|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 27
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jul 03 2008 - 18:36:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Firefox, Apple OS-X and Microsoft's GP (Great Plains) accounting
software all are on the "critical" list this week. Lower down the list
you'll also find more than 90 new vulnerabilities in commercial web
applications. How many critical vulnerabilities do you think there are
in the web applications your programmers are writing? Do you know? Is
it time to find out?
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
July 3, 2008 Vol. 7. Week 27
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Other Microsoft Products 3 (#1)
Third Party Windows Apps 4
Mac Os 1 (#2)
Linux 6
Solaris 1
Unix 1
Cross Platform 17 (#3, #4, #5)
Web Application - Cross Site Scripting 10
Web Application - SQL Injection 38
Web Application 43
Network Device 2
************************** Sponsored By SANS ****************************
The Virtualization Security Summit August 7-8 is a user-to-user,
non-commercial conference on What Works in Virtualization Security. It
is the only place where you can learn about the strengths and weaknesses
of competing virtualization technologies and where users share the
lessons they learned about how to make virtual environments secure.
http://www.sans.org/info/30533
*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/sansfire08/
- - Canberra (6/30-7/5) http://www.sans.org/canberra08/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/17) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Dynamics GP Multiple Vulnerabilities
(2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
(3) CRITICAL: Multiple Mozilla Firefox, Thunderbird, and SeaMonkey Vulnerabilities
(4) HIGH: Opera Remote Multiple Vulnerabilities
(5) HIGH: VideoLAN Client WAV File Handling Integer Overflow
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Other Microsoft Products
08.27.1 - Microsoft Internet Explorer "location" and "location.href" Cross Domain Security Bypass
08.27.2 - Microsoft Internet Explorer Frame Location Cross Domain Security Bypass
08.27.3 - Microsoft Dynamics GP Denial of Service and Multiple Remote Buffer Overflow Vulnerabilities
-- Third Party Windows Apps
08.27.4 - 5th street "dx8render.dll" Format String Vulnerability
08.27.5 - UUSee UUUpgrade ActiveX Control "Update" Method Arbitrary File Download
08.27.6 - S.T.A.L.K.E.R Shadow of Chernobyl Multiple Remote Vulnerabilities
08.27.7 - Soldner Secret Wars Endless Loop Remote Denial of Service
-- Mac Os
08.27.8 - Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
- - -- Linux
8.27.9 - Linux Kernel 32-bit/64bit Emulation Local Information Disclosure
08.27.10 - Linux Kernel Memory Copy Exception Local Information Disclosure
08.27.11 - Linux Kernel ptrace Local Denial of Service
08.27.12 - NASM Multiple Buffer Overflow Vulnerabilities
08.27.13 - Gnome Evolution "html_engine_get_view_width()" Denial of Service
08.27.14 - Linux kernel "sctp_getsockopt_local_addrs_old()" function Local Buffer Overflow
-- Solaris
08.27.15 - Sun Solaris Unspecified "snmpXdmid(1M)" Remote Denial of Service
- - -- Unix
08.27.16 - GNOME Rhythmbox Malformed Playlist File Denial of Service
-- Cross Platform
08.27.17 - Cisco Unified Communications Manager RIS Data Collector Service Authentication Bypass
08.27.18 - DC++ NULL Pointer Remote Denial of Service
08.27.19 - IBM AFP Viewer Plugin "SRC" Property Heap-Based Buffer Overflow
08.27.20 - Cisco Unified Communications Manager CTI Service Denial of Service
08.27.21 - Pidgin MSN Protocol File Name Denial of Service
08.27.22 - Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
08.27.23 - Mozilla Firefox Malformed JPEG File Denial of Service
08.27.24 - Pidgin UPnP and Jabber Protocols Multiple Denial of Service Vulnerabilities
08.27.25 - Sun Java System Access Manager XSLT Stylesheets XML Signature Remote Code Execution
08.27.26 - AceFTP "LIST" Command Directory Traversal
08.27.27 - Yukihiro Matsumoto Ruby "rb_ary_fill()" Remote Denial Of Service
08.27.28 - DC++ Private Message Remote Denial of Service
08.27.29 - SurgeMail IMAP Service "APPEND" Command Remote Buffer Overflow
08.27.30 - IBM Tivoli Directory Server Adding "ibm-globalAdminGroup" Entry Denial of Service
08.27.31 - OpenLDAP BER Decoding Remote Denial of Service
08.27.32 - Wireshark 1.0.0 Multiple Vulnerabilities
08.27.33 - GraphicsMagick Multiple Denial of Service Vulnerabilities
-- Web Application - Cross Site Scripting
08.27.34 - Novell GroupWise WebAccess Simple Interface Cross-Site Scripting
08.27.35 - Caucho Technology Resin Viewfile "file" Parameter Cross-Site Scripting
08.27.36 - Commtouch Anti-Spam Enterprise Gateway "PARAMS" Parameter Cross-Site Scripting
08.27.37 - TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting
08.27.38 - PolyPager "nr" Parameter Cross-Site Scripting
08.27.39 - Yasna Yazd Discussion Forum Multiple Cross-Site Scripting Vulnerabilities
08.27.40 - Cybozu Garoon Session Fixation and Cross-Site Scripting Vulnerabilities
08.27.41 - TYPO3 Address Directory Unspecified Cross-Site Scripting
08.27.42 - TYPO3 WEC Discussion Forum Security Bypass and Multiple Cross-Site Scripting Vulnerabilities
08.27.43 - TYPO3 Send-A-Card Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.27.44 - Joomla! and Mambo Articles Component "artid" Parameter SQL Injection
08.27.45 - MyPHP CMS "pages.php" SQL Injection
08.27.46 - TOKOKITA Multiple SQL Injection Vulnerabilities
08.27.47 - E-topbiz Viral DX 1 "adclick.php" SQL Injection
08.27.48 - E-topbiz Link ADS 1 "out.php" SQL Injection
08.27.49 - Softbiz Jokes and Funny Pictures Script "sbjoke_id" Parameter SQL Injection
08.27.50 - Webdevindo-CMS "hal" Parameter SQL Injection
08.27.51 - TYPO3 Codeon Petition Extension Unspecified SQL Injection
08.27.52 - TYPO3 Support view Extension SQL Injection
08.27.53 - EfesTECH Shop "cat_id" Parameter SQL Injection
08.27.54 - TYPO3 Branchenbuch Extension Unspecified SQL Injection
08.27.55 - plx Ad Trader "ad.php" SQL Injection
08.27.56 - PHPmotion SQL Injection and Arbitrary File Upload Vulnerabilities
08.27.57 - nBill Joomla! and Mambo Component SQL Injection
08.27.58 - EasySiteNetwork Riddles Complete Website "riddle.php" SQL Injection
08.27.59 - EasySiteNetwork Tips Complete Website "tip.php" SQL Injection
08.27.60 - EasySiteNetwork Jokes Complete Website "joke.php" SQL Injection
08.27.61 - EasySiteNetwork Drinks Complete Website "drink.php" SQL Injection
08.27.62 - EasySiteNetwork Cheats Complete Website "item.php" SQL Injection
08.27.63 - PolyPager "nr" Parameter SQL Injection
08.27.64 - eTicket "pri" Parameter Multiple SQL Injection Vulnerabilities
08.27.65 - PHP-Fusion Kroax Module "category" Parameter SQL Injection
08.27.66 - Joomla! and Mambo jabode "id" Parameter SQL Injection
08.27.67 - PHP-Fusion "classifieds/classifieds.php" SQL Injection
08.27.68 - SePortal "poll.php" SQL Injection
08.27.69 - Sisplet CMS "index.php" SQL Injection
08.27.70 - VanGogh CMS "get_article.php" SQL Injection
08.27.71 - Talking Birds eSHOP100 "index.php" SQL Injection
08.27.72 - SebracCMS Multiple SQL Injection Vulnerabilities
08.27.73 - Online Booking Manager "checkavail.php" SQL Injection
08.27.74 - Joomla! and Mambo "com_beamospetition" Component "pet" Parameter SQL Injection
08.27.75 - Acmlmboard "memberlist.php" SQL Injection
