NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 29

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jul 17 2008 - 16:49:25 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another bad week, but not as bad as last week. The critical
vulnerabilities this week are in the Blackberry Attachment Service
(anyone use that?) and in Oracle and Novell eDiscovery and the Linux
Kernel.

The LINUX problem, in particular, illustrates one of the untold stories
(at least in the press) of security. More than 370 versions of LINUX
are vulnerable. Many are embedded in appliances (like security
appliances?) and software tools where the user probably has no idea even
what version of LINUX they are running. When vendors or open source
groups announce a patch, saying they have "fixed the problem," the
public is misled. Nothing is "fixed" until the patch is successfully
installed. Most vendors and developers take no responsibility for
ensuring their customers even know about the patches - much less install
them. As politicians learn of the misperception (deception?), I expect
to see a movement toward updating breach disclosure laws to require
disclosure when ISP or web site or other application errors cause
customers' computers to be infected enabling personal data (and money)
to be lost. This will also affect all medium and large organizations
that are ISPs for their employees or that have web sites available to
customers or citizens.
Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
July 17, 2008 Vol. 7. Week 29
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Other Microsoft Products 1
Third Party Windows Apps 6 (#4)
Mac Os 2 (#5, #6)
Linux 1 (#2)
Unix 3
Novell 1 (#3)
Cross Platform 22 (#1, #7)
Web Application - Cross Site Scripting 4
Web Application - SQL Injection 13
Web Application 39

************************ Sponsored By Sourcefire, Inc. ******************

SC Magazine Names Snort(r) "Best Network Security." Learn how Snort is
the engine powering the Sourcefire 3D(tm) System. This IPS is different
from others because it shows you everything running on your network in
real time. It also gives you context for your security events. Know more
real threats. No more wild goose chases. Call 1.800.917.4134 today.
http://www.sans.org/info/30844

*************************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/sansfire08/
- - Boston (8/9-8/17) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29) http://www.sans.org/vabeach08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU July 2008)
(2) CRITICAL: Linux Kernel BER Decoding Buffer Overflow
(3) CRITICAL: Novell eDirectory LDAP Buffer Overflow
(4) CRITICAL: BlackBerry Attachment Service PDF Processing Remote Code Execution
(5) HIGH: Mozilla Firefox GIF Processing Vulnerability
(6) HIGH: Apple iPhone and iPod Touch Multiple Vulnerabilities
(7) MODERATE: Mozilla Firefox URI Parsing Vulnerability

