NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 31

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Jul 31 2008 - 16:49:37 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RealPlayer is the only major problem this week - assuming you have made
sure you and your ISPs have fixed the DNS problem from last week.
Here are two ways to test your ISP (Internet Service Provider) to
determine whether the DNS server you rely on has been patched.
1. Dan Kaminsky's test is at the upper right corner at
http://www.doxpara.com/
2. The DNS Operations, Analysis and Research Center offers a testing
tool at https://www.dns-oarc.net/oarc/services/dnsentropy
and here is a great explanation of the problem by Dan Kaminsky.
http://www.doxpara.com/?p=1185
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
July 31, 2008 Vol. 7. Week 31
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 11 (#2, #3)
Linux 3
Unix 2
Cross Platform 13 (#1)
Web Application - Cross Site Scripting 15
Web Application - SQL Injection 24
Web Application 44
Network Device 1

******** A Challenge/Gift for People Who have CEH Certifications *******
The new GPEN (GIAC Penetration Tester) Certification measures mastery
of tools that are so up to date and measures pen testing skills so
effectively that people who buy penetration testing have begun asking
for it in potential pen testers. As a gift to the CEH community, SANS
is offering free testing to 50 active CEH holders who want to
demonstrate that their skills cover the most up to date set of tools and
effective pen testing procedures, as well. The first 50 CEH's who ask
will be allowed to take the exam at no cost. If you want to take the
exam, email me (apallersans.org).
*************************************************************************
TRAINING UPDATE
- - Las Vegas (9/28-10/6) http://www.sans.org/ns2008 NETWORK SECURITY 2008
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - Virginia Beach (8/21-8/29): http://www.sans.org/vabeach08/
- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: RealPlayer Multiple Vulnerabilities
(2) HIGH: Trend Micro OfficeScan ActiveX Control Multiple Vulnerabilities
(3) MODERATE: HP OVIS Probe Builder Arbitrary Process Kill Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
08.31.1 - EMC Dantz Retrospect Backup Client "retroclient.exe" Remote Memory Corruption
08.31.2 - PowerDVD ".m3u" and ".pls" File Multiple Buffer Overflow Vulnerabilities
08.31.3 - Outpost Security Suite Pro Filename Parsing Security Bypass
08.31.4 - RealNetworks RealPlayer SWF File Heap-Based Buffer Overflow
08.31.5 - Cygwin "setup.exe" Installation and Update Process Mirror Authenticity Verification
08.31.6 - RealNetworks RealPlayer "rmoc3260.dll" ActiveX Control Multiple Memory Corruption Vulnerabilities
08.31.7 - RealPlayer "rjbdll.dll" ActiveX Control "Import" Method Stack Buffer Overflow
08.31.8 - Trend Micro OfficeScan "ObjRemoveCtrl.dll" ActiveX Control Multiple Stack Overflow Vulnerabilities
08.31.9 - AVG Anti-Virus UPX File Parsing Denial of Service
08.31.10 - CoolPlayer M3U File Buffer Overflow
08.31.11 - Eyeball MessengerSDK "CoVideoWindow.ocx" ActiveX Control Remote Buffer Overflow
-- Linux
08.31.12 - openSUSE "libxcrypt" Insecure Password Hash Weakness
08.31.13 - SUSE openSUSE x86_64 Kernel Unspecified Buffer Overflow
08.31.14 - GNU Coreutils "pam_succeed_if" PAM Local Authentication Bypass
-- Unix
08.31.15 - vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service
08.31.16 - reSIProcate Multiple Unspecified Memory Corruption Vulnerabilities
-- Cross Platform
08.31.17 - EMC Retrospect Backup Client Password Hash Information Disclosure
08.31.18 - EMC Retrospect Backup Client NULL Pointer Remote Denial of Service
08.31.19 - Asterisk IAX "POKE" Requests Remote Denial of Service
08.31.20 - OpenSSH "X11UseLocalhost" X11 Forwarding Session Hijacking
08.31.21 - ZDaemon NULL Pointer Remote Denial of Service
08.31.22 - Multiple Vendor DNS Protocol Insufficient Transaction ID Randomization DNS Spoofing
08.31.23 - Asterisk IAX2 Firmware Provisioning Packet Amplification Remote Denial of Service
08.31.24 - IntelliTamper HTML "Server" Header Parsing Buffer Overflow
08.31.25 - Minix Psuedo Terminal Denial of Service
08.31.26 - RealPlayer Unspecified Local Resource Reference
08.31.27 - European Performance Systems Probe Builder Unspecified Denial of Service
08.31.28 - Links "only proxies" Unspecified Security
08.31.29 - Mail Multiple Local Information Disclosure Vulnerabilities
-- Web Application - Cross Site Scripting
08.31.30 - EasyBookMarker "ajaxp_backend.php" Cross-Site Scripting
08.31.31 - Maran PHP Blog "comments.php" Cross-Site Scripting
08.31.32 - XOOPS Local File Include and Cross-Site Scripting Vulnerabilities
08.31.33 - VisualPic Cross-Site Scripting
08.31.34 - Multiple Century System XR Routers Cross-Site Request Forgery
08.31.35 - Claroline Prior to 1.8.11 Multiple Cross-Site Scripting Vulnerabilities
08.31.36 - PunBB Multiple Cross-Site Scripting Vulnerabilities
08.31.37 - Geeklog Forum Plugin Cross-Site Scripting
