NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 28

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jul 10 2008 - 16:27:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was the worst week of 2008: Two unpatched Microsoft zero-days,
the big DNS problem/patch, and remote code execution bugs in Novell
eDirectory and Sun's JRE.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
July 10, 2008 Vol. 7. Week 28
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 2 (#6)
Microsoft Office 2 (#1, #2)
Other Microsoft Products 2 (#7, #8)
Third Party Windows Apps 2
Linux 6
Novell 1 (#4)
Cross Platform 8 (#3, #5)
Web Application - Cross Site Scripting 4
Web Application - SQL Injection 16
Web Application 26
Network Device 1
Network Device 2

************************** Sponsored By SANS ****************************

Virtualization has become one of the most widely deployed IT tools
across the enterprise. Join other professionals at the Virtualization
Security Summit August 7-8. Hear what your peers are doing in this space
and what the best tools are to address Virtualization Security.
http://www.sans.org/info/30623
*************************************************************************

TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/sansfire08/
- - Boston (8/9-8/17) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Office Access ActiveX Control Remote Code Execution (0day)
(2) CRITICAL: Microsoft Word Remote Code Execution (0day)
(3) CRITICAL: Multiple Vendor DNS Spoofing and Poisoning Attack
(4) CRITICAL: Novell eDirectory Integer Overflow
(5) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
(6) MODERATE: Microsoft Windows Saved Search Remote Code Execution (MS08-038)
(7) MODERATE: Microsoft SQL Server Remote Code Execution (MS08-040)
(8) MODERATE: Microsoft Outlook Web Access Multiple Cross Site Scripting Vulnerabilities (MS08-039)

*************************** Sponsored Links: **************************

1) Beyond Traditional Security: Blend Proactive and Reactive Security
to Protect the Enterprise - Learn More
http://www.sans.org/info/30628
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
08.28.1 - Microsoft Windows Explorer saved-search File Remote Code Execution
08.28.2 - Microsoft Windows DNS Server Cache Poisoning
-- Microsoft Office
08.28.3 - Microsoft Word Unspecified Remote Code Execution
08.28.4 - Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting
-- Other Microsoft Products
08.28.5 - Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download
08.28.6 - Microsoft SQL Server On-Disk Data Structures Remote Memory Corruption
-- Third Party Windows Apps
08.28.7 - ServerView "SnmpGetMibValues.exe" Multiple Unspecified Buffer Overflow Vulnerabilities
08.28.8 - Download Accelerator Plus ".m3u" File Buffer Overflow
-- Linux
08.28.9 - Red Hat Certificate System rhpki-common Security Bypass Weakness
08.28.10 - Linux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
08.28.11 - Linux Kernel x86_64 ptrace Local Memory Corruption
08.28.12 - Gnome Screensaver Local Information Disclosure
08.28.13 - BlueZ SDP Payload Processing Multiple Buffer Overflow Vulnerabilities
08.28.14 - Linux Kernel "do_change_type()" Local Security Bypass
-- Novell
08.28.15 - Novell eDirectory "ds.dlm" Module Integer Overflow
-- Cross Platform
08.28.16 - VLC Media Player WAV File Buffer Overflow
08.28.17 - Opera Web Browser Remote Code Execution and Information Disclosure Vulnerabilities
08.28.18 - Mercurial "patch.py" Directory Traversal
08.28.19 - Panda ActiveScan Unspecified Remote Code Execution
08.28.20 - PCRE Regular Expression Heap-Based Buffer Overflow
08.28.21 - WeFi Log Files Local Information Disclosure
08.28.22 - Poppler PDF Rendering Library Page Class Remote Code Execution
08.28.23 - OllyDBG and ImpREC Export Name Buffer Overflow
-- Web Application - Cross Site Scripting
08.28.24 - Drupal Organic Groups Cross-Site Scripting And Information Disclosure Vulnerabilities
08.28.25 - FreeStyle Wiki Unspecified Cross-Site Scripting
08.28.26 - Kasseler CMS "cid" parameter Cross-Site Scripting
08.28.27 - Adobe RoboHelp Server Help Errors Log Cross-Site Scripting
-- Web Application - SQL Injection
08.28.28 - XChangeboard "newThread.php" SQL Injection
08.28.29 - Joomla! and Mambo Brightcode Weblinks Component "catid" Parameter SQL Injection
08.28.30 - Joomla! and Mambo "com_is" Component Multiple SQL Injection Vulnerabilities
08.28.31 - Joomla! and Mambo QuickTime VR Component "room_id" Parameter SQL Injection
08.28.32 - WebBlizzard CMS "index.php" SQL Injection
08.28.33 - phpwebnews "index.php" SQL Injection
08.28.34 - phpwebnews "bukutamu.php" SQL Injection
08.28.35 - Xpoze "user.html" SQL Injection
08.28.36 - BlognPlus "index.php" Multiple SQL Injection Vulnerabilities
08.28.37 - SmartPPC "directory.php" SQL Injection
08.28.38 - PHP-Nuke 4ndvddb Module "id" Parameter SQL Injection
08.28.39 - Triton CMS Pro "X-Forwarded-For" Header SQL Injection
08.28.40 - Lastminute Script "index.php" SQL Injection
08.28.41 - Mole Group Hotel Script "index.php" SQL Injection
08.28.42 - Mole Group Real Estate Script "index.php" SQL Injection
08.28.43 - BrewBlogger "logincheck.inc.php" SQL Injection
-- Web Application
08.28.44 - CMS little "index.php" Local File Include
08.28.45 - phPortal Multiple Remote File Include Vulnerabilities
08.28.46 - Drupal Outline Designer Module "outline_designer.module" Security Bypass
08.28.47 - Drupal Taxonomy Autotagger Module Multiple Input Validation Vulnerabilities
08.28.48 - Drupal Tinytax taxonomy block Module HTML Injection
08.28.49 - pHNews "comments.php" Local File Include
08.28.50 - 1024 CMS Multiple Remote and Local File Include Vulnerabilities
08.28.51 - Joomla! and Mambo altas Component "index.php" Multiple SQL Injection Vulnerabilities
08.28.52 - Joomla! and Mambo DBQuery Component "mosConfig_absolute_path" Remote File Include
08.28.53 - THELIA Arbitrary File Upload and Authentication Bypass Vulnerabilities
08.28.54 - Youngzsoft CMailServer "mvmail.asp" Multiple Buffer Overflow Vulnerabilities
08.28.55 - ImperialBB Remote File Upload
08.28.56 - ContentNow Multiple Remote Vulnerabilities
08.28.57 - fuzzylime (cms) "rss.php" Local File Include
08.28.58 - YourPlace Unspecified Authentication Bypass
08.28.59 - Simple Machine Forum Prior to 1.1.5 and 1.0.13 Multiple Unspecified Vulnerabilities
08.28.60 - DodosMail "dodosmail.php" Local File Include
08.28.61 - MyBB Prior to 1.2.13 Multiple Unspecified Vulnerabilities
08.28.62 - Zoph Cross-Site Scripting and SQL Injection Vulnerabilities
08.28.63 - WebXell Editor "upload_pictures.php" Arbitrary File Upload
08.28.64 - fuzzylime (cms) "blog.php" Local File Include
08.28.65 - Neutrino Atomic Edition Authentication Bypass
08.28.66 - Joomla! Prior to v1.5.4 Multiple Unauthorized Access Vulnerabilities
08.28.67 - vBulletin "adminlog.php" Request Logging HTML Injection
08.28.68 - Boonex Dolphin Multiple Remote File Include Vulnerabilities
08.28.69 - trixbox "langChoice" Local File Include
-- Network Device
08.28.70 - F5 FirePass SSL VPN SNMP Daemon Remote Denial of Service