*************************** Sponsored Links: **************************
1) Attend the Virtualization Security Summit August 7-8 in Las Vegas and
hear about tools and techniques you can use.
http://www.sans.org/info/30849
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Other Microsoft Products
08.29.1 - Microsoft Internet Explorer New ActiveX Object String Concatenation Memory Corruption
-- Third Party Windows Apps
08.29.2 - Sun Java SE Secure Static Versioning Applet Execution Weakness
08.29.3 - Empire Server Prior to 4.3.15 Multiple Unspecified Vulnerabilities
08.29.4 - Simple DNS Plus Unspecified Remote Denial of Service
08.29.5 - Sina DLoader Class ActiveX Control "DonwloadAndInstall" Method Arbitrary File Download
08.29.6 - WinRemotePC Packet Handling Remote Denial of Service
08.29.7 - Black Ice Software Document Imaging SDK/ActiveX Remote Buffer Overflow
-- Mac Os
08.29.8 - Apple Xcode Core Image Fun House ".funhouse" File XML Data Handling Buffer Overflow
08.29.9 - Apple Xcode WebObjects "WOHyperlink" Information Disclosure
-- Linux
08.29.10 - newsx "read_article()" Buffer Overflow
-- Unix
08.29.11 - ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote Denial of Service
08.29.12 - OP XAUTHORITY Variable Local Privilege Escalation
08.29.13 - Berkeley Yacc (byacc) "skeleton.c" Local Denial of Service
-- Novell
08.29.14 - Novell eDirectory LDAP Service Search Parameters Heap Overflow
-- Cross Platform
08.29.15 - Multiple Sophos Products MIME Attachments Denial of Service
08.29.16 - Sun Java Runtime Environment Multiple Unspecified Same Origin Policy Violation Vulnerabilities
08.29.17 - Sun Java Runtime Environment Virtual Machine Privilege Escalation
08.29.18 - Sun Java Runtime Environment XML Data Processing Multiple Vulnerabilities
08.29.19 - Sun Java Runtime Environment Multiple Security Vulnerabilities
08.29.20 - Sun Java SE Java Management Extensions (JMX) Unspecified Unauthorized Access
08.29.21 - Sun Java Runtime Environment Font Processing Buffer Overflow
08.29.22 - Sun Java Web Start Multiple Vulnerabilities
08.29.23 - Multiple Vendors Unspecified SVG File Processing Denial of Service
08.29.24 - FFmpeg libavformat "psxstr.c" STR Data Heap-Based Buffer Overflow
08.29.25 - WeFi WEP Key Data Local Information Disclosure
08.29.26 - IBM Data ONTAP Multiple Unspecified Vulnerabilities
08.29.27 - IBM Maximo "debug.jsp" HTML Injection And Information Disclosure Vulnerabilities
08.29.28 - Wireshark 1.0.1 Denial of Service
08.29.29 - Apple iPhone and iPod Touch Prior to Version 2.0 Multiple Remote Vulnerabilities
08.29.30 - Apple Safari Domain Extensions Insecure Cookie Access
08.29.31 - Apple Safari HTTPS to HTTPS Referer Information Disclosure
08.29.32 - eMule Operating System User Account Information Disclosure Weakness
08.29.33 - Firebird Multiple Denial of Service and Information Disclosure Vulnerabilities
08.29.34 - Votorola Multiple Unspecified Security Vulnerabilities
08.29.35 - Mozilla Firefox URI Splitting Security Bypass
08.29.36 - Mozilla Firefox "chrome" Document Unspecified Script Injection Weakness
-- Web Application - Cross Site Scripting
08.29.37 - Hudson "q" Parameter Cross-Site Scripting
08.29.38 - BilboBlog Multiple Cross-Site Scripting Vulnerabilities
08.29.39 - CMME Cross-Site Scripting And Information Disclosure Vulnerabilities
08.29.40 - Redmine Unspecified Cross-Site Scripting
-- Web Application - SQL Injection
08.29.41 - Dreamlevels DreamNews "dreamnews-rss.php" SQL Injection
08.29.42 - Dreamlevels Dreampics Builder "page" Parameter SQL Injection
08.29.43 - auraCMS "pages_data.php" Multiple SQL Injection Vulnerabilities
08.29.44 - File Store PRO "download.php" SQL Injection
08.29.45 - Million Pixels "tops_top.php" SQL Injection
08.29.46 - Avlc Forum "vlc_forum.php" SQL Injection
08.29.47 - WebCMS Portal Edition "index.php" SQL Injection
08.29.48 - jSite "index.php" SQL Injection and Local File Include Vulnerabilities
08.29.49 - UltraStats "players-detail.php" SQL Injection
08.29.50 - mForum "usercp.php" Multiple SQL Injection Vulnerabilities
08.29.51 - Scripteen Free Image Hosting Script Multiple SQL Injection Vulnerabilities
08.29.52 - Pubs Black Cat [The Fun] "browse.groups.php" SQL Injection
08.29.53 - Comdev Web Blogger "arcmonth" Parameter SQL Injection
-- Web Application
08.29.54 - Drupal Multiple Vulnerabilities
08.29.55 - AuraCMS
08.29.56 - Zenphoto "Function.php" Request Logging HTML Injection
08.29.57 - V-webmail Multiple Remote File Include Vulnerabilities
08.29.58 - V-webmail Multiple Remote File Include Vulnerabilities
08.29.59 - Drupal OpenID Module Cross-Site Scripting and Request Forgery Vulnerabilities
08.29.60 - Dokeos "user_portal.php" Local File Include
08.29.61 - Xerox CentreWare Web Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.29.62 - Xomol CMS "index.php" HTML Injection and Cross-Site Scripting Vulnerabilities
08.29.63 - GAPI CMS "toolbar.php" Remote File Include
08.29.64 - phpDatingClub "website.php" Local File Include
08.29.65 - eSyndiCat "register.php" Multiple Cross-Site Scripting Vulnerabilities
08.29.66 - Wysi Wiki Wyg "index.php" Local File Include
08.29.67 - Facebook Newsroom Application "includes/home.php" Remote File Include
08.29.68 - Maian Cart "mccart_cookie" Authentication Bypass
08.29.69 - Maian Gallery "mgalley_cookie" Authentication Bypass
08.29.70 - Maian Music "mmusic_cookie" Authentication Bypass
08.29.71 - Maian Greetings "mecard_admin_cookie" Authentication Bypass
08.29.72 - fuzzylime (cms) "polladd.php" Arbitrary Script Injection
08.29.73 - n-forms Joomla! "com_n-forms" Component SQL Injection
08.29.74 - Maian Guestbook "gbook_cookie" Authentication Bypass
08.29.75 - Maian Links "links_cookie" Authentication Bypass
08.29.76 - Maian Recipe "recipe_cookie" Authentication Bypass
08.29.77 - Maian Weblog "weblog_cookie" Authentication Bypass
08.29.78 - Maian Uploader "uploader_cookie" Authentication Bypass
08.29.79 - Maian Search "search_cookie" Authentication Bypass
08.29.80 - fuzzylime (cms) Arbitrary Script Injection and Local File Include Vulnerabilities
08.29.81 - ITechBids Gold Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.29.82 - Scripteen Free Image Hosting Script "cookid" Authentication Bypass
08.29.83 - Pluck "predefined_variables.php" Multiple Local File Include Vulnerabilities
08.29.84 - Edit-Point "upload.php" Arbitrary File Upload
08.29.85 - phpBB Prior to 3.0.2 Unspecified Remote Issue
08.29.86 - BilboBlog "admin/index.php" Authentication Bypass
08.29.87 - CodeDB "list.php" Local File Include
08.29.88 - Galatolo Web Manager SQL Injection and Cross-Site Scripting Vulnerabilities
08.29.89 - pSys 0.7.0 Alpha Multiple Remote File Include Vulnerabilities
08.29.90 - Pragyan CMS "form.lib.php" Remote File Include
08.29.91 - WordPress "press-this.php" Multiple Cross-Site Scripting Vulnerabilities
08.29.92 - php Help Agent "head_chat.inc.php" Local File Include

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Oracle Multiple Products Multiple Vulnerabilities (CPU July 2008)
Affected:
Multiple Oracle Products

Description: Oracle has released its Critical Patch Update for July of
2008. This update addresses numerous vulnerabilities in several Oracle
products. These impact of these vulnerabilities ranges from remote code
execution with the privileges of the vulnerable process to SQL
injection, information disclosure, and denials-of-service. Some of these
vulnerabilities are exploitable without authentication. Additionally,
technical details are publicly available for several of these
vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Oracle Security Advisory
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=725
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=727
NGSSoftware Security Advisories
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063255.html
SecurityFocus BID
http://www.securityfocus.com/bid/30177

*******************************************************

(2) CRITICAL: Linux Kernel BER Decoding Buffer Overflow
Affected:
Linux kernel versions prior to 2.4.36.6

Description: The Linux kernel is the core component of the various
Linux-based operating system distributions. It contains a flaw in its
decoding of Abstract Syntax Notation 1 (ASN.1) data that has been
encoded using the Basic Encoding Rules (BER). ASN.1 is used by a variety
of protocols and requests processed by the Linux kernel. A specially
crafted request using one of these protocols could trigger a buffer
overflow in the kernel. Successfully exploiting this buffer overflow
would allow an attacker to execute arbitrary code with kernel
privileges. Technical details for this vulnerability are publicly
available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Kernel Change Log
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
Kernel Home Page
http://www.kernel.org/
Ubuntu Security Advisory (provides more detail)
http://www.ubuntu.com/usn/usn-625-1
Wikipedia Article on ASN.1
http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One
Wikipedia Article on BER
http://en.wikipedia.org/wiki/Basic_Encoding_Rules
SecurityFocus BID
http://www.securityfocus.com/bid/29589

*******************************************************

(3) CRITICAL: Novell eDirectory LDAP Buffer Overflow
Affected:
Novell eDirectory versions prior to 8.8 FTF2

Description: eDirectory is Novell's implementation of the Lightweight
Directory Access Protocol (LDAP). The server contains a heap-based
buffer overflow vulnerability in its processing of user search requests.
A specially crafted search request could trigger this vulnerability,
allowing an attacker to corrupt system memory. It is believed that this
vulnerability could lead to remote code execution with the privileges
of the vulnerable process (often root), but exploitation is considered
difficult. Technical details for this vulnerability are publicly
available. Note that this vulnerability is distinct from the one
discussed in last week's edition of RISK.

