|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 25
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jun 19 2008 - 15:24:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Both Microsoft Word and Firefox have newly discovered vulnerabilities
that allow remote attackers to control the victims' computers - Word
through a corrupted document and Firefox through a malicious web site.
Neither vendor has released patches. It is a great time to remind you
users never to open attachments unless you were expecting them from
someone you know. There's really no security awareness defense against
the Firefox vulnerability because many trusted sites are already
infecting unsuspecting users.
Alan
P.S. The Virtualization Security Summit in Las Vegas
(http://www.sans.org/virtualization08_summit/) and the European SCADA
Summit in Amsterdam (http://www.sans.org/euscada08_summit/) were just
posted today for registration.
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
June 19, 2008 Vol. 7. Week 25
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Microsoft Office 1 (#1)
Third Party Windows Apps 4
Linux 2
Solaris 4
Unix 2
Novell 1 (#3)
Cross Platform 22 (#2, #4)
Web Application - Cross Site Scripting 10
Web Application - SQL Injection 33
Web Application 41
********************* Sponsored By Sourcefire, Inc. *********************
SC Magazine Names Snort(r) "Best Network Security." Learn how Snort is
the engine powering the Sourcefire 3D(tm) System. This IPS is different
from others because it shows you everything running on your network in
real time. It also gives you context for your security events. Know more
real threats. No more wild goose chases. Call 1.800.917.4134 today.
http://www.sans.org/info/30124
*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/sansfire08/
- - Canberra (6/30-7/5) http://www.sans.org/canberra08/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/17) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Word List Handling Memory Corruption Vulnerability
(2) HIGH: Mozilla Firefox Remote Code Execution
(3) HIGH: Novell iPrint Multiple Vulnerabilities
(4) MODERATE: Opera Multiple Vulnerabilities
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Microsoft Office
08.25.1 - Microsoft Word Unordered List Handling Remote Memory Corruption
-- Third Party Windows Apps
08.25.2 - muvee autoProducer "TextOut.dll" ActiveX Control Remote Buffer Overflow
08.25.3 - artegic AG Dana Remote Buffer Overflow
08.25.4 - Glub Tech Secure FTP "LIST" Command Directory Traversal
08.25.5 - 3D-FTP "LIST" and "MLSD" Directory Traversal Vulnerabilities
-- Linux
08.25.6 - Red Hat Enterprise Linux OpenOffice Insecure Library Path Local Privilege Escalation
08.25.7 - Linux Kernel "pppol2tp_recvmsg()" Remote Denial of Service
-- Solaris
08.25.8 - Sun Solaris 10 and OpenSolaris Unspecified Kernel Denial of Service
08.25.9 - Sun Solaris 10 Event Port Denial of Service
08.25.10 - Sun Solaris and OpenSolaris Local IP Multicast Filter Integer Overflow
08.25.11 - Sun Solaris "e1000g(7D)" Driver Remote Unspecified Denial of Service
-- Unix
08.25.12 - IBM OS/400 "BrSmRcvAndCheck()" Buffer Overflow
08.25.13 - Fetchmail Verbose Mode Large Log Messages Remote Denial of Service
-- Novell
08.25.14 - Novell iPrint Client Unspecified
-- Cross Platform
08.25.15 - Apple QuickTime "PICT" Image Buffer Overflow
08.25.16 - Apple QuickTime "PICT" Image "PixData" Structures Handling Heap Overflow
08.25.17 - Apple QuickTime "file:" URI File Execution
08.25.18 - Apple QuickTime Indo Video Codec Buffer Overflow
08.25.19 - Apache "mod_proxy_http" Interim Response Denial of Service
08.25.20 - Apple QuickTime "AAC-encoded" Media Memory Corruption
08.25.21 - NASM "ppscan()" Off-By-One Buffer Overflow
08.25.22 - X.Org X Server RENDER Extension "ProcRenderCreateCursor()" Denial of Service
08.25.23 - X.Org X Server MIT-SHM Extension Information Disclosure
08.25.24 - X.Org X server RENDER Extension Multiple Integer Overflow Vulnerabilities
08.25.25 - Sun Java System Access Manager Authentication Bypass
08.25.26 - Opera Web Browser 9.27 Multiple Security Vulnerabilities
08.25.27 - Vim Vim Script Multiple Command Execution Vulnerabilities
08.25.28 - S.T.A.L.K.E.R. Game Server Remote Denial of Service
08.25.29 - ClamAV "petite.c" Invalid Memory Access Denial of Service
08.25.30 - No-IP DUC Client for Windows Local Information Disclosure
08.25.31 - Skulltag Malformed Packet Denial of Service
08.25.32 - Sun Java System Calendar Server Denial of Service
08.25.33 - Jura Internet Connectivity Kit Unauthorized Access
08.25.34 - Symantec Altiris Notification Server Agent Local Privilege Escalation
08.25.35 - Deterministic Network Extender "dne2000.sys" Local Privilege Escalation
08.25.36 - Foxy "fs" Parameter Memory Exhaustion Remote Denial of Service
-- Web Application - Cross Site Scripting
08.25.37 - TYPO3 Cross-Site Scripting Vulnerability and File Upload
08.25.38 - Drupal Taxonomy Image Module Multiple Unspecified Cross-Site Scripting Vulnerabilities
08.25.39 - vBulletin "redirect" Parameter Cross-Site Scripting
08.25.40 - Contenido CMS Cross-Site Scripting and Multiple Remote File Include Vulnerabilities
08.25.41 - Sun Glassfish Multiple Cross-Site Scripting Vulnerabilities
08.25.42 - SimpleNotes Multiple Cross-Site Scripting Vulnerabilities
08.25.43 - Lyris ListManager "words" Parameter Cross-Site Scripting
08.25.44 - MediaWiki WikiHiero Extension Multiple Cross-Site Scripting Vulnerabilities
08.25.45 - OpenDocMan "out.php" Cross-Site Scripting
08.25.46 - Adobe Flex 3 History Management "historyFrame.html" Cross-Site Scripting
-- Web Application - SQL Injection
08.25.47 - eFiction "toplist.php" SQL Injection
08.25.48 - Noticia Portal "detalle_noticia.php" SQL Injection
08.25.49 - MycroCMS "entry_id" Parameter SQL Injection
08.25.50 - Pooya Site Builder Multiple SQL Injection Vulnerabilities
08.25.51 - JAMM CMS "id" Parameter SQL Injection
08.25.52 - Clever Copy "results.php" SQL Injection
08.25.53 - Gryphon gllcTS2 "detail" Parameter SQL Injection
08.25.54 - Pre Ads Portal Multiple SQL Injection Vulnerabilities
08.25.55 - Pre News Manager "index.php" Parameter SQL Injection
08.25.56 - WebChamado "lista_anexos.php" SQL Injection
08.25.57 - E-SMART CART "productsofcat.asp" SQL Injection
08.25.58 - PHP JOBWEBSITE PRO "JobSearch3.php" SQL Injection
08.25.59 - Gryphon gllcTS2 "listimg.php" SQL Injection
08.25.60 - Pre Job Board "JobSearch.php" SQL Injection
08.25.61 - Advanced Webhost Billing System "news.php" SQL Injection
08.25.62 - Haudenschilt Family Connections Multiple SQL Injection Vulnerabilities
08.25.63 - Conkurent PHPMyCart "shop.php" SQL Injection
08.25.64 - Application Dynamics Cartweaver PHP "details.php" SQL Injection
08.25.65 - Oxygen "post.php" SQL Injection
