|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 23
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jun 05 2008 - 15:11:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Critical flaws this week in another security product: CA Computer
Associates' eTrust, and in another storage product: HP StorageWorks.
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
June 5, 2008 Vol. 7. Week 23
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 2 (#3, #4, #5, #6, #7)
Mac Os 13
Solaris 1
Unix 1
Cross Platform 7 (#1, #2)
Web Application - Cross Site Scripting 3
Web Application - SQL Injection 6
Web Application 7
*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/info/26774
- - Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
http://www.sans.org/secureeurope08
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Computer Associates eTrust Secure Content Manager Gateway Multiple Vulnerabilities
(2) CRITICAL: HP StorageWorks Authentication Buffer Overflow
(3) HIGH: Skype Executable File Download Security Bypass
(4) HIGH: Sun Java System Active Server Pages Multiple Vulnerabilities
(5) HIGH: HP Instant Support ActiveX Control Multiple Vulnerabilities
(6) HIGH: Akamai Download Manager ActiveX Control Arbitrary File Download
(7) MODERATE: Apple Safari on Microsoft Windows Blended Remote Code Execution
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Third Party Windows Apps
08.23.1 - Symantec Backup Exec System Recovery Manager Directory Traversal
08.23.2 - Ourgame "GLIEDown2.dll" ServerList Method ActiveX Control Remote Code Execution
-- Mac Os
08.23.3 - Apple Mac OS X 2008-003 Multiple Security Vulnerabilities
08.23.4 - Apple Mac OS X CoreGraphics PDF Handling Code Execution
08.23.5 - Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
08.23.6 - Apple Mac OS X Help Viewer 'help:topic' URI Buffer Overflow
08.23.7 - Apple Mac OS X CUPS Debug Logging Information Disclosure
08.23.8 - Apple Mac OS X iCal ".ics" File Handling Remote Code Execution
08.23.9 - Apple Mac OS X AppKit Malformed File Remote Code Execution
08.23.10 - Apple Mac OS X International Components for Unicode Information Disclosure
08.23.11 - Apple Mac OS X Pixlet Video Multiple Unspecified Memory Corruption Vulnerabilities
08.23.12 - Apple Mac OS X AFP Server File Sharing Unauthorized File Access
08.23.13 - Apple Mac OS X CoreFoundation CFData Object Handling Code Execution
08.23.14 - Apple Mac OS X Apple Type Services PDF Handling Code Execution
08.23.15 - Apple Mac OS X CFNetwork SSL Client Certificate Handling Information Disclosure
-- Solaris
08.23.16 - Sun Cluster Global File System Unspecified Security
-- Unix
08.23.17 - imlib2 Library Multiple Buffer Overflow Vulnerabilities
-- Cross Platform
08.23.18 - Adobe Acrobat Reader Unspecified Remote Denial of Service
08.23.19 - Pan ".nzb" File Parsing Heap Overflow
08.23.20 - VMware VMCI Arbitrary Code Execution
08.23.21 - Apple Safari and Microsoft Windows Client-side Code Execution
08.23.22 - freeSSHd SFTP "opendir" Buffer Overflow
08.23.23 - ikiwiki Blank Password Authentication Bypass
08.23.24 - DotNetNuke Prior to 4.8.3 Multiple Remote Vulnerabilites
-- Web Application - Cross Site Scripting
08.23.25 - Calcium "Calcium40.pl" Cross-Site Scripting
08.23.26 - Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
08.23.27 - DotNetNuke "Default.aspx" Cross-Site Scripting
-- Web Application - SQL Injection
08.23.28 - dvbbs "login.asp" Multiple SQL Injection Vulnerabilities
08.23.29 - Joomla! and Mambo MambAds Component "ma_cat" Parameter SQL Injection
08.23.30 - PsychoStats Multiple SQL Injection Vulnerabilities
08.23.31 - TorrentTrader Classic "scrape.php" SQL Injection
08.23.32 - BP Blog Multiple SQL Injection Vulnerabilities
08.23.33 - ComicShout "news.php" SQL Injection
-- Web Application
08.23.34 - SyntaxCMS "upload.php" Arbitrary File Upload
08.23.35 - PicoFlat CMS "pagina" Parameter Local File Include and Directory Traversal Vulnerabilities
08.23.36 - LokiCMS "admin.php" Security Bypass
08.23.37 - CMSimple Multiple Input Validation Vulnerabilities
08.23.38 - meBiblio Multiple Input Validation Vulnerabilities
08.23.39 - Booby "renderer" Parameter Multiple Local and Remote File Include Vulnerabilities
08.23.40 - SiteXS CMS "adm/visual/upload.php" Arbitrary File Upload
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Computer Associates eTrust Secure Content Manager Gateway
Multiple Vulnerabilities
Affected:
Computer Associates eTrust Secure Content Manager versions r8 and prior
Description: Computer Associates eTrust Secure Content Manager is a
messaging and web content gateway that monitors and secures traffic. It
contains multiple vulnerabilities in its handling of remote server
responses. If a user connects to a malicious File Transfer Protocol
(FTP) server via the secure content manager, the responses from the
malicious server could trigger one of several vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process (usually SYSTEM). These vulnerabilities could be triggered by
links in malicious web pages or emails.