08.31.38 - Pure Software Lore Multiple Cross-Site Scripting Vulnerabilities
08.31.39 - Web Wiz Forum "mode" Parameter Multiple Cross-Site Scripting Vulnerabilities
08.31.40 - Trac Unspecified Wiki Engine Cross-Site Scripting
08.31.41 - MyBB "search.php" Cross-Site Scripting
08.31.42 - Web Wiz Rich Text Editor "RTE_popup_link.asp" Cross-Site Scripting
08.31.43 - Owl Intranet Engine "register.php" Cross-Site Scripting
08.31.44 - phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.31.45 - DigiLeave "info_book.asp" SQL Injection
08.31.46 - HRS Multi "picture_pic_bv.asp" SQL Injection
08.31.47 - phpKF "forum_duzen.php" SQL Injection
08.31.48 - MojoPersonals "mojoClassified.cgi" SQL Injection
08.31.49 - E-topbiz Shopcart DX "product_detail.php" SQL Injection
08.31.50 - SocialEngine Multiple SQL Injection Vulnerabilities
08.31.51 - Pre Survey Generator "default.asp" SQL Injection
08.31.52 - EMC Centera Universal Access "username" Parameter SQL Injection
08.31.53 - Camera Life "sitemap.xml.php" SQL Injection
08.31.54 - FizzMedia "comment.php" SQL Injection
08.31.55 - PhpTest "picture.php" SQL Injection
08.31.56 - FipsCMS R Parameter "index.asp" SQL Injection
08.31.57 - IceBB SQL Injection
08.31.58 - Mobius Web Publishing Software Multiple SQL Injection Vulnerabilities
08.31.59 - phpLinkat SQL Injection and Cookie Authentication Bypass Vulnerabilities
08.31.60 - phpwebnews-mysql Multiple SQL Injection Vulnerabilities
08.31.61 - Willoughby TriO SQL Injection
08.31.62 - EPShop "pid" Parameter "index.php" SQL Injection
08.31.63 - Greatclone Getacoder Clone "search_form.php" SQL Injection
08.31.64 - Greatclone GC Auction Platinum "category.php" SQL Injection
08.31.65 - SiteAdmin CMS "art" Parameter "line2.php" SQL Injection
08.31.66 - Greatclone Youtuber Clone "ugroups.php" SQL Injection
08.31.67 - ViArt Shop "products_rss.php" SQL Injection
08.31.68 - Gregarius "ajax.php" SQL Injection
-- Web Application
08.31.69 - Jobbex JobSite "search_result.cfm" Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.31.70 - EasyDynamicPages Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.31.71 - EasyPublish "read" Parameter Multiple SQL Injection and Cross-Site Vulnerabilities
08.31.72 - MyBlog Multiple Remote Information Disclosure Vulnerabilities
08.31.73 - EZWebAlbum "download.php" Local File Include
08.31.74 - Flip "config.php" Remote File Include
08.31.75 - Interact "help.php" Multiple Local File Include Vulnerabilities
08.31.76 - IntelliTamper HTML "href" Parsing Buffer Overflow
08.31.77 - EMC Retrospect Weak Hash Algorithm Insecure Password Weakness
08.31.78 - HiFriend "cgi-bin/hifriend.pl" Open Email Relay
08.31.79 - MyReview Remote Information Disclosure
08.31.80 - EasyE-Cards SQL Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities
08.31.81 - RunCMS Multiple Remote File Include Vulnerabilities
08.31.82 - eSyndiCat "admin_lng" Cookie Parameter Authentication Bypass
08.31.83 - AlphAdmin CMS "aa_login" Cookie Parameter Authentication Bypass
08.31.84 - AtomatiCMS "upload.php" Arbitrary File Upload
08.31.85 - Ceica Groupware Multiple Remote File Upload Vulnerabilities
08.31.86 - EZWebAlbum Cookie Authentication Bypass
08.31.87 - YouTube Blog Multiple Input Validation Vulnerabilities
08.31.88 - TamperData Firefox Plugin HTML Injection
08.31.89 - PunBB Unspecified Arbitrary SMTP Command Injection
08.31.90 - Moodle "etitle" Parameter HTML Injection
08.31.91 - Mantis "account_prefs_update.php" Local File Include
08.31.92 - Drupal Session Fixation
08.31.93 - ibase "download.php" Local File Include
08.31.94 - WordPress Wp Downloads Manager Module "upload.php" Arbitrary File Upload
08.31.95 - XRMS 1.99.2 Multiple Remote Vulnerabilities
08.31.96 - CMScout "common.php" Local File Include
08.31.97 - TalkBack "help.php" Local File Include
08.31.98 - Pixelpost "index.php" Local File Include
08.31.99 - Trac Unspecified Quickjump Function URI Redirection
08.31.100 - Jamroom Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities
08.31.101 - ATutor "import.php" Remote File Include
08.31.102 - IDevSpot BizDirectory Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.31.103 - Cerberus Content Management System "cerberus_user" Cookie Parameter HTML Injection
08.31.104 - miniBB RSS Plugin Multiple Remote File Include Vulnerabilities
08.31.105 - HTTrack URI Parsing Remote Buffer Overflow
08.31.106 - Unreal Tournament 2004 NULL Pointer Remote Denial of Service
08.31.107 - JnSHosts PHP Hosting Directory "admin.php" Remote File Include
08.31.108 - ScrewTurn Software ScrewTurn Wiki
08.31.109 - Unreal Tournament 3 Denial of Service And Memory Corruption Vulnerabilities
08.31.110 - PhpWebGallery Information Disclosure
08.31.111 - InfoMining BookMine SQL Injection and Cross-Site Scripting Vulnerabilities
08.31.112 - Unica Affinium Campaign Multiple Remote Vulnerabilities
-- Network Device
08.31.113 - Axesstel AXW-D800 Multiple Remote Authentication Bypass Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: RealPlayer Multiple Vulnerabilities
Affected:
RealPlayer versions prior to 11

