|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 24
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jun 12 2008 - 13:08:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A tough week - probably worse than it appears.
Substantial numbers of critical vulnerabilities were reported for users
of widely deployed software - Microsoft Bluetooth, Internet Explorer,
and DirectX, Apple QuickTime and Cisco and other vendors' SNMP. But also
in the less visible world of web applications where a massive wave of
attacks against web apps became more visible in this week's data -
nearly 80 new vulnerabilities in commercial web apps this week alone --
and hundreds of thousands of sites compromised because of flaws in their
custom-developed web applications. Several organizations have completed
a joint draft benchmarking assessment for web app security. If you are
responsible for web app security in a medium or large organization, and
have a pretty robust program, yell (apallersans.org) and I'll send it
to you so you can compare the maturity of your program with those of
others.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
June 12, 2008 Vol. 7. Week 24
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II). Summary of
Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 5 (#1, #2, #3, #9, #10)
Other Microsoft Products 1
Third Party Windows Apps 17
Mac Os 6
Linux 6
Novell 1 (#8)
Cross Platform 25 (#4, #5, #6, #7)
Web Application - Cross Site Scripting 11
Web Application - SQL Injection 33
Web Application 35
*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/info/26774
- - Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
http://www.sans.org/secureeurope08
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
Plus 100 other cites and on line any time: www.sans.org
************************ SPONSORED LINK *******************************
1) Free whitepaper: Five Code RED Security Threats to Windows Servers -
- - How to Detect Them
http://www.sans.org/info/29569
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Bluetooth Remote Code Execution (MS08-030)
(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-031)
(3) CRITICAL: Microsoft DirectX Multiple Vulnerabilities (MS08-033)
(4) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(5) CRITICAL: Multiple SNMP Implementations Authentication Bypass Vulnerability
(6) HIGH: OpenOffice.org Remote Code Execution
(7) HIGH: FreeType Multiple Vulnerabilities
(8) HIGH: Novell GroupWise Messaging Client Buffer Overflow
(9) LOW: Microsoft Windows Pragmatic General Multicast Denial-of-Service (MS08-036)
(10) LOW: Microsoft Active Directory Denial-of-Service (MS08-035)
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
- - -- Windows
08.24.1 - Microsoft Windows PGM Invalid Length Remote Denial of Service
08.24.2 - Microsoft Windows PGM Invalid Fragment Remote Denial of ervice
08.24.3 - Microsoft Windows Bluetooth Stack Remote Code Execution
08.24.4 - Microsoft Windows Active Directory LDAP Request Validation Remote Denial of Service
08.24.5 - Microsoft Windows WINS Server Local Privilege Escalation
-- Other Microsoft Products
08.24.6 - Microsoft Internet Explorer HTML Objects Unexpected Method Calls Remote Code Execution
- - -- Third Party Windows Apps
08.24.7 - EMC AlphaStor Server Agent Multiple Stack-Based Buffer Overflow Vulnerabilities
08.24.8 - CA Internet Security Suite "UmxEventCli.dll" ActiveX Control Arbitrary File Overwrite
08.24.9 - SecurityGateway "SecurityGateway.dll" Remote Buffer Overflow
08.24.10 - FFFTP "LIST" Command Directory Traversal
08.24.11 - VMware "vmCOM.dll" "GuestInfo()" Method ActiveX Control Remote Buffer Overflow
08.24.12 - C6 Messenger Installation URL Downloader ActiveX Control Arbitrary File Download
08.24.13 - HP Instant Support "HPISDataManager.dll" RegistryString Buffer Overflow
08.24.14 - HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Creation
08.24.15 - HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Delete
08.24.16 - Creative Labs AutoUpdate Eng "CTSUEng.ocx" ActiveX Control Remote Buffer Overflow
08.24.17 - Skype "file://" URI Handler Bypass Remote Code Execution
08.24.18 - Sleipnir "favorite search" Function Script Code Execution
08.24.19 - Black Ice Multiple Applications "BiDib.dll" ActiveX Control Remote Buffer Overflow
08.24.20 - ALFTP FTP Client "LIST" Command Directory Traversal
08.24.21 - Exiv2 Pretty Printing for Nikon Lens Metadata Denial of Service
08.24.22 - BackWeb "LiteInstActivator.dll" ActiveX Control Buffer Overflow
08.24.23 - Black Ice "BiAnno.ocx" Annotation SDK/ActiveX Control Remote Buffer Overflow
-- Mac Os
08.24.24 - Apple Mac OS X Mail Memory Corruption
08.24.25 - Apple Mac OS X Image Capture Webserver Directory Traversal
08.24.26 - Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure
08.24.27 - Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution
08.24.28 - Apple Mac OS X Single Sign-On "sso_util" Local Information Disclosure
08.24.29 - Apple Mac OS X Image Capture Local Arbitrary File Overwrite
-- Linux
08.24.30 - Fedora "system-config-network" Security Bypass
08.24.31 - Gnome Evolution iCalendar Multiple Buffer Overflow Vulnerabilities
08.24.32 - Linux Kernel BER Decoding Remote Buffer Overflow
08.24.33 - Linux Kernel DCCP Subsystem Buffer Overflow
08.24.34 - opensuse-updater Symbolic Link Local Information Disclosure
08.24.35 - Net-SNMP Remote Authentication Bypass
-- Novell
08.24.36 - Novell GroupWise Messenger Client Buffer Overflow Vulnerabilities
-- Cross Platform
08.24.37 - Anubis Plugin for encrypt Original File Size Information Disclosure Weakness
08.24.38 - CuteFTP "LIST" Command Directory Traversal
08.24.39 - EMC AlphaStor Library Manager
08.24.40 - CiscoWorks Common Services Unspecified Remote Code Execution
08.24.41 - AhsayOBM and AhsayACB SSL Certificate Validation Security Bypass
08.24.42 - Apple Mac OS X Wiki Server User Name Enumeration Weakness
08.24.43 - Computer Associates eTrust Secure Content Manager Multiple Vulnerabilities
08.24.44 - Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
08.24.45 - OpenOffice "rtl_allocateMemory()" Heap Based Buffer Overflow
08.24.46 - Sun Java ASP Server Multiple Directory Traversal Vulnerabilities
08.24.47 - Sun Java ASP Server Information Disclosure
08.24.48 - VMware Openwsman on ESX and ESXi Local Privilege Escalation
08.24.49 - VMware VIX API Multiple Unspecified Buffer Overflow Vulnerabilities
08.24.50 - Sun Service Tag Registry "/var" Consumption Local Denial of Service
08.24.51 - VMware Server Console Unspecified Code Execution
08.24.52 - Asterisk-addons "OOH323" Channel Driver Remote Denial of Service
08.24.53 - GraphicsMagick Multiple Remote Vulnerabilities
08.24.54 - IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities
08.24.55 - Icon Labs Iconfidant SSH Multiple Denial of Service Vulnerabilities
08.24.56 - Fujitsu Interstage Management Console Unspecified Arbitrary File Access
08.24.57 - Motion "read_client()" Off-By-One Buffer Overflow
08.24.58 - FreeType Printer Font Binary Heap Buffer Overflow
08.24.59 - FreeType TrueType Font
08.24.60 - FreeType2 Printer Font Binary Private Dictionary Table Integer Overflow
08.24.61 - FreeType2 Printer Font Binary Remote Code Exeuction
-- Web Application - Cross Site Scripting
08.24.62 - TYPO3 "KJ: Image Lightbox v2" Extension Unspecified Cross-Site Scripting
08.24.63 - Kent WEB MART Unspecified Cross-Site Scripting
08.24.64 - Apache Tomcat Host Manager Cross-Site Scripting
08.24.65 - SamTodo "tid" Parameter Cross-Site Scripting
08.24.66 - SamTodo "completed" Parameter Cross-Site Scripting
08.24.67 - F5 FirePass SSL VPN Multiple Cross-Site Request Forgery Vulnerabilities
08.24.68 - Kronos webTA Project Management Module Multiple Cross-Site Scripting Vulnerabilities
08.24.69 - IBM Workplace Unspecified Cross-Site Scripting
08.24.70 - Tornado Knowledge Retrieval System "p" Parameter Cross-Site Scripting
08.24.71 - PHP Image Gallery "action" Parameter Cross-Site Scripting
08.24.72 - Sun Glassfish "name" Parameter Cross-Site Scripting
-- Web Application - SQL Injection
08.24.73 - MAXSITE "index.php" SQL Injection
08.24.74 - TYPO3 "sg_zfelib" Extension Multiple SQL Injection Vulnerabilities
08.24.75 - CKGold Shopping Cart "item.php" SQL Injection
08.24.76 - Joomla! and Mambo Artists Component "idgalery" Parameter SQL Injection
08.24.77 - AirvaeCommerce "index.php" SQL Injection
08.24.78 - JustPORTAL "site" Parameter Multiple SQL Injection Vulnerabilities
08.24.79 - Proje ASP Portal "id" Parameter Multiple SQL Injection Vulnerabilities
08.24.80 - PHP Booking Calendar "details_view.php" SQL Injection
08.24.81 - Social Site Generator Multiple SQL Injection Vulnerabilities
08.24.82 - CMS Easyway "mid" Parameter SQL Injection
08.24.83 - Joomla! and Mambo myContent Component "id" Parameter SQL Injection
08.24.84 - OtomiGenX "userAccount" Parameter SQL Injection
08.24.85 - Joomla! and Mambo Bible Study Component "id" Parameter SQL Injection
08.24.86 - Drupal Pblog Module "index.php" SQL Injection
08.24.87 - Joomla! and Mambo eQuotes Component SQL Injection
08.24.88 - Battle Blog "comment.asp" SQL Injection
08.24.89 - pNews "index.php" SQL Injection
08.24.90 - Joomla! and Mambo JotLoader Component "cid" Parameter SQL Injection
