________________________________________________________________
08.20.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zogo-shop "products.php" SQL Injection
Description: Zogo-shop is a ecommerce plugin for the e107 content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "products.php" script. Zogo-shop version 1.16 Beta 13
is affected.
Ref: http://www.securityfocus.com/bid/29185
______________________________________________________________________
08.20.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Meto Forum "forum/kategori.asp" SQL Injection
Description: Meto Forum is a web-based forum application implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "kid"
parameter of the "forum/kategori.asp" script before using it in an SQL
query. Meto Forum version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29189
______________________________________________________________________
08.20.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Meto Forum Multiple SQL Injection Vulnerabilities
Description: Meto Forum is a web-based forum application implemented
in ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"uye.asp" and "oku.asp" scripts before using it in an SQL query. Meto
Forum version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29192
______________________________________________________________________
08.20.103 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CaLogic Calendars "userreg.php" SQL Injection
Description: CaLogic Calendars is a web-based calendar application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "langsel" parameter
of the "userreg.php" script before using it in an SQL query. CaLogic
Calendars version 1.2.2 is affected.
Ref: http://www.securityfocus.com/bid/29193
______________________________________________________________________
08.20.104 CVE: Not Available
Platform: Web Application - SQL Injection
Title: The Real Estate Script "dpage.php" SQL Injection
Description: The Real Estate Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "docID" parameter of
the "dpage.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29200
______________________________________________________________________
08.20.105 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EMO Realty Manager "news.php" SQL Injection
Description: EMO Realty Manager is a real estate manager script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "ida" parameter of the
"pagesnews.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29202
______________________________________________________________________
08.20.106 CVE: CVE-2008-2149
Platform: Web Application - SQL Injection
Title: Kalptaru Infotech Automated Link Exchange Portal
"linking.page.php" SQL Injection
Description: Automated Link Exchange Portal is a script that
facilitates creation of a links exchange site. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat_id" parameter of the
"linking.page.php" script before using it in an SQL query.
Ref: http://cmsnx.com/product.about.php?id=11
______________________________________________________________________
08.20.107 CVE: Not Available
Platform: Web Application
Title: CMS Faethon Cross-Site Scripting Vulnerability and Remote File
Include
Description: CMS Faethon is a web-based Content Management. The
application is exposed to multiple input validation issues. CMS
Faethon version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/29099
______________________________________________________________________
08.20.108 CVE: Not Available
Platform: Web Application
Title: Nuke ET Journal Module Security Bypass and HTML Injection
Vulnerabilities
Description: Nuke ET is a web application. The application is exposed
to multiple issues because it fails to sanitize user-supplied
input. Nuke ET versions prior to 3.10 are affected.
Ref: http://www.truzone.org/modules.php?name=News&new_topic=27
______________________________________________________________________
08.20.109 CVE: Not Available
Platform: Web Application
Title: mvnForum Quick Reply Feature HTML Injection
Description: mvnForum is a web-based bulletin board implemented in
JSP. The application is exposed to an HTML injection issue because it
fails to sanitize user-supplied input. mvnForum version 1.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/491713
______________________________________________________________________
08.20.110 CVE: Not Available
Platform: Web Application
Title: Forum Rank System "settings["locale"]" Parameter Multiple Local
File Include Vulnerabilities
Description: Forum Rank System is a module for the Php-Fusion content
manager. The application is exposed to local file include issues
because it fails to properly sanitize user-supplied input to the
"settings["locale"]" parameter of the "forum.php" and "profile.php"
scripts. Forum Rank System 6 is affected.
Ref: http://www.securityfocus.com/bid/29077
______________________________________________________________________
08.20.111 CVE: Not Available
Platform: Web Application
Title: SazCart "_saz[settings]" Multiple Remote File Include
Vulnerabilities
Description: SazCart is a web-based shopping cart application. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. SazCart version
1.5.1 is affected.
Ref: http://www.securityfocus.com/bid/29113
______________________________________________________________________
08.20.112 CVE: Not Available
Platform: Web Application
Title: myWebland miniBloggie "del.php" Security Bypass
Description: miniBloggie is a web-log application. The application is
exposed to an issue in the "del.php" script that allows an unauthorized
attacker to delete arbitrary blog posts because it fails to properly
restrict access to certain functionality. miniBloggie version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/29115
______________________________________________________________________
08.20.113 CVE: Not Available
Platform: Web Application
Title: OpenKM Document Export Security Bypass
Description: OpemKM is a web-based document manager. The application
is exposed to an unspecified security bypass issue. This issue may
allow an unprivileged attacker to export arbitrary documents. OpenKM
versions prior to 2.0 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=597940
______________________________________________________________________
08.20.114 CVE: Not Available
Platform: Web Application
Title: Cyberfolio "derniers_commentaires.php" Remote File Include
Description: Cyberfolio is a PHP-based web application. The component
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "rep" parameter of
the "/portfolio/commentaires/derniers_commentaires.php" script.
Cyberfolio version 7.12 is affected.
Ref: http://www.securityfocus.com/bid/29124
______________________________________________________________________
08.20.115 CVE: Not Available
Platform: Web Application
Title: Admidio "get_file.php" Local File Include
Description: Admidio is a PHP-based tool for managing memberships for
clubs, organizations, etc. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "file" parameter of the "get_file.php" script. Admidio
version 1.4.8 is affected.