Description: RealPlayer is a popular media playing application for
multiple operating systems. It contains multiple vulnerabilities in its
handling of a variety of media formats. Additionally, on Microsoft
Windows platforms, multiple RealPlayer ActiveX controls contain
vulnerabilities. Successfully exploiting these vulnerabilities would
allow an attacker to execute arbitrary code with the privileges of the
current user. Generally, malicious content would be opened upon receipt
automatically by the vulnerable application, without first prompting the
user. Full technical details are publicly available for several of these
vulnerabilities.

Status: Vendor confirmed, updates available. The ActiveX vulnerabilities
can be mitigated by disabling the affected controls via Microsoft's
"kill bit" mechanism. Lists of vulnerable CLSIDs are available in the
Zero Day Initiative advisories.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-046/
http://zerodayinitiative.com/advisories/ZDI-08-047/
Real Security Advisory
http://service.real.com/realplayer/security/07252008_player/en/
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.real.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/30376
http://www.securityfocus.com/bid/30378
http://www.securityfocus.com/bid/28157
http://www.securityfocus.com/bid/30370
http://www.securityfocus.com/bid/30379

***************************************************

(2) HIGH: Trend Micro OfficeScan ActiveX Control Multiple Vulnerabilities
Affected:
Trend Micro OfficeScan versions 7.3 and prior

Description: Trend Micro OfficeScan is a popular antivirus solution.
Part of its functionality is provided by an ActiveX control. This
control contains multiple buffer overflows in its handling of various
parameters. A malicious web page that instantiates this control would
allow an attacker to exploit one of these buffer overflows. Successfully
exploiting one of these buffer overflows would allow an attacker to
execute arbitrary code with the privileges of the current user. Full
technical details and a proof-of-concept are publicly available for
these vulnerabilities.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"5EFE8CB1-D095-11D1-88FC-0080C859833B". Note that this may affect normal
application functionality.

References:
Proof-of-Concept
http://milw0rm.com/exploits/6152
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://uk.trendmicro.com/uk/products/enterprise/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/30407

***************************************************

(3) MODERATE: HP OVIS Probe Builder Arbitrary Process Kill Vulnerability
Affected:
HP OVIS Probe Builder versions 2.2 and prior

Description: HP OVIS Probe Builder, also known as HP Internet Services
and European Performance Systems Probe Builder, is a popular enterprise
network architecture management system. It contains a vulnerability in
its handling of remote procedure calls. An unauthenticated user could
call an exported procedure that can kill (terminate) a user-specified
process on the vulnerable host. A user could cause a complete system
shutdown by killing a Microsoft Windows system process, or kill other
applications running on the vulnerable system. Some technical details
are publicly available for this vulnerability.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking TCP port 32968 at the network
perimeter, if possible.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728
HP Support Document
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01511225
SecurityFocus BID
http://www.securityfocus.com/bid/30403

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 31, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.31.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: EMC Dantz Retrospect Backup Client "retroclient.exe" Remote
Memory Corruption
Description: EMC Dantz Retrospect Backup Client is an application that
allows users to back up and restore files. The application is exposed
to a remote memory corruption issue that occurs in the
"retroclient.exe" processes listening on TCP port 497 by default.
Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
______________________________________________________________________

08.31.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: PowerDVD ".m3u" and ".pls" File Multiple Buffer Overflow
Vulnerabilities
Description: PowerDVD is an application for playing DVDs; it is
available for Microsoft Windows. The application is exposed to
multiple buffer overflow issues because it fails to perform adequate
boundary checks on user-supplied input. These issues occur when
handling malformed ".m3u" and ".pls" files. PowerDVD version 8.0 is
affected.
Ref: http://www.securityfocus.com/bid/30341
______________________________________________________________________

08.31.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Outpost Security Suite Pro Filename Parsing Security Bypass
Description: Outpost Security Suite Pro is a security application that
provides firewall, antivirus, and other threat protection for
Windows-based computers. The application is exposed to an issue that
allows an unauthorized attacker to bypass antivirus and firewall
rules. This issue occurs because the application fails to adequately
sanitize user-supplied input. Outpost Security Suite Pro 2009 is
affected.
Ref: http://www.securityfocus.com/archive/1/494660
______________________________________________________________________