Status: Vendor confirmed, updates available.
References:
TippingPoint DVLabs Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-05
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-036/
http://zerodayinitiative.com/advisories/ZDI-08-035/
Computer Associates Security Advisory
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408#section2
Product Home Page
http://www.ca.com/us/products/product.aspx?id=4673
SecurityFocus BID
http://www.securityfocus.com/bid/29528
*****************************************************
(2) CRITICAL: HP StorageWorks Authentication Buffer Overflow
Affected:
Hewlett-Packard StorageWorks Storage Mirroring versions prior to 4.5 SP2
Description: StorageWorks is a popular storage management system from
HP. Its storage mirroring component contains a flaw in its handling of
authentication requests. An overlong authentication request could
trigger a stack-based buffer overflow. Successfully exploiting this
buffer overflow would allow an attacker to execute arbitrary code with
the privileges of the vulnerable process. Note that, though this buffer
overflow occurs in the processing of authentication requests, no
authentication is necessary for exploitation. Some technical details are
publicly available for this vulnerability.
Status: Vendor confirmed, updates available. Users are advised to block
TCP ports 1100 and 1106 and UDP port 1105 at the network perimeter, if
possible.
References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-034/
Product Home Page
http://h18006.www1.hp.com/storage/
SecurityFocus BID
Not yet available.
*****************************************************
(3) HIGH: Skype Executable File Download Security Bypass
Affected:
Skype versions prior to 3.8.0.139
Description: Skype is a popular messaging and conferencing application.
Among other features, it allows users to send links to one another.
Links using the "file:" scheme are validated to ensure that they do not
reference executable files. A flaw exists in Skype's verification logic,
allowing a specially crafted "file:" link to point to an executable
file. Such specially crafted links will not cause Skype to first notify
the user that the link points to a potentially harmful executable file.
Full technical details for this vulnerability are publicly available.
Status: Vendor confirmed, updates available.
References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=711
Skype Security Bulletin
http://www.skype.com/security/skype-sb-2008-003.html
Skype Home Page
http://www.skype.com
SecurityFocus BID
Not yet available.
*****************************************************
(4) HIGH: Sun Java System Active Server Pages Multiple Vulnerabilities
Affected:
Sun Java System Active Server Pages versions prior to 4.0.3
Description: Sun Java System Active Server Pages is a cross-platform
Active Server Pages (ASP) server. It contains multiple vulnerabilities
in its handling a variety of user requests. At least one buffer overflow
vulnerability is present, allowing arbitrary remote code execution.