Status: Vendor confirmed, updates available.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724
Novell Security Advisory
http://www.novell.com/support/viewContent.do?externalId=3843876
Previous RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=7&i=28#widely4
SecurityFocus BID
http://www.securityfocus.com/bid/30175

*******************************************************

(4) CRITICAL: BlackBerry Attachment Service PDF Processing Remote Code Execution
Affected:
Research In Motion BlackBerry Enterprise Server versions 4.1.5 and prior
Research In Motion BlackBerry Unite! versions earlier than 1.0.1 b36

Description: The Research In Motion BlackBerry is a popular mobile
telephone and messaging device. It provides enterprise connectivity by
running server software that integrates with an enterprise's messaging
infrastructure. This server software preprocesses some document types
to make them more easily viewable on a mobile device. The server
software contains a flaw in its processing of Portable Document Format
(PDF) documents. A specially crafted PDF could trigger this flaw,
resulting in arbitrary code execution with the privileges of the
vulnerable process. Note that a user must first open the PDF on a
BlackBerry mobile device for exploitation to occur. Some technical
details for this vulnerability are publicly available.

Status: Vendor confirmed, no updates available.

References:
Research In Motion Security Advisories
http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html
http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html
Vendor Home Page
http://www.blackberry.com
SecurityFocus BID
Not yet available.

*******************************************************

(5) HIGH: Mozilla Firefox GIF Processing Vulnerability
Affected:
Mozilla Firefox versions prior to 3.0.1

Description: Mozilla Firefox, when running on Apple Mac OS X, contains
a flaw in its handling of Graphics Interchange Format (GIF) images. A
specially crafted GIF image could trigger this flaw, leading to memory
corruption. Successfully exploiting this flaw would allow an attacker
to execute arbitrary code with the privileges of the current user. Note
that GIF images are usually rendered automatically upon receipt. Full
technical details for this vulnerability are publicly available via
source code analysis. Note that only Mozilla Firefox on Apple Mac OS X
is affected.

Status: Vendor confirmed, updates available.

References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-36.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/30266

*******************************************************

(6) HIGH: Apple iPhone and iPod Touch Multiple Vulnerabilities
Affected:
Apple iPhone and iPod Touch operating systems versions prior to 2.0

Description: The embedded operating system running Apple's iPhone and
iPod Touch contains multiple vulnerabilities. These vulnerabilities
range from remote code execution to the spoofing of websites.
Successfully exploiting one of the remote code execution vulnerabilities
would allow an attacker to take complete control of the affected device.
Some technical details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Apple Home Page
http://www.apple.com
SecurityFocus BID
http://www.securityfocus.com/bid/30186

*******************************************************

(7) MODERATE: Mozilla Firefox URI Parsing Vulnerability
Affected:
Mozilla Firefox versions 3.x

Description: Mozilla Firefox fails to properly handle URIs passed to it
upon invocation. If another application causes Firefox to launch, and
this application passes a specially crafted URI to Firefox via its
command line, an attacker could trigger this vulnerability. Successfully
exploiting this vulnerability would allow an attacker to spoof or inject
URIs into multiple tabs in the newly created Firefox session. If this
vulnerability is used to exploit an additional vulnerability in the
validation of error pages in Firefox, an attacker could execute
arbitrary script code with the privileges of the current user. Note that
Firefox must not be running to be vulnerable. Technical details for this
vulnerability are publicly available.

Status: Vendor confirmed, updates available.

References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/30242

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.29.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer New ActiveX Object String
Concatenation Memory Corruption
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. The application is exposed to a remote memory
corruption issue that occurs when the application creates a new
ActiveX object concatenated with a string of characters.
Ref: http://www.0x000000.com/
______________________________________________________________________

08.29.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sun Java SE Secure Static Versioning Applet Execution Weakness
Description: Secure Static Versioning is a feature that was introduced
in Sun JDK and JRE 5.0 Update 6. It prevents applets from running on
older versions of JDK and JRE. The applications are exposed to a
weakness that may allow arbitrary applets to run on older releases of
the software. This issue may lead to various attacks. The following
versions on Windows VISTA: JDK and JRE 6 Update 6 and earlier; JDK and
JRE 5.0 Update 6 through 15 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
______________________________________________________________________

08.29.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Empire Server Prior to 4.3.15 Multiple Unspecified
Vulnerabilities
Description: Empire Server is a client/server based Internet war game
available for Microsoft Windows. The application is exposed to
multiple remote issues. Empire Server versions prior to 4.3.15 are
affected.
Ref: http://sourceforge.net/project/showfiles.php?group_id=24031
______________________________________________________________________

08.29.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Simple DNS Plus Unspecified Remote Denial of Service
Description: Simple DNS Plus is a DNS server for Windows. The
application is exposed to an unspecified denial of service issue that
is triggered when multiple crafted DNS packets are sent to the server.
Simple DNS Plus versions 5.0 and earlier and 4.1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/30207
______________________________________________________________________

08.29.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sina DLoader Class ActiveX Control "DonwloadAndInstall" Method
Arbitrary File Download
Description: Sina DLoader is exposed to an issue that can cause
malicious files to be downloaded and saved to arbitrary locations on
an affected computer. The issue affects the "DownloadAndInstall()"
method of the DLoader class ActiveX control identified by CLSID:
2CACD7BB-1C59-4BBB-8E81-6E83F82C813B. The method fails to verify that
files being downloaded are provided by a trusted source.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.29.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinRemotePC Packet Handling Remote Denial of Service
Description: WinRemotePC is a remote desktop application. The
application is exposed to a remote denial of service issue because it
fails to handle user-supplied input. This issue occurs when the
application processes specially-crafted network packets of arbitrary
length. WinRemotePC Full 2008 r.2 and Lite 2008 r.2 are affected.
Ref: http://www.securityfocus.com/bid/30236
______________________________________________________________________

08.29.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Black Ice Software Document Imaging SDK/ActiveX Remote Buffer
Overflow
Description: Black Ice Software Document Imaging SDK/ActiveX is a
software development tool that helps application developers and
programmers create applications with image processing capabilities.
This control is exposed to a heap-based buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input.
Black Ice Software Document Imaging SDK/ActiveX version 10.95 is
affected.
Ref: http://www.blackice.com/Document%20Imaging%20SDK%20ActiveX.htm
______________________________________________________________________