08.24.91 - Joomla! and Mambo Simple Shop Component "catid" Parameter SQL Injection
08.24.92 - Power Phlogger "css_str" SQL Injection
08.24.93 - Joomla! GameQ Component "category_id" Parameter SQL Injection
08.24.94 - Rapid-Source Rapid-Recipe Joomla! Component "recipe_id" Parameter SQL Injection
08.24.95 - JiRo's FAQ Manager eXperience "fID" Parameter SQL Injection
08.24.96 - yvComment Joomla! Component "ArticleID" Parameter SQL Injection
08.24.97 - iJoomla News Portal Component "Itemid" Parameter SQL Injection
08.24.98 - Courier-Authlib Non-Latin Character Handling SQL Injection
08.24.99 - ASPilot Pilot Cart "pilot.asp" SQL Injection
08.24.100 - DCFM Blog "comments.php" SQL Injection
08.24.101 - Insanely Simple Blog "index.php" Multiple SQL Injection Vulnerabilities
08.24.102 - ASPPortal "reply.asp" SQL Injection
08.24.103 - ASP News Management "viewnews.asp" SQL Injection
08.24.104 - Experts "answer.php" SQL Injection
08.24.105 - Yuhhu Superstar 2008 "view.topics.php" SQL Injection
-- Web Application
08.24.106 - The Campus Request Repairs System "sentout.asp" Unauthorized Access
08.24.107 - trombyn "demoupload.php" Arbitrary File Upload
08.24.108 - DT Centrepiece SQL Injection and Cross-Site Scripting Vulnerabilities
08.24.109 - FlashBlog "imgupload.php" Arbitrary File Upload
08.24.110 - CMS from Scratch "upload.php" Arbitrary File Upload
08.24.111 - CMS from Scratch "image.php" Directory Traversal and Arbitrary File Upload Vulnerabilities
08.24.112 - Opencosmo VisualSentinel User Agent HTML Injection
08.24.113 - PassWiki "site_id" Parameter Local File Include
08.24.114 - Social Site Generator "social_game_play.php" Remote File Include
08.24.115 - SMEWeb SQL Injection and Multiple Cross-Site Scripting Vulnerabilities
08.24.116 - LimeSurvey Prior to 1.71 Multiple Remote Vulnerabilities
08.24.117 - QuickerSite Multiple Vulnerabilities
08.24.118 - HP Instant Support "HPISDataManager.dll" ActiveX Control Arbitrary File Download
08.24.119 - HP Instant Support "HPISDataManager.dll" "GetFileTime" ActiveX Control Buffer Overflow
08.24.120 - HP Instant Support "HPISDataManager.dll" "MoveFile" ActiveX Control Buffer Overflow
08.24.121 - HP Instant Support "HPISDataManager.dll" "StartApp" ActiveX Control Insecure Method
08.24.122 - Achievo "config.php" Arbitrary File Upload
08.24.123 - Sun Java ASP Server Remote Authentication Bypass
08.24.124 - Realm CMS Multiple Input Validation Vulnerabilities
08.24.125 - Flux CMS "loadsave.php" Arbitrary File Overwrite
08.24.126 - 427BB Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.24.127 - WEBalbum "photo_add-c.php" HTML Injection
08.24.128 - Galatolo WebManager "com" Parameter Local File Include
08.24.129 - phpInv Cross-Site Scripting and Local File Include Vulnerabilities
08.24.130 - BrowserCRM "clients.php" Remote File Include
08.24.131 - XOOPS Uploader Module "filename" Parameter Directory Traversal
08.24.132 - NextGEN Gallery WordPress Plugin "nggallery-manage-gallery" HTML Injection
08.24.133 - Real Estate Website "location.asp" Multiple Input Validation Vulnerabilities
08.24.134 - proManager "config.php" Local File Include
08.24.135 - Telephone Directory 2008 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.24.136 - ErfurtWiki Multiple Local File Include Vulnerabilities
08.24.137 - yblog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.24.138 - Hot Links SQL-PHP Multiple Cross-Site Scripting Vulnerabilities
08.24.139 - SyndeoCMS Cross-Site Scripting and Local File Include Vulnerabilities
08.24.140 - TNT Forum "index.php" Local File Include
_____________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Bluetooth Remote Code Execution (MS08-030)
Affected:
Microsoft Windows XP
Microsoft Windows Vista
Description: Bluetooth is an industry standard, short-range wireless
networking protocol. It is often used to provide connectivity for
keyboards, mice, cell phones, cameras and printers, among other devices.
The Microsoft Windows Bluetooth protocol stack contains a flaw in its
handling of Service Discovery Protocol (SDP) packets. A large number of
SDP packets could trigger this vulnerability, leading to arbitrary code
execution with the kernel-level privileges. Any attacker within
Bluetooth range of an affected system could exploit this vulnerability.
A computer must be discoverable by Bluetooth to be vulnerable, but
otherwise, no authentication is necessary to exploit this vulnerability.
Some technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-030.mspx
Wikipedia Article on Bluetooth
http://en.wikipedia.org/wiki/Bluetooth
SecurityFocus BID
http://www.securityfocus.com/bid/29522
********************************************************
(2) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-031)
Affected:
Microsoft Windows 2000
Microsoft WIndows XP
Microsoft Windows Internet Explorer 6
Microsoft WIndows Internet Explorer 7
Description: Microsoft Internet Explorer contains multiple
vulnerabilities. Flaws in the handling of script calls to HTML object
methods can result in memory corruption. A specially crafted web page
containing such calls could exploit this vulnerability to execute
arbitrary code with the privileges of the current user. Additionally, a
flaw in the handling of HTTP request headers can bypass normal
cross-domain protections. A specially crafted web page could trigger
this vulnerability, allowing cross-domain information disclosure. Some
technical details are available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
Minded Security Advisory
http://www.mindedsecurity.com/MSA02240108.html
SecurityFocus BIDs
http://www.securityfocus.com/bid/29556
http://www.securityfocus.com/bid/28379
********************************************************
(3) CRITICAL: Microsoft DirectX Multiple Vulnerabilities (MS08-033)
Affected:
Microsoft Windows 2000
Microsoft WIndows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: DirectX is Microsoft's multimedia authoring programming
interface. It contains a flaw in its handling of Motion JPEG (MJPEG)
video streams embedded in Advanced System Format (ASF) and Audio-Video
Interleave (AVI) streams. It also contains a flaw in its handling of
Synchronized Accessible Media Interchange (SAMI) files. These files are
used to add captioning to multimedia. A malicious AVI, ASF, or SAMI file
could trigger one of these vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the current user. AVI,
ASF, and SAMI files are often opened by applications upon receipt,
without first prompting the user.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-033.mspx
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-039/
http://zerodayinitiative.com/advisories/ZDI-08-040/
Wikipedia Article on SAMI
http://en.wikipedia.org/wiki/SAMI
Wikipedia Article on ASF
http://en.wikipedia.org/wiki/Advanced_Systems_Format
Wikipedia Article on AVI
http://en.wikipedia.org/wiki/AVI
SecurityFocus BIDs
http://www.securityfocus.com/bid/29578
http://www.securityfocus.com/bid/29581
********************************************************
(4) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.5
Description: QuickTime is Apple's streaming media platform for Apple Mac
OS X and Microsoft Windows. It contains multiple flaws in its handling
of various file formats. A specially crafted PICT, AAC, or QuickTime
stream content could trigger one of these vulnerabilities. Successfully
exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user.
QuickTime media is generally opened upon receipt, without first
prompting the user. Some technical details are publicly available for
these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Apple Security Advisory
http://support.apple.com/kb/HT1991
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-037
http://zerodayinitiative.com/advisories/ZDI-08-038
Secunia Security Advisory
http://secunia.com/secunia_research/2008-9/advisory/
SecurityFocus BID
http://www.securityfocus.com/bid/29619
********************************************************
(5) CRITICAL: Multiple SNMP Implementations Authentication Bypass Vulnerability
Affected:
Multiple SNMP implementations, including:
Net-SNMP versions prior to 5.4.1
UCD-SNMP, all versions
eCos, all versions (patched in CVS)
Cisco, multiple products
Description: The Simple Network Management Protocol (SNMP) is an
internet-standard protocol to manage and monitor devices on a network.
Devices may also be configured to allow modification of their
configuration via SNMP. Several versions of SNMP are defined, with the
most recent (and increasingly most common) version being 3. Version 3
SNMP requests can be authenticated using a secure hashing algorithm.
Several popular implementations of SNMP have a flaw in their handling
of this hashing algorithm. A specially crafted SNMP packet could trigger
this vulnerability, allowing an attacker to bypass authentication.
Depending upon configuration, this would allow an attacker to obtain
sensitive configuration information, or modify the configuration of a
managed device. Note that an attacker would still need to know a valid
username to exploit this vulnerability. Full technical details and a
proof-of-concept for this vulnerability are available via source code
analysis.
Status: Vendors confirmed, updates available.