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Office Access ActiveX Control Remote Code Execution (0day)
Affected:
Microsoft Office Access 2000
Microsoft Office Access 2002
Microsoft Office Access 2003
Microsoft Access Snapshot Viewer

Description: The Access component of Microsoft Office provides some of
its functionality through an ActiveX control. This control contains a
flaw in its handling of user input. A malicious web page that
instantiated this control could trigger this flaw. Successfully
exploiting this flaw would allow an attacker to execute arbitrary code
with the privileges of the current user. Proof-of-concept code for this
vulnerability is publicly available, and it is believed that this
vulnerability is being actively exploited in the wild.

Status: Microsoft confirmed, no updates available. Users can mitigate
the impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSIDs
"F0E42D50-368C-11D0-AD81-00A0C90DC8D9",
"F0E42D60-368C-11D0-AD81-00A0C90DC8D9", and
"F2175210-368C-11D0-AD81-00A0C90DC8D9".

References:
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/955179.mspx
Proof-of-Concept
http://pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/30114

***********************************************************

(2) CRITICAL: Microsoft Word Remote Code Execution (0day)
Affected:
Microsoft Office Word 2002

Description: Microsoft Word contains a remote code execution
vulnerability in its handling of documents. A specially crafted document
could trigger this vulnerability, allowing an attacker to execute
arbitrary code with the privileges of the current user. While no
technical details appear to be available, this vulnerability is being
actively exploited in the wild. Note that Microsoft Office 2002 will not
open Word documents upon receipt without first prompting the user.

Status: Microsoft confirmed, no updates available.

References:
Microsoft Security Response Center Blog Posting
http://blogs.technet.com/msrc/archive/2008/07/08/vulnerability-in-microsoft-word-could-allow-remote-code-execution.aspx
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/953635.mspx
SANS Internet Security Center Blog Posting
http://isc.sans.org/diary.html?storyid=4696
SecurityFocus BID
http://www.securityfocus.com/bid/30124

***********************************************************

(3) CRITICAL: Multiple Vendor DNS Spoofing and Poisoning Attack
Affected:
Several vendors' DNS products, including Microsoft's DNS server and ISC BIND

Description: The Domain Name System (DNS) is the service that provides
symbolic name to IP address resolution for the internet. Part of the DNS
protocol's design includes a Transaction ID (XID) number to match
queries with responses. If an attacker were able to predict certain
characteristics of a DNS query, including XID, source UDP port, and
other characteristics, the attacker could spoof responses from a DNS
server. Recently, several vendors' implementations of DNS were
discovered to be particularly vulnerable to such spoofing due to flaws
in their XID randomization algorithms. Major DNS server vendors
coordinated patching to ensure that all major systems would have patches
available simultaneously. While full technical details for these
vulnerabilities is not currently available, they could be discerned
through source code analysis. Further details are scheduled to be
revealed at this year's Black Hat security conference. If an attacker
were able to successfully spoof DNS responses, an attacker could
redirect users to malicious web sites or mail servers, or poison DNS
caches on victim's systems.

Status: Vendors confirmed, updates available.