08.31.4 CVE: CVE-2007-5400
Platform: Third Party Windows Apps
Title: RealNetworks RealPlayer SWF File Heap-Based Buffer Overflow
Description: RealNetworks RealPlayer is an application that allows
users to play various media formats. The application is exposed to a
heap-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. The issue stems from a
frame-handling error when processing SWF (Shockwave Flash) files.
RealPlayer version 10.5 Build 6.0.12.1483 is affected.
Ref: http://www.securityfocus.com/archive/1/494749
______________________________________________________________________

08.31.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Cygwin "setup.exe" Installation and Update Process Mirror
Authenticity Verification
Description: Cygwin is a Linux-style operating environment for
Microsoft Windows. Cygwin "setup.exe" is exposed to an issue caused by
inadequate verification of mirror authenticity. Cygwin "setup.exe"
versions prior to 2.573.2.3 are affected.
Ref: http://www.securityfocus.com/archive/1/494756
______________________________________________________________________

08.31.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealNetworks RealPlayer "rmoc3260.dll" ActiveX Control Multiple
Memory Corruption Vulnerabilities
Description: RealNetworks RealPlayer is an application that allows
users to play various media formats. RealPlayer "rmoc3260.dll" ActiveX
control is exposed to multiple heap-based memory corruption issues.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0460.html
______________________________________________________________________

08.31.7 CVE: CVE-2008-3066
Platform: Third Party Windows Apps
Title: RealPlayer "rjbdll.dll" ActiveX Control "Import" Method Stack
Buffer Overflow
Description: RealPlayer is an application that allows users to play
various media formats. The application is exposed to a stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input before copying it to an insufficiently
sized memory buffer.
Ref: http://www.kb.cert.org/vuls/id/461187
______________________________________________________________________

08.31.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Trend Micro OfficeScan "ObjRemoveCtrl.dll" ActiveX Control
Multiple Stack Overflow Vulnerabilities
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. The control is exposed to multiple stack-based buffer
overflow issues because it fails to properly bounds check
user-supplied input. OfficeScan version 7.3 build 1343 is affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0509.html
______________________________________________________________________

08.31.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: AVG Anti-Virus UPX File Parsing Denial of Service
Description: AVG Anti-Virus is an antivirus application for the
Microsoft Windows platform. The application is exposed to a denial of
service issue by supplying a malicious UPX packed file. When the AVG
Anti-Virus scanning engine scans this file a divide-by-zero error will
occur. AVG Anti-Virus versions prior to 8.0.156 are affected.
Ref:
http://www.nruns.com/advisories/%5Bn.runs-SA-2008%20004%5D%20-%20AVG%20Antivirus%20UPX%20parsing%20Divide%20by%20Zero%20Advisory.txt
______________________________________________________________________

08.31.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: CoolPlayer M3U File Buffer Overflow
Description: CoolPlayer is a media player application for the Windows
operating system. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data.
Ref: http://www.securityfocus.com/bid/30418
______________________________________________________________________

08.31.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Eyeball MessengerSDK "CoVideoWindow.ocx" ActiveX Control Remote
Buffer Overflow
Description: Eyeball MessengerSDK is a VoIP, video telephony and
instant messaging API. The "CoVideoWindow.ocx" ActiveX control of
Eyeball MessengerSDK is exposed to a stack-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. Eyeball MessengerSDK "CoVideoWindow.ocx control version
5.0.907.1 is affected.
Ref: http://www.securityfocus.com/archive/1/494756
______________________________________________________________________

08.31.12 CVE: Not Available
Platform: Linux
Title: openSUSE "libxcrypt" Insecure Password Hash Weakness
Description: openSUSE is exposed to an insecure password hash
weakness. This issue stems from a design error when "libxcrypt" is
used to calculate password hashes. The "libxcrypt" library
facilitates the use of DES, MD5, or "blowfish" algorithms for creating
password hashes.
Ref: http://www.securityfocus.com/bid/30301
______________________________________________________________________

08.31.13 CVE: CVE-2008-3247
Platform: Linux
Title: SUSE openSUSE x86_64 Kernel Unspecified Buffer Overflow
Description: The openSUSE x86_64 kernel is exposed to an unspecified
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. The vulnerability occurs in the Local
Descriptor Table (LDT) handling code. openSUSE kernel version 2.6.25
is affected.
Ref: http://www.securityfocus.com/bid/30351
______________________________________________________________________

08.31.14 CVE: CVE-2008-1946
Platform: Linux
Title: GNU Coreutils "pam_succeed_if" PAM Local Authentication Bypass
Description: GNU Coreutils is a set of basic utilities for
manipulating files, text, etc. The application is exposed to a local
authentication bypass issue because of a design error in the
"pam_succeed_if" Pluggable Authentication Module (PAM). Successfully
exploiting this issue may lead to other attacks.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0780.html
______________________________________________________________________

08.31.15 CVE: CVE-2008-2375
Platform: Unix
Title: vsftpd FTP Server Pluggable Authentication Module (PAM) Remote
Denial of Service
Description: The "vsftpd" FTP server (Very Secure File Transfer
Protocol Daemon) is an FTP server for UNIX-like platforms. The
application is exposed to a remote denial of service issue when used
with Pluggable Authentication Modules (PAM). The issue is caused by a
memory leak that occurs when an invalid authentication attempt is
made. vsftpd versions prior to 2.0.5 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0579.html
______________________________________________________________________