References:
oCERT Advisory
http://www.ocert.org/advisories/ocert-2008-006.html
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/878044
Cisco Vulnerability Note
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a00809adfc8.html
Proof-of-Concept
http://milw0rm.com/exploits/5790
Wikipedia Article on SNMP
http://en.wikipedia.org/wiki/SNMP
SecurityFocus BID
http://www.securityfocus.com/bid/29623
********************************************************
(6) HIGH: OpenOffice.org Remote Code Execution
Affected:
OpenOffice.org versions 2.4 and prior
StarOffice versions 8.x
Description: OpenOffice.org is a popular open source office suite. It
is included by default in most Unix, Unix-like, and Linux operating
system distributions. It is also available for Microsoft Windows and Mac
OS X. It contains a flaw in its handling of malformed documents. A
specially crafted OpenOffice.org document could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Depending upon configuration, documents
may be opened upon receipt without first prompting the user. Full
technical details are available for this vulnerability via source code
analysis. Note that Star Office, a popular commercial fork of
OpenOffice.org is vulnerable as well.
Status: Vendor confirmed, updates available.
References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
OpenOffice.org Home Page
http://www.openoffice.org
SecurityFocus BID
http://www.securityfocus.com/bid/29622
********************************************************
(7) HIGH: FreeType Multiple Vulnerabilities
Affected:
FreeType versions 2.3.5 and prior
Description: FreeType is a popular open source font handling and
rendering library. It is used by a variety of applications, including
the X.Org X Window System server and the Sun Java Runtime Environment.
It contains multiple vulnerabilities in its handling of font files. A
specially crafted font file could trigger one of these vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Depending upon which application using the library is
compromised, malicious fonts may be opened automatically upon receipt
without first prompting the user. Full technical details for these
vulnerabilities are publicly available via source code analysis.
Status: Vendor confirmed, updates available.
References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
FreeType Home Page
http://freetype.sourceforge.net
SecurityFocus BIDs
http://www.securityfocus.com/bid/29637
http://www.securityfocus.com/bid/29639
http://www.securityfocus.com/bid/29640
http://www.securityfocus.com/bid/29641
********************************************************
(8) HIGH: Novell GroupWise Messaging Client Buffer Overflow
Affected:
Novell GroupWise Messenger versions prior to 2.0.3 HP1
Description: Novell GroupWise is a popular enterprise instant messaging
application. Its client for Microsoft Windows contains a flaw in its
handling of server responses. A specially crafted response from a
malicious server could trigger this flaw, leading to a buffer overflow.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the current user. Some
technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available.
References:
Novell Security Bulletin
http://download.novell.com/Download?buildid=HHSfPO91pLQ~
Product Home Page
http://www.novell.com/products/groupwise/
SecurityFocus BID
http://www.securityfocus.com/bid/29602
********************************************************
(9) LOW: Microsoft Windows Pragmatic General Multicast Denial-of-Service (MS08-036)
Affected:
Microsoft WIndows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: The Pragmatic General Multicast protocol (PGM) is an
Internet experimental protocol for reliable multicasting. The
implementation of this protocol in Microsoft Windows contains multiple
denial-of-service vulnerabilities in its handling of PGM streams. A
specially crafted PGM packet could trigger one of these vulnerabilities,
causing the affected system to crash. Note that PGM is not enabled in
the default installation of Microsoft Windows.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
Wikipedia Article on PGM
http://en.wikipedia.org/wiki/Pragmatic_General_Multicast
SecurityFocus BIDs
http://www.securityfocus.com/bid/29508
http://www.securityfocus.com/bid/29509
********************************************************
(10) LOW: Microsoft Active Directory Denial-of-Service (MS08-035)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Description: Microsoft Active Directory is Microsoft's implementation
of the Lightweight Directory Access Protocol (LDAP). It contains a
denial-of-service vulnerability in its handling of certain LDAP
requests. A specially crafted LDAP request could trigger this
vulnerability, potentially crashing the affected system. On systems
other than Microsoft WIndows 2000, an attacker must have valid
authentication credentials to exploit this vulnerability.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/LDAP
SecurityFocus BID
http://www.securityfocus.com/bid/29584
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.24.1 CVE: CVE-2008-1440
Platform: Windows
Title: Microsoft Windows PGM Invalid Length Remote Denial of Service
Description: Microsoft Windows PGM (Pragmatic General Multicast) is a
multicast protocol to detect, report on, and request retransmission of
incomplete or lost inbound data. The application is exposed to a
remote denial of service issue because of the way that it handles
malformed PGM packets.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
______________________________________________________________________
08.24.2 CVE: CVE-2008-1441
Platform: Windows
Title: Microsoft Windows PGM Invalid Fragment Remote Denial of Service
Description: Microsoft Windows PGM (Pragmatic General Multicast) is a
multicast protocol to detect, report on, and request retransmission of
incomplete or lost inbound data. The application is exposed to a
remote denial of service issue because of the way that it handles
malformed PGM packets.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-036.mspx
______________________________________________________________________
08.24.3 CVE: CVE-2008-1453
Platform: Windows
Title: Microsoft Windows Bluetooth Stack Remote Code Execution
Description: Bluetooth is an industry-standard protocol that enables
wireless connectivity for computers, handheld devices, mobile phones,
and other devices. Microsoft Windows is exposed to a remote code
execution issue because the Bluetooth stack fails to adequately handle
specially crafted SDP (Service Discovery Protocol) requests.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-030.mspx
______________________________________________________________________
08.24.4 CVE: CVE-2008-1445
Platform: Windows
Title: Microsoft Windows Active Directory LDAP Request Validation
Remote Denial of Service
Description: Lightweight Directory Access Protocol (LDAP) is a
protocol that allows authorized users to view or update data in a meta
directory. Windows is exposed to a remote denial of service issue
because Microsoft Active Directory, ADAM (Active Directory Application
Mode), and AD LDS (Active Directory Lightweight Directory Service)
fails to handle specially crafted LDAP requests.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-035.mspx
______________________________________________________________________
08.24.5 CVE: CVE-2008-1451
Platform: Windows
Title: Microsoft Windows WINS Server Local Privilege Escalation
Description: Windows Internet Naming Service (WINS) is a protocol used
to support NetBIOS over TCP/IP and to locate network resources such as
computers and printers. The application is exposed to a local
privilege escalation issue that may be triggered by malicious WINS
network packets.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-034.mspx
______________________________________________________________________
08.24.6 CVE: CVE-2008-1442
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer HTML Objects Unexpected Method
Calls Remote Code Execution
Description: Microsoft Internet Explorer is a browser for Windows
operating systems. Internet Explorer is exposed to a remote code
execution issue because it fails to adequately handle unexpected
method calls to certain HTML objects.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
______________________________________________________________________
08.24.7 CVE: CVE-2008-2158
Platform: Third Party Windows Apps
Title: EMC AlphaStor Server Agent Multiple Stack-Based Buffer Overflow
Vulnerabilities
Description: AlphaStor is part of an enterprise backup and
file-sharing application. Server Agent is an application within
AlphaStor that is used to initiate disk-management requests. The
application is exposed to multiple stack-based buffer overflow issues
because it fails to perform adequate boundary checks on user-supplied
data before copying it to insufficiently sized buffers. AlphaStor
version 3.1 SP1 for Windows is affected.
Ref: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=702
______________________________________________________________________
08.24.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: CA Internet Security Suite "UmxEventCli.dll" ActiveX Control
Arbitrary File Overwrite
Description: Computer Associates Internet Security Suite is exposed to
an issue that lets attackers overwrite files. This issue affects the
"SaveToFile()" method of the "UmxEventCli.dll" ActiveX control library
because it fails to sanitize user-supplied input. Internet Security
Suite 2008 is affected.
Ref: http://www.securityfocus.com/archive/1/492679
______________________________________________________________________
08.24.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: SecurityGateway "SecurityGateway.dll" Remote Buffer Overflow
Description: SecurityGateway is an email firewall for Exchange and
SMTP Servers. The management console of the product running on TCP
port 4000 is exposed to a buffer overflow issue. SecurityGateway
version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/29457
______________________________________________________________________
08.24.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: FFFTP "LIST" Command Directory Traversal
Description: FFFTP is an FTP client for Microsoft Windows. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input data. FFFTP version 1.96b
is affected.
Ref: http://vuln.sg/FFFTP196b-en.html
______________________________________________________________________
08.24.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: VMware "vmCOM.dll" "GuestInfo()" Method ActiveX Control Remote
Buffer Overflow
Description: A VMware ActiveX control is exposed to a stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. "vmCOM.dll" version 1.0.0.1 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.24.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: C6 Messenger Installation URL Downloader ActiveX Control
Arbitrary File Download
Description: C6 Messenger is an IM application. The application is
exposed to an issue that lets remote attackers download files from
arbitrary locations to an affected computer.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.24.13 CVE: CVE-2007-5607
Platform: Third Party Windows Apps
Title: HP Instant Support "HPISDataManager.dll" RegistryString
Buffer Overflow
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues that affect HP products. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied input. HP
Instant Support versions 1.0.0.22 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/526131
______________________________________________________________________
08.24.14 CVE: CVE-2008-0952
Platform: Third Party Windows Apps
Title: HP Instant Support "HPISDataManager.dll" ActiveX Control
Arbitrary File Creation
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues that affect HP products. The
application is exposed to an issue that lets attackers create and
overwrite files with arbitrary, attacker-controlled content. HP
Instant Support versions 1.0.0.22 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/190939
______________________________________________________________________
08.24.15 CVE: CVE-2007-5610
Platform: Third Party Windows Apps
Title: HP Instant Support "HPISDataManager.dll" ActiveX Control
Arbitrary File Delete
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues that affect HP products. HP
Instant Support "HPISDataManager.dll" ActiveX control is exposed to an
issue that lets attackers delete arbitrary files on the affected
computer. HP Instant Support versions 1.0.0.22 and earlier are
affected.
Ref: http://www.kb.cert.org/vuls/id/857539
______________________________________________________________________
08.24.16 CVE: CVE-2008-0955
Platform: Third Party Windows Apps
Title: Creative Labs AutoUpdate Eng "CTSUEng.ocx" ActiveX Control
Remote Buffer Overflow
Description: Creative Software AutoUpdate Engine is an auto-update
component for Creative Labs software. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input.