Other vulnerabilities include authentication bypass, arbitrary file
overwrite, directory traversal, and information disclosure
vulnerabilities. Full technical details are publicly available for many
of these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=710
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=709
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=708
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=707
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=706
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=705
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
Product Home Page
http://www.sun.com/software/chilisoft/index.xml
*****************************************************
(5) HIGH: HP Instant Support ActiveX Control Multiple Vulnerabilities
Affected:
HP Instant Support ActiveX control versions prior to 1.0.0.24
Description: The HP Instant Support ActiveX control is used by HP to
provide support to HP desktop systems. This control contains multiple
vulnerabilities, including several buffer overflows and file overwrite
vulnerabilities. A malicious web page that instantiates this control
could trigger one of these vulnerabilities. Successfully exploiting one
of these vulnerabilities would allow an attacker to execute arbitrary
code with the privileges of the current user. Some technical details for
these vulnerabilities are publicly available.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"14C1B87C-3342-445F-9B5E-365FF330A3AC". Note that this will affect
normal application functionality.
References:
CSIS Security Advisory
http://www.csis.dk/dk/forside/CSIS-RI-0003.pdf
Microsoft Knowledge Base Article (describes the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/29529
http://www.securityfocus.com/bid/29530
http://www.securityfocus.com/bid/29531
http://www.securityfocus.com/bid/29532
http://www.securityfocus.com/bid/29533
http://www.securityfocus.com/bid/29534
http://www.securityfocus.com/bid/29535
http://www.securityfocus.com/bid/29536
*****************************************************
(6) HIGH: Akamai Download Manager ActiveX Control Arbitrary File Download
Affected:
Akamai Download Manager ActiveX control versions prior to 2.2.3.7
Description: The Akamai Download Manager provides download management
facilities. Part of its functionality is provided by an ActiveX control.
This control contains an input validation flaw in its handling of its
"URL" parameter. A malicious web page that instantiated this control
could exploit this vulnerability to download an arbitrary file to an
arbitrary location on the victim's computer. This vulnerability could
be leveraged to result in arbitrary remote code execution with the
privileges of the current user. Full technical details are publicly
available for this vulnerability, as is a simple proof-of-concept.
Status: Vendor confirmed, updates available.
References:
Posting by Cocoruder (includes technical details and proof-of-concept)
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062669.html
Posting by Akamai
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062672.html
Vendor Home Page
http://www.akamai.com
SecurityFocus BID
Not yet available.
*****************************************************
(7) MODERATE: Apple Safari on Microsoft Windows Blended Remote Code Execution
Affected:
Microsoft Windows with Apple's Safari web browser installed
Description: Microsoft has released a security advisory stating that a
flaw in Apple's Safari web browser can interact with Microsoft Windows
in such a way that can lead to remote code execution with the privileges
of the current user. Because this flaw is present only due to the
interaction of two or more products, it is listed as a "blended threat".
The flaw appears to stem from Safari's default download directory (which
is the user's desktop directory). Third party articles indicate that
this may be related to Microsoft Internet Explorer and may be related
to a flaw in Safari referred to as "carpet bombing". Some technical
details are publicly available for this vulnerability.
Status: Microsoft confirmed. Apple has not confirmed. Users can mitigate
the impact of this vulnerability by changing Safari's default download
directory to something other than the user's desktop directory.
References:
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/953818.mspx
Article on Safari Carpet Bombing by Nitesh Dhanjani
http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html
Article by Avi Raff
http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx
ZDNet Blog Entry
http://blogs.zdnet.com/security/?p=1230
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 23, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.23.1 CVE: SYM08-013
Platform: Third Party Windows Apps
Title: Symantec Backup Exec System Recovery Manager Directory Traversal
Description: Symantec Backup Exec System Recovery Manager is an
application for system recovery; it is available for Microsoft
Windows. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input.
Symantec Backup Exec System Recovery Manager versions 7 prior to 7.0.4
and versions 8 prior to 8.0.2 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.05.28c.html
______________________________________________________________________
08.23.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ourgame "GLIEDown2.dll" ServerList Method ActiveX Control
Remote Code Execution
Description: Ourgame "GLIEDown2.dll" ActiveX control is exposed to a
remote code execution issue because it fails to sufficiently verify
user-supplied input. An attacker can exploit this issue to run
arbitrary attacker-supplied code in the context of the currently
logged-in user. GlobalLink version 2.8.1.2 beta is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.23.3 CVE: CVE-2008-1031
Platform: Mac Os
Title: Apple Mac OS X CoreGraphics PDF Handling Code Execution
Description: Apple Mac OS X is exposed to a remote code execution
issue affecting CoreGraphics. CoreGraphics improperly initializes an
unspecified variable when handling PDF files. This issue can be
triggered with a malformed PDF document. Mac OS X version 10.4.11, Mac
OS X Server 10.4.11, Mac OS X versions 10.5 - 10.5.2, and Mac OS X
Server 10.5 - 10.5.2 are affected.