References:
SANS Internet Storm Center Blog Posting
http://isc.sans.org/diary.html?storyid=4687
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx
Executive Overview (PDF)
http://securosis.com/publications/DNS-Executive-Overview.pdf
Slashdot Article Discussing the Issue
http://it.slashdot.org/article.pl?sid=08/07/08/195225
Securosis Posting
http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/
Wikipedia Article on DNS
http://en.wikipedia.org/wiki/Domain_Name_System
SecurityFocus BID
http://www.securityfocus.com/bid/30132

***********************************************************

(4) CRITICAL: Novell eDirectory Integer Overflow
Affected:
Novell eDirectory versions prior to 8.8.2 ftf2

Description: eDirectory is Novell's implementation of the Lightweight
Directory Access Protocol (LDAP). It contains an integer overflow in its
handling of certain user inputs. A specially crafted user input could
trigger this integer overflow. Successfully exploiting this overflow
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. Some technical details are publicly available
for this vulnerability.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-041/
Novell Security Advisory
http://www.novell.com/support/viewContent.do?externalId=3694858&sliceId=1
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/LDAP
Vendor Home Page
http://www.novell.com
SecurityFocus BID
http://www.securityfocus.com/bid/30085

***********************************************************

(5) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
Affected:
Sun Java Runtime Environment versions prior to 6 update 7
Sun Java Development Environment versions prior to 6 update 7

Description: Sun's implementation of the Java Runtime Environment
contains multiple vulnerabilities. A specially crafted Java application
or applet could trigger one of these vulnerabilities, with consequences
ranging from arbitrary code execution with the privileges of the current
user to denials-of-service and information disclosure. Note that,
depending upon configuration, Java applets embedded in web pages may be
opened automatically upon the loading of the page. Some technical
details for these vulnerabilities may be available via source code
analysis. Sun's Java Runtime Environment is installed by default on all
Apple Mac OS X systems, all Sun Solaris systems, many other Unix and
Linux based operating systems, and is often installed on Microsoft
Windows. Note that some of these vulnerabilities were discussed
individually in previous editions of RISK.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
zerodayinitiative.com/advisories/ZDI-08-042
zerodayinitiative.com/advisories/ZDI-08-043
Sun Security Advisories
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
Product Home Page
http://java.sun.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/30144
http://www.securityfocus.com/bid/30141
http://www.securityfocus.com/bid/30140
http://www.securityfocus.com/bid/30143

***********************************************************

(6) MODERATE: Microsoft Windows Saved Search Remote Code Execution (MS08-038)
Affected:
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: Microsoft Windows allows users to save filesystem search
criteria, so that these criteria can be used later to repeat the given
search. A flaw in the saving of searches can trigger a remote code
execution vulnerability. A specially crafted saved search file could
trigger this vulnerability, allowing an attacker to execute arbitrary
code with the privileges of the current user. Note that significant user
interaction is required to exploit this vulnerability: a user must open
a malicious save file and subsequently save it again.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/30109

***********************************************************

(7) MODERATE: Microsoft SQL Server Remote Code Execution (MS08-040)
Affected:
Microsoft SQL Server 7.0
Microsoft SQL Server 2000
Microsoft SQL Server 2005

Description: Microsoft SQL Server contains a remote code execution
vulnerability. When parsing a stored backup file, an integer underflow
flaw can be triggered. Successfully exploiting this vulnerability would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process. Note that an attacker must have authenticated access
to the vulnerable database; such authentication may potentially be
obtained through SQL injection vulnerabilities in applications using the
vulnerable database server. Additionally, an attacker would need to be
able to provide a malicious backup file to the vulnerable server.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
Microsoft Security Vulnerability Research and Defense Blog Posting
http://blogs.technet.com/swi/archive/2008/07/08/ms08-040-how-to-spot-potentially-dangerous-mtf-files-crossing-network-boundary.aspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723
SecurityFocus BID
http://www.securityfocus.com/bid/30119

***********************************************************

(8) MODERATE: Microsoft Outlook Web Access Multiple Cross Site Scripting Vulnerabilities (MS08-039)
Affected:
Microsoft Exchange Server 2003
Microsoft Exchange Server 2007

Description: Microsoft Outlook Web Access, the web-based mail client
provided by Microsoft Exchange, contains multiple cross-site scripting
vulnerabilities. A specially crafted email could trigger one of these
vulnerabilities, allowing an attacker to inject arbitrary web-based
scripts into a victim's browser session upon opening a malicious email.
Note that Outlook Web Access Premium is not affected by these
vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx
Microsoft Security Vulnerability Research and Defense Blog Posting
http://blogs.technet.com/swi/archive/2008/07/08/MS08-039-which-users-are-vulnerable-to-OWA-XSS-vulnerability.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/30130

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 28, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.28.1 CVE: CVE-2008-1435
Platform: Windows
Title: Microsoft Windows Explorer saved-search File Remote Code
Execution
Description: Saved-search file is a file type that allows a user to
save search parameters. Microsoft Windows Explorer is exposed to a
remote code execution issue. This issue occurs when parsing malformed
saved-search files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-038.mspx
______________________________________________________________________

08.28.2 CVE: CVE-2008-1454
Platform: Windows
Title: Microsoft Windows DNS Server Cache Poisoning
Description: Microsoft Windows DNS servers are prone to a
vulnerability that lets attackers poison DNS caches. Specifically,
this occurs because the software fails to properly handle responses
containing data outside of their authority.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx
______________________________________________________________________