Ref: http://www.kb.cert.org/vuls/id/501843
______________________________________________________________________
08.24.17 CVE: CVE-2008-1805
Platform: Third Party Windows Apps
Title: Skype "file://" URI Handler Bypass Remote Code Execution
Description: Skype is peer-to-peer communications software that
supports IP-based voice communications. The application is exposed to
a remote code execution issue caused by a logic error in the affected
application. The issue occurs in the "file://" URI handler. Skype
versions prior to 3.8.0.139 are affected.
Ref: http://www.skype.com/security/skype-sb-2008-003.html
______________________________________________________________________
08.24.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sleipnir "favorite search" Function Script Code Execution
Description: Sleipnir is a browser available for Microsoft Windows.
The application is exposed to an issue that lets remote attackers
execute arbitrary script code because the application fails to
properly sanitize user-supplied input. The vulnerability occurs in the
"favorite search" function. Sleipnir version 2.7.1 is affected.
Ref: http://www.securityfocus.com/bid/29555
______________________________________________________________________
08.24.19 CVE: Not Available
Platform: Third Party Windows Apps
Title: Black Ice Multiple Applications "BiDib.dll" ActiveX Control
Remote Buffer Overflow
Description: Multiple Black Ice Software applications are exposed to a
stack-based buffer overflow issue because they fail to perform
adequate boundary checks on user-supplied input. The applications that
include BiDib.dll version 10.9.3.0 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.24.20 CVE: Not Available
Platform: Third Party Windows Apps
Title: ALFTP FTP Client "LIST" Command Directory Traversal
Description: ALFTP is an FTP client and server application available
for Microsoft Windows. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. This issue occurs in the FTP client. ALFTP
versions 4.1 beta 2 (English) and 5.0 (Korean) are affected.
Ref: http://vuln.sg/alftp41b2-en.html
______________________________________________________________________
08.24.21 CVE: Not Available
Platform: Third Party Windows Apps
Title: Exiv2 Pretty Printing for Nikon Lens Metadata Denial of Service
Description: Exiv2 is a C++ library and command-line utility used to
manage image metadata. The library is exposed to a denial of service
issue that occurs when processing Nikon lens metadata for pretty
printing. Exiv2 version 0.16 is affected.
Ref:
http://vuln.sg/alftp41b2-en.htmlhttp://dev.robotbattle.com/bugs/view.php?id=0000546
______________________________________________________________________
08.24.22 CVE: CVE-2008-0956
Platform: Third Party Windows Apps
Title: BackWeb "LiteInstActivator.dll" ActiveX Control Buffer Overflow
Description: BackWeb is an application used to facilitate certain
installation and updating functionality in other software. BackWeb is
embedded in the Logitech Desktop manager. The application is exposed
to a remote buffer overflow issue due to a flaw in one of its ActiveX
control components. The issue occurs because the component fails to
perform adequate boundary checks on user-supplied input prior to
copying it to a buffer. BackWeb versions prior to 8.1.1.87 are
affected.
Ref: http://www.kb.cert.org/vuls/id/216153
______________________________________________________________________
08.24.23 CVE: Not Available
Platform: Third Party Windows Apps
Title: Black Ice "BiAnno.ocx" Annotation SDK/ActiveX Control Remote
Buffer Overflow
Description: Black Ice Annotation SDK/ActiveX Control is a toolkit
used to add data to TIFF image files. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
size checks on user-supplied input. Annotation SDK/ActiveX Control
provided by "BiAnno.ocx" version 10.9.5 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.24.24 CVE: CVE-2008-1576
Platform: Mac Os
Title: Apple Mac OS X Mail Memory Corruption
Description: Apple Mac OS X is exposed to a memory corruption issue
that affects the Mail application. This issue may be triggered when a
malicious email is sent through an SMTP server over IPv6. This will
cause Mail to use a buffer containing partially uninitialized memory,
which could be revealed to mail recipients and mail server
administrators. Mac OS X and Mac OS X Server version 10.4.11 is
affected.
Ref: http://www.kb.cert.org/vuls/id/566875
______________________________________________________________________
08.24.25 CVE: CVE-2008-1571
Platform: Mac Os
Title: Apple Mac OS X Image Capture Webserver Directory Traversal
Description: Apple's Image Capture facilitates transfer of images from
a digital camera to a computer. It includes an embedded webserver.
Image Capture is exposed to a directory traversal issue because it
fails to properly sanitize user-supplied input. Mac OS X and Mac OS X
Server version 10.4.11 is affected.
Ref: http://www.securityfocus.com/bid/29501
______________________________________________________________________
08.24.26 CVE: CVE-2008-1573
Platform: Mac Os
Title: Apple Mac OS X ImageIO BMP/GIF Image Information Disclosure
Description: Apple Mac OS X ImageIO is an image-processing framework
that provides applications with read and write functionality for
various image file formats. The application is exposed to an
information disclosure issue. Mac OS X and Mac OS X Server version
10.4.11 and Mac OS X versions 10.5 through 10.5.2 are affected.
Ref: http://www.kb.cert.org/vuls/id/566875
______________________________________________________________________
08.24.27 CVE: CVE-2008-1574
Platform: Mac Os
Title: Apple Mac OS X ImageIO JPEG2000 Handling Remote Code Execution
Description: Apple Mac OS X is exposed to an issue that lets attackers
run arbitrary code because the ImageIO component fails to properly
handle certain image files. Mac OS X and Mac OS X Server versions
10.4.11 and 10.5 through 10.5.2 are affected.
Ref: http://www.securityfocus.com/bid/29514
______________________________________________________________________
08.24.28 CVE: CVE-2008-1578
Platform: Mac Os
Title: Apple Mac OS X Single Sign-On "sso_util" Local Information
Disclosure
Description: Apple Mac OS X is exposed to a local information
disclosure issue that affects the Single Sign-On "sso_util"
command-line utility. The issue occurs because "sso_util" requires
that password data be supplied as a command-line argument. Mac OS X
and Mac OS X Server versions 10.4.11 and 10.5 through 10.5.2
are affected.
Ref: http://www.securityfocus.com/bid/29520
______________________________________________________________________
08.24.29 CVE: CVE-2008-1572
Platform: Mac Os
Title: Apple Mac OS X Image Capture Local Arbitrary File Overwrite
Description: Apple Mac OS X Image Capture is exposed to an issue that
allows local attackers to overwrite arbitrary files. Specifically, an
insecure file operation occurs when handling temporary files. Mac OS X
and Mac OS X Server version 10.4.11 is affected.
Ref: http://www.securityfocus.com/bid/29521
______________________________________________________________________
08.24.30 CVE: CVE-2008-2359
Platform: Linux
Title: Fedora "system-config-network" Security Bypass
Description: The "system-config-network" command is used to configure
network hardware. The command is exposed to a security bypass issue
because the software fails to properly restrict access to certain
functionality. "system-config-network" version 1.5.5-1.fc8 is
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=448557
______________________________________________________________________
08.24.31 CVE: CVE-2008-1109, CVE-2008-1108
Platform: Linux
Title: Gnome Evolution iCalendar Multiple Buffer Overflow
Vulnerabilities
Description: Gnome Evolution is an email, address book and calendar
application for users of the GNOME desktop. The application is exposed
to multiple issues because it fails to perform adequate boundary
checks on user-supplied data. Gnome Evolution version 2.21.1 is
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0516.html
______________________________________________________________________
08.24.32 CVE: CVE-2008-1673
Platform: Linux
Title: Linux Kernel BER Decoding Remote Buffer Overflow
Description: The Linux Kernel is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. The issue occurs in the "asn1_ioid_decode()" structure of the
"ip_nat_snmp_basic.c" source file.
Ref:
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.26-rc5-git1.log
______________________________________________________________________
08.24.33 CVE: CVE-2008-2358
Platform: Linux
Title: Linux Kernel DCCP Subsystem Buffer Overflow
Description: The Linux kernel is exposed to a buffer overflow issue
due to insufficient boundary checks. Specifically, the issue occurs
in the DCCP subsystem due to missing feature length checks. Linux
kernel version 2.6.18 is affected.
Ref: http://www.securityfocus.com/bid/29603
______________________________________________________________________
08.24.34 CVE: CVE-2008-2389
Platform: Linux
Title: opensuse-updater Symbolic Link Local Information Disclosure
Description: opensuse-updater is an update notifier applet for
openSUSE. The application is exposed to a local information disclosure
issue. opensuse-updater running on openSUSE 10.2 is affected.
Ref:
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
______________________________________________________________________
08.24.35 CVE: CVE-2008-0960
Platform: Linux
Title: Net-SNMP Remote Authentication Bypass
Description: Net-SNMP is a set of tools and libraries. The application
is exposed to a remote authentication bypass issue because of a design
error. Specifically, the "snmplib/scapi.c" source file uses the length
of HMAC authentication code from an SNMPv3 packet for validation.
Net-SNMP versions 5.4.1, 5.3.2, 5.2.4 and earlier are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=447974
______________________________________________________________________
08.24.36 CVE: Not Available
Platform: Novell
Title: Novell GroupWise Messenger Client Buffer Overflow
Vulnerabilities
Description: Novell GroupWise Messenger is an instant messaging
client. The application is exposed to unspecified buffer overflow
issues because it fails to adequately bounds check user-supplied data
before copying it to an insufficiently sized buffer. Specifically, the
issues occur when crafted spoofed server responses are sent to valid
clients. Novell GroupWise Messenger versions prior to 2.0.3 HP1 are
affected.