08.31.16 CVE: Not Available
Platform: Unix
Title: reSIProcate Multiple Unspecified Memory Corruption
Vulnerabilities
Description: reSIProcate is an implementation of the SIP (Session
Initiation Protocol) stack; it includes various application
components. The application is exposed to multiple unspecified memory
corruption issues. This issue will allow attackers to consume all the
stack memory. reSIProcate versions prior to 1.3.4 are affected.
Ref: http://www.resiprocate.org/ReSIProcate_1.3.4_Release
______________________________________________________________________

08.31.17 CVE: Not Available
Platform: Cross Platform
Title: EMC Retrospect Backup Client Password Hash Information
Disclosure
Description: EMC Retrospect is a secured online backup system for Mac
OS X and Windows. The Retrospect Backup Client is exposed to an
information disclosure issue when the client processes a specially
crafted packet. The client responds by sending information that
includes a password hash in plain text. Retrospect Backup Client
version 7.5.116 is affected.
Ref: http://www.securityfocus.com/archive/1/494560
______________________________________________________________________

08.31.18 CVE: Not Available
Platform: Cross Platform
Title: EMC Retrospect Backup Client NULL Pointer Remote Denial of
Service
Description: EMC Retrospect Backup Client is an application that
allows users to back up and restore files. The application is exposed
to a remote denial of service issue because of a design error that
causes a NULL-pointer exception.
Ref: http://www.fortiguardcenter.com/advisory/FGA-2008-16.html
______________________________________________________________________

08.31.19 CVE: CVE-2008-3263
Platform: Cross Platform
Title: Asterisk IAX "POKE" Requests Remote Denial of Service
Description: Asterisk is a PBX and telephony application for multiple
operating platforms. Asterisk supports the IAX VoIP protocol. The IAX
control "POKE" is used as a "ping"-style command. The application is
exposed to a remote denial of service issue because it fails to handle
multiple "POKE" requests in quick succession.
Ref: http://downloads.digium.com/pub/security/AST-2008-010.html
______________________________________________________________________

08.31.20 CVE: Not Available
Platform: Cross Platform
Title: OpenSSH "X11UseLocalhost" X11 Forwarding Session Hijacking
Description: OpenSSH is a free implementation of the Secure Shell
protocol suite. It is available for various operating systems. The
application is exposed to an issue that allows attackers to hijack
forwarded X connections. OpenSSH version 5.0 is affected.
Ref: http://www.openssh.com/txt/release-5.1
______________________________________________________________________

08.31.21 CVE: Not Available
Platform: Cross Platform
Title: ZDaemon NULL Pointer Remote Denial of Service
Description: ZDaemon is a Doom source port based on ZDoom. The
application is exposed to a remote denial of service issue because it
fails to handle NULL-pointer exceptions. Specifically, the issue
occurs when sending crafted data with type "0x06" commands. ZDaemon
versions 1.08.07 and earlier are affected.
Ref: http://aluigi.altervista.org/adv/zdaemonull-adv.txt
______________________________________________________________________

08.31.22 CVE: CVE-2008-1447
Platform: Cross Platform
Title: Multiple Vendor DNS Protocol Insufficient Transaction ID
Randomization DNS Spoofing
Description: Multiple vendors' implementations of the DNS protocol are
exposed to a DNS-spoofing issue because the software fails to securely
implement random values when performing DNS queries. Microsoft Windows
DNS Clients and Servers, ISC BIND 8 and 9, and multiple Cisco IOS
releases are affected.
Ref: http://www.securityfocus.com/archive/1/494716
______________________________________________________________________

08.31.23 CVE: CVE-2008-3264
Platform: Cross Platform
Title: Asterisk IAX2 Firmware Provisioning Packet Amplification Remote
Denial of Service
Description: Asterisk is a private branch exchange (PBX) application
available for Linux, BSD, and Mac OS X platforms. The application is
exposed to remote denial of service attacks. This issue is caused by a
flaw in the IAX2 firmware download protocol.
Ref: http://downloads.digium.com/pub/security/AST-2008-011.html
______________________________________________________________________

08.31.24 CVE: Not Available
Platform: Cross Platform
Title: IntelliTamper HTML "Server" Header Parsing Buffer Overflow
Description: IntelliTamper is a spider application for scanning
websites. The application is exposed to a buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. IntelliTamper version 2.07 is affected.
Ref: http://www.securityfocus.com/bid/30356
______________________________________________________________________

08.31.25 CVE: Not Available
Platform: Cross Platform
Title: Minix Psuedo Terminal Denial of Service
Description: Minix is light weight operating system. The application
is exposed to a denial of service issue. A problem in the
"drivers/tty/tty.c" source file can be exploited to consume all
available psuedo terminals, subsequently resulting in future
connections to be denied. Minix version 3.1.2a is affected.
Ref: http://www.securityfocus.com/bid/30357
______________________________________________________________________

08.31.26 CVE: CVE-2008-3064
Platform: Cross Platform
Title: RealPlayer Unspecified Local Resource Reference
Description: RealPlayer allows users to stream various media files
through their browser. The application is exposed to an unspecified
issue. Please refer to the link below for further details.
Ref: http://service.real.com/realplayer/security/07252008_player/en/
______________________________________________________________________