08.27.76 - Catviz "index.php" Multiple SQL Injection Vulnerabilities
08.27.77 - TYPO3 News Calendar Extension Unspecified SQL Injection
08.27.78 - AShop Deluxe "catalogue.php" SQL Injection
08.27.79 - TYPO3 Address Directory Unspecified SQL Injection
08.27.80 - Joomla! and Mambo Versioning Component "id" Parameter SQL Injection
08.27.81 - pSys "chatbox.php" SQL Injection
-- Web Application
08.27.82 - mUnky "zone" Parameter Local File Include
08.27.83 - Avaya Communication Manager Multiple Remote Command Execution Vulnerabilities
08.27.84 - RT "Devel::StackTrace" Perl Module Remote Denial of Service
08.27.85 - mask PHP File Manager Cookie Authentication Bypass
08.27.86 - WebGUI Collaboration RSS Information Disclosure
08.27.87 - Page Manager "upload.php" Arbitrary File Upload
08.27.88 - IdeaBox "include.php" Remote File Include
08.27.89 - Google Talk "http" and "mailto" Remote Script Code Injection
08.27.90 - CAT2 "spaw_root" Parameter Local File Include
08.27.91 - TYPO3 Industry Database Security Bypass
08.27.92 - Jonascms Multiple Local File Include Vulnerabilities
08.27.93 - MosXML "mod_mainmenu.php" Remote File Include
08.27.94 - Drupal Suggested Terms Module Multiple HTML Injection Vulnerabilities
08.27.95 - EVA cms "index.php" Remote File Include
08.27.96 - The Rat CMS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.27.97 - Galmeta Post "test_adodb_lite.php" Multiple Local File Include Vulnerabilities
08.27.98 - TietoEnator Procapita Multiple Remote Vulnerabilities
08.27.99 - Keller Web Admin "action" Parameter Local File Include
08.27.100 - Orca "params.php" Remote File Include
08.27.101 - A+ PHP Scripts News Management System Cookie Authentication Bypass
08.27.102 - testMaker Remote Unspecified PHP Script Code Execution
08.27.103 - Seagull Arbitrary File Upload
08.27.104 - phpBLASTER CMS Multiple Local File Include Vulnerabilities
08.27.105 - Mask PHP File Manager Configuration Security Bypass
08.27.106 - OTManager "conteudo" Parameter Local File Include and Cross-Site Scripting Vulnerabilities
08.27.107 - PowerAward Multiple Local File Include and Cross-Site Scripting Vulnerabilities
08.27.108 - Simple PHP Agenda "index.php" Local File Include
08.27.109 - W1L3D4 Philboard Cross-Site Scripting and SQL Injection Vulnerabilities
08.27.110 - OTManager Cookie Authentication Bypass
08.27.111 - Joomla! and Mambo 'com_xewebtv' Component 'id' Parameter SQL Injection Vulnerability
08.27.112 - Pivot "t" Parameter Directory Traversal
08.27.113 - BareNuked CMS "admin/users.php" Cookie Authentication Bypass
08.27.114 - RSS-aggregator Multiple SQL Injection And Authentication Bypass Vulnerabilities
08.27.115 - myBloggie Cross-Site Scripting and SQL Injection Vulnerabilities
08.27.116 - Fa Name Multiple Cross-Site Scripting Vulnerabilities
08.27.117 - HIOX Banner Rotator "hioxBannerRotate.php" Remote File Include
08.27.118 - TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
08.27.119 - TYPO3 Packman Extension Unspecified Remote
08.27.120 - TYPO3 KB Unpack Extension Unspecified Remote
08.27.121 - TYPO3 DAM Frontend Extension Multiple Unspecified Vulnerabilities
08.27.122 - QNX Neutrino RTOS "phgrafx" Local Buffer Overflow
08.27.123 - Wordtrans-web Remote Arbitrary Shell Command Injection
08.27.124 - HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting
-- Network Device
08.27.125 - Avaya Communication Manager Multiple Security Vulnerabilities
08.27.126 - Palm Centro System Lockout Authentication Bypass
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Dynamics GP Multiple Vulnerabilities
Affected:
Microsoft Dynamics GP versions prior to 10.0
Description: Microsoft Dynamics GP (previously known as Microsoft Great
Plains and Microsoft Dynamics) is a popular accounting software package.
It contains multiple vulnerabilities in its handling of a variety of
user inputs in its Distributed Process Manager and Distributed Process
Server components. A specially crafted user request could trigger one
of several buffer overflows or string handling vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Some technical details are publicly available for these
vulnerabilities
Status: Vendor confirmed, updates available.
References:
IBM ISS X-Force Advisories
http://xforce.iss.net/xforce/xfdb/25840
http://xforce.iss.net/xforce/xfdb/25842
http://xforce.iss.net/xforce/xfdb/25844
http://xforce.iss.net/xforce/xfdb/25841
Microsoft Release Notes
http://www.microsoft.com/dynamics/gp/product/10.mspx
Wikipedia Article on Microsoft Dynamics GP
http://en.wikipedia.org/wiki/Microsoft_Dynamics_GP
SecurityFocus BID
http://www.securityfocus.com/bid/29991
*******************************************************
(2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-004)
Affected:
Apple Mac OS X versions prior to 10.5.4
Description: Apple Mac OS X contains multiple vulnerabilities in several
of its subsystems. Impact from successfully exploiting these
vulnerabilities range from remote code execution with the privileges of
the current user to denials-of-service. Flaws are also present in the
WebKit framework, used by several applications on Mac OS X to render
HTML content. These applications include Safari and Mail. This security
update also addresses several vulnerabilities discovered in third party
applications bundled with the operating system. The WebKit vulnerability
was discussed in a previous edition of RISK.
Status: Vendor confirmed, updates available.
References:
Apple Security Advisory
http://support.apple.com/kb/HT2163
SecurityFocus BIDs
http://www.securityfocus.com/bid/30018
http://www.securityfocus.com/bid/29836
*******************************************************
(3) CRITICAL: Multiple Mozilla Firefox, Thunderbird, and SeaMonkey Vulnerabilities
Affected:
Mozilla Firefox versions prior to 3.0
Mozilla Thunderbird versions 2.x
Mozilla SeaMonkey versions prior 1.1.10
Description: Several vulnerabilities have been discovered in code shared
among the Mozilla Firefox, Thunderbird, and SeaMonkey products. Flaws
in the handling of web page layout, JavaScript scripts, Mozilla chrome,
and other input can result in crashes. At least some of these crashes
are believed to be exploitable for remote code execution with the
privileges of the current user. Full technical details for these
vulnerabilities are available via source code analysis. Note that
Thunderbird is not believed vulnerable in its default configuration.
Status: Vendor confirmed, updates available.
References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-21.html
http://www.mozilla.org/security/announce/2008/mfsa2008-24.html
http://www.mozilla.org/security/announce/2008/mfsa2008-25.html
http://www.mozilla.org/security/announce/2008/mfsa2008-33.html
SecurityFocus BID
http://www.securityfocus.com/bid/30038
Mozilla Home Page
http://www.mozilla.org
*******************************************************
(4) HIGH: Opera Remote Multiple Vulnerabilities
Affected:
Opera versions prior to 9.51
Description: Opera is a popular cross-platform web browser and internet
application suite. It contains an undisclosed vulnerability in its
handling of input that can result in arbitrary code execution with the
privileges of the current user. Additionally, several information
disclosure vulnerabilities were discovered. Note that some reports
indicate that only the version of Opera for Microsoft Windows is
vulnerable.