Ref: http://download.novell.com/Download?buildid=HHSfPO91pLQ~
______________________________________________________________________
08.24.37 CVE: Not Available
Platform: Cross Platform
Title: Anubis Plugin for encrypt Original File Size Information
Disclosure Weakness
Description: The "encrypt" application is a freely available utility
designed to encrypt and decrypt sensitive information. The Anubis
plugin for "encrypt" provides additional encryption algorithms. The
application is exposed to an information disclosure issue because the
software fails to properly safeguard potentially sensitive
information. Anubis versions prior to 1.3 are affected.
Ref:
https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2
______________________________________________________________________
08.24.38 CVE: Not Available
Platform: Cross Platform
Title: CuteFTP "LIST" Command Directory Traversal
Description: CuteFTP is an FTP client for Microsoft Windows and Apple
Mac OS X. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input data.
CuteFTP Home versions 8.2.0 Build 02.26.2008.4 and 04.01.2008.1 are
affected.
Ref: http://vuln.sg/cuteftp820-en.html
______________________________________________________________________
08.24.39 CVE: CVE-2008-2157
Platform: Cross Platform
Title: EMC AlphaStor Library Manager
Description: EMC AlphaStor is a suite of applications used for disk
management. The Library Manager ("robotd") is a single process that
manages the replacement of disk drives located in the distrusted
locations. The application is exposed to a remote code execution issue
that occurs in the Library Manager because the application fails to
sufficiently sanitize user-supplied input. EMC AlphaStor version 3.1
SP1 is affected.
Ref: http://www.securityfocus.com/archive/1/492667
______________________________________________________________________
08.24.40 CVE: CVE-2008-2054
Platform: Cross Platform
Title: CiscoWorks Common Services Unspecified Remote Code Execution
Description: CiscoWorks Common Services is a set of management
services used by other CiscoWorks applications. The application is
exposed to an unspecified remote code execution issue.
Ref: http://www.securityfocus.com/archive/1/492685
______________________________________________________________________
08.24.41 CVE: Not Available
Platform: Cross Platform
Title: AhsayOBM and AhsayACB SSL Certificate Validation Security
Bypass
Description: AhsayOBM (Ahsay Online Backup Manager) and AhsayACB
(Ahsay A-Click Backup) are online backup applications. The
applications are exposed to a security bypass issue because they fail
to properly validate SSL certificates from a server when performing
online backups.
Ref: http://forum.ahsay.com/viewtopic.php?t=2313
______________________________________________________________________
08.24.42 CVE: CVE-2008-1579
Platform: Cross Platform
Title: Apple Mac OS X Wiki Server User Name Enumeration Weakness
Description: Wiki Server is a component of Mac OS X Server. The
application is exposed to a weakness that may allow an attacker to
enumerate valid user names. The problem occurs when the Wiki Server is
enabled and an attacker tries to access a blog that doesn't exist. Mac
OS X Server versions 10.5 to 10.5.2 are affected.
Ref: http://support.apple.com/kb/HT1897
______________________________________________________________________
08.24.43 CVE: CVE-2008-2541
Platform: Cross Platform
Title: Computer Associates eTrust Secure Content Manager Multiple
Vulnerabilities
Description: Computer Associates eTrust Secure Content Manager is
a gateway application that monitors, filters and blocks possible
threats from computers. The application is exposed to multiple issues
because it fails to perform adequate boundary checks on user-supplied
data. Computer Associates eTrust Secure Content Manager version 8.0 is
affected.
Ref:
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408#section2
______________________________________________________________________
08.24.44 CVE: CVE-2008-1581, CVE-2008-1582, CVE-2008-1583,
CVE-2008-1584, CVE-2008-1585
Platform: Cross Platform
Title: Apple QuickTime Multiple Arbitrary Code Execution
Vulnerabilities
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to multiple remote issues
that may allow remote attackers to execute arbitrary code or carry out
denial of service attacks. QuickTime versions prior to 7.5 are
affected.
Ref: http://secunia.com/secunia_research/2008-9/advisory/
______________________________________________________________________
08.24.45 CVE: CVE-2008-2152
Platform: Cross Platform
Title: OpenOffice "rtl_allocateMemory()" Heap-Based Buffer Overflow
Description: OpenOffice is a suite of office applications for multiple
operating platforms. The application is exposed to a heap-based buffer
overflow. The issue stems from an integer overflow error in the
"rtl_allocateMemory()" custom memory allocation function. OpenOffice
versions 2 up to and including 2.4 are affected.
Ref: http://www.openoffice.org/security/cves/CVE-2008-2152.html
______________________________________________________________________
08.24.46 CVE: CVE-2008-2403
Platform: Cross Platform
Title: Sun Java ASP Server Multiple Directory Traversal
Vulnerabilities
Description: Sun Java System Active Server Pages software allows
organizations to deploy Active Server Pages (ASP)-based web
applications on a variety of web servers and operating systems.These
applications are exposed to multiple directory traversal issues
because the ASP engine fails to sufficiently sanitize user-supplied
input. Sun Java ASP Server versions prior to 4.0.3 are affected.
Ref: http://www.securityfocus.com/archive/1/493066
______________________________________________________________________
08.24.47 CVE: CVE-2008-2402
Platform: Cross Platform
Title: Sun Java ASP Server Information Disclosure
Description: Sun Java ASP Server provides Active Server Pages
functionality for webservers. The server is available for multiple
operating platforms. The server is exposed to an information
disclosure issue because it fails to restrict access to potentially
sensitive information. Java ASP Server versions 4.0.2 and earlier are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238184-1
______________________________________________________________________
08.24.48 CVE: CVE-2008-2097
Platform: Cross Platform
Title: VMware Openwsman on ESX and ESXi Local Privilege Escalation
Description: VMware ESX is a set of server emulation applications for
several platforms. Openwsman is a system management platform that
implements the Web Services Management protocol (WS-Management). The
Openwsman service is exposed to a privilege escalation issue because
of an unspecified invalid Content-Length error. Openwsman service on
ESX and ESXi version 3.5 is affected.
Ref: http://www.securityfocus.com/bid/29547
______________________________________________________________________
08.24.49 CVE: CVE-2008-2100
Platform: Cross Platform
Title: VMware VIX API Multiple Unspecified Buffer Overflow
Vulnerabilities
Description: VMware VIX API is an Application Programming
Interface that allows users to write scripts and programs that
manipulate virtual machines. Vix is exposed to multiple buffer
overflow issues because it fails to adequately bounds check
user-supplied input before copying it to insufficiently sized buffers.
VMware VIX API versions 1.1.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29552
______________________________________________________________________
08.24.50 CVE: Not Available
Platform: Cross Platform
Title: Sun Service Tag Registry "/var" Consumption Local Denial of
Service
Description: Sun Security Tag uniquely identifies each tagged piece of
hardware and allows information about the hardware to be shared over
a local network in a standard XML format. The application is exposed
to a local denial of service issue that affects the registry.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238414-1
______________________________________________________________________
08.24.51 CVE: Not Available
Platform: Cross Platform
Title: VMware Server Console Unspecified Code Execution
Description: VMware Server Console is an application designed to allow
administrators to remotely manage VMware servers and guest operating
systems. The application is exposed to an unspecified code execution
issue caused by a stack-based buffer overflow issue. VMware Server
Console version 1.0.5 build 80187 is affected.
Ref: http://www.dbappsecurity.com/news-08_5_9__02.html
______________________________________________________________________
08.24.52 CVE: CVE-2008-2543
Platform: Cross Platform
Title: Asterisk-addons "OOH323" Channel Driver Remote Denial of
Service
Description: Asterisk is a private branch exchange (PBX) application
available for Linux, BSD, and Mac OS X platforms. The application is
exposed to a remote denial of service issue that stems from a design
error. The application listens on a TCP socket to receive packets
containing memory addresses to be freed.
Ref: http://downloads.digium.com/pub/security/AST-2008-009.html
______________________________________________________________________
08.24.53 CVE: Not Available
Platform: Cross Platform
Title: GraphicsMagick Multiple Remote Vulnerabilities
Description: GraphicsMagick is an image-processing application
available for multiple platforms. It was originally derived from
ImageMagick 5.5.2. GraphicsMagick versions 1.1.14 and 1.2.3 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485
______________________________________________________________________
08.24.54 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple
Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms, including Linux, AIX, Solaris,
and Microsoft Windows. The application is exposed to multiple issues.
IBM DB2 Universal Database Server versions prior to DB2 9.1 Fixpak 5
are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.phpid=688
______________________________________________________________________
08.24.55 CVE: Not Available
Platform: Cross Platform
Title: Icon Labs Iconfidant SSH Multiple Denial of Service
Vulnerabilities
Description: Icon Labs Iconfidant SSH server is exposed to three
issues that can cause denial of service conditions. The issues are
triggered in the following ways: when multiple authentication attempts
are performed over a short period of time; when an authentication
attempt occurs simultaneously with certain management operations; and
when certain invalid authentication credentials are provided during
authentication. Iconfidant SSH server versions prior to 2.3.8 are
affected.
Ref: http://www.kb.cert.org/vuls/id/626979
______________________________________________________________________
08.24.56 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Interstage Management Console Unspecified Arbitrary
File Access
Description: The Fujitsu Interstage management console allows
administrators to manage, monitor and control the entire server farm from
a single browser based console. The application is exposed to an
unspecified arbitrary file access issue.