08.28.3 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Word Unspecified Remote Code Execution
Description: Microsoft Word is exposed to an unspecified remote
code execution issue. This issue may allow remote attackers to execute
arbitrary code on a vulnerable computer. The vulnerability arises when
the application processes a specially crafted Word document (.doc).
Ref: http://www.microsoft.com/en/us/default.aspx
______________________________________________________________________

08.28.4 CVE: CVE-2008-2247
Platform: Microsoft Office
Title: Microsoft Outlook Web Access for Exchange Server Email Field
Cross-Site Scripting
Description: Microsoft Outlook Web Access (OWA) for Exchange Server is
exposed to a cross-site scripting issue because the application fails
to properly sanitize user-supplied input. This issue can occur because
certain email fields aren't sufficiently validated when email is
opened from a client OWA session.
Ref: http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx
______________________________________________________________________

08.28.5 CVE: CVE-2008-2463
Platform: Other Microsoft Products
Title: Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary
File Download
Description: Snapshot Viewer for Microsoft Access is an ActiveX
control that allows users to view snapshots created with Microsoft
Access. The ActiveX control is exposed to an issue that can cause
malicious files to be downloaded and saved to arbitrary locations on
an affected computer.
Ref: http://www.microsoft.com/technet/security/advisory/955179.mspx
______________________________________________________________________

08.28.6 CVE: CVE-2008-0107
Platform: Other Microsoft Products
Title: Microsoft SQL Server On-Disk Data Structures Remote Memory
Corruption
Description: Microsoft SQL Server is exposed to a remote memory
corruption issue because it fails to perform adequate boundary checks
when handling user-supplied query strings. The issue occurs when the
server handles specially crafted data structures in on-disk files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
______________________________________________________________________

08.28.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: ServerView "SnmpGetMibValues.exe" Multiple Unspecified Buffer
Overflow Vulnerabilities
Description: ServerView is a server management software suite that
provides remote access via a web interface. The web interface is
exposed to multiple unspecified buffer overflow issues because the
software fails to properly bounds check user-supplied data. ServerView
version 4.60.07 is affected.
Ref: http://www.securityfocus.com/bid/30081
______________________________________________________________________

08.28.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Download Accelerator Plus ".m3u" File Buffer Overflow
Description: Download Accelerator Plus is a download manager available
for Microsoft Windows. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application fails to
handle malformed ".m3u" files.
Ref: http://www.securityfocus.com/bid/30138
______________________________________________________________________

08.28.9 CVE: CVE-2008-1676
Platform: Linux
Title: Red Hat Certificate System rhpki-common Security Bypass
Weakness
Description: Red Hat Certificate System (RHCS) is an enterprise-level
Public Key Infrastructure (PKI) deployment manager. The application is
exposed to a security bypass weakness due to a flaw in rhpki-common
(Red Hat PKI Common Framework) when handling Extensions in certificate
signing requests (CSR).
Ref: http://rhn.redhat.com/errata/RHSA-2008-0500.html
______________________________________________________________________

08.28.10 CVE: CVE-2008-2812
Platform: Linux
Title: Linux Kernel TTY Operations NULL Pointer Dereference Denial of
Service Vulnerabilities
Description: The Linux kernel is exposed to multiple local denial of
service issues. These issues are due to potential NULL-pointer
dereference exception errors in TTY operations. Linux kernel versions
prior to 2.6.25.10 are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.10
______________________________________________________________________

08.28.11 CVE: Not Available
Platform: Linux
Title: Linux Kernel x86_64 ptrace Local Memory Corruption
Description: The Linux Kernel is exposed to a memory corruption issue
affecting x86_64 ptrace because it fails to properly bounds check
user-supplied input. The issue affects the "sys32_ptrace()" function
of the "ptrace.c" source file when user-supplied data causes the
reference count of a structure in the function to overflow. Linux
Kernel versions prior to 2.6.25.10 are affected.
Ref:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8
______________________________________________________________________

08.28.12 CVE: CVE-2007-6389
Platform: Linux
Title: Gnome Screensaver Local Information Disclosure
Description: The Gnome Screensaver application contains a feature that
lets users leave messages for the account owner that will be displayed
when the screen is unlocked. The application is exposed to a local
information disclosure issue. Gnome Screensaver version 2.20.0 is
affected.
Ref: http://www.securityfocus.com/bid/30096
______________________________________________________________________

08.28.13 CVE: CVE-2008-2374
Platform: Linux
Title: BlueZ SDP Payload Processing Multiple Buffer Overflow
Vulnerabilities
Description: BlueZ is a Bluetooth protocol stack for Linux. The
application is exposed to multiple buffer overflow issues because it
fails to properly bounds check user-supplied data in the "src/sdp.c"
file. BlueZ versions 3.34 and earlier are affected.
Ref: http://article.gmane.org/gmane.linux.bluez.devel/15809/
______________________________________________________________________

08.28.14 CVE: CVE-2008-2931
Platform: Linux
Title: Linux Kernel "do_change_type()" Local Security Bypass
Description: The Linux kernel is exposed to a local security bypass
issue. By default, the "mount" command restricts mountpoint type
changes to superusers. However the "do_change_type()" routine fails to
use "capable(CAPS_SYS_ADMIN)" to verify user permissions prior to
performing changes. Linux kernel versions 2.6.15-rc1 through 2.6.21
are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2931
______________________________________________________________________