Ref: http://www.securityfocus.com/bid/29127
______________________________________________________________________
08.20.116 CVE: Not Available
Platform: Web Application
Title: txtCMS "index.php" Local File Include
Description: txtCMS is a web-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "value" parameter of
the "index.php" script. txtCMS version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/29131
______________________________________________________________________
08.20.117 CVE: Not Available
Platform: Web Application
Title: BlogPHP Multiple HTML Injection, Cross-Site Scripting and
Cookie Manipulation Vulnerabilities
Description: BlogPHP is a web-based blogging application. The
application is exposed to multiple HTML injection, cross-site
scripting and cookie manipulation issues because it fails to
adequately sanitize user-supplied input. BlogPHP version 2.0 is
affected.
Ref: http://www.davidsopas.com/soapbox/blogphp.txt
______________________________________________________________________
08.20.118 CVE: Not Available
Platform: Web Application
Title: PhpBlock Multiple Remote File Include Vulnerabilities
Description: PhpBlock is a map engine implemented in PHP. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. PhpBlock
version a8.5 is affected.
Ref: http://www.securityfocus.com/bid/29143
______________________________________________________________________
08.20.119 CVE: Not Available
Platform: Web Application
Title: ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities
Description: ClanLite is a PHP-based web portal. Since it fails to
sufficiently sanitize user-supplied data, the application is exposed
to multiple input-validation issues. ClanLite version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29156
______________________________________________________________________
08.20.120 CVE: Not Available
Platform: Web Application
Title: BIGACE "GLOBALS[_BIGACE][DIR]" Parameter Multiple Remote File
Include Vulnerabilities
Description: BIGACE is a content manager written in PHP. The
application is exposed to multiple remote file include issues because
it fails to properly sanitize user-supplied input. BIGACE version 2.4
is affected.
Ref: http://www.bigace.de/security-problem-urgent-update-required.html
______________________________________________________________________
08.20.121 CVE: Not Available
Platform: Web Application
Title: IBD Micro CMS "microcms-admin-login.php" Multiple SQL Injection
Vulnerabilities
Description: IBD Micro CMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the
"administrators_username" and "administrators_pass" parameters of the
"microcms-admin-login.php" script before using it in an SQL query.
Micro CMS version 3.5 is affected.
Ref: http://wired-security.net/texts/advisories
______________________________________________________________________
08.20.122 CVE: Not Available
Platform: Web Application
Title: Claroline Multiple Remote File Include Vulnerabilities
Description: Claroline is a PHP-based online educational platform. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. Claroline
version 1.7.5 is affected.
Ref: http://www.securityfocus.com/bid/29162
______________________________________________________________________
08.20.123 CVE: Not Available
Platform: Web Application
Title: Fusebox "fusebox5.php" Remote File Include
Description: Fusebox is a framework for building ColdFusion and PHP
sites. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"FUSEBOX_APPLICATION_PATH" parameter of the "fusebox5.php" script.
Fusebox version 5.5.1 is affected.
Ref: http://www.securityfocus.com/bid/29163
______________________________________________________________________
08.20.124 CVE: Not Available
Platform: Web Application
Title: PhpMyAgenda "infoevent.php3" Remote File Include
Description: PhpMyAgenda is a PHP-based calendar application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "rootagenda"
parameter of the "infoevent.php3" script. PhpMyAgenda version 2.1 is
affected.
Ref: http://www.securityfocus.com/bid/29164
______________________________________________________________________
08.20.125 CVE: Not Available
Platform: Web Application
Title: CMS Made Simple "modules/FileManager/postlet/javaUpload.php"
Arbitrary File Upload
Description: CMS Made Simple is a PHP-based content manager. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code. The problem occurs because the
application fails to properly verify the contents of a file, and only
checks the extension in "modules/FileManager/postlet/javaUpload.php".
CMS Made Simple version 1.2.4 is affected.
Ref:
http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/
______________________________________________________________________
08.20.126 CVE: Not Available
Platform: Web Application
Title: TYPO3 WT Gallery Extension Multiple Input Validation
Vulnerabilities
Description: WT Gallery is an extension for TYPO3. The application is
exposed to an unspecified cross-site scripting issue because it fails
to properly sanitize user-supplied input. WT Gallery (wt_gallery)
versions 2.6.2 and earlier are affected by a cross-site scripting
issue. WT Gallery (wt_gallery) versions 2.5.0 and earlier are affected
by information disclosure issues.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080513-1/
______________________________________________________________________
08.20.127 CVE: Not Available
Platform: Web Application
Title: WGCC Web Group Communication Center Cross-Site Scripting and
SQL Injection Vulnerabilities
Description: WGCC (Web Group Communication Center) is a PHP-based
community application. Since it fails to sufficiently sanitize
user-supplied data, the application is prone to multiple
input validation issues. WGCC version 1.0.3 is affected.
Ref: http://www.securityfocus.com/bid/29188
______________________________________________________________________
08.20.128 CVE: Not Available
Platform: Network Device
Title: Citrix Access Gateway Standard and Advanced Edition Unspecified
Authentication Bypass
Description: Citrix Access Gateway Standard and Advanced Editions are
SSL/VPN appliances. The appliances are exposed to an unspecified
authentication bypass issue. Affected are: Access Gateway Standard
Edition versions 4.5.7 and earlier; Advanced Edition versions 4.5 HF2
and earlier.
Ref: http://support.citrix.com/article/CTX116930
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkgsp+EACgkQ+LUG5KFpTkYVLACfYA9d4+lWstzt1kDy4NBBYy7b
u7EAoJqoq+251fqNbDI4VxWSGBTRR2rc
=tsfa
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]