Status: Vendor confirmed, updates available.
References:
Opera Change Log
http://www.opera.com/docs/changelogs/windows/951/
Opera Security Advisory
http://www.opera.com/support/search/view/887/
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/30068
*******************************************************
(5) HIGH: VideoLAN Client WAV File Handling Integer Overflow
Affected:
VideoLAN Client (VLC) versions prior to 0.8.6i
Description: VideoLAN Client (VLC) is a popular cross-platform media
player application. It contains a vulnerability in its handling of WAV
format sound files. A specially crafted WAV file could trigger this
vulnerability, leading to an integer overflow. Successfully exploiting
this integer overflow could result in arbitrary code execution with the
privileges of the current user. Note that, depending upon configuration,
WAV files may be opened by the vulnerable application without first
prompting the user. Full technical details for this vulnerability are
publicly available.
Status: Vendor confirmed, updates available.
References:
Secunia Advisory
http://secunia.com/secunia_research/2008-29/advisory/
Wikipedia Article on the WAV File Format
http://en.wikipedia.org/wiki/WAV
Product Home Page
http://www.videolan.org/vlc/
SecurityFocus BID
http://www.securityfocus.com/bid/30058
**********************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 27, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.27.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer "location" and "location.href" Cross
Domain Security Bypass
Description: Microsoft Internet Explorer is a web browser application
available for Microsoft Windows. The application is exposed to a
cross-domain security bypass issue because the application fails to
enforce the same-origin policy.
Ref: http://www.cert.org/advisories/CA-2000-02.html
______________________________________________________________________
08.27.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Frame Location Cross Domain
Security Bypass
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The application is exposed to a cross-domain
scripting security bypass issue because the application fails to
properly enforce the same-origin policy. Internet Explorer versions 6,
7, and 8 Beta 1 are affected.
Ref: http://www.kb.cert.org/vuls/id/516627
______________________________________________________________________
08.27.3 CVE: CVE-2006-5266, CVE-2006-5265
Platform: Other Microsoft Products
Title: Microsoft Dynamics GP Denial of Service and Multiple Remote
Buffer Overflow Vulnerabilities
Description: Microsoft Dynamics GP (known previously as Great Plains)
is an ERP/CRM solution. The application is exposed to multiple remote
buffer overflow issues affecting the application's accounting
software. Microsoft Dynamics GP versions prior to 10.0 are affected.
Ref: http://xforce.iss.net/xforce/xfdb/25844
______________________________________________________________________
08.27.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: 5th street "dx8render.dll" Format String Vulnerability
Description: 5th street is a music and dance game. The application is
exposed to a format string issue because it does not sanitize
user-supplied input before passing it as format-string specifiers to
the "vsnwprintf()" function in the "dx8render.dll" module.
Ref: http://www.securityfocus.com/archive/1/493649
______________________________________________________________________
08.27.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: UUSee UUUpgrade ActiveX Control "Update" Method Arbitrary File
Download
Description: UUSee is a client application for viewing media over the
internet from UUSee.com. The application is exposed to an issue that
can cause malicious files to be downloaded and saved to arbitrary
locations on an affected computer. UUSee version 2008 is affected.
Ref: http://www.securityfocus.com/bid/29962
______________________________________________________________________
08.27.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: S.T.A.L.K.E.R Shadow of Chernobyl Multiple Remote
Vulnerabilities
Description: S.T.A.L.K.E.R Shadow of Chernobyl is a first player
shooting game developed by GSC Game World. The application is exposed
to multiple remote issues. S.T.A.L.K.E.R Shadow of Chernobyl version
1.0006 is affected.
Ref: http://www.securityfocus.com/archive/1/493765
______________________________________________________________________
08.27.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Soldner Secret Wars Endless Loop Remote Denial of Service
Description: Soldner is a tactical military game developed by Wings
Simulations. The game is exposed to a remote denial of service issue
because it fails to handle malformed UDP packets. Soldner versions
33724 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/493810
______________________________________________________________________
08.27.8 CVE: CVE-2008-2308, CVE-2008-2309, CVE-2008-2310,
CVE-2008-2314, CVE-2008-2311, CVE-2008-2313
Platform: Mac Os
Title: Apple Mac OS X 2008-004 Multiple Security Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues
that have been addressed in Security Update 2008-004 and Mac OS X/Mac
OS X Server 10.5.4. The security update addresses a total of 6 new
vulnerabilities that affect the Alias Manager, CoreTypes, c++filt,
Dock, Launch Services, and System Configuration components of Mac OS
X.
Ref: http://support.apple.com/kb/HT2163
______________________________________________________________________
08.27.9 CVE: CVE-2008-0598
Platform: Linux
Title: Linux Kernel 32-bit/64bit Emulation Local Information
Disclosure
Description: The Linux kernel is exposed to an information disclosure
issue. This issue occurs in the Linux kernel 32-bit and 64-bit
emulations.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0519.html
______________________________________________________________________
08.27.10 CVE: CVE-2008-2729
Platform: Linux
Title: Linux Kernel Memory Copy Exception Local Information Disclosure
Description: The Linux kernel is exposed to an information disclosure
issue. Specifically, this issue arises because destination memory
locations are not zeroed out following a failed copy operation. Linux
kernel versions prior to 2.6.19 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0508.html
______________________________________________________________________
08.27.11 CVE: CVE-2008-2365
Platform: Linux
Title: Linux Kernel ptrace Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue due to a race condition affecting "ptrace_attach()". The issue
occurs when process traces are performed on processes that can not be
attached to.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0508.html
______________________________________________________________________
08.27.12 CVE: Not Available
Platform: Linux
Title: NASM Multiple Buffer Overflow Vulnerabilities
Description: The Netwide Assembler (NASM) is an 80x86 and x86-64
assembler. NASM is exposed to multiple unspecified buffer overflow
issues because the software fails to properly bounds check on
user-supplied data when parsing the code that uses the "EQU"
instruction. The issues affect NASM versions prior to 2.03.01.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=452800
______________________________________________________________________
08.27.13 CVE: Not Available
Platform: Linux
Title: Gnome Evolution "html_engine_get_view_width()" Denial of
Service
Description: Gnome Evolution is an email, address book, and calendar
application for users of the GNOME desktop. Evolution is exposed to a
denial of service issue that occurs in the
"html_engine_get_view_width()" function when handling emails that
contain specially-crafted HTML. Evolution version 2.22.2 is affected.
Ref: http://www.securityfocus.com/archive/1/493686
______________________________________________________________________
08.27.14 CVE: CVE-2008-2826
Platform: Linux
Title: Linux kernel "sctp_getsockopt_local_addrs_old()" function Local
Buffer Overflow
Description: Linux kernel is exposed to a local buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. This issue occurs in the
"sctp_getsockopt_local_addrs_old()" function.
Ref: http://www.securityfocus.com/bid/29990
______________________________________________________________________
08.27.15 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Unspecified "snmpXdmid(1M)" Remote Denial of
Service
Description: The "snmpXdmid(1M)" utility is a subagent in the
Solstice Enterprise Agent Desktop Management Interface package.