08.25.66 - Simple Machines Forum "load.php" SQL Injection
08.25.67 - PHPeasyblog "newsarchive.php" SQL Injection
08.25.68 - EZTechhelp Company EZCMS "index.php" SQL Injection
08.25.69 - NITRO Web Gallery "albums.php" SQL Injection
08.25.70 - MyMarket "index.php" SQL Injection
08.25.71 - DIY "index_topic.php" SQL Injection
08.25.72 - BlognPlus Unspecified SQL Injection
08.25.73 - Comparison Engine Power "product.detail.php" SQL Injection
08.25.74 - Bizon-CMS "photo/index.php" SQL Injection
08.25.75 - Basic-CMS "index.php" SQL Injection
08.25.76 - FreeCMS "index.php" SQL Injection
08.25.77 - easyTrade "detail.php" SQL Injection
08.25.78 - PHP Site Lock "index.php" SQL Injection
08.25.79 - ClipShare "group_posts.php" SQL Injection
-- Web Application
08.25.80 - PHPEasyData Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.25.81 - uTorrent and BitTorrent HTTP "Range" Header Remote Denial of Service
08.25.82 - FOG Forum Multiple Local File Include Vulnerabilities
08.25.83 - Flat Calendar Multiple Administrative Scripts Authentication Bypass Vulnerabilities
08.25.84 - IPTBB User Control Panel Privilege Escalation
08.25.85 - net2ftp FTP Client Request Handling Unspecified Security
08.25.86 - Xigla Software Multiple Scripts SQL Injection and Cross-Site Scripting Vulnerabilities
08.25.87 - Drupal Aggregation Module Multiple Vulnerabilities
08.25.88 - dotProject Security Bypass
08.25.89 - Gallery 2.2.4 and Prior Versions Multiple Vulnerabilities
08.25.90 - Drupal Magic Tabs Module PHP Code Execution
08.25.91 - Gravity Board X Multiple Input Validation Vulnerabilities
08.25.92 - DotNetNuke Prior to 4.8.4 Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
08.25.93 - Xerox WorkCentre Webserver Unspecified HTML Injection
08.25.94 - Xerox Multiple Copier/Printer Models Web Server Unspecified HTML Injection
08.25.95 - Xerox WorkCentre Web Services Extensible Interface Platform Unauthorized Access
08.25.96 - FacilCMS Multiple Local File Include Vulnerabilities
08.25.97 - XChat "ircs://" URI Command Execution
08.25.98 - X-Poll "admin/images/index.php" Arbitrary File Upload
08.25.99 - Butterfly Organizer Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.25.100 - WebChamado "admin/corpo.php" Unauthorized Access
08.25.101 - TBDEV.net Comment Field Denial of Service
08.25.102 - Butterfly Organizer Multiple Arbitrary Data Deletion Vulnerabilities
08.25.103 - Joomla! and Mambo galleries Component "aid" Parameter SQL Injection
08.25.104 - Esy-Clanpage Arbitrary File Upload and Local File Include Vulnerabilities
08.25.105 - Mambo Cache_Lite Class "mosConfig_absolute_path" Remote File Include
08.25.106 - GSC Client Privilege Escalation
08.25.107 - SH-News "action.php" Authentication Bypass
08.25.108 - Devalcms "currentfile" Parameter Local File Include
08.25.109 - AlstraSoft AskMe Pro "forum_answer.php" and "profile.php" Multiple SQL Injection Vulnerabilities
08.25.110 - WallCity-Server: Shoutcast Admin Panel "index.php" Local File Include
08.25.111 - EZTechhelp Company EZCMS Security Bypass
08.25.112 - xeCMS Cookie Parameters Authentication Bypass
08.25.113 - Turba Contact Manager HTML Injection
08.25.114 - Horde Turba "services/obrowser/index.php" HTML Injection
08.25.115 - Webmatic Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.25.116 - Ananta CMS "change.php" Authentication Bypass
08.25.117 - Open Azimyt CMS "lang-system.php" Local File Include
08.25.118 - Crysis HTTP/XML-RPC Service Remote Denial of Service
08.25.119 - ThaiQuickCart "PHPSESSID" Cookie Parameter Local File Include
08.25.120 - MyShoutPro "admin_access" Cookie Parameter Authentication Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Word List Handling Memory Corruption Vulnerability
Affected:
Microsoft Office 2000
Microsoft Office 2003
Description: Microsoft Word contains a memory corruption vulnerability
in its handling of unordered (bulleted) lists. A specially crafted Word
document containing such a list could trigger this vulnerability.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the current user. Note
that, on recent versions of Microsoft Office, Word documents are not
opened upon receipt without first prompting the user. Several
proofs-of-concept are publicly available for this vulnerability, as are
several videos demonstrating the attack. Note that further details are
unavailable - most importantly, it is unknown if other versions of
Microsoft Office are affected. Note that the demonstration videos
indicate that user interaction is required to exploit these
vulnerabilities; this is unconfirmed.
Status: Vendor has not confirmed, no updates available.
References:
Demonstration Videos
http://www.nullcode.com.ar/ncs/crash/video.htm
http://www.nullcode.com.ar/ncs/crash/video2.htm
Proofs-of-Concept (binary file link)
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-1.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-2.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-3.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-4.doc
SecurityFocus BID
http://www.securityfocus.com/bid/29769
*********************************************************
(2) HIGH: Mozilla Firefox Remote Code Execution
Affected:
Mozilla Firefox versions 3 and prior
Description: Mozilla Firefox contains an unspecified remote code
execution vulnerability. A specially crafted web page could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. No details have been publicly released
for this vulnerability, but these details could be obtained via source
code analysis.
Status: Vendor confirmed, no updates available.
References:
TippingPoint DVLabs Article
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
Zero Day Initiative Upcoming Advisories
http://zerodayinitiative.com/advisories/upcoming/
ZDNet Blog Posting
http://blogs.zdnet.com/security/?p=1288
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/29794
*********************************************************
(3) HIGH: Novell iPrint Multiple Vulnerabilities
Affected:
Novell iPrint ActiveX controls prior to 4.36
Description: Novell iPrint is a network printing system. Part of its
client's functionality is provided by an ActiveX control. This control
contains multiple vulnerabilities in its handling of various parameters.
A specially crafted web page that instantiates this control could
trigger one of these vulnerabilities. Successfully exploiting one of
these vulnerabilities would allow an attacker to execute arbitrary code
with the privileges of the current user. Some technical details for this
vulnerability are publicly available.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism for CLSID
"36723F97-7AA0-11D4-8919-FF2D71D0D32C". Note that this may affect normal
application functionality.