Ref:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200805e.html
______________________________________________________________________
08.24.57 CVE: Not Available
Platform: Cross Platform
Title: Motion "read_client()" Off-By-One Buffer Overflow
Description: Motion is a camera motion detector. The application is
exposed to an off-by-one buffer overflow issue because the application
fails to perform adequate boundary checks on user-supplied data. The
vulnerability occurs in the "read_client()" function of the
"webhttpd.c" source file. Motion versions 3.2.10 and earlier are
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484572
______________________________________________________________________
08.24.58 CVE: CVE-2008-1808
Platform: Cross Platform
Title: FreeType Printer Font Binary Heap-Based Buffer Overflow
Description: FreeType is an open source library for parsing fonts.
The application is exposed to a heap-based buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. The issue occurs when parsing Printer Font Binary
(PFB) format font files. FreeType version 2 2.3.5 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
______________________________________________________________________
08.24.59 CVE: CVE-2008-1808
Platform: Cross Platform
Title: FreeType TrueType Font Heap-Based Buffer Overflow
Description: FreeType is an open source library for parsing fonts.
The application is exposed to a heap-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. The vulnerability occurs when parsing TrueType Font (TTF) font
files. FreeType version 2.3.5 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=717
______________________________________________________________________
08.24.60 CVE: CVE-2008-1806
Platform: Cross Platform
Title: FreeType2 Printer Font Binary Private Dictionary Table Integer
Overflow
Description: FreeType2 is an open source library for parsing fonts. The
application is exposed to an integer overflow issue because it fails to
perform adequate checks on user-supplied data.
FreeType version 2 2.3.5 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=715
______________________________________________________________________
08.24.61 CVE: CVE-2008-1807
Platform: Cross Platform
Title: FreeType2 Printer Font Binary Remote Code Exeuction
Description: FreeType2 is an open source library for parsing fonts.
The application is exposed to a remote code execution issue when
parsing Printer Font Binary (PFB) format font files. If an invalid
"number of axes" in a PFB file is processed, "free()" could be called
on unallocated memory. FreeType version 2 2.3.5 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=716
______________________________________________________________________
08.24.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 "KJ: Image Lightbox v2" Extension Unspecified Cross-Site
Scripting
Description: KJ: Image Lightbox v2 (kj_imagelightbox2) is an
extension for TYPO3. The application is exposed to an unspecified
cross-site scripting issue because it fails to properly sanitize
user-supplied input. kj_imagelightbox versions prior to 2 1.1.2 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080527-1/
______________________________________________________________________
08.24.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kent WEB MART Unspecified Cross-Site Scripting
Description: WEB MART is a web-based shopping cart application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to an unspecified parameter. WEB
MART version 1.61 is affected.
Ref: http://www.securityfocus.com/bid/29436
______________________________________________________________________
08.24.64 CVE: CVE-2008-1947
Platform: Web Application - Cross Site Scripting
Title: Apache Tomcat Host Manager Cross-Site Scripting
Description: Apache Tomcat is a Java-based webserver application for
multiple operating systems. The Apache Tomcat Host Manager web
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "name" attribute
of the "host-manager/html/add" script. Tomcat versions 5.5.9 through
5.5.26 and 6.0.0 through 6.0.16 are affected.
Ref: http://tomcat.apache.org/security-6.html
______________________________________________________________________
08.24.65 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SamTodo "tid" Parameter Cross-Site Scripting
Description: SamTodo is a web-based application for managing to-do
lists. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "tid"
parameter of the "index.php" script. SamTodo version 1.1 is affected.
Ref: http://www.davidsopas.com/soapbox/samtodo.txt
______________________________________________________________________
08.24.66 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SamTodo "completed" Parameter Cross-Site Scripting
Description: SamTodo is a PHP-based application for managing to-do
lists. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "completed"
parameter of the "index.php" script. SamTodo version 1.1 is affected.
Ref: http://www.davidsopas.com/soapbox/samtodo.txt
______________________________________________________________________
08.24.67 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 FirePass SSL VPN Multiple Cross-Site Request Forgery
Vulnerabilities
Description: FirePass SSL VPN is a secure Virtual Private Network
device that uses SSL connections to encapsulate network traffic. The
device's management interface is exposed to multiple cross-site
request-forgery issues because it fails to adequately sanitize
user-supplied input. FirePass version 6.0.2 hotfix 3 is affected.
Ref: http://www.microsoft.com/technet/security/bulletin/ms08-jun.mspx
______________________________________________________________________
08.24.68 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kronos webTA Project Management Module Multiple Cross-Site
Scripting Vulnerabilities
Description: Kronos webTA is a labor management application designed
for the U.S. Federal Government. The application is exposed to
multiple cross-site scripting issues that affect the following scripts
in the Project Management module:
"/servlet/com.threeis.webta.H710selProject" and
"/servlet/com.threeis.webta.H720editProjectInfo".
Ref: http://www.securityfocus.com/archive/1/493193
______________________________________________________________________
08.24.69 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Workplace Unspecified Cross-Site Scripting
Description: IBM Workplace products are web-based applications that
provide role-based frameworks for Business. The application is exposed
to an unspecified cross-site scripting issue because the applications
fail to sanitize user-supplied input.
Ref: http://www-306.ibm.com/software/lotus/products/workplace/
______________________________________________________________________
08.24.70 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tornado Knowledge Retrieval System "p" Parameter Cross-Site
Scripting
Description: Tornado Knowledge Retrieval System is a knowledge
management application. The application is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input to
the "p" parameter of the "searcher.exe" script. Tornado Knowledge
Retrieval System version 4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/493217
______________________________________________________________________
08.24.71 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Image Gallery "action" Parameter Cross-Site Scripting
Description: PHP Image Gallery is a photo gallery application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "action" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/29643
______________________________________________________________________
08.24.72 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Glassfish "name" Parameter Cross-Site Scripting
Description: Sun Glassfish is a web administration interface for the
Sun Java System Application Server. The application is exposed to a
cross-site scripting issue because the application fails to
sufficiently sanitize user-supplied input to the "name" parameter of
the "httpListenerEdit.jsf" source file.
Ref: http://www.securityfocus.com/archive/1/493243
______________________________________________________________________
08.24.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MAXSITE "index.php" SQL Injection
Description: MAXSITE is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "category" parameter of the
"index.php" script before using it in an SQL query. MAXSITE versions
1.10 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29381
______________________________________________________________________
08.24.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 "sg_zfelib" Extension Multiple SQL Injection
Vulnerabilities
Description: Library for Frontend plugins (sg_zfelib) is an extension
for the TYPO3 content manager. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data to unspecified scripts and parameters. sg_zfelib
versions 1.1.512 and earlier are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/
______________________________________________________________________
08.24.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CKGold Shopping Cart "item.php" SQL Injection
Description: CKGold Shopping Card is a PHP-based ecommerce
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"category_id" parameter of the "item.php" script before using it in an
SQL query. CKGold Shopping Cart 2.5 is affected; other versions may
also be vulnerable.
Ref: http://www.securityfocus.com/bid/29394
______________________________________________________________________
08.24.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Artists Component "idgalery" Parameter SQL
Injection
Description: Artists is a component for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "idgalery"
parameter of the "com_artist" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/29407
______________________________________________________________________
08.24.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AirvaeCommerce "index.php" SQL Injection
Description: AirvaeCommerce is an ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pid" parameter when
the "p" parameter is set to "vzh". AirvaeCommerce version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/29423
______________________________________________________________________
08.24.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JustPORTAL "site" Parameter Multiple SQL Injection
Vulnerabilities
Description: JustPORTAL is a web portal implemented in ASP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. JustPORTAL version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/29426
______________________________________________________________________
08.24.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Proje ASP Portal "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: Proje ASP Portal is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input. Proje ASP Portal
version 2.0.0 is affected.
Ref: http://www.securityfocus.com/bid/29427
______________________________________________________________________
08.24.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Booking Calendar "details_view.php" SQL Injection
Description: PHP Booking Calendar is a web-based calendar application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "event_id"
parameter of the "details_view.php" script before using it in an SQL
query. PHP Booking Calendar version 10d is affected.
Ref: http://www.securityfocus.com/bid/29435
______________________________________________________________________
08.24.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Social Site Generator Multiple SQL Injection Vulnerabilities
Description: Social Site Generator is a PHP-based application for
social networking. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied input.
Ref: http://www.securityfocus.com/bid/29452
______________________________________________________________________
08.24.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Easyway "mid" Parameter SQL Injection
Description: CMS Easyway is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "mid" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/29461
______________________________________________________________________
08.24.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo myContent Component "id" Parameter SQL
Injection
Description: myContent is a component for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_mycontent" component before using it in an
SQL query. myContent version 1.1.13 is affected.
Ref: http://www.securityfocus.com/bid/29468
______________________________________________________________________
08.24.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OtomiGenX "userAccount" Parameter SQL Injection
Description: OtomiGenX is a web application. It is designed for
library automation. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. OtomiGenX version 2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/492914
______________________________________________________________________
08.24.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Bible Study Component "id" Parameter SQL
Injection
Description: The Bible Study component is a bible plugin for the
Joomla! and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_biblestudy"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29473
______________________________________________________________________
08.24.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Pblog Module "index.php" SQL Injection
Description: Pblog is a photo blog module for Drupal. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "albumId" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29495
______________________________________________________________________
08.24.87 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo eQuotes Component SQL Injection
Description: Mambo and Joomla! are PHP-based content managers. The
eQuotes ("com_equotes") component for Joomla! and Mambo is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query. eQuotes version
0.9.4 is affected.
Ref: http://www.securityfocus.com/bid/29498
______________________________________________________________________
08.24.88 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Battle Blog "comment.asp" SQL Injection
Description: Battle Blog is a web application implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "entry" parameter of
the "comment.asp" script before using it in an SQL query. Battle Blog
version 1.25 is affected.