Ref: http://www.securityfocus.com/bid/29480
______________________________________________________________________
08.23.4 CVE: CVE-2008-1032
Platform: Mac Os
Title: Apple Mac OS X CoreTypes Unsafe Content Warning Weakness
Description: Apple Mac OS X is exposed to a security weakness in
CoreTypes because it may not prevent users from opening unsafe file
types. Certain content types are not flagged as potentially unsafe when
opened manually. Users are not warned prior to opening the file that it
may contain malicious content. Versions 10.4.11 and 10.5-10.5.2 for Mac
OS X and Mac OS X Server are affected.
Ref: http://www.securityfocus.com/bid/29481
______________________________________________________________________
08.23.5 CVE: CVE-2008-1034
Platform: Mac Os
Title: Apple Mac OS X Help Viewer "help:topic" URI Buffer Overflow
Description: Help Viewer is a Mac OS X application used for browsing
help files. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks before copying
user-supplied data to an insufficiently sized buffer.
Ref: http://www.kb.cert.org/vuls/id/566875
______________________________________________________________________
08.23.6 CVE: CVE-2008-1033
Platform: Mac Os
Title: Apple Mac OS X CUPS Debug Logging Information Disclosure
Description: Apple Mac OS X is exposed to an information disclosure
issue because it fails to properly validate environment variables used
by the CUPS scheduler daemon. This issue may be triggered by printing
to a password-protected printer when debug logging is enabled. Versions
10.5-10.5.2 for Mac OS X and Mac OS X Server are affected.
Ref: http://www.securityfocus.com/bid/29484
______________________________________________________________________
08.23.7 CVE: CVE-2008-1035
Platform: Mac Os
Title: Apple Mac OS X iCal ".ics" File Handling Remote Code Execution
Description: iCal is a scheduling application for Mac OS X. Apple Mac
OS X iCal is exposed to a remote code execution issue when handling
malicious iCalendar files (usually .ics). The issue occurs when the
application uses freed memory in an insecure manner.
Ref: http://www.securityfocus.com/bid/29486
______________________________________________________________________
08.23.8 CVE: CVE-2008-1028
Platform: Mac Os
Title: Apple Mac OS X AppKit Malformed File Remote Code Execution
Description: Apple Mac OS X is exposed to a remote code execution
issue that occurs in AppKit. This issue occurs when processing a
malformed document by an application that uses AppKit such as Text
Editor. Version 10.4.11 for Mac OS X and Mac OS X Server is affected.
Ref: http://www.securityfocus.com/bid/29487
______________________________________________________________________
08.23.9 CVE: CVE-2008-1036
Platform: Mac Os
Title: Apple Mac OS X International Components for Unicode Information
Disclosure
Description: Apple Mac OS X is exposed to an information disclosure
issue because it fails to adequately sanitize user-supplied input. The
issue affects the International Components for Unicode when handling
certain invalid character sequences.
Ref: http://www.securityfocus.com/bid/29488
______________________________________________________________________
08.23.10 CVE: CVE-2008-1577
Platform: Mac Os
Title: Apple Mac OS X Pixlet Video Multiple Unspecified Memory
Corruption Vulnerabilities
Description: Apple Mac OS X is exposed to multiple memory corruption
issues that occur in Pixlet codec. This issue occurs when a malformed
file is processed by the Pixlet codec. Versions 10.4.11 and 10.5-10.5.2
for Mac OS X and Mac OS X Server are affected.