References:
Novell Patch Information
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
http://download.novell.com/Download?buildid=cbAVckbi_AM~
US-CERT Vulnerability Notes
http://www.kb.cert.org/vuls/id/145313
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/29736
*********************************************************
(4) MODERATE: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.5
Description: Opera is a popular cross-platform web browser. It contains
multiple vulnerabilities in its handling of images, HTML frames, and
certain characters in addresses. Successfully exploiting one of these
vulnerabilities would allow an attacker to load images from
non-authorized domains, obscure the current page address, or alter the
contents of unrelated frames. Some technical details are publicly
available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Opera Security Advisories
http://www.opera.com/support/search/view/878/
http://www.opera.com/support/search/view/883/
http://www.opera.com/support/search/view/885/
Opera 9.5 Security Changes
http://www.opera.com/docs/changelogs/windows/950/#security
Opera Home Page
http://www.opera.com/
SecurityFocus BID
http://www.securityfocus.com/bid/29684
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 25, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.25.1 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Word Unordered List Handling Remote Memory Corruption
Description: Microsoft Word is exposed to a remote memory corruption
issue when it handles specially-crafted Word files containing
unordered lists.
Ref: http://www.nullcode.com.ar/ncs/crash/video2.htm
______________________________________________________________________
08.25.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: muvee autoProducer "TextOut.dll" ActiveX Control Remote Buffer
Overflow
Description: muvee autoProducer is a movie producing application
available for Microsoft Windows. The application is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input. muvee autoProducer version 6.1
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.25.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: artegic AG Dana Remote Buffer Overflow
Description: Dana is an IRC client for Microsoft Windows. The
application is exposed to a buffer overflow issue because the
application fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. Dana versions 1.3 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29724
______________________________________________________________________
08.25.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Glub Tech Secure FTP "LIST" Command Directory Traversal
Description: Glub Tech Secure FTP is an FTP client application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. This issue occurs in the
FTP client. Secure FTP version 2.5.15 for Microsoft Windows is
affected.
Ref: http://vuln.sg/glubsecureftp2515-en.html
______________________________________________________________________
08.25.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: 3D-FTP "LIST" and "MLSD" Directory Traversal Vulnerabilities
Description: 3D-FTP is an FTP client for Microsoft Windows. The
application is exposed to multiple directory traversal issues because
it fails to sufficiently sanitize user-supplied input data. 3D-FTP
version 8.01 is affected.
Ref: http://vuln.sg/3dftp801-en.html
______________________________________________________________________
08.25.6 CVE: CVE-2008-2366
Platform: Linux
Title: Red Hat Enterprise Linux OpenOffice Insecure Library Path Local
Privilege Escalation
Description: OpenOffice is a suite of office applications for multiple
operating platforms. Red Hat has released OpenOffice packages with
some in-house modifications in their Enterprise Linux distributions.
The application is exposed to a local privilege escalation issue
because they were built with insecure library search paths. OpenOffice
version 1.1.x built and shipped with Red Hat Enterprise Linux 3 and 4
are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0538.html
______________________________________________________________________
08.25.7 CVE: Not Available
Platform: Linux
Title: Linux Kernel "pppol2tp_recvmsg()" Remote Denial of Service
Description: The Linux Kernel is exposed to a remote denial of service
issue in the code that processes PPP (Point-to-Point Protocol) packets
sent over L2TP (Layer 2 Transport Protocol). The issue occurs in the
"pppol2tp_recvmsg()" function of the "drivers/net/pppol2tp.c" source
file. Linux Kernel versions prior to 2.6.26-rc6 are affected.
Ref:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b6707a50c7598a83820077393f8823ab791abf8
______________________________________________________________________
08.25.8 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 and OpenSolaris Unspecified Kernel Denial of
Service
Description: Sun Solaris and OpenSolaris are UNIX-based operating
systems. These Operation systems are exposed to a denial of service
issue due to an unspecified issue affecting the kernel.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238688-1
______________________________________________________________________
08.25.9 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 Event Port Denial of Service
Description: Sun Solaris is a UNIX-based operating system. This system
is exposed to a denial of service issue due to an unspecified error
in the event port implementation. A security issue in the event port
implementation may lead to a system panic when executing an
application program that submits and retrieves user-defined events
from a port. Solaris 10 operating system is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235122-1
______________________________________________________________________
08.25.10 CVE: Not Available
Platform: Solaris
Title: Sun Solaris and OpenSolaris Local IP Multicast Filter Integer
Overflow
Description: Sun Solaris and OpenSolaris are UNIX-based operating
systems. The application is exposed to an issue in the IP multicast
Filter processing of Sockets because it fails to adequately
bounds check user-supplied data. Sun Solaris 10 and OpenSolaris builds
snv_13 through snv_91 for SPARC and x886 platforms are affected.
Ref: http://www.trapkit.de/advisories/TKADV2008-003.txt
______________________________________________________________________
08.25.11 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "e1000g(7D)" Driver Remote Unspecified Denial of
Service
Description: Sun Solaris is a UNIX-based operating system. Solaris is
exposed to a denial of service issue caused by an unspecified error
in the "e1000g(7D)" Gigabit Ethernet driver when used with Intel
82571/82572 network interface controllers. Solaris 10 and OpenSolaris
for SPARC and x86 platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238250-1
______________________________________________________________________
08.25.12 CVE: Not Available
Platform: Unix
Title: IBM OS/400 "BrSmRcvAndCheck()" Buffer Overflow
Description: IBM OS/400 is a Unix operating system. The application is
exposed to a remote buffer overflow issue because it fails to properly
perform size checks on user-supplied input.
Ref:
http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64
______________________________________________________________________
08.25.13 CVE: Not Available
Platform: Unix
Title: Fetchmail Verbose Mode Large Log Messages Remote Denial of
Service
Description: Fetchmail is a freely available, open-source
mail-retrieval utility. It is available for UNIX, Linux, and other
UNIX-like operating systems. The application is exposed to a remote
denial of service issue because the application fails to handle
exceptional conditions. Fetchmail versions prior to 6.3.9 are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/535
______________________________________________________________________
08.25.14 CVE: Not Available
Platform: Novell
Title: Novell iPrint Client Unspecified
Description: Novell iPrint Client lets users access printers from
remote locations. The application is exposed to a security issue due
to an unspecified error. iPrint Client versions prior to 4.36 are
affected.
Ref: http://www.novell.com/products/netware/printing/quicklook.html
______________________________________________________________________
08.25.15 CVE: CVE-2008-1583
Platform: Cross Platform
Title: Apple QuickTime "PICT" Image Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a heap-based buffer
overflow issue that arises when the application handles specially
crafted "PICT" image files. QuickTime versions prior to 7.5 are
affected.
Ref: http://support.apple.com/kb/HT1991
______________________________________________________________________
08.25.16 CVE: CVE-2008-1581
Platform: Cross Platform
Title: Apple QuickTime "PICT" Image "PixData" Structures Handling Heap
Overflow
Description: QuickTime is a multimedia application developed by Apple.
The application is exposed to a heap-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. QuickTime versions prior to 7.5 for Windows XP and Vista are
affected.
Ref: http://www.securityfocus.com/archive/1/493225
______________________________________________________________________
08.25.17 CVE: CVE-2008-1585
Platform: Cross Platform
Title: Apple QuickTime "file:" URI File Execution
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to an issue that allows
remote attackers to launch arbitrary applications and files. This
issue may lead to a remote compromise. QuickTime versions prior to 7.5
running on Apple Mac OS X 10.3.9, Mac OS X 10.4.9 to v10.4.11, Mac OS
X 10.5 or later, Windows Vista, and Windows XP SP2 are affected.