08.28.15 CVE: Not Available
Platform: Novell
Title: Novell eDirectory "ds.dlm" Module Integer Overflow
Description: Novell eDirectory is an X.500 compatible directory
service software product for centrally-managing access to resources on
multiple servers and computers within a given network. The software is
exposed to an issue in the "ds.dlm" module. Novell eDirectory versions
8.7.3 and 8.8 for all platforms are affected.
Ref:
http://www.novell.com/support/viewContent.do?externalId=3694858&sliceId=1
______________________________________________________________________

08.28.16 CVE: CVE-2008-2430
Platform: Cross Platform
Title: VLC Media Player WAV File Buffer Overflow
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The issue stems from an integer overflow while
parsing overly large "fmt" chunks. VLC media player version 0.8.6h is
affected.
Ref: http://www.securityfocus.com/archive/1/493849
______________________________________________________________________

08.28.17 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser Remote Code Execution and Information
Disclosure Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to multiple security
issues. The first issue is a remote code execution issue that occurs due
to an unspecified error. The second issue is an information disclosure
issue that exists because of errors in certain canvas functions that can
cause the canvas to be constructed with data from random memory. Opera
versions prior to 9.51 are affected.
Ref: http://www.opera.com/support/search/view/887/
______________________________________________________________________

08.28.18 CVE: CVE-2008-2942
Platform: Cross Platform
Title: Mercurial "patch.py" Directory Traversal
Description: Mercurial is a source control management system available
for multiple operating platforms. The application is exposed to a
directory traversal issue because it fails to adequately sanitize
user-supplied input. This issue occurs due to an error in "patch.py"
when specially crafted patch files are imported into the system.
Mercurial version 1.0.1 is affected.
Ref: https://issues.rpath.com/browse/RPL-2633
______________________________________________________________________

08.28.19 CVE: Not Available
Platform: Cross Platform
Title: Panda ActiveScan Unspecified Remote Code Execution
Description: Panda ActiveScan is a browser plug-in that scans
computers for various threats. The application is exposed to an
unspecified remote code execution issue. Due to the nature of this
application, it is likely that attackers would exploit this issue by
enticing an unsuspecting user to follow a link or visit a malicious
site. Panda ActiveScan version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30086
______________________________________________________________________

08.28.20 CVE: CVE-2008-2371
Platform: Cross Platform
Title: PCRE Regular Expression Heap-Based Buffer Overflow
Description: PCRE is a set of functions that implement
regular-expression pattern matching using the same syntax and
semantics as Perl 5. The application is exposed to a heap-based buffer
overflow issue. The library fails to properly validate user-supplied input
before copying data to an internal memory buffer. PCRE versions up to
and including 7.7 are affected.
Ref:
http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes
______________________________________________________________________

08.28.21 CVE: Not Available
Platform: Cross Platform
Title: WeFi Log Files Local Information Disclosure
Description: WeFi is a WiFi hot spot connectivity client for Windows
and Mac OS X. The application is exposed to a local information
disclosure issue because it fails to securely store sensitive data.
WeFi version 3.2.1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/30088
______________________________________________________________________

08.28.22 CVE: CVE-2008-2950
Platform: Cross Platform
Title: Poppler PDF Rendering Library Page Class Remote Code Execution
Description: The Poppler PDF rendering library provides a programming
interface for rendering PDF files. The library is based on the
Xpdf-3.0 codebase. The application is exposed to a remote code
execution issue because it fails to properly initialize a memory
pointer while processing PDF files. Poppler version 0.8.4 is affected.
Ref: http://www.securityfocus.com/archive/1/493980
______________________________________________________________________

08.28.23 CVE: Not Available
Platform: Cross Platform
Title: OllyDBG and ImpREC Export Name Buffer Overflow
Description: OllyDBG is a debugging application and ImpREC is a PE
(Portable Executable) file unpacker. The application is exposed to a
buffer overflow issue because they fail to perform adequate boundary
checks on user-supplied input. The issue occurs when exporting "name"
buffers. OllyDBG v1.10 is affected, and ImpREC v1.7f is affected.
Ref: http://www.securityfocus.com/bid/30139
______________________________________________________________________

08.28.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Organic Groups Cross-Site Scripting And Information
Disclosure Vulnerabilities
Description: Organic Groups is a Drupal module to create and manage
groups. The application is exposed to multiple issues. The following
versions are affected: Organic Groups 5.x versions prior to 5.x-7.3, and
Organic Groups 6.x versions prior to 6.x-1.0-RC1.
Ref: http://drupal.org/node/277873
______________________________________________________________________

08.28.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: FreeStyle Wiki Unspecified Cross-Site Scripting
Description: FreeStyle Wiki is a wiki clone implemented in Perl. The
application is expsoed to a cross-site scripting issue because it
fails to sanitize user-supplied input to an unspecified parameter.
FreeStyle Wiki versions 3.6.2 and earlier and versions 3.6.3 dev3 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/30071
______________________________________________________________________

08.28.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kasseler CMS "cid" parameter Cross-Site Scripting
Description: Kasseler CMS is a PHP-based content management
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input from the "cid"
parameter of the "Files" module, as passed via "index.php". Kasseler
CMS version 1.3.0 is affected.
Ref: http://www.securityfocus.com/bid/30095
______________________________________________________________________

08.28.27 CVE: CVE-2008-2991
Platform: Web Application - Cross Site Scripting
Title: Adobe RoboHelp Server Help Errors Log Cross-Site Scripting
Description: Adobe RoboHelp Server is an application for developing,
managing, and deploying online help systems. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input. This issue affects the "Report_API.asp",
"Report_Template.asp", and "SQL_Lib.asp" scripts that are associated
with the RoboHelp Help Errors log.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-16.html
______________________________________________________________________