Ref: http://www.securityfocus.com/bid/29507
______________________________________________________________________
08.24.89 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pNews "index.php" SQL Injection
Description: pNews is a web application. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "shownews" parameter of the "index.php"
script before using it in an SQL query. pNews version 2.08 is
affected.
Ref: http://www.securityfocus.com/bid/29617
______________________________________________________________________
08.24.90 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo JotLoader Component "cid" Parameter SQL
Injection
Description: JotLoader is a plugin for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cid"
parameter of the "com_jotloader" component before using it in an SQL
query.
Ref: http://www.kanich.net/radio/cms/content/view/50/9/
______________________________________________________________________
08.24.91 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Simple Shop Component "catid" Parameter SQL
Injection
Description: Simple Shop is a component for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter of the "com_simpleshop" component before using it in
an SQL query. Simple Shop versions 3.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29565
______________________________________________________________________
08.24.92 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Power Phlogger "css_str" SQL Injection
Description: Power Phlogger is a website statistics tool. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "css_str" parameter of
the "edCss.php" script before using it in an SQL query. All versions
up to and including Power Phlogger version 2.2.5 are affected.
Ref: http://websecurity.com.ua/2158/
______________________________________________________________________
08.24.93 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! GameQ Component "category_id" Parameter SQL Injection
Description: GameQ is a plugin that provides game-related
functionality for the Joomla! content manager. The component is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "category_id" parameter of the
"com_gameq" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29592
______________________________________________________________________
08.24.94 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rapid-Source Rapid-Recipe Joomla! Component "recipe_id"
Parameter SQL Injection
Description: Rapid-Recipe is a component for publishing recipes for
the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "recipe_id" parameter of the
"com_rapidrecipe" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29593
______________________________________________________________________
08.24.95 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JiRo's FAQ Manager eXperience "fID" Parameter SQL Injection
Description: JiRo's FAQ Manager eXperience is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to properly sanitize user-supplied input to the
"fID" parameter of the "read.asp" script before using it in an SQL
query. JiRo's FAQ Manager eXperience version 1.0 is affected.
Ref: http://www.jiros.net/products/product.asp?pID=9
______________________________________________________________________
08.24.96 CVE: Not Available
Platform: Web Application - SQL Injection
Title: yvComment Joomla! Component "ArticleID" Parameter SQL Injection
Description: yvComment is a component for publishing comments for the
Joomla! content manager. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "ArticleID" parameter of the "com_yvcomment" component before
using it in an SQL query. yvComment versions 1.16 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29596
______________________________________________________________________
08.24.97 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iJoomla News Portal Component "Itemid" Parameter SQL Injection
Description: iJoomla News Portal component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "Itemid" parameter of the "com_news_portal"
module before using it in an SQL query. iJoomla News Portal version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/29604
______________________________________________________________________
08.24.98 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Courier-Authlib Non-Latin Character Handling SQL Injection
Description: Courier-Authlib is an authentication library for Courier
applications. The library is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data. The issue occurs
when the library processes non-Latin characters. Courier-Authlib
versions prior to 0.60.6 are affected.
Ref: http://marc.info/?l=courier-users&m=121294465330832
______________________________________________________________________
08.24.99 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPilot Pilot Cart "pilot.asp" SQL Injection
Description: ASPilot Pilot Cart is an ecommerce application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "article" parameter of the "pilot.asp" script before using it in
an SQL query. ASPilot Pilot Cart version 7.3 is affected.
Ref: http://www.securityfocus.com/bid/29615
______________________________________________________________________
08.24.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DCFM Blog "comments.php" SQL Injection
Description: DCFM Blog is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"comments.php" script before using it in an SQL query. DCFM Blog
version 0.9.4 is affected.
Ref: http://www.securityfocus.com/archive/1/493220
______________________________________________________________________
08.24.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Insanely Simple Blog "index.php" Multiple SQL Injection
Vulnerabilities
Description: Insanely Simple Blog is a PHP-based blogging application.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter and "term" search field parameter of the "index.php" script
before using it in an SQL query. Insanely Simple Blog version 0.5 is
affected.
Ref: http://www.securityfocus.com/archive/1/493224
______________________________________________________________________
08.24.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPPortal "reply.asp" SQL Injection
Description: ASPPortal is a website builder application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "Topic_Id"
parameter of the "content/forums/reply.asp" script before using it in
an SQL query. ASPPortal Free Version is affected.
Ref: http://www.securityfocus.com/bid/29631
______________________________________________________________________
08.24.103 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP News Management "viewnews.asp" SQL Injection
Description: ASP News Management is a news announcement application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "newsID" parameter of the "viewnews.asp" script before using it in
an SQL query. ASP News Management version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/29638
______________________________________________________________________
08.24.104 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Experts "answer.php" SQL Injection
Description: Experts is a question and answer script. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "question_id" parameter of the
"answer.php" script before using it in an SQL query. Experts version
1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/29642
______________________________________________________________________
08.24.105 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Yuhhu Superstar 2008 "view.topics.php" SQL Injection
Description: Yuhhu Superstar 2008 is a web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "board" parameter of
the "view.topics.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29647
______________________________________________________________________
08.24.106 CVE: Not Available
Platform: Web Application
Title: The Campus Request Repairs System "sentout.asp" Unauthorized
Access
Description: The Campus Request Repairs System is an ASP-based
application for managing repair requests; it is distributed by the
Gaoxiong Municipal government Bureau of Education. The application is
exposed to an unauthorized access issue because it fails to adequately
limit access to administrative scripts used for creating accounts. The
Campus Request Repairs System version 1.2 is affected.
Ref: http://www.securityfocus.com/archive/1/492589
______________________________________________________________________
08.24.107 CVE: Not Available
Platform: Web Application
Title: trombyn "demoupload.php" Arbitrary File Upload
Description: The "trombyn" program is a web-based genealogy tracker.
The application is exposed to an issue that lets remote attackers
upload and execute arbitrary script code because it fails to properly
sanitize user-supplied input to the "membres/demoupload.php" script.
trombyn version 2.1.1 is affected.
Ref: http://www.securityfocus.com/bid/29390
______________________________________________________________________
08.24.108 CVE: Not Available
Platform: Web Application
Title: DT Centrepiece SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: DT Centrepiece is a web-based content manager. The
application is exposed to an SQL injection issue and a cross-site
scripting issue. Both issues affect the "searchFor" parameter of the
"search.asp" script because the application fails to sufficiently
sanitize user-supplied data. DT Centrepiece version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/29403
______________________________________________________________________
08.24.109 CVE: Not Available
Platform: Web Application
Title: FlashBlog "imgupload.php" Arbitrary File Upload
Description: FlashBlog is a blogging application with a Flash
interface. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code because it fails to
properly sanitize user-supplied input to the
"admin/Editor/imgupload.php" script. FlashBlog BETA version 0.31 is
affected.
Ref: http://www.securityfocus.com/bid/29419
______________________________________________________________________
08.24.110 CVE: Not Available
Platform: Web Application
Title: CMS from Scratch "upload.php" Arbitrary File Upload
Description: CMS from Scratch is a PHP-based content manager. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code because it fails to properly
sanitize user-supplied input, in the form of file extensions, to the
"FCKeditor/editor/filemanager/connectors/php/upload.php" script. CMS
from Scratch version 1.1.3 is affected.
Ref: http://www.securityfocus.com/bid/29431
______________________________________________________________________
08.24.111 CVE: Not Available
Platform: Web Application
Title: CMS from Scratch "image.php" Directory Traversal and Arbitrary
File Upload Vulnerabilities
Description: CMS from Scratch is a PHP-based content manager. The
application is exposed to a directory traversal issue and an
arbitrary file upload issue because it fails to properly sanitize
user-supplied input. CMS from Scratch version 1.1.3 is affected.
Ref: http://www.securityfocus.com/bid/29434
______________________________________________________________________
08.24.112 CVE: Not Available
Platform: Web Application
Title: Opencosmo VisualSentinel User Agent HTML Injection
Description: Opencosmo VisualSentinel is a PHP-based security
application. The application is exposed to an HTML injection issue
because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/492876
______________________________________________________________________
08.24.113 CVE: Not Available
Platform: Web Application
Title: PassWiki "site_id" Parameter Local File Include
Description: PassWiki is a PHP-based Wiki application. The application
is prone to a local file include issue because it fails to properly
sanitize user-supplied input to the "site_id" parameter of the
"passwiki.php" script. PassWiki versions 0.9.16 RC3 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29455
______________________________________________________________________
08.24.114 CVE: Not Available
Platform: Web Application
Title: Social Site Generator "social_game_play.php" Remote File
Include
Description: Social Site Generator is a PHP-based application for
social networking. The application is exposed to a remote file include
issue because it fails to sufficiently sanitize user-supplied input to
the "path" parameter of the "social_game_play.php" script.
Ref: http://www.securityfocus.com/bid/29462
______________________________________________________________________
08.24.115 CVE: Not Available
Platform: Web Application
Title: SMEWeb SQL Injection and Multiple Cross-Site Scripting
Vulnerabilities
Description: SMEWeb is a web-based application. The application is
exposed to multiple issues because it fails to properly sanitize
user-supplied input. SMEWeb version 1.4b is affected.
Ref: http://www.securityfocus.com/archive/1/493130
______________________________________________________________________
08.24.116 CVE: Not Available
Platform: Web Application
Title: LimeSurvey Prior to 1.71 Multiple Remote Vulnerabilities
Description: LimeSurvey is an open-source survey application
implemented in PHP. The application is exposed to multiple issues.