Ref: http://support.apple.com/kb/HT1991
______________________________________________________________________
08.25.18 CVE: CVE-2008-1584
Platform: Cross Platform
Title: Apple QuickTime Indo Video Codec Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a stack-based buffer
overflow that occurs in the "Indeo.qtx" file when handling specially
crafted Indo video codec content. QuickTime versions prior to 7.5 are
affected.
Ref: http://support.apple.com/kb/HT1991
______________________________________________________________________
08.25.19 CVE: CVE-2008-2364
Platform: Cross Platform
Title: Apache "mod_proxy_http" Interim Response Denial of Service
Description: Apache is an HTTP webserver available for multiple
operating platforms. The "mod_proxy_http" module provides
functionality used for proxying HTTP requests. The application is
exposed to a denial of service issue. The issue affects the
"ap_proxy_http_process_response()" function when the application
handles excessive interim responses from an origin server and sends
them to a client. Apache versions 2.2.8 and 2.0.63 are affected.
Ref: http://www.apache.org/dist/httpd/CHANGES_2.2.9
______________________________________________________________________
08.25.20 CVE: CVE-2008-1582
Platform: Cross Platform
Title: Apple QuickTime "AAC-encoded" Media Memory Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption issue
that arises when it handles specially crafted "AAC-encoded" media
files. QuickTime versions prior to 7.5 are affected.
Ref: http://support.apple.com/kb/HT1991
______________________________________________________________________
08.25.21 CVE: Not Available
Platform: Cross Platform
Title: NASM "ppscan()" Off-By-One Buffer Overflow
Description: The Netwide Assembler, NASM, is an 80x86 and x86-64
assembler. The application is exposed to an off-by-one buffer overflow
issue because the application fails to perform adequate boundary
checks on user-supplied data. NASM versions 2.02 and earlier are
affected.
Ref:
https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
______________________________________________________________________
08.25.22 CVE: CVE-2008-2361
Platform: Cross Platform
Title: X.Org X Server RENDER Extension "ProcRenderCreateCursor()"
Denial of Service
Description: The X.Org X Windows System is an open-source X Window
System for UNIX, Linux, and variants. It is freely available and
distributed publicly. The application is exposed to a denial of
service issue because the software fails to properly handle
exceptional conditions.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0503.html
______________________________________________________________________
08.25.23 CVE: CVE-2008-1379
Platform: Cross Platform
Title: X.Org X Server MIT-SHM Extension Information Disclosure
Description: The X.Org X Server is an open-source X Window System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to an information disclosure
issue that lets X clients read arbitrary X server memory.
Ref: http://www.securityfocus.com/archive/1/493295
______________________________________________________________________
08.25.24 CVE: CVE-2008-2362
Platform: Cross Platform
Title: X.Org X server RENDER Extension Multiple Integer Overflow
Vulnerabilities
Description: The X.Org X Server is an open-source X Window System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The RENDER component for X Server is exposed to multiple
integer overflow issues because it fails to perform adequate boundary
checks on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/493291
______________________________________________________________________
08.25.25 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Access Manager Authentication Bypass
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. Sun Java System Access
Manager is exposed to an authentication bypass issue due to an
unspecified error. Sun Java System Access Manager version 7.1 is
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238416-1
______________________________________________________________________
08.25.26 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.27 Multiple Security Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to multiple security
issues. Opera versions prior to 9.5 are affected.
Ref: http://www.opera.com/support/search/view/878/
______________________________________________________________________
08.25.27 CVE: Not Available
Platform: Cross Platform
Title: Vim Vim Script Multiple Command Execution Vulnerabilities
Description: Vim is a text editor available for multiple operating
platforms. The application is exposed to multiple command execution
issues because it fails to sufficiently sanitize user-supplied data.
These issues arise because the application utilizes "execute" commands
in Vim Script within the application. Vim version 7.1.298 is affected.
Ref: http://www.securityfocus.com/archive/1/493352
______________________________________________________________________
08.25.28 CVE: Not Available
Platform: Cross Platform
Title: S.T.A.L.K.E.R. Game Server Remote Denial of Service
Description: S.T.A.L.K.E.R. is a multi-player first person shooter game.
Players can play against each other online using the game servers hosted
by GSC Game World. The application is exposed to a remote denial of
service issue because it fails to handle exceptional conditions when
processing user nicknames longer than 64 characters. All versions up to
and including 1.0006 are affected.
Ref: http://www.securityfocus.com/bid/29723
______________________________________________________________________
08.25.29 CVE: Not Available
Platform: Cross Platform
Title: ClamAV "petite.c" Invalid Memory Access Denial of Service
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. The application is exposed to a denial of
service issue due to an invalid memory access during a "memcpy()"
call. The issue occurs in the "libclamav/petite.c" source file. ClamAV
versions prior to 0.93.1 are affected.
Ref:
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886
______________________________________________________________________
08.25.30 CVE: Not Available
Platform: Cross Platform
Title: No-IP DUC Client for Windows Local Information Disclosure
Description: DUC is the Dynamic Update Client application for the
No-IP dynamic DNS service. It is available for Microsoft Windows,
Linux, and Mac OS X platforms. The DUC application for No-IP is
exposed to a local information disclosure issue when it is running on
Microsoft Windows operating systems.
Ref: http://www.securityfocus.com/archive/1/493367
______________________________________________________________________
08.25.31 CVE: Not Available
Platform: Cross Platform
Title: Skulltag Malformed Packet Denial of Service
Description: Skulltag is a Doom engine for Linux and Microsoft Windows
operating systems. The application is exposed to an issue that can
cause denial of service conditions. When the application processes a
large malformed packet a loop occurs that causes the application to
freeze temporarily. Skulltag version 0.97d2-RC3 is affected.
Ref: http://aluigi.altervista.org/adv/skulltagloop-adv.txt
______________________________________________________________________
08.25.32 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Calendar Server Denial of Service
Description: Sun Java System Calendar Server is an application for
managing events, tasks, and resources. The application is exposed to a
denial of service issue caused by an unspecified error.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235521-1
______________________________________________________________________
08.25.33 CVE: Not Available
Platform: Cross Platform
Title: Jura Internet Connectivity Kit Unauthorized Access
Description: Jura IMPRESSA F90 or F9 coffee makers can be connected to
a computer so that configuration parameters and other features can be
controlled remotely via the computer. The application does not require
engineers to authenticate prior to accessing a connected coffee maker.
Furthermore, the engineers can access the affected computer with the
privileges of the user running the application. Attackers can leverage
this issue by connecting to affected computers in the guise of
legitimate engineers.
Ref: http://www.securityfocus.com/archive/1/493387
______________________________________________________________________
08.25.34 CVE: Not Available
Platform: Cross Platform
Title: Symantec Altiris Notification Server Agent Local Privilege
Escalation
Description: Symantec Altiris Notification Server Agent provides core
components used by each Altiris solution and supports the entire
Altiris infrastructure. The application is exposed to a local
privilege escalation issue that occurs in the graphical user interface
(GUI).
Ref:
http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html
______________________________________________________________________
08.25.35 CVE: Not Available
Platform: Cross Platform
Title: Deterministic Network Extender "dne2000.sys" Local Privilege
Escalation
Description: Deterministic Network Extender is a driver provided by
Deterministic Networks that other software vendors use for network
analysis purposes. The application is exposed to a local privilege
escalation issue because it fails to adequately sanitize user-supplied
data.