08.28.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XChangeboard "newThread.php" SQL Injection
Description: XChanegboard is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "boardID" parameter in
the "newThread.php" script before using it in an SQL query.
XChangeboard version 1.70 is affected.
Ref: http://www.securityfocus.com/bid/30059
______________________________________________________________________

08.28.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Brightcode Weblinks Component "catid"
Parameter SQL Injection
Description: Brightcode Weblinks is a plugin for displaying links with
the Joomla! and Mambo content managers. It requires the Web Links
module. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "catid"
parameter of the "com_brightweblinks" component before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/30060
______________________________________________________________________

08.28.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_is" Component Multiple SQL Injection
Vulnerabilities
Description: "com_is" is a component for the Mambo and Joomla! content
managers. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"marka" and "motor" parameters of the "com_is" component before using
it in an SQL query. "com_is" component version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/30063
______________________________________________________________________

08.28.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo QuickTime VR Component "room_id" Parameter
SQL Injection
Description: QuickTime VR is a component for the Mambo and Joomla!
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"room_id" parameter of the "com_vr" component before using it in an
SQL query. QuickTime VR version 0.1 is affected.
Ref: http://www.milw0rm.com/exploits/5994
______________________________________________________________________

08.28.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebBlizzard CMS "index.php" SQL Injection
Description: WebBlizzard CMS is a content-management application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "page" parameter in the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30074
______________________________________________________________________

08.28.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpwebnews "index.php" SQL Injection
Description: phpwebnews is a web-based news application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id_kat" parameter of the
"index.php" script before using it in an SQL query. phpwebnews version
0.2 is affected.
Ref: http://www.securityfocus.com/bid/30079
______________________________________________________________________

08.28.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpwebnews "bukutamu.php" SQL Injection
Description: phpwebnews is a web-based news application. The
application is prone to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "det" parameter of the
"bukutamu.php" script before using it in an SQL query. phpwebnews
version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/30080
______________________________________________________________________

08.28.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Xpoze "user.html" SQL Injection
Description: Xpoze is a web-based application for presenting and
selling photos. The application is exposed to an SQL injection issue
because it fails to properly sanitize user-supplied input to the "uid"
parameter in the "user.html" script before using it in an SQL query.
Xpoze Pro version 3.06 is affected.
Ref: http://www.securityfocus.com/bid/30101
______________________________________________________________________

08.28.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlognPlus "index.php" Multiple SQL Injection Vulnerabilities
Description: BlognPlus is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "p", "e", "d", and "m"
parameters of the "index.php" script before using the affected
parameters in an SQL query. BlognPlus versions up to and including
2.5.5 are affected.
Ref: http://www.securityfocus.com/bid/30104
______________________________________________________________________

08.28.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SmartPPC "directory.php" SQL Injection
Description: SmartPPC is a web-based, pay-per-click search engine
script. The application is exposed to an SQL injection issue because
it fails to properly sanitize user-supplied input to the "idDirectory"
parameter of the "directory.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30111
______________________________________________________________________

08.28.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke 4ndvddb Module "id" Parameter SQL Injection
Description: 4ndvddb is a DVD database module for PHP-Nuke. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"4ndvddb" module before using it in an SQL query. 4ndvddb version 0.91
is affected.
Ref: http://www.securityfocus.com/archive/1/494013
______________________________________________________________________

08.28.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Triton CMS Pro "X-Forwarded-For" Header SQL Injection
Description: Triton CMS Pro is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "X-Forwarded-For" header
value in the "index.php" script before using it in an SQL query.
Triton CMS Pro version 1.06 is affected.
Ref: http://www.securityfocus.com/bid/30122
______________________________________________________________________

08.28.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Lastminute Script "index.php" SQL Injection
Description: Lastminute Script is a tourism agency application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "cid" parameter of the
"index.php" script before using it in an SQL query. Lastminute Script
version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/30127
______________________________________________________________________

08.28.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Hotel Script "index.php" SQL Injection
Description: Mole Group Hotel Script is a web-based application for
managing room rentals. The application is exposed to an SQL injection
issue because it fails to properly sanitize user-supplied input to the
"file" parameter of the "index.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30128
______________________________________________________________________

08.28.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mole Group Real Estate Script "index.php" SQL Injection
Description: Mole Group Real Estate Script is a web-based application
for managing property sales. The application is exposed to an SQL
injection issue because it fails to properly sanitize user-supplied
input to the "listing_id" parameter of the "index.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30129
______________________________________________________________________

08.28.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BrewBlogger "logincheck.inc.php" SQL Injection
Description: BrewBlogger is a PHP-based blogging application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "loginUsername"
parameter of the "logincheck.inc.php" script before using it in an SQL
query. BrewBlogger version 2.1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/30133
______________________________________________________________________

08.28.44 CVE: Not Available
Platform: Web Application
Title: CMS little "index.php" Local File Include
Description: CMS little is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "template" parameter
of the "index.php" script. CMS little version 0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/30061
______________________________________________________________________

08.28.45 CVE: Not Available
Platform: Web Application
Title: phPortal Multiple Remote File Include Vulnerabilities
Description: phPortal is a PHP-based content manager. The application
is exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. phPortal version 1.2 Beta
is affected.
Ref: http://www.securityfocus.com/bid/30064
______________________________________________________________________