This utility is exposed to an unspecified denial of service issue
because of an unspecified issue in the Solstice Enterprise SNMP-DMI
mapper subagent daemon ("snmpXdmid(1M)"). Solaris 8, 9, and 10 operating
systems are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237985-1
______________________________________________________________________
08.27.16 CVE: Not Available
Platform: Unix
Title: GNOME Rhythmbox Malformed Playlist File Denial of Service
Description: GNOME Rhythmbox is a freely-available music management
application, similar to Apple's iTunes, for Unix-based platforms. The
application is exposed to a remote denial of service issue because it
fails to adequately verify user-supplied input. GNOME Rhythmbox
version 0.11.5 is affected.
Ref: http://www.securityfocus.com/archive/1/493809
______________________________________________________________________
08.27.17 CVE: CVE-2008-2062, CVE-2008-2730
Platform: Cross Platform
Title: Cisco Unified Communications Manager RIS Data Collector Service
Authentication Bypass
Description: Cisco Unified Communications Manager (CUCM) is a
component of Cisco IP Telephony that provides enterprise-level call
processing and features. The application is exposed to an
authentication bypass issue that affects the Real-Time Information
Server data collector service. CUCM is exposed to an authentication
bypass issue that affects the Real-Time Information Server (RIS) Data
Collector service.
Ref:
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a00809b9017.html
______________________________________________________________________
08.27.18 CVE: Not Available
Platform: Cross Platform
Title: DC++ NULL Pointer Remote Denial of Service
Description: DC++ is a peer-to-peer client that uses the Advanced
Direct Connect (ADC) file-sharing protocol. The application is exposed
to a remote denial of service issue because it fails to handle
NULL-pointer exceptions caused by partial file list requests. DC++
versions up to and including 0.706 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287
______________________________________________________________________
08.27.19 CVE: Not Available
Platform: Cross Platform
Title: IBM AFP Viewer Plugin "SRC" Property Heap-Based Buffer Overflow
Description: The IBM AFP Viewer plugin allows AFP files to be viewed
using a web browser. The applications are all vulnerable to a
heap-based buffer overflow issue because the software fails to
properly bounds check user-supplied input in malicious AFP files. IBM
AFP Viewer versions 2.0.7.1 and 3.2.1.1 are affected.
Ref:
http://www-1.ibm.com/support/docview.wss?rs=95&context=SRNPPZ&q=psd1*&uid=psd1P4000233
______________________________________________________________________
08.27.20 CVE: CVE-2008-2061
Platform: Cross Platform
Title: Cisco Unified Communications Manager CTI Service Denial of
Service
Description: Cisco Unified Communications Manager (CUCM) is a
software-based call-processing component of the Cisco IP telephony
solution. The application is exposed to a denial of service issue when
handling malformed input. This issue affects the Computer Telephony
Integration (CTI) Manager service.
Ref:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,64/_cursor,49/_total,94/tableid,1/
______________________________________________________________________
08.27.21 CVE: Not Available
Platform: Cross Platform
Title: Pidgin MSN Protocol File Name Denial of Service
Description: Pidgin is a chat client available for multiple operating
systems. The application is exposed to a denial of service issue when
handling files sent via the MSN protocol. The vulnerability occurs in
the "msn_sliplink_process_msg()" function. Pidgin version 2.4.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/493682
______________________________________________________________________
08.27.22 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities
Description: The Mozilla Foundation has released multiple advisories
regarding security issues in Firefox versions 2.0.0.14 and earlier.
Exploiting these issues can allow attackers to steal authentication
credentials, obtain potentially sensitive information, bypass security
restrictions, crash the application, upload arbitrary files, execute
scripts with elevated privileges, potentially execute arbitrary code,
and compromise the browser. Other attacks are also possible.
Ref:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15
______________________________________________________________________
08.27.23 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Malformed JPEG File Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue
because it fails to handle malformed JPEG files. Mozilla FireFox
version 3 running on Ubuntu Linux 8.04 is affected.
Ref: http://www.securityfocus.com/bid/29984
______________________________________________________________________
08.27.24 CVE: Not Available
Platform: Cross Platform
Title: Pidgin UPnP and Jabber Protocols Multiple Denial of Service
Vulnerabilities
Description: Pidgin is a chat client available for multiple operating
systems. The application is exposed to multiple denial of service
issues affecting the UPnP and Jabber protocols. Pidgin version 2.0.0
is affected.
Ref: http://crisp.cs.du.edu/?q=ca2007-1
______________________________________________________________________
08.27.25 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Access Manager XSLT Stylesheets XML Signature
Remote Code Execution
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. It was formerly called Sun
Java System Identity Server. The application is exposed to an
unspecified remote code execution issue that occurs when processing
XSLT stylesheets contained in XML Signatures.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201538-1
______________________________________________________________________
08.27.26 CVE: Not Available
Platform: Cross Platform
Title: AceFTP "LIST" Command Directory Traversal
Description: AceFTP is an File Transfer Protocol application for
multiple operating systems. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. This issue occurs in the FTP client. AceFTP
Freeware version 3.80.3 is affected.
Ref: http://vuln.sg/aceftp3803-en.html
______________________________________________________________________
08.27.27 CVE: Not Available
Platform: Cross Platform
Title: Yukihiro Matsumoto Ruby "rb_ary_fill()" Remote Denial Of
Service
Description: Yukihiro Matsumoto Ruby is an object-oriented scripting
language. Ruby is exposed to a remote denial of service issue. An
integer overflow in "rb_ary_fill()" can be exploited to cause denial
of service conditions in affected applications. The problem occurs due
to a lack of sanity checking on user-supplied input.
Ref: http://www.securityfocus.com/archive/1/493829
______________________________________________________________________
08.27.28 CVE: CVE-2008-2954
Platform: Cross Platform
Title: DC++ Private Message Remote Denial of Service
Description: DC++ is a peer-to-peer client that uses the Advanced
Direct Connect (ADC) file-sharing protocol. DC++ is exposed to a
remote denial of service issue because it fails to handle empty
private messages properly in "client/NmdcHub.cpp". DC++ versions 0.706
and earlier are affected.
Ref:
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date
______________________________________________________________________
08.27.29 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail IMAP Service "APPEND" Command Remote Buffer Overflow
Description: SurgeMail IMAP Service is a mail server. The application
is affected by a remote buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data before copying
it into an insufficiently sized buffer. SurgeMail IMAP Service version
3.9e is affected.
Ref: http://www.securityfocus.com/bid/30000
______________________________________________________________________
08.27.30 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Directory Server Adding "ibm-globalAdminGroup" Entry
Denial of Service
Description: IBM Tivoli Direcory Server is an LDAP-based
identity management application. The application is exposed to a
denial of service issue because the server contains a double-free
error. Tivoli Directory Server versions 6.1.0.0 through 6.1.0.15 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg1IO09113
______________________________________________________________________
08.27.31 CVE: Not Available
Platform: Cross Platform
Title: OpenLDAP BER Decoding Remote Denial of Service
Description: OpenLDAP is an implementation of the Lightweight
Directory Access Protocol (LDAP). The application is exposed to a
remote denial of service issue. OpenLDAP version 2.3.41 is affected.