Ref: http://www.deterministicnetworks.com/Products/dne.asp
______________________________________________________________________
08.25.36 CVE: Not Available
Platform: Cross Platform
Title: Foxy "fs" Parameter Memory Exhaustion Remote Denial of Service
Description: Foxy is a P2P file sharing application. The application
is exposed to a remote denial of service issue because it fails to
handle user-supplied input. This issue occurs when the application
processes specially crafted download requests in the form of a
webpage.
Ref: http://www.securityfocus.com/bid/29776
______________________________________________________________________
08.25.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Cross-Site Scripting Vulnerability and File Upload
Description: TYPO3 is an application for creating web portals. The
application is exposed to a cross-site scripting vulnerability and a file
upload issue because it fails to sanitize user-supplied input. TYPO3
versions 3.x, 4.0 to 4.0.8, 4.1 to 4.1.6, and 4.2.0 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
______________________________________________________________________
08.25.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Taxonomy Image Module Multiple Unspecified Cross-Site
Scripting Vulnerabilities
Description: Taxonomy Image is a module that can be used with Drupal to
allow site administrators to associate images with taxonomy terms. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to unspecified parameters.
Taxonomy Image versions prior to 5.x-1.3 and prior to 6.x-1.3 are
affected.
Ref: http://drupal.org/project/taxonomy_image
______________________________________________________________________
08.25.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: vBulletin "redirect" Parameter Cross-Site Scripting
Description: vBulletin is a PHP-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to the "redirect" parameter of
the "/vB3/admincp/index.php" script. vBulletin versions 3.7.1 and
3.6.10 are affected.
Ref: http://www.vbulletin.com/forum/showthread.php?t=274882
______________________________________________________________________
08.25.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Contenido CMS Cross-Site Scripting and Multiple Remote File
Include Vulnerabilities
Description: Contenido CMS is a content manger. The application is
exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied input. Contenido CMS version 4.8.4
is affected.
Ref: http://www.securityfocus.com/bid/29719
______________________________________________________________________
08.25.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Glassfish Multiple Cross-Site Scripting Vulnerabilities
Description: Sun Glassfish is a web-based administration interface for
the Sun Java System Application Server. The application is exposed to
multiple cross-site scripting issues.
Ref: http://www.securityfocus.com/archive/1/493370
______________________________________________________________________
08.25.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SimpleNotes Multiple Cross-Site Scripting Vulnerabilities
Description: SimpleNotes is a PHP-based tool to manage and categorize
notes, links, or files. The application is exposed to multiple
cross-site scripting issues.
Ref: http://www.securityfocus.com/bid/29755
______________________________________________________________________
08.25.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Lyris ListManager "words" Parameter Cross-Site Scripting
Description: Lyris ListManager is an email marketing software
solution. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
"words" parameter in "read", "search" and "results" pages returned to
the user. Lyris ListManager version 9.3d is affected.
Ref: http://www.securityfocus.com/bid/29761
______________________________________________________________________
08.25.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MediaWiki WikiHiero Extension Multiple Cross-Site Scripting
Vulnerabilities
Description: WikiHiero is an extension of MediaWiki. The application
is exposed to multiple cross-site scripting issues that affect the
"index.php", "wh_generate.php" and "wh_table.php" scripts.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-June/000073.html
______________________________________________________________________
08.25.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OpenDocMan "out.php" Cross-Site Scripting
Description: OpenDocMan is a PHP-based open-source document management
application. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"last_message" parameter of the "out.php" script. OpenDocMan version
1.2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/493390
______________________________________________________________________
08.25.46 CVE: CVE-2008-2640
Platform: Web Application - Cross Site Scripting
Title: Adobe Flex 3 History Management "historyFrame.html" Cross-Site
Scripting
Description: Adobe Flex 3 is a development solution for building
web-based applications. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data. The issue occurs in code used by the History
Management feature. Flex Builder version 3, Flex SDK version 3.0.1,
and any applications built with Flex 3 that have enabled History
Management are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-14.html
______________________________________________________________________
08.25.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eFiction "toplist.php" SQL Injection
Description: eFiction is a story archiving application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "list" parameter of
the "toplist.php" script before using it in an SQL query. eFiction
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/29658
______________________________________________________________________
08.25.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Noticia Portal "detalle_noticia.php" SQL Injection
Description: Noticia Portal is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id_noticia" parameter of the
"detalle_noticia.php" script before using it in an SQL query.
Ref: http://packetstormsecurity.org/0806-exploits/noticia-sql.txt
______________________________________________________________________
08.25.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MycroCMS "entry_id" Parameter SQL Injection
Description: MycroCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "entry_id" parameter of the
"index.php" script. MycroCMS version 0.5 is affected.
Ref: http://www.securityfocus.com/bid/29671
______________________________________________________________________
08.25.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pooya Site Builder Multiple SQL Injection Vulnerabilities
Description: Pooya Site Builder is an ASP-based website building
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Pooya Site Builder version 6.0 is affected.
Ref: http://www.securityfocus.com/archive/1/493299
______________________________________________________________________
08.25.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JAMM CMS "id" Parameter SQL Injection
Description: JAMM CMS is a web-based content management system. This
system is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29674
______________________________________________________________________
08.25.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Clever Copy "results.php" SQL Injection
Description: Clever Copy is a scalable website portal and news-posting
system. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"searchtype" parameter of the "results.php" script before using it in
an SQL query. Clever Copy version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/29694
______________________________________________________________________
08.25.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Gryphon gllcTS2 "detail" Parameter SQL Injection
Description: Gryphon, LLC's gllcTS2 is a webpost script for TeamSpeak
2 that displays a listing of servers and detailed information for each
server. gllcTS2 is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "detail" parameter
of the "login.php" script before using it in an SQL query. All
versions up to and including gllcTS2 version 4.2.4 are affected.
Ref: http://www.securityfocus.com/bid/29697
______________________________________________________________________
08.25.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Ads Portal Multiple SQL Injection Vulnerabilities
Description: Pre Ads Portal is a personal listings application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Pre Ads Portal
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29709
______________________________________________________________________
08.25.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre News Manager "index.php" Parameter SQL Injection
Description: Pre News Manager is a web-based news-publishing
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script before using it in an SQL
query. Pre News Manager version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29710
______________________________________________________________________
08.25.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebChamado "lista_anexos.php" SQL Injection
Description: WebChamado is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "tsk_id" parameter of the
"lista_anexos.php" script before using it in an SQL query. WebChamado
version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29711
______________________________________________________________________
08.25.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-SMART CART "productsofcat.asp" SQL Injection
Description: E-SMART CART is an e-commerce application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "category_id"
parameter of the "productsofcat.asp" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/29712
______________________________________________________________________
08.25.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP JOBWEBSITE PRO "JobSearch3.php" SQL Injection
Description: PHP JOBWEBSITE PRO is used to build job hunting and
posting websites. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
search module of the "/jobseekers/JobSearch3.php" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/493374
______________________________________________________________________
08.25.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Gryphon gllcTS2 "listimg.php" SQL Injection
Description: Gryphon, LLC's gllcTS2 is a webpost script for TeamSpeak
2 that displays a listing of servers and detailed information for each
server. gllcTS2 is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "sort" parameter of
the "listing.php" script before using it in an SQL query. All versions
up to and including gllcTS2 version 4.2.4 are affected.