08.28.46 CVE: Not Available
Platform: Web Application
Title: Drupal Outline Designer Module "outline_designer.module"
Security Bypass
Description: Outline Designer is a Drupal module which provides a
visual way of structuring book contents. The application is exposed to
a security bypass issue. Specifically, the code in the
"outline_designer.module" file fails to properly validate the "uid"
value in the "_outline_designer_ajax()" function. Outline Designer
versions prior to 5.x-1.4 are affected.
Ref: http://drupal.org/node/277883
______________________________________________________________________

08.28.47 CVE: Not Available
Platform: Web Application
Title: Drupal Taxonomy Autotagger Module Multiple Input Validation
Vulnerabilities
Description: The Taxonomy Autotagger is a module for the Drupal CMS.
The application is exposed to SQL injection and HTML injection issues.
The SQL injection issue exists because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. The
HTML injection vulnerability is caused by failure to properly sanitize
posts by users before returning them to the browser. Taxonomy
Autotagger versions prior to 5.x-1.8 are affected.
Ref: http://drupal.org/node/277877
______________________________________________________________________

08.28.48 CVE: Not Available
Platform: Web Application
Title: Drupal Tinytax taxonomy block Module HTML Injection
Description: Tinytax taxonomy block is a module for Drupal, an
open-source content manager that is available for a number of
platforms. The application is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. Tinytax taxonomy block versions
prior to 5.x-1.10-1 are affected.
Ref: http://drupal.org/node/277879
______________________________________________________________________

08.28.49 CVE: Not Available
Platform: Web Application
Title: pHNews "comments.php" Local File Include
Description: pHNews is a web-based CMS. The application is exposed to
a local file include issue because it fails to properly sanitize
user-supplied input to the "template" parameter of the
"modules/comments.php" script.
Ref: http://www.securityfocus.com/bid/30084
______________________________________________________________________

08.28.50 CVE: Not Available
Platform: Web Application
Title: 1024 CMS Multiple Remote and Local File Include Vulnerabilities
Description: 1024 CMS is a PHP-based content manager. The application
is exposed to multiple issues because it fails to properly sanitize
user-supplied input. 1024 CMS versions 1.4.3 and 1.4.4 RFC are
affected.
Ref: http://www.securityfocus.com/archive/1/493958
______________________________________________________________________

08.28.51 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo altas Component "index.php" Multiple SQL
Injection Vulnerabilities
Description: altas is a component for the Joomla! and Mambo content
managers. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"ano" and "mes" parameters of the "com_altas" component before using
it in an SQL query. altas version 1 is affected.
Ref: http://www.securityfocus.com/bid/30092
______________________________________________________________________

08.28.52 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo DBQuery Component "mosConfig_absolute_path"
Remote File Include
Description: DBQuery is a component for the Joomla! and Mambo content
managers. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"mosConfig_absolute_path" parameter of the component's
"classesDBQadmincommon.class.php" script. DBQuery version 1.4.1 is
affected.
Ref: http://www.securityfocus.com/bid/30093
______________________________________________________________________

08.28.53 CVE: Not Available
Platform: Web Application
Title: THELIA Arbitrary File Upload and Authentication Bypass
Vulnerabilities
Description: THELIA is a PHP-based, e-commerce application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary code because it fails to properly sanitize
user-supplied files. THELIA version 1.3.5 is affected.
Ref: http://www.securityfocus.com/bid/30094
______________________________________________________________________

08.28.54 CVE: Not Available
Platform: Web Application
Title: Youngzsoft CMailServer "mvmail.asp" Multiple Buffer Overflow
Vulnerabilities
Description: CMailServer is a web-based mail server application for
Windows. The application is exposed to multiple buffer overflow issues
because it fails to properly bounds-check user-supplied data.
CMailServer version 5.4.6 is affected.
Ref: http://www.securityfocus.com/bid/30098
______________________________________________________________________

08.28.55 CVE: Not Available
Platform: Web Application
Title: ImperialBB Remote File Upload
Description: ImperialBB is a forum software. The application is
exposed to an arbitrary file upload issue. Attackers can upload
arbitrary files to a web server hosting ImperialBB by changing the
"mime-type" to "image/gif" when uploading a file through the User
Control Panel. ImperialBB versions up to and including 2.3.5 are
affected.
Ref: http://www.securityfocus.com/bid/30100
______________________________________________________________________

08.28.56 CVE: Not Available
Platform: Web Application
Title: ContentNow Multiple Remote Vulnerabilities
Description: ContentNow is a web-based application. The application is
exposed to two issues because it fails to sanitize user-supplied
input. Two cross-site scripting issues affect the
"upload/file/language_menu.php" script, and an arbitrary file upload
issue affects the "upload.php" script. ContentNow version 1.4.1
is affected.
Ref: http://www.securityfocus.com/bid/30102
______________________________________________________________________

08.28.57 CVE: Not Available
Platform: Web Application
Title: fuzzylime (cms) "rss.php" Local File Include
Description: fuzzylime (cms) is a web-based content management system.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "p" parameter of
the "rss.php" script. fuzzylime (cms) versions 3.01a and 3.01 are
affected.
Ref: http://www.securityfocus.com/bid/30103
______________________________________________________________________

08.28.58 CVE: Not Available
Platform: Web Application
Title: YourPlace Unspecified Authentication Bypass
Description: YourPlace is a PHP-based file system. The application is
exposed to an unspecified authentication-bypass issue. YourPlace
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30106
______________________________________________________________________