08.29.8 CVE: CVE-2008-2304
Platform: Mac Os
Title: Apple Xcode Core Image Fun House ".funhouse" File XML Data
Handling Buffer Overflow
Description: Apple Xcode is a development environment for Mac OS X.
The environment consists of various development tools including Core
Image, an image processing and rendering framework. The example
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Apple Xcode
versions 2.0 through 3.0 are affected.
Ref: http://www.securityfocus.com/archive/1/494230
______________________________________________________________________

08.29.9 CVE: CVE-2008-2318
Platform: Mac Os
Title: Apple Xcode WebObjects "WOHyperlink" Information Disclosure
Description: Apple Xcode is a development environment for Mac OS X.
The environment consists of various development tools including
WebObjects, a Java-based application server and web-application
framework. WebObjects is exposed to an information disclosure issue
affecting the API used to generate URIs for HTML documents. Xcode
versions prior to 3.1 are affected.
Ref: http://support.apple.com/kb/HT2352
______________________________________________________________________

08.29.10 CVE: Not Available
Platform: Linux
Title: newsx "read_article()" Buffer Overflow
Description: newsx is an NNTP (Network News Transfer Protocol) client
used to post and fetch news. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. newsx version 1.6 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=454483
______________________________________________________________________

08.29.11 CVE: Not Available
Platform: Unix
Title: ReSIProcate INVITE and OPTIONS Messages DNS Resolver Remote
Denial of Service
Description: ReSIProcate is an implementation of the SIP (Session
Initiation Protocol) stack and includes various application
components. The application is exposed to a remote denial of service
issue because it fails to perform adequate boundary checks when
handling user-supplied URIs. ReSIProcate versions prior to 1.3.3 are
affected.
Ref: http://www.resiprocate.org/ReSIProcate_1.3.3_Release
______________________________________________________________________

08.29.12 CVE: Not Available
Platform: Unix
Title: OP XAUTHORITY Variable Local Privilege Escalation
Description: The OP utility is a command that is used to allow
unprivileged users to execute privileged commands. It is available for
Unix and Unix-like operating systems. The application is exposed to a
local privilege escalation issue because of a failure of the
application to perform sufficient bounds checks. The OP utility
version 1.32 is affected.
Ref: http://swapoff.org/changeset/563
______________________________________________________________________

08.29.13 CVE: Not Available
Platform: Unix
Title: Berkeley Yacc (byacc) "skeleton.c" Local Denial of Service
Description: Berkeley Yacc (byacc) is a reimplementation of the Unix
parser generator Yacc. It is implemented in ANSI C. Berkeley Yacc
(byacc) is exposed to a local denial of service issue because
out-of-bounds stack memory may be accessed. This issue occurs in the
"skeleton.c" source file, and can occur if a rule with an empty
right-hand-side is reduced while the stack pointer is pointing at the
end of the stack. All versions of byacc are affected; and this was
discovered in OpenBSD version 4.3.
Ref:
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29
______________________________________________________________________

08.29.14 CVE: CVE-2008-1809
Platform: Novell
Title: Novell eDirectory LDAP Service Search Parameters Heap Overflow
Description: Novell eDirectory is an X.500-compatible directory
service product for centrally managing access to resources on multiple
servers and computers within a given network. The application is
exposed to an issue in the LDAP service. Novell eDirectory versions
8.7.3 and 8.8 for all platforms are affected.
Ref: http://www.securityfocus.com/archive/1/494168
______________________________________________________________________

08.29.15 CVE: Not Available
Platform: Cross Platform
Title: Multiple Sophos Products MIME Attachments Denial of Service
Description: Multiple Sophos Products are exposed to a denial of
service issue that occurs when the applications scan certain MIME
attachments that are zero bytes in length. Sophos Email Appliance and
Pure Message for Unix instances that are using version 4.30 virus
data/2.74 engine are affected.
Ref:
http://www.sophos.com/support/knowledgebase/article/42245.html?_log_from=rss
______________________________________________________________________

08.29.16 CVE: CVE-2008-3104
Platform: Cross Platform
Title: Sun Java Runtime Environment Multiple Unspecified Same Origin
Policy Violation Vulnerabilities
Description: Sun Java Runtime Environment is exposed to multiple
unspecified issues that allow attackers to violate the same-origin
policy. This issue occurs because the application fails to properly
enforce the same-origin policy for Java applets.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
______________________________________________________________________

08.29.17 CVE: CVE-2008-3107
Platform: Cross Platform
Title: Sun Java Runtime Environment Virtual Machine Privilege
Escalation
Description: Sun Java Runtime Environment (JRE) is an enterprise
development platform. JRE Virtual Machine is exposed to a privilege
escalation issue when running untrusted applications or applets.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
______________________________________________________________________

08.29.18 CVE: CVE-2008-3105, CVE-2008-3106
Platform: Cross Platform
Title: Sun Java Runtime Environment XML Data Processing Multiple
Vulnerabilities
Description: Sun Java Runtime Environment (JRE) allows users to run
Java applications. The software is exposed to multiple remote issues.
The following versions on Solaris, Linux, and Windows platforms are affected: JDK
and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 15 and earlier.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0594.html
______________________________________________________________________

08.29.19 CVE: CVE-2008-3109, CVE-2008-3110
Platform: Cross Platform
Title: Sun Java Runtime Environment Multiple Security Vulnerabilities
Description: Multiple security vulnerabilities affect multiple
implementations of Java Runtime Environment (JRE). The following
specific issues have been addressed: a privilege escalation issue
affects JRE relating to scripting language support and an information
disclosure issue affects JRE relating to scripting language support.
JDK and JRE 6 Update versions 6 and earlier are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
______________________________________________________________________

08.29.20 CVE: CVE-2008-3103
Platform: Cross Platform
Title: Sun Java SE Java Management Extensions (JMX) Unspecified
Unauthorized Access
Description: Sun Java Management Extensions (JMX) is a suite of tools
used to manage and monitor devices, applications, and service-driven
networks. JMX is shipped with Java JDK and JRE. The application is
exposed to an unspecified unauthorized access issue. The cause of this
issue is not known. The following versions for Windows, Solaris, and
Linux are affected: JDK and JRE 6 Update 6 and earlier; JDK and JRE 5.0 Update 15
and earlier.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
______________________________________________________________________