Ref: http://www.securityfocus.com/bid/29714
______________________________________________________________________
08.25.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Job Board "JobSearch.php" SQL Injection
Description: Pre Job Board is a web-based employment application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the search module of the
"jobseekers/JobSearch.php" script before using it in an SQL query. Pre
Job Board version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29717
______________________________________________________________________
08.25.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Advanced Webhost Billing System "news.php" SQL Injection
Description: Advanced Webhost Billing System (AWBS) is a domain
management system. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "viewnews" parameter of the "news.php" script before using it in
an SQL query. AWBS versions 2.3.3, 2.5.0, 2.6.3, 2.7.0, and 2.7.1 are
affected.
Ref: http://www.securityfocus.com/bid/29721
______________________________________________________________________
08.25.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Haudenschilt Family Connections Multiple SQL Injection
Vulnerabilities
Description: Family Connections is a content management system (CMS).
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Family Connections
version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/29722
______________________________________________________________________
08.25.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Conkurent PHPMyCart "shop.php" SQL Injection
Description: PHPMyCart is a Web-based shopping cart. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat" parameter of the "shop.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29726
______________________________________________________________________
08.25.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Application Dynamics Cartweaver PHP "details.php" SQL Injection
Description: Cartweaver PHP is a Web-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "prodId" parameter of
the "details.php" script before using it in an SQL query. Cartweaver
PHP versions 3.x are affected.
Ref: http://www.securityfocus.com/bid/29727
______________________________________________________________________
08.25.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Oxygen "post.php" SQL Injection
Description: Oxygen is web-based bulletin board software. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "repquote" parameter of the
"post.php" script before using it in an SQL query. Oxygen version 2.0
is affected.
Ref: http://www.securityfocus.com/bid/29729
______________________________________________________________________
08.25.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple Machines Forum "load.php" SQL Injection
Description: Simple Machines Forum is a web-based forum. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize the "db_character_set" variable in the
"load.php" script before using it in an SQL query. Simple Machines
Forum version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/29734
______________________________________________________________________
08.25.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPeasyblog "newsarchive.php" SQL Injection
Description: PHPeasyblog is a web-based news management software.
PHPeasyblog was formerly known as PHPEasyNews. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "post" parameter of the
"newsarchive.php" script before using it in an SQL query. PHPeasyblog
versions up to and including 1.13 RC2 are affected.
Ref: http://www.securityfocus.com/bid/29735
______________________________________________________________________
08.25.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EZTechhelp Company EZCMS "index.php" SQL Injection
Description: EZCMS is a Web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "page" parameter of
the "index.php" script before using it in an SQL query. EZCMS versions
1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29737
______________________________________________________________________
08.25.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NITRO Web Gallery "albums.php" SQL Injection
Description: NITRO Web Gallery is a PHP-based image gallery
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"CatId" parameter of the "albums.php" script before using it in an SQL
query. NITRO Web Gallery versions 1.3, 1.4, 1.41, 1.42 and 1.43 are
affected.
Ref: http://www.securityfocus.com/bid/29753
______________________________________________________________________
08.25.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyMarket "index.php" SQL Injection
Description: MyMarket is a PHP-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29754
______________________________________________________________________
08.25.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DIY "index_topic.php" SQL Injection
Description: DIY is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "did" parameter of the
"index_topic.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/5816
______________________________________________________________________
08.25.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlognPlus Unspecified SQL Injection
Description: BlognPlus is a PHP-based blog application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to an unspecified parameter
before using it in an SQL query. BlognPlus versions 2.5.4 and earlier
for MySQL and PostgreSQL editions are affected.
Ref: http://www.securityfocus.com/bid/29764
______________________________________________________________________
08.25.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Comparison Engine Power "product.detail.php" SQL Injection
Description: Comparison Engine Power is a web-based marketing and
product comparison script. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query. Comparison Engine
Power version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29768
______________________________________________________________________
08.25.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bizon-CMS "photo/index.php" SQL Injection
Description: Bizon-CMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"photo/index.php" script before using it in an SQL query. Bizon-CMS
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29770
______________________________________________________________________
08.25.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Basic-CMS "index.php" SQL Injection
Description: Basic-CMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page_id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29771
______________________________________________________________________
08.25.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FreeCMS "index.php" SQL Injection
Description: FreeCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the "index.php"
script before using it in an SQL query. FreeCMS version 0.2 is
affected.
Ref: http://www.securityfocus.com/bid/29773
______________________________________________________________________
08.25.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: easyTrade "detail.php" SQL Injection
Description: easyTrade is a web-based classified advertisement portal.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "detail.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29775
______________________________________________________________________
08.25.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Site Lock "index.php" SQL Injection
Description: PHP Site Lock is a PHP-based authentication application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "articleid"
parameter of the "index.php" script before using it in an SQL query.
PHP Site Lock version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29777
______________________________________________________________________
08.25.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ClipShare "group_posts.php" SQL Injection
Description: ClipShare is a video sharing script. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "tid" parameter of the
"group_posts.php" script before using it in an SQL query. ClipShare
versions prior to 3.0.1 are affected.
Ref: http://www.milw0rm.com/exploits/5839
______________________________________________________________________
08.25.80 CVE: Not Available
Platform: Web Application
Title: PHPEasyData Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: PHPEasyData is a PHP-based application that displays
dynamic data and directories in a web browser. The application is
exposed to multiple input validation issues. PHPEasyData version 1.5.4
is affected.
Ref: http://www.securityfocus.com/archive/1/493273
______________________________________________________________________
08.25.81 CVE: CVE-2008-0071
Platform: Web Application
Title: uTorrent and BitTorrent HTTP "Range" Header Remote Denial of
Service
Description: BitTorrent and uTorrent both contain a web-based
administrative interface to manage file transfers. BitTorrent and
uTorrent are both owned by BitTorrent Inc. The web interfaces are
exposed to a remote denial of service issue. uTorrent version 1.7.7
and BitTorrent version 6.0.1 are affected.
Ref: http://www.securityfocus.com/archive/1/493269
______________________________________________________________________
08.25.82 CVE: Not Available
Platform: Web Application
Title: FOG Forum Multiple Local File Include Vulnerabilities
Description: FOG Forum is a web-based forum application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. FOG Forum version
0.8.1 is affected.
Ref: http://www.securityfocus.com/bid/29651
______________________________________________________________________
08.25.83 CVE: Not Available
Platform: Web Application
Title: Flat Calendar Multiple Administrative Scripts Authentication
Bypass Vulnerabilities
Description: Flat Calendar is a PHP-based scheduling application. The
application is exposed to multiple authentication bypass issues
because it fails to perform adequate authentication checks when the
following scripts are requested: "/admin/add.php" and
"/admin/deleteEvent.php". Flat Calendar version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/493278
______________________________________________________________________
08.25.84 CVE: Not Available
Platform: Web Application
Title: IPTBB User Control Panel Privilege Escalation
Description: IPTBB is a bulletin board application. The application is
exposed to a privilege escalation issue because it fails to
sufficiently sanitize user-supplied input. IPTBB version 0.5.6 is
affected.