Ref: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580
______________________________________________________________________
08.27.32 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.0 Multiple Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX-like operating systems. The application is exposed to multiple
issues when handling certain types of packets and protocols in varying
conditions. Wireshark versions 0.9.5 up to and including 1.0.0 are
affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-03.html
______________________________________________________________________
08.27.33 CVE: Not Available
Platform: Cross Platform
Title: GraphicsMagick Multiple Denial of Service Vulnerabilities
Description: GraphicsMagick is an image-processing application
available for multiple platforms. It was originally derived from
ImageMagick 5.5.2. GraphicsMagick versions prior to 1.2.4 are
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=610253
______________________________________________________________________
08.27.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Novell GroupWise WebAccess Simple Interface Cross-Site
Scripting
Description: Novell GroupWise WebAccess is a secure, mobile option for
GroupWise collaboration software. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to the simple interface. Novell GroupWise
WebAccess versions 7.0.x are affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028200.html
______________________________________________________________________
08.27.35 CVE: CVE-2008-2462
Platform: Web Application - Cross Site Scripting
Title: Caucho Technology Resin Viewfile "file" Parameter Cross-Site
Scripting
Description: Caucho Technology Resin is an open-source application
server available for multiple operating platforms; it is implemented
in Java. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. Resin
versions prior to 3.0.25 and 3.1.4 are affected.
Ref: http://www.kb.cert.org/vuls/id/305208
______________________________________________________________________
08.27.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Commtouch Anti-Spam Enterprise Gateway "PARAMS" Parameter
Cross-Site Scripting
Description: Commtouch Anti-Spam Enterprise Gateway is a network device
designed to mitigate spam email. The device employs an ASP-based web
console for users to manage spam rules and blocked messages. The device
is exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "PARAMS" parameter of the
"/AntiSpamGateway/UPM/English/login/login.asp" script. Commtouch
Anti-Spam Enterprise Gateway versions 4 and 5 are affected.
Ref: http://www.securityfocus.com/bid/29957
______________________________________________________________________
08.27.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 phpMyAdmin Extension Unspecified Cross-Site Scripting
Description: phpMyAdmin is a third party extension for the TYPO3
content management system. phpMyAdmin is not a part of the TYPO3
default installation. The application is exposed to an unspecified
cross-site scripting issue because it fails to properly sanitize
user-supplied input. phpMyAdmin extension versions prior to 3.2.0 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080701-2/
______________________________________________________________________
08.27.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PolyPager "nr" Parameter Cross-Site Scripting
Description: PolyPager is a web-based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data. The issue affects
the "nr" parameter. PolyPager versions 1.0rc2 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29975
______________________________________________________________________
08.27.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Yasna Yazd Discussion Forum Multiple Cross-Site Scripting
Vulnerabilities
Description: Yazd Discussion Forum is a Java-based online forum
application. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/29980
______________________________________________________________________
08.27.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cybozu Garoon Session Fixation and Cross-Site Scripting
Vulnerabilities
Description: Cybozu Garoon is a workgroup collaboration suite. It is
available for Linux, Solaris, and Microsoft Windows. The application
is exposed to multiple issues. Cybozu Garoon versions 2.1.3 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/29981/info
______________________________________________________________________
08.27.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Address Directory Unspecified Cross-Site Scripting
Description: Address Directory is a third party extension for the
TYPO3 content management system. The application is exposed to an
unspecified cross-site scripting issue because it fails to properly
sanitize user-supplied input. Address Directory versions 0.2.10 and
earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 WEC Discussion Forum Security Bypass and Multiple
Cross-Site Scripting Vulnerabilities
Description: WEC Discussion Forum is a third party extension for the
TYPO3 content management system. WEC Discussion Forum is not a part of
the TYPO3 default installation. The application is exposed to multiple
input-validation issues because it fails to sufficiently sanitize
user-supplied input. WEC Discussion Forum versions prior to 1.6.3 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/
______________________________________________________________________
08.27.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 Send-A-Card Multiple Cross-Site Scripting Vulnerabilities
Description: Send-A-Card is a third party extension for the TYPO3
content management system. Send-A-Card is not a part of the TYPO3
default installation. The application is exposed to multiple
unspecified cross-site scripting issues because it fails to sanitize
user-supplied input. Send-A-Card versions prior to 2.2.4 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080701-3/
______________________________________________________________________
08.27.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Articles Component "artid" Parameter SQL
Injection
Description: Articles is a plugin that provides content-posting
functionality for the Joomla! and Mambo content managers. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "artid" parameter
before using it in an SQL query when the "option" attribute is set to
"articles" and the "task" action is set to "viewarticle".
Ref: http://www.securityfocus.com/bid/29936
______________________________________________________________________
08.27.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHP CMS "pages.php" SQL Injection
Description: MyPHP CMS is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize input to the "pid" parameter of "pages.php" before using it
in an SQL query. MyPHP CMS version 0.3.1 is affected.
Ref: http://www.securityfocus.com/bid/29940
______________________________________________________________________
08.27.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TOKOKITA Multiple SQL Injection Vulnerabilities
Description: TOKOKITA is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/29920
______________________________________________________________________
08.27.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Viral DX 1 "adclick.php" SQL Injection
Description: Viral DX 1 is marketing software. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "bannerid" parameter of the
"adclick.php" script. Viral DX version 1 2.07 is affected.
Ref: http://www.securityfocus.com/bid/29921
______________________________________________________________________
08.27.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Link ADS 1 "out.php" SQL Injection
Description: Link ADS 1 is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "linkid" parameter of "out.php"
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29923
______________________________________________________________________
08.27.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Jokes and Funny Pictures Script "sbjoke_id" Parameter
SQL Injection
Description: Jokes and Funny Pictures from Softbiz is a web-based
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"sbjoke_id" parameter of the "index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/29931
______________________________________________________________________
08.27.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Webdevindo-CMS "hal" Parameter SQL Injection
Description: Webdevindo-CMS is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "hal" parameter of "index.php"
before using it in an SQL query. Webdevindo-CMS version 1.0.0 is
affected.
Ref: http://www.securityfocus.com/bid/29930
______________________________________________________________________
08.27.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Codeon Petition Extension Unspecified SQL Injection
Description: Codeon Petition is a third-party extension for the TYPO3
content manager. Codeon Petition is not a part of the TYPO3 default
installation. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 Codeon Petition extension versions 0.0.2 and earlier
are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Support view Extension SQL Injection
Description: Support view is a third-party extension for the TYPO3
content manager. Support view is not a part of the TYPO3 default
installation. The application is exposed to an unspecified SQL
injection issue because it fails to sufficiently sanitize input before
using it in an SQL query. TYPO3 Support view extension versions
0.0.102 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EfesTECH Shop "cat_id" Parameter SQL Injection
Description: EfesTECH Shop is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat_id" parameter of the
"default.asp" script before using it in an SQL query. EfesTECH Shop
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30044
______________________________________________________________________
08.27.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Branchenbuch Extension Unspecified SQL Injection
Description: Branchenbuch is an extension for the TYPO3 content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 Branchenbuch versions up to and including 0.8.1 are
affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: plx Ad Trader "ad.php" SQL Injection
Description: plx Ad Trader is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to properly sanitize user-supplied input to the "adid" parameter of
the "ad.php" script before using it in an SQL query. plx Ad Trader
version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/30046
______________________________________________________________________
08.27.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPmotion SQL Injection and Arbitrary File Upload
Vulnerabilities
Description: PHPmotion is a web-based application. The application is
prone to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. PHPmotion versions 2.0 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/29949
______________________________________________________________________
08.27.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: nBill Joomla! and Mambo Component SQL Injection
Description: nBill is a billing component for the Joomla! and Mambo
content management systems. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "cid" parameter of the "com_netinvoice"
component before using it in an SQL query. nBill version 1.2.0 is
affected.
Ref: http://www.securityfocus.com/bid/29951
______________________________________________________________________
08.27.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Riddles Complete Website "riddle.php" SQL
Injection
Description: EasySiteNetwork Riddles Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "riddleid"
parameter of "riddle.php" before using it in an SQL query. Riddles
Complete Website version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/29966
______________________________________________________________________
08.27.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Tips Complete Website "tip.php" SQL Injection
Description: EasySiteNetwork Tips Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "tipid"
parameter of "tip.php" before using it in an SQL query. Tips Complete
Website version 1.2.0 is affected.