08.29.21 CVE: Not Available
Platform: Cross Platform
Title: Sun Java Runtime Environment Font Processing Buffer Overflow
Description: Sun Java Runtime Environment (JRE) allows users to run
Java applications. JRE is exposed to a buffer overflow issue when
running untrusted applications or applets. Specifically, the issue
occurs when Java Runtime Environment processes fonts. The following
versions on Solaris, Windows, and Linux are affected: JDK and JRE 5.0 Update 9 and
earlier; SDK and JRE 1.4.2_17 and earlier; SDK and JRE 1.3.1_22 and
earlier.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
______________________________________________________________________

08.29.22 CVE: CVE-2008-3112, CVE-2008-3113, CVE-2008-3114,
CVE-2008-3111
Platform: Cross Platform
Title: Sun Java Web Start Multiple Vulnerabilities
Description: Sun Java Web Start is a utility included in the Java
Runtime Environment. It enables Java applications to launch either from
a desktop or from a web page. Java Web Start is exposed to multiple
issues. The following versions are affected: JDK and JRE 6 Update 6 and
earlier; JDK and JRE 5.0 Update 15 and earlier; and SDK and JRE 1.4.2_17
and earlier.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
______________________________________________________________________

08.29.23 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendors Unspecified SVG File Processing Denial of Service
Description: Multiple vendors' SVG implementations are exposed to an
unspecified denial of service issue that arises when the software
handles maliciously crafted SVG images. The latest versions of
Firefox, Evince, EoG, and GIMP are affected.
Ref: http://www.securityfocus.com/bid/30149
______________________________________________________________________

08.29.24 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg libavformat "psxstr.c" STR Data Heap-Based Buffer Overflow
Description: FFmpeg is an open-source solution for handling audio and
video data. The "libavformat" library is an FFmpeg component that
contains parsers and generators for common audio and video formats.
The application is exposed to a heap-based buffer overflow that occurs
in the "str_read_packet()" function of the "libavformat/psxstr.c"
source file when processing malformed STR data.
Ref: http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
______________________________________________________________________

08.29.25 CVE: Not Available
Platform: Cross Platform
Title: WeFi WEP Key Data Local Information Disclosure
Description: WeFi is a WiFi hotspot connectivity client for Windows
and Mac OS X. WeFi is exposed to a local information disclosure issue
because it fails to securely store sensitive data. WeFi version
3.3.3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/494102
______________________________________________________________________

08.29.26 CVE: Not Available
Platform: Cross Platform
Title: IBM Data ONTAP Multiple Unspecified Vulnerabilities
Description: IBM Data ONTAP is an operating system designed by Network
Appliance to provide file-serving services for their proprietary
hardware platform. IBM distributes a version of Data ONTAP for the IBM
System Storage N series systems. Data ONTAP is exposed to multiple
unspecified vulnerabilities that affect the Data ONTAP Gateway and
Data ONTAP Filer components. Data ONTAP versions prior to 7.1.3 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=ssg1S7002373
______________________________________________________________________

08.29.27 CVE: Not Available
Platform: Cross Platform
Title: IBM Maximo "debug.jsp" HTML Injection And Information
Disclosure Vulnerabilities
Description: IBM Maximo is asset-management software that runs on
various platforms. The application is exposed to multiple issues.
IBM Maximo versions 4.1 and 5.2 are affected.
Ref: http://www.securityfocus.com/bid/30180
______________________________________________________________________

08.29.28 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.1 Denial of Service
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic. It is available for Microsoft Windows and
UNIX-like operating systems. The application is exposed to a denial of
service issue. Wireshark versions 0.8.19 to 1.0.1 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-04.html
______________________________________________________________________

08.29.29 CVE: VE-2008-1588
CVE-2008-1589, CVE-2008-2303, CVE-2008-2317, CVE-2008-1590
Platform: Cross Platform
Title: Apple iPhone and iPod Touch Prior to Version 2.0 Multiple
Remote Vulnerabilities
Description: Apple iPhone is a mobile phone that runs on the ARM
architecture. Apple iPod touch is a portable music player that also
contains the Safari browser. The applications are exposed to multiple
remote issues. These issues affect iPhone versions 1.0 through 1.1.4
and iPod Touch versions 1.1 through 1.1.4.
Ref: http://www.securityfocus.com/bid/30186
______________________________________________________________________

08.29.30 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Domain Extensions Insecure Cookie Access
Description: Apple Safari is a web browsing application available for
multiple operating platforms. Safari is exposed to an issue that
allows attackers to set cookies for certain domain extensions. Apple
Safari version 3.1.2 is affected.
Ref:
http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
______________________________________________________________________

08.29.31 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari HTTPS to HTTPS Referer Information Disclosure
Description: Apple Safari is a web browser available for multiple
operating platforms. Safari is exposed to an information disclosure
issue because browser forwards HTTP Referer data in HTTPS requests
made from secure HTTPS servers. Apple Safari version 3.1.2 is
affected.
Ref: http://kuza55.blogspot.com/2008/07/some-random-safari-notes.html
______________________________________________________________________

08.29.32 CVE: Not Available
Platform: Cross Platform
Title: eMule Operating System User Account Information Disclosure
Weakness
Description: eMule is a freely available, open source peer-to-peer
file sharing application. eMule is exposed to an information
disclosure issue that occurs because the application discloses the
victim's operating system username when sending the shared file list.
eMule version 0.49 is affected.
Ref: http://www.securityfocus.com/bid/30224
______________________________________________________________________

08.29.33 CVE: Not Available
Platform: Cross Platform
Title: Firebird Multiple Denial of Service and Information Disclosure
Vulnerabilities
Description: Firebird is a relational database management system
(RDBMS) available for multiple operating platforms. Firebird is
exposed to multiple issues. Firebird versions 2.0.4 and 2.1.0 are
affected.
Ref: http://tracker.firebirdsql.org/browse/CORE-1887
______________________________________________________________________

08.29.34 CVE: Not Available
Platform: Cross Platform
Title: Votorola Multiple Unspecified Security Vulnerabilities
Description: Votorola is an electronic voting software implemented in
Java. The application is exposed to multiple unspecified issues that
result from insufficient restrictions on the length of some user
input. Due to the nature of this application, it is assumed that
these issues present a remote threat. Votorola versions prior to
0.1.10 are affected.
Ref: http://zelea.com/project/votorola/changes.xht
______________________________________________________________________