Ref: http://www.securityfocus.com/bid/29489
______________________________________________________________________
08.23.11 CVE: CVE-2008-1027
Platform: Mac Os
Title: Apple Mac OS X AFP Server File Sharing Unauthorized File Access
Description: AFP Server is an application that provides file services,
including uploading and downloading files onto users' computers. The
application is exposed to an unauthorized file access issue that
occurs in the AFP server. This issue occurs because the application
allows remote users to gain access to files that are not designated
for sharing.
Ref: http://www.securityfocus.com/bid/29490/info
______________________________________________________________________
08.23.12 CVE: CVE-2008-1030
Platform: Mac Os
Title: Apple Mac OS X CoreFoundation CFData Object Handling Code
Execution
Description: Apple Mac OS X is exposed to a remote code execution issue
affecting CoreFoundation. CoreFoundation improperly handles CFData
objects, resulting in memory corruption that allows code execution.
Versions 10.4.11 and 10.5-10.5.2 for Mac OS X and Mac OS X Server are
affected.
Ref: http://www.securityfocus.com/bid/29491
______________________________________________________________________
08.23.13 CVE: CVE-2008-1575
Platform: Mac Os
Title: Apple Mac OS X Apple Type Services PDF Handling Code Execution
Description: Apple Mac OS X is exposed to a remote code execution issue
affecting Apple Type Services (ATS). ATS improperly handles malformed
fonts embedded in PDF documents. Mac OS X versions 10.5-10.5.2 are
affected.
Ref: http://www.securityfocus.com/bid/29492
______________________________________________________________________
08.23.14 CVE: CVE-2008-1580
Platform: Mac Os
Title: Apple Mac OS X CFNetwork SSL Client Certificate Handling
Information Disclosure
Description: Apple Mac OS X is exposed to an information disclosure
issue because it improperly responds to client certificate requests
from web servers. This issue affects the CFNetwork component, and is
triggered when applications utilizing it receive SSL client
certificate requests.
Ref: http://www.securityfocus.com/bid/29493
______________________________________________________________________
08.23.15 CVE: Not Available
Platform: Solaris
Title: Sun Cluster Global File System Unspecified Security Vulnerability
Description: Solaris Cluster is a cluster solution based on Sun Solaris.
The application is exposed to an unspecified issue that affects the
"Global File System". Local unprivileged attackers may exploit this
issue to read data from deleted files owned by other users. Sun Cluster
version 3.1 for Solaris 8, 9, and 10 on SPARC is affected. Sun Cluster
version 3.1 for Solaris 9 and 10 on x86 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201341-1
______________________________________________________________________
08.23.16 CVE: CVE-2008-2426
Platform: Unix
Title: imlib2 Library Multiple Buffer Overflow Vulnerabilities
Description: The imlib2 library is used to view and render various
types of images. It is available for UNIX, Linux, and other UNIX-like
operating systems. The library is exposed to multiple issues because
the application fails to properly bounds check user-supplied data.
imlib2 version 1.4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/492739
______________________________________________________________________
08.23.17 CVE: Not Available
Platform: Cross Platform
Title: Adobe Acrobat Reader Unspecified Remote Denial of Service
Description: The Adobe Acrobat Reader package is a PDF file reader
available for multiple platforms. The application is exposed to a
remote denial of service issue which can be triggered by opening a
specially-crafted PDF file.
Ref: http://www.securityfocus.com/bid/29420
______________________________________________________________________
08.23.18 CVE: CVE-2008-2363
Platform: Cross Platform
Title: Pan ".nzb" File Parsing Heap Overflow
Description: Pan is a Usenet newsreader application available for Unix,
Linux and other Unix-like operating systems. The application is exposed
to a heap-based buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=446902
______________________________________________________________________
08.23.19 CVE: CVE-2008-2099
Platform: Cross Platform
Title: VMware VMCI Arbitrary Code Execution
Description: VMware products are virtualization applications capable
of running virtual machines for a wide variety of operating platforms.
Multiple VMware products are exposed to an arbitrary code execution
issue affecting Microsoft Windows-based hosts only. This issue occurs
on hosts with VMCI enabled.