08.28.59 CVE: Not Available
Platform: Web Application
Title: Simple Machine Forum Prior to 1.1.5 and 1.0.13 Multiple
Unspecified Vulnerabilities
Description: Simple Machine Forum is a PHP-based content manager. The
application is exposed to multiple unspecified issues including: an
unspecified input validation issue affecting "topic" parameter, and an
unspecified security issue involving HTML tags. Simple Machine Forum
versions prior to 1.1.5 and 1.0.13 are affected.
Ref:
http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0
______________________________________________________________________

08.28.60 CVE: Not Available
Platform: Web Application
Title: DodosMail "dodosmail.php" Local File Include
Description: DodosMail is a PHP-based application that allows users to
send email via web-form. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "dodosmail_header_file" parameter of the "dodosmail.php"
script. DodosMail version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/30112
______________________________________________________________________

08.28.61 CVE: Not Available
Platform: Web Application
Title: MyBB Prior to 1.2.13 Multiple Unspecified Vulnerabilities
Description: MyBB (MyBulletinBoard) is a bulletin board application.
The application is exposed to multiple remote issues including: an
unspecified "high risk" issue, and an unspecified "medium-risk" issue.
MyBB versions prior to 1.2.13 are affected.
Ref: http://community.mybboard.net/showthread.php?tid=31666
______________________________________________________________________

08.28.62 CVE: Not Available
Platform: Web Application
Title: Zoph Cross-Site Scripting and SQL Injection Vulnerabilities
Description: Zoph is a PHP-based application for managing digital
photographs. The application is exposed to multiple input validation
issues because it fails to sufficiently sanitize user-supplied data.
Zoph version 0.7.2.1 is affected.
Ref: http://www.securityfocus.com/bid/30116
______________________________________________________________________

08.28.63 CVE: Not Available
Platform: Web Application
Title: WebXell Editor "upload_pictures.php" Arbitrary File Upload
Description: WebXell Editor is a web-based spreadsheet application.
The application is exposed to an issue that lets remote attackers
upload and execute arbitrary script code on an affected computer with
the privileges of the web server process. This issue occurs because the
application fails to sanitize user-supplied data contained in files
before uploading them to the web server through the
"upload_pictures.php" script. WebXell Editor version 0.1.3 is
affected.
Ref: http://www.securityfocus.com/bid/30117
______________________________________________________________________

08.28.64 CVE: Not Available
Platform: Web Application
Title: fuzzylime (cms) "blog.php" Local File Include
Description: fuzzylime (cms) is a web-based content management system.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "file" parameter
of the "blog.php" script. fuzzylime (cms) version 3.01a is affected.
Ref: http://www.securityfocus.com/bid/30121
______________________________________________________________________

08.28.65 CVE: Not Available
Platform: Web Application
Title: Neutrino Atomic Edition Authentication Bypass
Description: Neutrino Atomic Edition is PHP-based blogging software.
The application is exposed to an authentication bypass issue. An
attacker can create malicious HTTP GET requests to exploit this issue.
Specifically, the "action" parameter of the "index.php" script can be
used to access legitimate administrative functions of the application
such as "create", "read" and "delete" and execute arbitrary commands.
Neutrino Atomic Edition version 0.8.4 is affected.
Ref: http://www.securityfocus.com/bid/30123
______________________________________________________________________

08.28.66 CVE: Not Available
Platform: Web Application
Title: Joomla! Prior to v1.5.4 Multiple Unauthorized Access
Vulnerabilities
Description: Joomla! is a PHP-based content manager. The application
is exposed to multiple unauthorized access issues including: an unspecified
error in the LDAP mechanism, and an unspecified error in the
file-caching mechanism. Joomla! versions prior to 1.5.4 are affected.
Ref: http://www.joomla.org/content/view/5180/1/
______________________________________________________________________

08.28.67 CVE: Not Available
Platform: Web Application
Title: vBulletin "adminlog.php" Request Logging HTML Injection
Description: vBulletin is a PHP-based content manager. The application
is exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. vBulletin versions prior to 3.7.2 PL1 and 3.6.10 PL3 are
affected.
Ref: http://www.securityfocus.com/archive/1/494049
______________________________________________________________________

08.28.68 CVE: Not Available
Platform: Web Application
Title: Boonex Dolphin Multiple Remote File Include Vulnerabilities
Description: Dolphin is a PHP-based application for creating online
communities. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input. Dolphin version 6.1.2 is affected.
Ref: http://www.securityfocus.com/bid/30136
______________________________________________________________________

08.28.69 CVE: Not Available
Platform: Web Application
Title: trixbox "langChoice" Local File Include
Description: trixbox (formerly AsteriskHome) is an Asterisk-based
IP-PBX product. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"langChoice" parameter of the "/user/index.php" script. trixbox CE
version 2.6.1 is affected.
Ref: http://www.securityfocus.com/bid/30135
______________________________________________________________________

08.28.70 CVE: Not Available
Platform: Network Device
Title: F5 FirePass SSL VPN SNMP Daemon Remote Denial of Service
Description: FirePass is a SSL VPN appliance. The device is exposed to
a denial of service issue that affects the SNMP daemon. Traversing
OID branch "hrSWInstalled" in HOST-RESOURCES-MIB (OID
1.3.6.1.2.1.25.6) can cause the daemon to crash.
Ref: http://www.securityfocus.com/archive/1/493950
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkh2bS0ACgkQ+LUG5KFpTkYRGACfTQddN3sfgchxbK3d78iPOtEG
6yoAn1Di8kFmY6Fb0rrxUD+EvBhfMAG6
=by5l
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]