08.29.35 CVE: CVE-2008-2933
Platform: Cross Platform
Title: Mozilla Firefox URI Splitting Security Bypass
Description: Firefox is exposed to a security bypass issue due to a
design error in its URL splitting functionality. The issue occurs when
the browser is not running and a command-line URI with pipe symbols is
passed to it. Such a URI is split and opened in multiple tabs. A flaw
exists in the splitting functionality that may allow attackers to
bypass certain security restrictions and launch restricted URIs.
Firefox version 3.0 and versions prior to 2.0.0.16 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
______________________________________________________________________

08.29.36 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox "chrome" Document Unspecified Script Injection
Weakness
Description: Mozilla Firefox is a browser available for multiple
platforms. The application is exposed to an unspecified script
injection weakness due to input validation errors in an unspecified
"chrome" document. Mozilla Firefox version 3.0 is affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
______________________________________________________________________

08.29.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hudson "q" Parameter Cross-Site Scripting
Description: Hudson is a Java-based application for handling
continuous integration and routine software jobs. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "q" parameter of the "search"
feature. Hudson version 1.223 is affected.
Ref: http://www.securityfocus.com/bid/30184
______________________________________________________________________

08.29.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BilboBlog Multiple Cross-Site Scripting Vulnerabilities
Description: BilboBlog is a PHP-based blogging application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. BilboBlog version 0.2.1 is
affected.
Ref: http://www.securityfocus.com/bid/30228
______________________________________________________________________

08.29.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CMME Cross-Site Scripting And Information Disclosure
Vulnerabilities
Description: CMME (Content Management Made Easy) is a PHP-based
content manager. The application is exposed to multiple issues.
An attacker may obtain potentially sensitive information and execute
arbitrary script code in the browser of an unsuspecting user in the
context of the affected site.
Ref: http://www.securityfocus.com/bid/30239
______________________________________________________________________

08.29.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Redmine Unspecified Cross-Site Scripting
Description: Redmine is a project management application implemented
in Ruby. The application is exposed to an unspecified cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Redmine versions 0.7.2 and earlier are affected.
Ref: http://jvn.jp/en/jp/JVN00945448/index.html
______________________________________________________________________

08.29.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dreamlevels DreamNews "dreamnews-rss.php" SQL Injection
Description: Dreamlevels DreamNews is a news builder. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"dreamnews-rss.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30170
______________________________________________________________________

08.29.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dreamlevels Dreampics Builder "page" Parameter SQL Injection
Description: Dreampics Builder is a PHP-based content manager and
photo/video gallery application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "page" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30166
______________________________________________________________________

08.29.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: auraCMS "pages_data.php" Multiple SQL Injection Vulnerabilities
Description: auraCMS is a PHP-based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the following parameters
of the "pages_data.php" script before using them in SQL queries:
"judul" and "konten". auraCMS version 2.2.2 is affected.
Ref: http://www.securityfocus.com/bid/30159
______________________________________________________________________

08.29.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: File Store PRO "download.php" SQL Injection
Description: File Store PRO is a PHP-based application for managing
files and archives. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "download.php" script before using it in an
SQL query. File Store PRO version 3.2 is affected.
Ref: http://www.securityfocus.com/bid/30182
______________________________________________________________________

08.29.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Million Pixels "tops_top.php" SQL Injection
Description: Million Pixels is a web-based application for selling
pixels. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id_cat"
parameter of the "tops_top.php" script before using it in an SQL
query. Million Pixels version 3 is affected.
Ref: http://www.securityfocus.com/bid/30190
______________________________________________________________________

08.29.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Avlc Forum "vlc_forum.php" SQL Injection
Description: Avlc Forum is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"vlc_forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30202
______________________________________________________________________

08.29.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebCMS Portal Edition "index.php" SQL Injection
Description: WebCMS Portal Edition is a content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30204
______________________________________________________________________

08.29.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: jSite "index.php" SQL Injection and Local File Include
Vulnerabilities
Description: jSite is a content management system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the "index.php"
script before using it in an SQL query. jSite version 1.0 OE is
affected.
Ref: http://www.securityfocus.com/bid/30206
______________________________________________________________________

08.29.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UltraStats "players-detail.php" SQL Injection
Description: UltraStats is a web-based log analyzing tool. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"players-detail.php" script before using it in an SQL query. The
UltraStats versions 0.2.142 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30212
______________________________________________________________________

08.29.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: mForum "usercp.php" Multiple SQL Injection Vulnerabilities
Description: mForum is a PHP-based forum application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. A successful exploit may allow
an attacker to compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database. mForum
version 0.1a is affected.
Ref: http://www.securityfocus.com/bid/30214
______________________________________________________________________

08.29.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripteen Free Image Hosting Script Multiple SQL Injection
Vulnerabilities
Description: Scripteen Free Image Hosting Script is a web-based
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Scripteen Free Image Hosting Script version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/30216
______________________________________________________________________

08.29.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pubs Black Cat [The Fun] "browse.groups.php" SQL Injection
Description: Pubs Black Cat [The Fun] is a PHP-based web application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "category"
parameter of the "browse.groups.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/494319
______________________________________________________________________

08.29.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Comdev Web Blogger "arcmonth" Parameter SQL Injection
Description: Comdev Web Blogger is a PHP-based weblog application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data. The vulnerability affects
the "arcmonth" parameter of various blog pages. Comdev Web Blogger
version 4.1.3 is affected.
Ref: http://www.securityfocus.com/bid/30237
______________________________________________________________________

08.29.54 CVE: Not Available
Platform: Web Application
Title: Drupal Multiple Vulnerabilities
Description: Drupal is a PHP-based content manager. The application is
exposed to multiple issues. Drupal versions 5.x before 5.8 and Drupal
6.x before 6.3 are affected.
Ref: http://drupal.org/node/280571
______________________________________________________________________

08.29.55 CVE: Not Available
Platform: Web Application
Title: AuraCMS
Description: AuraCMS is a PHP-based content manager. The application is
exposed to an issue in the "pages_data.php" script that allows an
unauthorized attacker to add, edit, or delete content on certain pages
because the software fails to properly restrict access to certain
functionality. AuraCMS versions 2.2.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30169
______________________________________________________________________