Ref: http://www.securityfocus.com/archive/1/492831
______________________________________________________________________
08.23.20 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari and Microsoft Windows Client-side Code Execution
Description: A vulnerability has been reported that occurs in Apple
Safari on the Microsoft Windows operating system. The issue is due to
a combination of security issues in Apple Safari and all versions of
Microsoft XP and Vista that will allow executables to be downloaded to
a user's computer and executed without prompting.
Ref: http://blogs.zdnet.com/security/?p=1230
______________________________________________________________________
08.23.21 CVE: Not Available
Platform: Cross Platform
Title: freeSSHd SFTP "opendir" Buffer Overflow
Description: freeSSHd is an SSH server for Microsoft Windows. The
application is exposed to a buffer overflow issue because it fails to
bounds check user-supplied data before copying it into an
insufficiently sized buffer. freeSSHd version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/29453
______________________________________________________________________
08.23.22 CVE: CVE-2008-0169
Platform: Cross Platform
Title: ikiwiki Blank Password Authentication Bypass
Description: ikiwiki is a wiki application. The application is exposed
to an authentication bypass issue when the application is configured
to use the "openid" and "passwordauth" plugins. ikiWiki versions
between 1.34 and 2.47 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483770
______________________________________________________________________
08.23.23 CVE: Not Available
Platform: Cross Platform
Title: DotNetNuke Prior to 4.8.3 Multiple Remote Vulnerabilites
Description: DotNetNuke is an open-source framework used to create and
deploy web sites. The application is exposed to multiple remote issues.
A denial of service issue occurs because the application allows
users to run the install/upgrade process. A security bypass issue that is due
to a logic error in the application; this issue will allow attackers
to upload arbitrary "safe" files to restricted directories. An
information disclosure issue. DotNetNuke versions prior to 4.8.2 are
affected.
Ref:
http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno17/tabid/1162/Default.aspx
______________________________________________________________________
08.23.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Calcium "Calcium40.pl" Cross-Site Scripting
Description: Calcium is a web-based calendar application implemented
in Perl. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "CalendarName"
parameter of the "Calcium40.pl" script.
Calcium versions 4.0.4 and 3.10 are affected.
Ref: http://www.securityfocus.com/archive/1/492719
______________________________________________________________________
08.23.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Xerox DocuShare Multiple Cross-Site Scripting Vulnerabilities
Description: Xerox DocuShare is a document management application
that enables remote users to manage, retrieve, and distribute
information. It is available for multiple platforms including Unix and
Microsoft operating systems. The application is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied data to the "SearchResults", "User" and "Group-#" pages.
Xerox DocuShare versions 6 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/492766
______________________________________________________________________
08.23.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DotNetNuke "Default.aspx" Cross-Site Scripting
Description: DotNetNuke is an open-source framework used to create and
deploy web sites. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"Default.aspx" script. DotNetNuke version 4.8.3 is affected.
Ref: http://www.securityfocus.com/archive/1/492793
______________________________________________________________________
08.23.27 CVE: Not Available
Platform: Web Application - SQL Injection
Title: dvbbs "login.asp" Multiple SQL Injection Vulnerabilities
Description: The "dvbbs" program is a web-based bulletin board. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "username"
and "password" parameters of the "login.asp" script. dvbbs version 8.2
is affected.
Ref: http://www.securityfocus.com/bid/29429
______________________________________________________________________
08.23.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo MambAds Component "ma_cat" Parameter SQL
Injection
Description: MambAds is a component for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "ma_cat"
parameter of the "com_mamads" component before using it in an SQL
query. MamAds versions 1.0 RC1 and 1.0 RC1 Beta are affected.
Ref: http://www.securityfocus.com/bid/29433
______________________________________________________________________
08.23.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PsychoStats Multiple SQL Injection Vulnerabilities
Description: PsychoStats is a PHP-based statistics tracker for
Half-Life gamers. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "username" and "password" parameters of the "login.asp" script.
Ref: http://www.milw0rm.com/exploits/5699
______________________________________________________________________
08.23.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TorrentTrader Classic "scrape.php" SQL Injection
Description: TorrentTrader Classic is a web-based torrent tracking
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"info_hash" parameter of the "scrape.php" script.