Ref: http://www.securityfocus.com/bid/29969
______________________________________________________________________
08.27.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Jokes Complete Website "joke.php" SQL Injection
Description: EasySiteNetwork Jokes Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "jokeid"
parameter of "joke.php" before using it in an SQL query. Jokes
Complete Website version 2.1.3 is affected.
Ref: http://www.securityfocus.com/bid/29968
______________________________________________________________________
08.27.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Drinks Complete Website "drink.php" SQL
Injection
Description: EasySiteNetwork Drinks Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "drinkid"
parameter of "drink.php" before using it in an SQL query. Drinks
Complete Website version 2.1.0 is affected.
Ref: http://www.securityfocus.com/bid/29969
______________________________________________________________________
08.27.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Cheats Complete Website "item.php" SQL
Injection
Description: EasySiteNetwork Cheats Complete Website is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "itemid"
parameter of "item.php" before using it in an SQL query. Cheats
Complete Website version 1.1.1 is affected.
Ref: http://www.securityfocus.com/bid/29970
______________________________________________________________________
08.27.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PolyPager "nr" Parameter SQL Injection
Description: PolyPager is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "nr" parameter before using it in
an SQL query. PolyPager versions 1.0rc2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29972
______________________________________________________________________
08.27.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eTicket "pri" Parameter Multiple SQL Injection Vulnerabilities
Description: eTicket is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input to the "pri" parameter.
eTicket version 1.5.7 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html
______________________________________________________________________
08.27.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion Kroax Module "category" Parameter SQL Injection
Description: Kroax is a module for the PHP-Fusion content management
system. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "category" parameter of the "kroax.php" script. Kroax versions up
to and including 4.42 are affected.
Ref: http://www.securityfocus.com/bid/29976
______________________________________________________________________
08.27.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo jabode "id" Parameter SQL Injection
Description: jabode is a horoscope component for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_jabode" component before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/29994
______________________________________________________________________
08.27.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "classifieds/classifieds.php" SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection vulnerability because it
fails to sufficiently sanitize user-supplied data to the "lid"
parameter of the "classifieds/classifieds.php" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/29995
______________________________________________________________________
08.27.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SePortal "poll.php" SQL Injection
Description: SePortal is a web portal application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "poll_id" parameter of the
"poll.php" script before using it in an SQL query.
SePortal version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/29996
______________________________________________________________________
08.27.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Sisplet CMS "index.php" SQL Injection
Description: Sisplet CMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"index.php" script before using it in an SQL query. Sisplet CMS
version 2008-01-24 is affected.
Ref: http://www.securityfocus.com/bid/30032
______________________________________________________________________
08.27.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VanGogh CMS "get_article.php" SQL Injection
Description: VanGogh CMS is a web-based content management system. The
application is prone to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "article_ID" parameter of
the "get_article.php" script before using it in an SQL query. VanGogh
CMS version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/30033
______________________________________________________________________
08.27.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Talking Birds eSHOP100 "index.php" SQL Injection
Description: eSHOP100 is a web-based shopping cart application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input to the "SUB" parameter of "index.php"
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30002
______________________________________________________________________
08.27.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SebracCMS Multiple SQL Injection Vulnerabilities
Description: SebracCMS is a web-based content management system. The
application is exposed to multiple SQL injection issues. The
application fails to sufficiently sanitize user-supplied input to the
following script and parameter: "read.php": "recid". SebracCMS
versions 0.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30003
______________________________________________________________________
08.27.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Online Booking Manager "checkavail.php" SQL Injection
Description: Online Booking Manager is a web-based booking
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input to the "id" parameter
of the "checkavail.php" script before using it in an SQL query. Online
Booking Manager version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/30004
______________________________________________________________________
08.27.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_beamospetition" Component "pet"
Parameter SQL Injection
Description: "com_beamospetition" is a petition component for the
Joomla! and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "pet" parameter of the "com_beamospetition"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30005
______________________________________________________________________
08.27.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Acmlmboard "memberlist.php" SQL Injection
Description: Acmlmboard is a web-based forum. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize input to the "pow" parameter of the "memberlist.php" script
before using it in an SQL query. Acmlmboard version 1.A2 is affected.
Ref: http://www.milw0rm.com/exploits/5969
______________________________________________________________________
08.27.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Catviz "index.php" Multiple SQL Injection Vulnerabilities
Description: Catviz is a PHP-based content manager. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "webpage" and
"foreign_key_value" parameters of the "index.php" script before using
it in an SQL query. Catviz version 0.4.0-beta 1 is affected.
Ref: http://www.securityfocus.com/bid/30014
______________________________________________________________________
08.27.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 News Calendar Extension Unspecified SQL Injection
Description: News Calendar is an extension for the TYPO3 content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize input before using it in an
SQL-query. TYPO3 News Calendar versions up to and including version
1.0.7 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AShop Deluxe "catalogue.php" SQL Injection
Description: AShop Deluxe is a web-based shopping cart application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize input to the "cat" parameter of the
"catalogue.php" script before using it in an SQL query. AShop Deluxe
version 4 is affected.
Ref: http://www.securityfocus.com/bid/30022
______________________________________________________________________
08.27.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Address Directory Unspecified SQL Injection
Description: Address Directory is a third-party extension for the
TYPO3 content management system. The application is exposed to an SQL
injection issue because it fails to properly sanitize user-supplied
input to an unspecified script before using it in an SQL query.
Address Directory versions 0.2.10 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Versioning Component "id" Parameter SQL
Injection
Description: Versioning is a component for the Mambo and Joomla!
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_versioning" component before using it in an
SQL query. Versioning version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/30050
______________________________________________________________________
08.27.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pSys "chatbox.php" SQL Injection
Description: pSys is a web-based application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "showid" parameter of the
"chatbox.php" script before using it in an SQL query. pSys version
0.7.0 Alpha is affected.
Ref: http://www.securityfocus.com/bid/30023
______________________________________________________________________
08.27.82 CVE: Not Available
Platform: Web Application
Title: mUnky "zone" Parameter Local File Include
Description: mUnky is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "zone" parameter of the
"index.php" script. mUnky version 0.01 is affected.
Ref: http://www.securityfocus.com/bid/29934
______________________________________________________________________
08.27.83 CVE: Not Available
Platform: Web Application
Title: Avaya Communication Manager Multiple Remote Command Execution
Vulnerabilities
Description: Avaya Communication Manager is a messaging application.
The application is exposed to multiple remote command execution issues
in the administration interface.
Ref:
http://www.voipshield.com/research-details.php?id=99&s=1&threats_details=&threats_category=0&threats_vendor=0&limit=50&sort=discovered&sortby=DESC
______________________________________________________________________
08.27.84 CVE: Not Available
Platform: Web Application
Title: RT "Devel::StackTrace" Perl Module Remote Denial of Service
Description: RT (Request Tracker) is a web-based ticketing system. The
application is exposed to a remote denial of service issue because it
fails to handle exceptional conditions. RT versions prior to 3.6.7 are
affected.
Ref:
http://lists.bestpractical.com/pipermail/rt-announce/2008-June/000158.html
______________________________________________________________________
08.27.85 CVE: Not Available
Platform: Web Application
Title: mask PHP File Manager Cookie Authentication Bypass
Description: mask PHP File Manager is a PHP-based file management
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. mask PHP File Manager versions 2.2d
and earlier are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=608915
______________________________________________________________________
08.27.86 CVE: Not Available
Platform: Web Application
Title: WebGUI Collaboration RSS Information Disclosure
Description: WebGUI is a content management system (CMS). The
application is exposed to an information disclosure issue because it
fails to authenticate users before allowing access to the RSS feed.