Ref: http://www.securityfocus.com/bid/29663
______________________________________________________________________
08.25.85 CVE: Not Available
Platform: Web Application
Title: net2ftp FTP Client Request Handling Unspecified Security Vulnerability
Description: net2ftp is a web-based FTP client. The application is
exposed to an issue that can allow remote attackers to retrieve and
delete files, and execute arbitrary PHP code. net2ftp versions 0.96
(stable) and 0.97 (beta) are affected.
Ref: http://vuln.sg/net2ftp096-en.html
______________________________________________________________________
08.25.86 CVE: Not Available
Platform: Web Application
Title: Xigla Software Multiple Scripts SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Multiple Xigla Software products are exposed to
cross-site scripting and SQL injection issues because the applications
fail to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/493293
______________________________________________________________________
08.25.87 CVE: Not Available
Platform: Web Application
Title: Drupal Aggregation Module Multiple Vulnerabilities
Description: Aggregation is a module for Drupal content manager. The
module is exposed to multiple issues. Aggregation versions prior to
5.x-4.4 are affected.
Ref: http://drupal.org/node/269479
______________________________________________________________________
08.25.88 CVE: Not Available
Platform: Web Application
Title: dotProject Security Bypass
Description: dotProject is an open source project management tool. The
application is exposed to an issue that may allow users to bypass
authentication and access certain administrative pages. dotProject
version 2.1.1 is affected.
Ref: http://www.securityfocus.com/bid/29679
______________________________________________________________________
08.25.89 CVE: Not Available
Platform: Web Application
Title: Gallery 2.2.4 and Prior Versions Multiple Vulnerabilities
Description: Gallery is a web-based photo album organizer. The
application is exposed to multiple issues. Gallery versions 2.2.4 and
earlier are affected.
Ref: http://gallery.menalto.com/gallery_2.2.5_released
______________________________________________________________________
08.25.90 CVE: Not Available
Platform: Web Application
Title: Drupal Magic Tabs Module PHP Code Execution
Description: Magic Tabs is a module for the Drupal content management
system. It implements tabs and allows the tabs to be filled via AJAX
requests. The application is exposed to an issue that lets attackers
inject arbitrary PHP code. The issue occurs because the application
fails to properly sanitize user-supplied input. Magic Tabs versions
prior to 5.x-1.1 are affected.
Ref: http://drupal.org/node/269321
______________________________________________________________________
08.25.91 CVE: Not Available
Platform: Web Application
Title: Gravity Board X Multiple Input Validation Vulnerabilities
Description: Gravity Board X is a web-based forum application. The
application is exposed to multiple input validation issues. Gravity
Board X version 2.0 Beta is affected.
Ref: http://www.securityfocus.com/bid/29685
______________________________________________________________________
08.25.92 CVE: Not Available
Platform: Web Application
Title: DotNetNuke Prior to 4.8.4 Multiple HTML Injection and
Cross-Site Scripting Vulnerabilities
Description: Serendipity is a web-log application. Since it fails to
properly sanitize user-supplied input, the application is exposed to
multiple input validation issues. DotNetNuke versions prior to 4.8.4
are affected.
Ref:
http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx
______________________________________________________________________
08.25.93 CVE: Not Available
Platform: Web Application
Title: Xerox WorkCentre Webserver Unspecified HTML Injection
Description: Xerox WorkCentre is a web-capable printer and
photocopier. The application is exposed to an unspecified HTML
injection issue because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/29689
______________________________________________________________________
08.25.94 CVE: Not Available
Platform: Web Application
Title: Xerox Multiple Copier/Printer Models Web Server Unspecified
HTML Injection
Description: Xerox provides web-capable printers and photocopiers. The
web server in multiple Xerox copier/printer models is exposed to an
unspecified HTML injection issue because it fails to properly sanitize
user-supplied input. The following Xerox copier/printer models are
affected: Xerox 4110, Xerox 4590 and Xerox 4595.
Ref: http://www.securityfocus.com/bid/29690
______________________________________________________________________
08.25.95 CVE: Not Available
Platform: Web Application
Title: Xerox WorkCentre Web Services Extensible Interface Platform
Unauthorized Access
Description: Xerox WorkCentre is exposed to an issue that can result
in unauthorized Web Services access. The issue occurs when the
Extensible Interface Platform feature is accessed under certain
unspecified conditions.
Ref: http://www.securityfocus.com/bid/29691
______________________________________________________________________
08.25.96 CVE: Not Available
Platform: Web Application
Title: FacilCMS Multiple Local File Include Vulnerabilities
Description: FacilCMS is a PHP-based content manager. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the following parameters and
scripts: "index.php : change_lang" and "modules.php : modload".
FacilCMS version 0.1RC is affected.
Ref: http://www.securityfocus.com/bid/29692/references
______________________________________________________________________
08.25.97 CVE: Not Available
Platform: Web Application
Title: XChat "ircs://" URI Command Execution
Description: XChat is an IRC chat program. The application is exposed
to an issue that allows remote attackers to execute arbitrary commands
in the context of the vulnerable user. XChat versions 2.8.7b and
earlier are affected.
Ref: http://www.securityfocus.com/bid/29696
______________________________________________________________________
08.25.98 CVE: Not Available
Platform: Web Application
Title: X-Poll "admin/images/index.php" Arbitrary File Upload
Description: X-Poll a web-based application to create polls. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. X-Poll version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29698
______________________________________________________________________
08.25.99 CVE: Not Available
Platform: Web Application
Title: Butterfly Organizer Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Butterfly Organizer is a PHP-based application for
organizing web accounts. The application is exposed to multiple input
validation issues. Butterfly Organizer version 2.0.0 is affected.
Ref: http://www.securityfocus.com/bid/29700
______________________________________________________________________
08.25.100 CVE: Not Available
Platform: Web Application
Title: WebChamado "admin/corpo.php" Unauthorized Access
Description: WebChamado is a web-based application. The application is
exposed to an unauthorized access issue because it fails to adequately
limit access to administrative scripts used for created accounts.
WebChamado version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29701
______________________________________________________________________
08.25.101 CVE: Not Available
Platform: Web Application
Title: TBDEV.net Comment Field Denial of Service
Description: TBDEV.net is a PHP-based torrent tracker and content
management application based on torrentbits/bytemonsoon source code.
The application is exposed to an issue that can cause denial of
service conditions. The issue occurs because the application fails to
handle specially-crafted comments posted to torrent description pages.
TBDEV-01-01-08 is affected.
Ref: http://sourceforge.net/projects/tbdevnet/
______________________________________________________________________
08.25.102 CVE: Not Available
Platform: Web Application
Title: Butterfly Organizer Multiple Arbitrary Data Deletion
Vulnerabilities
Description: Butterfly Organizer is a PHP-based application for
organizing web accounts. The application is exposed to two issues that
allow attackers to delete arbitrary data because it fails to properly
sanitize user-supplied input. Butterfly Organizer version 2.0.0 is
affected.