LimeSurvey versions prior to 1.71 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922
______________________________________________________________________
08.24.117 CVE: Not Available
Platform: Web Application
Title: QuickerSite Multiple Vulnerabilities
Description: QuickerSite is ASP-based content manager. The
application is exposed to multiple issues. QuickerSite version 1.8.5
is affected.
Ref: http://bugreport.ir/index.php?/39
______________________________________________________________________
08.24.118 CVE: CVE-2007-5608
Platform: Web Application
Title: HP Instant Support "HPISDataManager.dll" ActiveX Control
Arbitrary File Download
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues that affect HP products. HP
Instant Support ActiveX control is exposed to an issue that lets
attackers download arbitrary files.
Ref: http://www.kb.cert.org/vuls/id/949587
______________________________________________________________________
08.24.119 CVE: CVE-2007-5605
Platform: Web Application
Title: HP Instant Support "HPISDataManager.dll" "GetFileTime" ActiveX
Control Buffer Overflow
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues affecting HP products. The
application is exposed to a remote buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied input. HP
Instant Support versions 1.0.0.22 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/558163
______________________________________________________________________
08.24.120 CVE: CVE-2007-5606
Platform: Web Application
Title: HP Instant Support "HPISDataManager.dll" "MoveFile" ActiveX
Control Buffer Overflow
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues that affect HP products. HP
Instant Support "HPISDataManager.dll" ActiveX control is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input. HP Instant Support versions
1.0.0.22 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/221123
______________________________________________________________________
08.24.121 CVE: CVE-2008-0953
Platform: Web Application
Title: HP Instant Support "HPISDataManager.dll" "StartApp" ActiveX
Control Insecure Method
Description: HP Instant Support is a suite of web-based support tools
that automate resolving technical issues affecting HP products. The
application is exposed to an insecure method issue. HP Instant Support
versions 1.0.0.22 and earlier are affected.
Ref: http://www.kb.cert.org/vuls/id/998779
______________________________________________________________________
08.24.122 CVE: Not Available
Platform: Web Application
Title: Achievo "config.php" Arbitrary File Upload
Description: Achievo is a web-based resource management tool. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code because it fails to properly
sanitize user-supplied input, in the form of file extensions, to the
"/atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php"
script. Achievo version 1.3.2 is affected.
Ref: http://www.securityfocus.com/bid/29621
______________________________________________________________________
08.24.123 CVE: CVE-2008-2406
Platform: Web Application
Title: Sun Java ASP Server Remote Authentication Bypass
Description: Sun Java ASP Server allows organizations to deploy
ASP-based web applications on various web servers and operating
systems. The server is exposed to a remote authentication bypass issue
because of a design error in the affected application. Sun Java ASP
Server versions prior to 4.0.3 are affected.
Ref: http://www.securityfocus.com/archive/1/493071
______________________________________________________________________
08.24.124 CVE: Not Available
Platform: Web Application
Title: Realm CMS Multiple Input Validation Vulnerabilities
Description: Realm CMS is a content management system. The application
is exposed to multiple input validation issues. An SQL injection
issue affect the "kwrd" parameter of the "inc_routine.asp" script.
Multiple cross-site scripting issues affect the "Boyut" and the
"CmpctedDB" parameters of the "compact.asp" script. An
authentication bypass issue due to the application allowing users to
manipulate cookie data. Realm CMS version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/29616
______________________________________________________________________
08.24.125 CVE: Not Available
Platform: Web Application
Title: Flux CMS "loadsave.php" Arbitrary File Overwrite
Description: Flux CMS is a content management system. The application
is exposed to an issue that could permit an attacker to overwrite
arbitrary files because the software fails to verify user-supplied
input. Flux CMS version 1.5.0 is affected.
Ref: http://www.securityfocus.com/bid/29618
______________________________________________________________________
08.24.126 CVE: Not Available
Platform: Web Application
Title: 427BB Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: 427BB is a bulletin board system implemented in PHP with
a MySQL backend. The application is exposed to multiple input
validation issues. 427BB version 2.3.1 is affected.
Ref: http://www.securityfocus.com/bid/29564
______________________________________________________________________
08.24.127 CVE: Not Available
Platform: Web Application
Title: WEBalbum "photo_add-c.php" HTML Injection
Description: WEBalbum is a web-based photo application. The
application is exposed to an HTML injection issue because it fails to
sanitize user-supplied input. This issue affects the "Add Comment"
functionality provided by the "comment" parameter of the
"photo_add-c.php" script. WEBalbum version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/493143
______________________________________________________________________
08.24.128 CVE: Not Available
Platform: Web Application
Title: Galatolo WebManager "com" Parameter Local File Include
Description: Galatolo WebManager is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to sanitize user-supplied input supplied to the "com" parameter of
the "index.php" script. Galatolo WebManager version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29595
______________________________________________________________________
08.24.129 CVE: Not Available
Platform: Web Application
Title: phpInv Cross-Site Scripting and Local File Include
Vulnerabilities
Description: phpInv is a PHP-based inventory script. The application
is exposed to multiple issues. phpInv version 0.8.0 is affected.
Ref: http://www.securityfocus.com/bid/29597
______________________________________________________________________
08.24.130 CVE: Not Available
Platform: Web Application
Title: BrowserCRM "clients.php" Remote File Include
Description: BrowserCRM is a PHP-based customer management system. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "bcrm_pub_root"
parameter of the "clients.php" script. BrowserCRM version 5.002.00 is
affected.
Ref: http://www.securityfocus.com/bid/29598
______________________________________________________________________
08.24.131 CVE: Not Available
Platform: Web Application
Title: XOOPS Uploader Module "filename" Parameter Directory Traversal
Description: Uploader is a PHP-based component for the XOOPS content
manager. The application is exposed to a directory traversal issue
because it fails to properly sanitize user-supplied input to the
"filename" parameter of the "index.php" script. XOOPS Uploader version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/29600
______________________________________________________________________
08.24.132 CVE: Not Available
Platform: Web Application
Title: NextGEN Gallery WordPress Plugin "nggallery-manage-gallery"
HTML Injection
Description: The NextGEN Gallery plugin for WordPress is a web-based
photo application. The application is exposed to an HTML injection
issue because it fails to sanitize user-supplied input. This issue
affects the description textbox provided by the
"nggallery-manage-gallery" action of the "admin.php" script. NextGEN
Gallery version 0.96 is affected.
Ref: http://www.securityfocus.com/archive/1/493182
______________________________________________________________________
08.24.133 CVE: Not Available
Platform: Web Application
Title: Real Estate Website "location.asp" Multiple Input Validation
Vulnerabilities
Description: Real Estate Website is a content manager implemented in
ASP. The application is exposed to multiple input validation issues
because it fails to adequately sanitized user supplied data. Real
Estate Website version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29612
______________________________________________________________________
08.24.134 CVE: Not Available
Platform: Web Application
Title: proManager "config.php" Local File Include
Description: proManager is a PHP-based mind map and project manager.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "language"
parameter of the "config.php" script. proManager version 0.73 is
affected.
Ref: http://www.securityfocus.com/bid/29613
______________________________________________________________________
08.24.135 CVE: Not Available
Platform: Web Application
Title: Telephone Directory 2008 Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Telephone Directory 2008 is a PHP-based address book. The
application is exposed to multiple input validation issues. An SQL
injection issue affects the "id" parameter of the "view_more.php"
script and "code" parameter of the "edit1.php" script when used with
the "confirm_data" action. A cross-site scripting issue affects
the "action" parameter of the "edit1.php" script.
Ref: http://www.securityfocus.com/bid/29614
______________________________________________________________________
08.24.136 CVE: Not Available
Platform: Web Application
Title: ErfurtWiki Multiple Local File Include Vulnerabilities
Description: ErfurtWiki is a wiki application. The application is
exposed to local file include issues because it fails to properly
sanitize user-supplied input to these parameters and scripts:
"fragments/css.php: ewiki_id, ewiki_action" and "index.php: id".
ErfurtWiki version R1.02b is affected.
Ref: http://www.securityfocus.com/archive/1/493219
______________________________________________________________________
08.24.137 CVE: Not Available
Platform: Web Application
Title: yblog Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: yblog is a PHP-based weblog application. The application
is exposed to multiple input validation issues. yblog version 0.2.2.2
is affected.
Ref: http://www.securityfocus.com/archive/1/493222
______________________________________________________________________
08.24.138 CVE: Not Available
Platform: Web Application
Title: Hot Links SQL-PHP Multiple Cross-Site Scripting Vulnerabilities
Description: Hot Links SQL-PHP is a web application. The
application is exposed to multiple cross-site scripting issues that
affect the following scripts and parameters: "search.php: search",
"report.php: id" and "reviews.php: id".
Ref: http://www.securityfocus.com/bid/29632
______________________________________________________________________
08.24.139 CVE: Not Available
Platform: Web Application
Title: SyndeoCMS Cross-Site Scripting and Local File Include
Vulnerabilities
Description: SyndeoCMS is a content management system. SyndeoCMS is
exposed to multiple input validation issues. SyndeoCMS version 2.6.0
is affected.
Ref: http://www.securityfocus.com/bid/29644
______________________________________________________________________
08.24.140 CVE: Not Available
Platform: Web Application
Title: TNT Forum "index.php" Local File Include
Description: TNT Forum is an open-source forum application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "modulo" parameter of
the "index.php" script. TNT Forum version 0.9.4 is affected.
Ref: http://sourceforge.net/projects/tntforum/
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkhRWi0ACgkQ+LUG5KFpTka6AgCfSj4aX+7Qxvc6w/nbAOUiIphH
asUAn1i1GvHgJG9YGN5KKyJ5brQmUGzf
=dHuu
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]