WebGUI versions prior to 7.5.13 (beta) are affected.
Ref:
http://www.webgui.org/bugs/tracker/security-issue---collaboration-rss/
______________________________________________________________________
08.27.87 CVE: Not Available
Platform: Web Application
Title: Page Manager "upload.php" Arbitrary File Upload
Description: Page Manager is PHP-based content manager. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary code because it fails to properly sanitize
user-supplied files uploaded via the "upload.php" script. Page Manager
version 2006-02-04 is affected.
Ref: http://www.securityfocus.com/bid/29929
______________________________________________________________________
08.27.88 CVE: Not Available
Platform: Web Application
Title: IdeaBox "include.php" Remote File Include
Description: IdeaBox is an idea management and suggestion application.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the "gorumDir"
parameter of the "include.php" script.
Ref: http://www.securityfocus.com/archive/1/493651
______________________________________________________________________
08.27.89 CVE: Not Available
Platform: Web Application
Title: Google Talk "http" and "mailto" Remote Script Code Injection
Description: Google Talk is an instant messaging application. The
application is exposed to a remote script code injection issue because
it fails to sanitize user-supplied input. Google version 1.0.0.105 is
affected.
Ref:
http://lostmon.blogspot.com/2008/06/gtalk-100105-html-injection-and.html
______________________________________________________________________
08.27.90 CVE: Not Available
Platform: Web Application
Title: CAT2 "spaw_root" Parameter Local File Include
Description: CAT2 is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to sanitize
user-supplied input supplied to the "spaw_root" parameter of the
"objects/extern/spaw/spaw_control.class.php" script. CAT2 version 1.2
is affected.
Ref: http://www.securityfocus.com/bid/30042
______________________________________________________________________
08.27.91 CVE: Not Available
Platform: Web Application
Title: TYPO3 Industry Database Security Bypass
Description: Industry Database is a third-party extension for the
TYPO3 content management system. The application is exposed to an
issue that may allow users to bypass access validation checks and edit
data owned by other users. Industry Database versions 1.0.0 and
earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.92 CVE: Not Available
Platform: Web Application
Title: Jonascms Multiple Local File Include Vulnerabilities
Description: Jonascms is a web-based content manager. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the "taal" parameter of the
"backup.php" and "gb_voegtoe.php" scripts. Jonascms version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/29950
______________________________________________________________________
08.27.93 CVE: Not Available
Platform: Web Application
Title: MosXML "mod_mainmenu.php" Remote File Include
Description: MosXML is a PHP-based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "mosConfig_absolute_path"
parameter of the "modules/mod_mainmenu.php" script. MosXML Alpha
version 1.* is affected.
Ref: http://www.securityfocus.com/bid/29952
______________________________________________________________________
08.27.94 CVE: Not Available
Platform: Web Application
Title: Drupal Suggested Terms Module Multiple HTML Injection
Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. Suggested Terms is a module for
Drupal. Suggested Terms is exposed to multiple HTML injection issues
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. Suggested Terms versions prior to
5.x-1.2 are affected.
Ref: http://drupal.org/node/274919
______________________________________________________________________
08.27.95 CVE: Not Available
Platform: Web Application
Title: EVA cms "index.php" Remote File Include
Description: EVA cms is a PHP-based content manager. The application
is exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "eva[caminho]" parameter of the
"index.php" script. EVA cms version 2.3.1 is affected.
Ref: http://www.securityfocus.com/bid/29954
______________________________________________________________________
08.27.96 CVE: Not Available
Platform: Web Application
Title: The Rat CMS Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: The Rat CMS is a PHP-based content management
application. The application is exposed to multiple input validation
issues because it fails to adequately sanitize user-supplied data. The
Rat CMS Pre-Alpha version 2 is affected.
Ref: http://www.securityfocus.com/archive/1/493684
______________________________________________________________________
08.27.97 CVE: Not Available
Platform: Web Application
Title: Galmeta Post "test_adodb_lite.php" Multiple Local File Include
Vulnerabilities
Description: Galmeta Post is a content management system. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. Galmeta Post
version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/29962
______________________________________________________________________
08.27.98 CVE: Not Available
Platform: Web Application
Title: TietoEnator Procapita Multiple Remote Vulnerabilities
Description: TientoEnator's Procapita is a web-based school management
application. The application is exposed to multiple remote issues.
Ref: http://www.securityfocus.com/archive/1/493681
______________________________________________________________________
08.27.99 CVE: Not Available
Platform: Web Application
Title: Keller Web Admin "action" Parameter Local File Include
Description: Keller Web Admin is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to sanitize user-supplied input to the "action" parameter of
the "index.php" script. Keller Web Admin version 0.94 Pro is affected.
Ref: http://www.securityfocus.com/bid/29971
______________________________________________________________________
08.27.100 CVE: Not Available
Platform: Web Application
Title: Orca "params.php" Remote File Include
Description: Orca is a web-based forum. The application is exposed to
a remote file include issue because it fails to properly sanitize
user-supplied input to the "gConf[dir][layouts]" parameter of the
"layout/default/params.php" script. Orca version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29974
______________________________________________________________________
08.27.101 CVE: Not Available
Platform: Web Application
Title: A+ PHP Scripts News Management System Cookie Authentication
Bypass
Description: A+ PHP Scripts News Management System is a web-based
application. News Management System is exposed to an authentication
bypass issue because it fails to adequately verify user-supplied input
used for cookie-based authentication.
Ref: http://www.securityfocus.com/bid/29977
______________________________________________________________________
08.27.102 CVE: Not Available
Platform: Web Application
Title: testMaker Remote Unspecified PHP Script Code Execution
Description: testMaker is software for web-based assessment. The
application is exposed to an unspecified issue due to unspecified
errors in the code. This issue will allow a remote attacker to execute
arbitrary PHP code on the web server in the context of the hosting
web server process. testMaker versions prior to 3.0p16 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=609679
______________________________________________________________________
08.27.103 CVE: Not Available
Platform: Web Application
Title: Seagull Arbitrary File Upload
Description: Seagull is a web-based framework for building PHP
applications. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code on an affected
computer with the privileges of the web server process. The issue
occurs because the software fails to properly sanitize user-supplied
input in the form of multiple file extensions to the
"tinyfck/filemanager/connectors/php/config.php" script. Seagull
versions up to and including 0.6.4 are affected.
Ref: http://www.securityfocus.com/bid/29982
______________________________________________________________________
08.27.104 CVE: Not Available
Platform: Web Application
Title: phpBLASTER CMS Multiple Local File Include Vulnerabilities
Description: phpBLASTER is a web-based content manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "DB", "lang"
and "skin" parameters of the "index.php" script. phpBLASTER version
1.0 RC1 is affected.
Ref: http://www.securityfocus.com/bid/29983
______________________________________________________________________
08.27.105 CVE: Not Available
Platform: Web Application
Title: Mask PHP File Manager Configuration Security Bypass
Description: Mask PHP File Manager (mPFM) is a PHP-based file manager.
The application is exposed to a security bypass issue because the
application fails to properly restrict access to certain portions of
the application. Mask PHP File Manager version 2.4 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=609546
______________________________________________________________________
08.27.106 CVE: Not Available
Platform: Web Application
Title: OTManager "conteudo" Parameter Local File Include and
Cross-Site Scripting Vulnerabilities
Description: OTManager is a PHP-based content manager. The application
is exposed to a local file include issue and a cross-site scripting
issue. Both of these issues affect the "conteudo" parameter of the
"index.php" script. OTManager version 24a is affected.