Ref: http://www.securityfocus.com/archive/1/492878
______________________________________________________________________
08.23.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BP Blog Multiple SQL Injection Vulnerabilities
Description: BP Blog is an ASP-based application for blogging. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the following
scripts and parameters: "template_permalink.asp" : "id" and
"template_archives_cat.asp" : "cat". BP Blog versions 6.0 and earlier
are affected.
Ref: http://www.securityfocus.com/archive/1/492902
______________________________________________________________________
08.23.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ComicShout "news.php" SQL Injection
Description: ComicShout is a PHP-based comic application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "news_id" parameter of
the "news.php" script before using it in an SQL query. ComicShout
version 2.8 is affected.
Ref: http://www.securityfocus.com/archive/1/492918
______________________________________________________________________
08.23.33 CVE: Not Available
Platform: Web Application
Title: SyntaxCMS "upload.php" Arbitrary File Upload
Description: SyntaxCMS is a content manager. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code because it fails to properly sanitize
user-supplied input to the
"fckeditor/editor/filemanager/upload/php/upload.php" script. SyntaxCMS
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/29422
______________________________________________________________________
08.23.34 CVE: Not Available
Platform: Web Application
Title: PicoFlat CMS "pagina" Parameter Local File Include and
Directory Traversal Vulnerabilities
Description: PicoFlat CMS is a content manager. The application is
exposed to a local file include issue and a directory traversal issue
because it fails to properly sanitize user-supplied input to the
"pagina" parameter of the "index.php" script. PicoFlat CMS version
0.5.9 is affected.
Ref: http://www.securityfocus.com/bid/29424
______________________________________________________________________
08.23.35 CVE: Not Available
Platform: Web Application
Title: LokiCMS "admin.php" Security Bypass
Description: LokiCMS is a PHP-based content manager. The application
is exposed to an issue that may allow users to bypass authentication
to access administrative facilities of the application. Once the
application is compromised, this may facilitate further attacks such
as overwriting arbitrary files, injecting malicious PHP code, file
includes, and retrieving the administrator's password hash.
Ref: http://www.securityfocus.com/archive/1/492877
______________________________________________________________________
08.23.36 CVE: Not Available
Platform: Web Application
Title: CMSimple Multiple Input Validation Vulnerabilities
Description: CMSimple is a content management system. The application
is exposed to multiple input validation issues: a local file include
issue affecting the "sl" variable of "index.php", and an arbitrary file
upload issue affected the "sl" variable of "index.php".
Ref: http://www.milw0rm.com/exploits/5700
______________________________________________________________________
08.23.37 CVE: Not Available
Platform: Web Application
Title: meBiblio Multiple Input Validation Vulnerabilities
Description: meBiblio is a bibliography building tool. The application
is exposed to multiple input validation issues. meBiblio version 0.4.7
is affected.
Ref: http://www.securityfocus.com/bid/29465
______________________________________________________________________
08.23.38 CVE: Not Available
Platform: Web Application
Title: Booby "renderer" Parameter Multiple Local and Remote File
Include Vulnerabilities
Description: Booby is a web-based personal information manager that
supports bookmarks, calendars, contacts and other information. The
application is exposed to multiple local and remote file include
issues because it fails to sufficiently sanitize user-supplied input.
Booby version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/29469
______________________________________________________________________
08.23.39 CVE: Not Available
Platform: Web Application
Title: SiteXS CMS "adm/visual/upload.php" Arbitrary File Upload
Description: SiteXS CMS is a PHP-based content manager. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code, because the application fails to properly
sanitize user-supplied input in the form of file extensions to the
"adm/visual/upload.php" script. SiteXS CMS versions 0.1.1 Pre-Alpha
and earlier are affected.
Ref: http://www.securityfocus.com/bid/29497
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkhIPu0ACgkQ+LUG5KFpTkZQNQCdF5I4hj1OtMBOHgB8AYnvhJu3
w/QAoJ80c7SP7LZcb5fWu+lAB3mQMJi2
=IjQS
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]