08.31.27 CVE: CVE-2008-1667
Platform: Cross Platform
Title: European Performance Systems Probe Builder Unspecified Denial
of Service
Description: European Performance Systems (EPS) Probe Builder is an
application designed for use with HP's OpenView Internet Services. The
application is exposed to an unspecified denial of service issue.
Probe Builder versions prior to A.02.20.901 on Windows are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=728
______________________________________________________________________

08.31.28 CVE: CVE-2008-3329
Platform: Cross Platform
Title: Links "only proxies" Unspecified Security
Description: Links is a text-based web browser. The application is
exposed to an unspecified security issue related to providing URIs to
external programs. The issue may be triggered when "only proxies" is
enabled.
Ref: http://links.twibright.com/download/ChangeLog
______________________________________________________________________

08.31.29 CVE: Not Available
Platform: Cross Platform
Title: Mail Multiple Local Information Disclosure Vulnerabilities
Description: Mail is an email server. Since it fails to restrict
access to certain files, Mail is exposed to multiple information
disclosure issues. Specifically, the application fails to restrict
access to the "webmail/libs/Atmail/Config.php" and
"webmail/webadmin/.htpasswd" files. Mail version 5.41 is affected.
Ref: http://www.securityfocus.com/bid/30434
______________________________________________________________________

08.31.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EasyBookMarker "ajaxp_backend.php" Cross-Site Scripting
Description: EasyBookMarker is a PHP-based tool for managing
bookmarks. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the "rs"
parameter of the "ajaxp_backend.php" script. EasyBookMarker version
4.0tr is affected.
Ref: http://www.securityfocus.com/archive/1/494550
______________________________________________________________________

08.31.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Maran PHP Blog "comments.php" Cross-Site Scripting
Description: Maran PHP Blog is a web-log application. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the 'id' parameter of the
"comments.php" script.
Ref: http://www.securityfocus.com/archive/1/494549
______________________________________________________________________

08.31.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XOOPS Local File Include and Cross-Site Scripting
Vulnerabilities
Description: XOOPS is a PHP-based content manager. The application is
exposed to a local file include issue and a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the "fct"
parameter of the "/modules/system/admin.php" script. XOOPS version
2.0.18.1 is affected.
Ref: http://www.securityfocus.com/bid/30330
______________________________________________________________________

08.31.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: VisualPic Cross-Site Scripting
Description: VisualPic is a web-based application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "pic" parameter. VisualPic version 0.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/30334
______________________________________________________________________

08.31.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Century System XR Routers Cross-Site Request Forgery
Description: XR routers are a series of network devices designed for
home and small-office setups. Multiple Century System XR routers are
exposed to a cross-site request forgery issue.
Ref: http://jvn.jp/en/jp/JVN67573833/index.html
______________________________________________________________________

08.31.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Claroline Prior to 1.8.11 Multiple Cross-Site Scripting
Vulnerabilities
Description: Claroline is a PHP-based online education platform. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. Claroline versions prior to
1.8.11 are affected.
Ref: http://www.securityfocus.com/archive/1/494655
______________________________________________________________________

08.31.36 CVE: CVE-2008-3336
Platform: Web Application - Cross Site Scripting
Title: PunBB Multiple Cross-Site Scripting Vulnerabilities
Description: PunBB is a PHP-based forum application. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. Unspecified parameters of the
"include/parser.php" and "moderate.php" scripts are affected. PunBB
versions prior to 1.2.19 are affected.
Ref: http://punbb.informer.com/
______________________________________________________________________

08.31.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Geeklog Forum Plugin Cross-Site Scripting
Description: Geeklog Forum Plugin is a web-based application. The
application is exposed to a cross-site scripting issue because it fails
to sufficiently sanitize user-supplied data. This issue occurs in the
forum search. Geeklog versions prior to 2.7.1 are affected.
Ref: http://www.geeklog.net/article.php/20080719093147449
______________________________________________________________________

08.31.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pure Software Lore Multiple Cross-Site Scripting
Vulnerabilities
Description: Pure Software Lore is Knowledge Base software. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input passed to the
"article comments feature" and the "search log". Lore versions prior
to 1.7.0 are affected.
Ref: http://puresw.com/kb/idx.php/8/025/Versions/article/Changelog.html
______________________________________________________________________

08.31.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Web Wiz Forum "mode" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: Web Wiz Forum is an ASP-based web application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. This affects the "mode"
parameter of the "admin_group_details.asp" and
"admin_category_details.asp" scripts. Web Wiz Forum version 9.5 is
affected.
Ref: http://www.securityfocus.com/bid/30398
______________________________________________________________________

08.31.40 CVE: CVE-2008-3328
Platform: Web Application - Cross Site Scripting
Title: Trac Unspecified Wiki Engine Cross-Site Scripting
Description: Trac is a wiki and issue-tracking system. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to an unspecified parameter in
the Wiki Engine. Trac versions prior to 0.10.5 are affected.
Ref: http://trac.edgewall.org/wiki/ChangeLog
______________________________________________________________________

08.31.41 CVE: CVE-2008-3334
Platform: Web Application - Cross Site Scripting
Title: MyBB "search.php" Cross-Site Scripting
Description: MyBB is a bulletin board. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to an unspecified parameter in the "search.php"
script. MyBB versions prior to 1.2.14 are affected.
Ref: http://community.mybboard.net/thread-33865.html
______________________________________________________________________