Ref: http://www.securityfocus.com/bid/29992
______________________________________________________________________
08.27.107 CVE: Not Available
Platform: Web Application
Title: PowerAward Multiple Local File Include and Cross-Site Scripting
Vulnerabilities
Description: PowerAward is a home page award system. The application is
exposed to multiple input validation issues. PowerAward version 1.1.0
RC1 is affected.
Ref: http://www.securityfocus.com/bid/29993
______________________________________________________________________
08.27.108 CVE: Not Available
Platform: Web Application
Title: Simple PHP Agenda "index.php" Local File Include
Description: Simple PHP Agenda is a web-based agenda tool. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "index.php" script. Simple PHP Agenda version 2.2.4 is affected.
Ref: http://www.securityfocus.com/bid/30034
______________________________________________________________________
08.27.109 CVE: Not Available
Platform: Web Application
Title: W1L3D4 Philboard Cross-Site Scripting and SQL Injection
Vulnerabilities
Description: Philboard is a web-based forum implemented in ASP. The
application is exposed to multiple input validation issues because it
fails to sufficiently sanitize user-supplied data. W1L3D4 Philboard
version 1.14 is affected.
Ref: http://www.securityfocus.com/bid/29998
______________________________________________________________________
08.27.110 CVE: Not Available
Platform: Web Application
Title: OTManager Cookie Authentication Bypass
Description: OTManager is a PHP-based content manager. News Management
System is exposed to an authentication bypass issue because it fails
to adequately verify user-supplied input used for cookie-based
authentication. OTManager version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/29999
______________________________________________________________________
08.27.111 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo "com_xewebtv" Component "id" Parameter SQL
Injection Vulnerability
Description: "com_xewebtv" is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_xewebtv" component before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/30006
______________________________________________________________________
08.27.112 CVE: Not Available
Platform: Web Application
Title: Pivot "t" Parameter Directory Traversal
Description: Pivot is a PHP-based tool for creating weblogs and other
dynamic web sites. The application is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input to
the "t" parameter of the "search.php" script. Pivot version 1.40.5 is
affected.
Ref: http://forum.pivotlog.net/viewtopic.php?t=12471
______________________________________________________________________
08.27.113 CVE: Not Available
Platform: Web Application
Title: BareNuked CMS "admin/users.php" Cookie Authentication Bypass
Description: BareNuked CMS is a PHP-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. This issue affects the "admin/users.php" script when
adding new users. BareNuked CMS version 1.1.0 is affected.
Ref: http://www.securityfocus.com/bid/30011
______________________________________________________________________
08.27.114 CVE: Not Available
Platform: Web Application
Title: RSS-aggregator Multiple SQL Injection and Authentication Bypass
Vulnerabilities
Description: RSS-aggregator is a PHP-based application that allows
users to display multiple RSS feeds on single page. The application is
exposed to multiple remote issues. RSS-aggregator version 1.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/493783
______________________________________________________________________
08.27.115 CVE: Not Available
Platform: Web Application
Title: myBloggie Cross-Site Scripting and SQL Injection
Vulnerabilities
Description: myBloggie is a web-log application. The application is
exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. myBloggie version 2.1.6
is affected.
Ref: http://www.netvigilance.com/advisory0040
______________________________________________________________________
08.27.116 CVE: Not Available
Platform: Web Application
Title: Fa Name Multiple Cross-Site Scripting Vulnerabilities
Description: Fa Name is content management system. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. Fa Name version 1.0 is affected.
Ref: http://www.netvigilance.com/advisory0043
______________________________________________________________________
08.27.117 CVE: Not Available
Platform: Web Application
Title: HIOX Banner Rotator "hioxBannerRotate.php" Remote File Include
Description: HIOX Banner Rotator is a web-based application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "hm" parameter of the
"hioxBannerRotate.php" script. HIOX Banner Rotator version 1.3 is
affected.
Ref: http://www.securityfocus.com/bid/30021
______________________________________________________________________
08.27.118 CVE: Not Available
Platform: Web Application
Title: TYPO3 SQL Frontend Extension Unspecified SQL Injection and
Denial of Service Vulnerabilities
Description: SQL Frontend is a third-party extension for the TYPO3
content manager. SQL Frontend is not a part of the TYPO3 default
installation. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 SQL Frontend versions up to and including 1.0.11 are
affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.119 CVE: Not Available
Platform: Web Application
Title: TYPO3 Packman Extension Unspecified Remote
Description: Packman is a third-party extension for the TYPO3 content
management system. The application is exposed to an issue in
unspecified functionality related to an incomplete blacklist. Packman
versions 0.2.1 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.120 CVE: Not Available
Platform: Web Application
Title: TYPO3 KB Unpack Extension Unspecified Remote
Description: KB Unpack is a third-party extension for the TYPO3
content manager. The application is exposed to an issue in unspecified
functionality related to an incomplete blacklist. KB Unpack versions
0.1.0 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.121 CVE: Not Available
Platform: Web Application
Title: TYPO3 DAM Frontend Extension Multiple Unspecified
Vulnerabilities
Description: DAM Frontend is a third-party extension for the TYPO3
content manager. The application is exposed to multiple issues,
including an SQL injection issue, an information disclosure issue, and
other unspecified issues that arise because the application fails to
handle access controls and errors in a proper manner. DAM Frontend
versions 0.1.0 and earlier are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20080701-1
______________________________________________________________________
08.27.122 CVE: Not Available
Platform: Web Application
Title: QNX Neutrino RTOS "phgrafx" Local Buffer Overflow
Description: QNX Neutrino RTOS is a realtime operating system
available both freely and for commercial use. The application is
exposed to a local buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. QNX Neutrino RTOS
versions 6.3.2 and 6.3.0 are affected.
Ref: http://www.scanit.net/rd/advisories/adv01
______________________________________________________________________
08.27.123 CVE: Not Available
Platform: Web Application
Title: Wordtrans-web Remote Arbitrary Shell Command Injection
Description: Wordtrans-web is a web interface for Wordtrans. Wordtrans is
a front-end for several dictionaries. The application is exposed to a
remote command injection issue because it fails to adequately sanitize
user-supplied input data. Wordtrans-web version 1.1.pre15 is affected.
Ref: http://www.scanit.net/rd/advisories/adv02
______________________________________________________________________
08.27.124 CVE: CVE-2008-1663
Platform: Web Application
Title: HP System Management Homepage (SMH) for Linux and Windows Cross-Site Scripting
Description: System Management Homepage (SMH) provides a web-based
management interface for ProLiant and Integrity servers. HP System
Management Homepage is exposed to a cross-site scripting issue. HP
System Management Homepage (SMH) versions 2.1.10 and 2.1.11 for Linux
and Windows are affected.
Ref: http://www.securityfocus.com/bid/30029
______________________________________________________________________
08.27.125 CVE: Not Available
Platform: Network Device
Title: Avaya Communication Manager Multiple Security Vulnerabilities
Description: Avaya Communication Manager is an IP telephony platform.
The application is exposed to multiple security issues.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-270.htm
______________________________________________________________________
08.27.126 CVE: Not Available
Platform: Network Device
Title: Palm Centro System Lockout Authentication Bypass
Description: Palm Centro is a mobile phone. The device is exposed to
an authentication bypass issue when in lockout mode. Lockout mode is
designed to limit access to most features of the phone when enabled; a
user can still make 911 or "*2" calls.
Ref: http://www.securityfocus.com/bid/30030
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkhtWOcACgkQ+LUG5KFpTkbL3gCeIGoGuUepuEH9Im9bBDITa+dy
2hkAnAlNMIWWEYPSpIgx0MTQnyMrh2Kb
=KsuB
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]