08.29.56 CVE: Not Available
Platform: Web Application
Title: Zenphoto "Function.php" Request Logging HTML Injection
Description: Zenphoto is a PHP-based photo-gallery application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. This issue occurs in the "getComments()" function
of the "Function.php" script. Zenphoto version 1.1.7 is affected.
Ref: http://www.securityfocus.com/bid/30172
______________________________________________________________________

08.29.57 CVE: Not Available
Platform: Web Application
Title: V-webmail Multiple Remote File Include Vulnerabilities
Description: V-webmail is a webmail application. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "CONFIG[pear_dir]"
parameter. V-webmail version 1.6.4 is affected.
Ref: http://www.securityfocus.com/bid/30162
______________________________________________________________________

08.29.58 CVE: CVE-2006-2665, CVE-2006-2666
Platform: Web Application
Title: V-webmail Multiple Remote File Include Vulnerabilities
Description: V-webmail is a webmail application. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "CONFIG[pear_dir]"
parameter of the following scripts: "includes/mailaccess/pop3.php" and
"includes/mailaccess/pop3/core.php". V-webmail versions 1.6.4 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/30164
______________________________________________________________________

08.29.59 CVE: Not Available
Platform: Web Application
Title: Drupal OpenID Module Cross-Site Scripting and Request Forgery
Vulnerabilities
Description: OpenID is a decentralized authentication system. An
OpenID module is available for Drupal. The module is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize the information sent from an OpenID provider. OpenID versions
prior to 5.x-1.2 are affected.
Ref: http://drupal.org/node/280592
______________________________________________________________________

08.29.60 CVE: Not Available
Platform: Web Application
Title: Dokeos "user_portal.php" Local File Include
Description: Dokeos is a PHP-based application for online learning.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "include"
parameter of the "user_portal.php" script. Dokeos version 1.8.5 is
affected.
Ref: http://www.dokeos.com/wiki/index.php/Security#Dokeos_1.8.5
______________________________________________________________________

08.29.61 CVE: Not Available
Platform: Web Application
Title: Xerox CentreWare Web Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Xerox CentreWare Web is a web-based administration tool
for managing networked printers and multifunction devices. The
application is exposed to multiple input validation issues because it
fails to adequately sanitize user-supplied input. All versions prior
to Xerox CentreWare Web 4.6.46 are affected.
Ref: http://sourceforge.net/project/showfiles.php?group_id=24031
______________________________________________________________________

08.29.62 CVE: Not Available
Platform: Web Application
Title: Xomol CMS "index.php" HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: Xomol CMS is a PHP-based content manager. Since it fails
to properly sanitize user-supplied input, the application is exposed
to multiple input validation issues. Xomol CMS version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/30156
______________________________________________________________________

08.29.63 CVE: Not Available
Platform: Web Application
Title: GAPI CMS "toolbar.php" Remote File Include
Description: GAPI CMS is a PHP-based content manager. The application
is exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "dirDepth" parameter of the
"ktmlpro/includes/ktedit/toolbar.php" script. GAPI CMS version 9.0.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/494138
______________________________________________________________________

08.29.64 CVE: Not Available
Platform: Web Application
Title: phpDatingClub "website.php" Local File Include
Description: phpDatingClub is a web-based application for social
networking. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"page" parameter of the "/Script/website.php" script. phpDatingClub
version 3.7 is affected.
Ref: http://www.securityfocus.com/bid/30176
______________________________________________________________________

08.29.65 CVE: Not Available
Platform: Web Application
Title: eSyndiCat "register.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: eSyndiCat is a PHP-based application for managing
directories and links. The application is exposed to multiple
cross-site scripting issues that affect the multiple fields of the
"register.php" script. eSyndiCat Pro version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/30178
______________________________________________________________________

08.29.66 CVE: Not Available
Platform: Web Application
Title: Wysi Wiki Wyg "index.php" Local File Include
Description: Wysi Wiki Wyg is a PHP-based wiki application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "c" parameter of the
"index.php" script. Wysi Wiki Wyg version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30183
______________________________________________________________________

08.29.67 CVE: Not Available
Platform: Web Application
Title: Facebook Newsroom Application "includes/home.php" Remote File
Include
Description: Facebook Newsroom Application is a web-based community
application. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"path" parameter of the "includes/home.php" script. Facebook Newsroom
Application version 0.5.0 Beta 1 is affected.
Ref: http://www.securityfocus.com/bid/30185
______________________________________________________________________

08.29.68 CVE: Not Available
Platform: Web Application
Title: Maian Cart "mccart_cookie" Authentication Bypass
Description: Maian Cart is a PHP-based e-commerce application. The
application is exposed to an authentication bypass issue due to a flow
in how users are authenticated. Maian Cart version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/30195
______________________________________________________________________

08.29.69 CVE: Not Available
Platform: Web Application
Title: Maian Gallery "mgalley_cookie" Authentication Bypass
Description: Maian Gallery is a PHP-based image gallery application.
The application is exposed to an authentication bypass issue because
if fails to adequately authenticate users. Maian Gallery version 2.0
is affected.
Ref: http://www.securityfocus.com/bid/30197
______________________________________________________________________

08.29.70 CVE: Not Available
Platform: Web Application
Title: Maian Music "mmusic_cookie" Authentication Bypass
Description: Maian Music is a PHP-based web application for building
music stores. The application is exposed to an authentication bypass
issue because if fails to adequately authenticate users. Maian Music
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30198
______________________________________________________________________

08.29.71 CVE: Not Available
Platform: Web Application
Title: Maian Greetings "mecard_admin_cookie" Authentication Bypass
Description: Maian Greetings is a PHP-based ecard application. The
application is exposed to an authentication bypass issue because if
fails to adequately authenticate users. Maian Greetings version 2.1 is
affected.
Ref: http://www.securityfocus.com/bid/30199
______________________________________________________________________

08.29.72 CVE: Not Available
Platform: Web Application
Title: fuzzylime (cms) "polladd.php" Arbitrary Script Injection
Description: fuzzylime (cms) is a PHP-based content manager. The
application is exposed to an arbitrary script injection issue because
it fails to properly sanitize user-supplied input to the
"_SERVER[REMOTE_ADDR]" parameter of the "/code/polladd.php" script.
fuzzylime (cms) version 3.01 is affected.
Ref: http://www.securityfocus.com/bid/30200
______________________________________________________________________

08.29.73 CVE: Not Available
Platform: Web Application
Title: n-forms Joomla! "com_n-forms" Component SQL Injection
Description: n-forms is a component for the Joomla! CMS. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "form_id" parameter of
the "com_n-forms" component before using it in an SQL query. n-forms
version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/30201
______________________________________________________________________