08.31.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Web Wiz Rich Text Editor "RTE_popup_link.asp" Cross-Site
Scripting
Description: Web Wiz Rich Text Editor is an ASP-based text editor
application. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"Email" parameter of "RTE_popup_link.asp". Web Wiz Rich Text
Editor version 4.0.2 is affected.
Ref: http://www.securityfocus.com/archive/1/494822
______________________________________________________________________

08.31.43 CVE: CVE-2008-3100
Platform: Web Application - Cross Site Scripting
Title: Owl Intranet Engine "register.php" Cross-Site Scripting
Description: Owl Intranet Engine is a PHP-based knowledgebase system.
The application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "username"
parameter of the "register.php" script. Owl version 0.95 is affected.
Ref: http://www.securityfocus.com/archive/1/494843
______________________________________________________________________

08.31.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
phpMyAdmin versions prior to 2.11.8 are affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008
- -6
______________________________________________________________________

08.31.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DigiLeave "info_book.asp" SQL Injection
Description: DigiLeave is an ASP-based application for managing
employee time-off bookings. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "book_id" parameter of the "info_book.asp"
script before using it in an SQL query. DigiLeave version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/30314
______________________________________________________________________

08.31.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: HRS Multi "picture_pic_bv.asp" SQL Injection
Description: HRS (Hotel Reservation System) Multi is an ASP-based
reservation system for multiple properties. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "key" parameter of the "picture_pic_bv.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30316
______________________________________________________________________

08.31.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpKF "forum_duzen.php" SQL Injection
Description: phpKF is web-based forum application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "fno" parameter of the
"forum_duzen.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30318
______________________________________________________________________

08.31.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MojoPersonals "mojoClassified.cgi" SQL Injection
Description: MojoPersonals is dating software implemented in Perl/CGI.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "mojoClassified.cgi" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30325
______________________________________________________________________

08.31.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-topbiz Shopcart DX "product_detail.php" SQL Injection
Description: Shopcart DX is a web-based shopping application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. Specifically, it fails to properly sanitize the "pid" parameter
of the "product_detail.php" script. Shopcart DX version 4.30 is
affected.
Ref: http://www.securityfocus.com/bid/30337
______________________________________________________________________

08.31.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SocialEngine Multiple SQL Injection Vulnerabilities
Description: SocialEngine is a PHP-based platform for social
networking. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
SocialEngine versions prior to 2.83 are affected.
Ref: http://www.securityfocus.com/archive/1/494638
______________________________________________________________________

08.31.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Survey Generator "default.asp" SQL Injection
Description: Pre Survey Generator is a PHP-based survey application.
It is also referred to as Pre Survey Poll. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "poll/default.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30349
______________________________________________________________________

08.31.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EMC Centera Universal Access "username" Parameter SQL Injection
Description: EMC Centera Universal Access allows applications to
communicate with EMC Centera storage system. The application is
exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input before using it in an SQL
query. EMC Centera Universal Access version 4.0_4735.p4 is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-July/063418.html
______________________________________________________________________

08.31.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Camera Life "sitemap.xml.php" SQL Injection
Description: Camera Life is a PHP-based photo-gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"sitemap.xml.php" script before using it in an SQL query. Camera Life
version 2.6.2 is affected.
Ref: http://www.securityfocus.com/bid/30368
______________________________________________________________________

08.31.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FizzMedia "comment.php" SQL Injection
Description: FizzMedia is a web-based media application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "mid" parameter of the
"comment.php" script before using it in an SQL query. FizzMedia
version 1.51.2 is affected.
Ref: http://www.securityfocus.com/bid/30374
______________________________________________________________________

08.31.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpTest "picture.php" SQL Injection
Description: PhpTest is a web-based testing tool. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "image_id" parameter of the
"picture.php" script before using it in an SQL query. PhpTest version
0.6.3 is affected.
Ref: http://www.securityfocus.com/bid/30377
______________________________________________________________________

08.31.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FipsCMS R Parameter "index.asp" SQL Injection
Description: fipsCMS is a content manager implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "r" parameter of the
"index.asp" script file before using it in an SQL query. fipsCMS
version 2.1 is affected.
Ref: http://www.milw0rm.com/exploits/6135
______________________________________________________________________

08.31.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IceBB SQL Injection
Description: IceBB is a web-based forum software. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data. The issue is caused by a design flaw in
the "clean_string" function in the "/includes/functions.php" script.
IceBB versions prior to 1.0-rc9.3 are affected.
Ref: http://forums.xaos-ia.com/?topic=760
______________________________________________________________________

08.31.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mobius Web Publishing Software Multiple SQL Injection
Vulnerabilities
Description: Mobius Web Publishing Software is PHP-based software.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "browse.php" and the "s" parameter of the
"detail.php" script. Mobius Web Publishing Software versions up to and
including 1.4.4.1 are affected.
Ref: http://www.securityfocus.com/bid/30382
______________________________________________________________________

08.31.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpLinkat SQL Injection and Cookie Authentication Bypass
Vulnerabilities
Description: phpLinkat is a web-based application implemented in PHP.
The application is prone to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "catid" parameter of
the "showcat.php" script file before using it in an SQL query.
phpLinkat version 0.1 is affected.
Ref: http://www.milw0rm.com/exploits/6140
______________________________________________________________________