Ref: http://www.securityfocus.com/bid/29703
______________________________________________________________________
08.25.103 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo galleries Component "aid" Parameter SQL
Injection
Description: galleries is a photo gallery component for the Mambo and
Joomla! content managers. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "aid" parameter of the "com_galleries" component before using it
in an SQL query. galleries version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29706
______________________________________________________________________
08.25.104 CVE: Not Available
Platform: Web Application
Title: Easy-Clanpage Arbitrary File Upload and Local File Include
Vulnerabilities
Description: Easy-Clanpage is a web-based content manager. The
application is exposed to multiple input validation issues.
Easy-Clanpage version 3.0b1 is affected.
Ref: http://www.easy-clanpage.de/?section=downloads&show=dlc&id=1
______________________________________________________________________
08.25.105 CVE: Not Available
Platform: Web Application
Title: Mambo Cache_Lite Class "mosConfig_absolute_path" Remote File
Include
Description: The Cache_Lite class uses output buffering to cache web
data for the Mambo content manager. The application is exposed to a
remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "mosConfig_absolute_path" parameter of the
"/includes/Cace/Lite/Output.php" script. Cache_Lite version 1.1 from
Mambo version 4.6.4 is affected.
Ref: http://www.securityfocus.com/bid/29716
______________________________________________________________________
08.25.106 CVE: Not Available
Platform: Web Application
Title: GSC Client Privilege Escalation
Description: GSC Client is a gaming communication application similar
to IRC. The application is exposed to a privilege escalation issue
because it fails to sufficiently validate administrator credentials.
This issue occurs because the GSC server does not validate
administrator commands it relieves from the client. GSC Client version
1.00 2067 is affected.
Ref: http://www.securityfocus.com/archive/1/493355
______________________________________________________________________
08.25.107 CVE: Not Available
Platform: Web Application
Title: SH-News "action.php" Authentication Bypass
Description: SH-News is a web-based application. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication inside the "action.php" script. SH-News version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/29725
______________________________________________________________________
08.25.108 CVE: Not Available
Platform: Web Application
Title: Devalcms "currentfile" Parameter Local File Include
Description: Devalcms is a PHP-based content manager. The application
is exposed to a local file include issue because it fails to sanitize
user-supplied input supplied to the "currentfile" parameter of the
"func.php" script. Devalcms version 1.4a is affected.
Ref: http://www.securityfocus.com/bid/29728
______________________________________________________________________
08.25.109 CVE: Not Available
Platform: Web Application
Title: AlstraSoft AskMe Pro "forum_answer.php" and "profile.php"
Multiple SQL Injection Vulnerabilities
Description: AlstraSoft AskMe Pro is a PHP-based knowledge management
system. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"que_id" parameter of the "forum_answer.php" script and the "id"
parameter of the "profile.php" script before using it in an SQL query.
All AlstraSoft AskMe Pro versions up to and including 2.1 are
affected.
Ref: http://www.securityfocus.com/bid/29732
______________________________________________________________________
08.25.110 CVE: Not Available
Platform: Web Application
Title: WallCity-Server: Shoutcast Admin Panel "index.php" Local File
Include
Description: WallCity-Server: Shoutcast Admin Panel is a PHP-based
administration application for Shoutcast servers. The application is
exposed to a local file include issue because it fails to sanitize
user-supplied input supplied to the "page" parameter of the
"index.php" script. WallCity-Server: Shoutcast Admin Panel version 2.0
is affected.
Ref: http://www.securityfocus.com/bid/29733
______________________________________________________________________
08.25.111 CVE: Not Available
Platform: Web Application
Title: EZTechhelp Company EZCMS Security Bypass
Description: EZCMS is a Web-based content management system. The
application is exposed to an issue that may allow users to bypass
authentication and access certain administrative pages. EZCMS versions
1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29738
______________________________________________________________________
08.25.112 CVE: Not Available
Platform: Web Application
Title: xeCMS Cookie Parameters Authentication Bypass
Description: xeCMS is content management system. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. xeCMS versions 1.0.0 RC2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29740
______________________________________________________________________
08.25.113 CVE: Not Available
Platform: Web Application
Title: Turba Contact Manager HTML Injection
Description: Turba is a contact management application developed by
Horde using PHP. The application is exposed to an HTML injection issue
because it fails to sanitize user-supplied input. All versions of Turba
Contact Manager up to 2.2.1 are affected.
Ref: http://lists.horde.org/archives/announce/2008/000420.html
______________________________________________________________________
08.25.114 CVE: Not Available
Platform: Web Application
Title: Horde Turba "services/obrowser/index.php" HTML Injection
Description: Horde Turba is a PHP-based content manager. The
application is exposed to an HTML injection issue because it fails to
sanitize user-supplied input to the "name" parameter of the
"services/obrowser/index.php" script. Horde versions 3.1.7, 3.2 and
earlier versions are affected.
Ref: http://lists.horde.org/archives/announce/2008/000416.html
______________________________________________________________________
08.25.115 CVE: Not Available
Platform: Web Application
Title: Webmatic Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Webmatic is a PHP-based application for organizing web
accounts. The application is exposed to multiple cross-site scripting
and SQL injection issues because it fails to sufficiently sanitize
user-supplied data. Webmatic versions prior to 2.8 are affected.
Ref: http://www.securityfocus.com/bid/29748
______________________________________________________________________
08.25.116 CVE: Not Available
Platform: Web Application
Title: Ananta CMS "change.php" Authentication Bypass
Description: Ananta CMS is a web-based content manager. The
application is exposed to an authentication bypass issue because it
fails to perform authentication checks to the "Change Profile" section
implemented by the "change.php" script. Ananta CMS version 1.0b5 is
affected.
Ref: http://www.securityfocus.com/bid/29752
______________________________________________________________________
08.25.117 CVE: Not Available
Platform: Web Application
Title: Open Azimyt CMS "lang-system.php" Local File Include
Description: Open Azimyt CMS is a content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "lang" parameter of
the "lang-system.php" script. Open Azimyt CMS versions 0.22 minimal
and 0.21 stable are affected.
Ref: http://www.securityfocus.com/bid/29756
______________________________________________________________________
08.25.118 CVE: Not Available
Platform: Web Application
Title: Crysis HTTP/XML-RPC Service Remote Denial of Service
Description: Crysis is a commercially available first-person-shooter
video game distributed by Electronic Arts. The application is exposed
to a denial of service issue because it fails to handle exceptional
conditions. Specifically, this issue is caused by a NULL-pointer
dereference error in the HTTP/XML-RPC service, which receives "rcon"
commands. Crysis version 1.21 is affected.
Ref: http://aluigi.altervista.org/adv/dontcrysis-adv.txt
______________________________________________________________________
08.25.119 CVE: Not Available
Platform: Web Application
Title: ThaiQuickCart "PHPSESSID" Cookie Parameter Local File Include
Description: ThaiQuickCart is a shopping cart application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "PHPSESSID" cookie
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/29774
______________________________________________________________________
08.25.120 CVE: Not Available
Platform: Web Application
Title: MyShoutPro "admin_access" Cookie Parameter Authentication
Bypass
Description: MyShoutPro is a shout box application. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. MyShoutPro version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/29780
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkharWgACgkQ+LUG5KFpTka/UwCfTT6GF8rWN3yUpfOnyYQEEfi0
rpIAn0oDNFc/ARHhMEL2oMG/0pl+8EE1
=O6Gx
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]