08.29.74 CVE: Not Available
Platform: Web Application
Title: Maian Guestbook "gbook_cookie" Authentication Bypass
Description: Maian Guestbook is a web-based application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Maian Guestbook versions 3.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30203
______________________________________________________________________

08.29.75 CVE: Not Available
Platform: Web Application
Title: Maian Links "links_cookie" Authentication Bypass
Description: Maian Links is a web-based application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Maian Links versions 3.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30205
______________________________________________________________________

08.29.76 CVE: Not Available
Platform: Web Application
Title: Maian Recipe "recipe_cookie" Authentication Bypass
Description: Maian Recipe is a web-based application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Maian Recipe versions 1.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30208
______________________________________________________________________

08.29.77 CVE: Not Available
Platform: Web Application
Title: Maian Weblog "weblog_cookie" Authentication Bypass
Description: Maian Weblog is a web-based application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Maian Weblog versions 4.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30209
______________________________________________________________________

08.29.78 CVE: Not Available
Platform: Web Application
Title: Maian Uploader "uploader_cookie" Authentication Bypass
Description: Maian Uploader is a web-based application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Maian Uploader versions 4.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30210
______________________________________________________________________

08.29.79 CVE: Not Available
Platform: Web Application
Title: Maian Search "search_cookie" Authentication Bypass
Description: Maian Search is a web-based application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Maian Search versions 1.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/30211
______________________________________________________________________

08.29.80 CVE: Not Available
Platform: Web Application
Title: fuzzylime (cms) Arbitrary Script Injection and Local File
Include Vulnerabilities
Description: "fuzzylime (cms)" is a PHP-based content manager. The
application is exposed to multiple issues. fuzzylime (cms) version
3.01 is affected.
Ref: http://www.securityfocus.com/bid/30213
______________________________________________________________________

08.29.81 CVE: Not Available
Platform: Web Application
Title: ITechBids Gold Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: ITechBids Gold is an online auction application. The
application is exposed to multiple input validation issues because it
fails to adequately sanitize user-supplied input. ITechBids Gold
version 7.0 is affected.
Ref: http://www.securityfocus.com/bid/30215
______________________________________________________________________

08.29.82 CVE: Not Available
Platform: Web Application
Title: Scripteen Free Image Hosting Script "cookid" Authentication
Bypass
Description: Scripteen Free Image Hosting Script is a web-based
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Scripteen Free Image Hosting Script
version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/30217
______________________________________________________________________

08.29.83 CVE: Not Available
Platform: Web Application
Title: Pluck "predefined_variables.php" Multiple Local File Include
Vulnerabilities
Description: Pluck is a content manager. The application is exposed to
multiple local file include issues because it fails to properly
sanitize user-supplied input to the following parameters of the
"data/inc/themes/predefined_variables.php" script: "file", "blogpost"
and "cat". Pluck version 4.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/494306
______________________________________________________________________

08.29.84 CVE: Not Available
Platform: Web Application
Title: Edit-Point "upload.php" Arbitrary File Upload
Description: Edit-Point is a website editing tool. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code because it fails to properly sanitize
user-supplied input, in the form of file extensions, to the
"upload.php" script. Edit-Point version 4.00 Beta is affected.
Ref: http://www.securityfocus.com/bid/30220
______________________________________________________________________

08.29.85 CVE: Not Available
Platform: Web Application
Title: phpBB Prior to 3.0.2 Unspecified Remote Issue
Description: phpBB is a bulletin board application. The application is
exposed to an unspecified remote issue. phpBB versions prior to 3.0.2
are affected.
Ref: http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2
d3a6352a484588e1ad80f09dd19fe33
______________________________________________________________________

08.29.86 CVE: Not Available
Platform: Web Application
Title: BilboBlog "admin/index.php" Authentication Bypass
Description: BilboBlog is a PHP-based blogging application. The
application is exposed to an authentication bypass issue because the
"admin/index.php" script fails to initialize the "login" and
"password" parameters. BilboBlog version 0.2.1 is affected.
Ref: http://www.securityfocus.com/bid/30225
______________________________________________________________________

08.29.87 CVE: Not Available
Platform: Web Application
Title: CodeDB "list.php" Local File Include
Description: CodeDB is a code repository application. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "lang" parameter of the "list.php"
script.
Ref: http://www.securityfocus.com/bid/30227
______________________________________________________________________

08.29.88 CVE: Not Available
Platform: Web Application
Title: Galatolo Web Manager SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Galatolo Web Manager is a web-based application. The
application is exposed to multiple input validation issues, including a
cross-site scripting issue affecting the "tag" parameter of the
"all.php" script, and an SQL injection issue affecting the "id"
parameter of the "plugins/users/index.php" script. Galatolo Web Manager
version 1.3a is affected.
Ref: http://www.securityfocus.com/bid/30232
______________________________________________________________________

08.29.89 CVE: Not Available
Platform: Web Application
Title: pSys 0.7.0 Alpha Multiple Remote File Include Vulnerabilities
Description: pSys is a web-based application. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. pSys version 0.7.0 alpha is
affected.
Ref: http://www.securityfocus.com/bid/30234
______________________________________________________________________

08.29.90 CVE: Not Available
Platform: Web Application
Title: Pragyan CMS "form.lib.php" Remote File Include
Description: Pragyan CMS is a PHP-based content manager. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "sourceFolder"
parameter of the "/cms/modules/form.lib.php" script. Pragyan CMS
version 2.6.2 is affected.
Ref: http://www.securityfocus.com/bid/30235
______________________________________________________________________

08.29.91 CVE: Not Available
Platform: Web Application
Title: WordPress "press-this.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: WordPress is a web-based publishing application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. WordPress
versions prior to 2.6 are affected.
Ref: http://trac.wordpress.org/ticket/7220
______________________________________________________________________

08.29.92 CVE: Not Available
Platform: Web Application
Title: php Help Agent "head_chat.inc.php" Local File Include
Description: php Help Agent is a PHP-based web application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "content" parameter of
the "include/head_chat.inc.php" script.
Ref: http://www.securityfocus.com/bid/30240
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkh/tUYACgkQ+LUG5KFpTkbScgCdHWQcisjVfrvUtCuCvwwegqMP
BhwAn3hBkXMCtd4/dwClzBJW5OHIFuuB
=asH1
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]