08.31.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpwebnews-mysql Multiple SQL Injection Vulnerabilities
Description: phpwebnews-mysql is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize input to the "a1" and "a2" cookie
parameters before using it in an SQL query. phpwebnews-mysql version
0.2 is affected.
Ref: http://www.securityfocus.com/bid/30383
______________________________________________________________________

08.31.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Willoughby TriO SQL Injection
Description: Willoughby TriO is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"browse.php" script. Willoughby TriO versions up to and including 2.1
are affected.
Ref: http://www.securityfocus.com/bid/30384
______________________________________________________________________

08.31.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EPShop "pid" Parameter "index.php" SQL Injection
Description: EPShop is a web-based application implemented in PHP. The
product name has been changed from EPShop to ECShop. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "pid" parameter of the "index.php"
script file before using it in an SQL query. EPShop versions prior to
3.0 are affected.
Ref: http://www.securityfocus.com/bid/30387
______________________________________________________________________

08.31.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Greatclone Getacoder Clone "search_form.php" SQL Injection
Description: Greatclone Getacoder Clone script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"sb_protype" parameter of the "search_form.php" script.
Ref: http://www.securityfocus.com/bid/30388
______________________________________________________________________

08.31.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Greatclone GC Auction Platinum "category.php" SQL Injection
Description: Greatclone GC Auction Platinum is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cate_id" parameter of the "category.php" script.
Ref: http://www.securityfocus.com/bid/30389
______________________________________________________________________

08.31.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SiteAdmin CMS "art" Parameter "line2.php" SQL Injection
Description: SiteAdmin CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "art" parameter of the "line2.php"
script file before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30391
______________________________________________________________________

08.31.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Greatclone Youtuber Clone "ugroups.php" SQL Injection
Description: Greatclone Youtuber Clone script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"UID" parameter of the "ugroups.php" script.
Ref: http://www.securityfocus.com/bid/30392
______________________________________________________________________

08.31.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ViArt Shop "products_rss.php" SQL Injection
Description: ViArt Shop is a web-based shopping application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "category_id"
parameter of the "products_rss.php" script before using it in an SQL
query. ViArt Shop versions 3.5 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/494839
______________________________________________________________________

08.31.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Gregarius "ajax.php" SQL Injection
Description: Gregarius is a web-based RSS/RDF/ATOM feed aggregator.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "rsargs[]"
parameter of the "ajax.php" script before using it in an SQL query.
Gregarius version 0.5.4 is affected.
Ref: http://www.securityfocus.com/archive/1/494866
______________________________________________________________________

08.31.69 CVE: Not Available
Platform: Web Application
Title: Jobbex JobSite "search_result.cfm" Multiple SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: Jobbex JobSite is a ColdFusion-based content manager for
job websites. Since it fails to adequately sanitize user-supplied
input, the application is exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/30302
______________________________________________________________________

08.31.70 CVE: Not Available
Platform: Web Application
Title: EasyDynamicPages Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: EasyDynamicPages is a PHP-based web portal. Since it
fails to adequately sanitize user-supplied input, the application is
exposed to multiple input validation issues. EasyDynamicPages version
3.0tr is affected.
Ref: http://www.securityfocus.com/archive/1/494551
______________________________________________________________________

08.31.71 CVE: Not Available
Platform: Web Application
Title: EasyPublish "read" Parameter Multiple SQL Injection and
Cross-Site Vulnerabilities
Description: EasyPublish is a PHP-based application for publishing
news. Since it fails to sufficiently sanitize user-supplied input,
EasyPublish is exposed to multiple input validation issues.
EasyPublish version 3.0tr is affected.
Ref: http://www.securityfocus.com/archive/1/494556
______________________________________________________________________

08.31.72 CVE: Not Available
Platform: Web Application
Title: MyBlog Multiple Remote Information Disclosure Vulnerabilities
Description: MyBlog is a PHP-based blog/CMS application. Since it
fails to restrict access to certain actions, MyBlog is exposed to
multiple information disclosure issues. MyBlog version 0.9.8 is
affected.
Ref: http://www.securityfocus.com/archive/1/494577
______________________________________________________________________

08.31.73 CVE: Not Available
Platform: Web Application
Title: EZWebAlbum "download.php" Local File Include
Description: EZWebAlbum is a PHP-based photo album. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "dlfilename" parameter of the
"download.php" script.
Ref: http://www.securityfocus.com/archive/1/494573
______________________________________________________________________

08.31.74 CVE: Not Available
Platform: Web Application
Title: Flip "config.php" Remote File Include
Description: Flip is a web-log application. The application is exposed
to a remote file include issue because it fails to sufficiently
sanitize user-supplied input to the "incpath" parameter of the
"config.php" script. Flip version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/30312
______________________________________________________________________

08.31.75 CVE: Not Available
Platform: Web Application
Title: Interact "help.php" Multiple Local File Include Vulnerabilities
Description: Interact is a PHP-based application for online learning.
The application is exposed to multiple local file include issues
because it fails to properly sanitize user-supplied input to the
"module" and "get" parameters of "help.php".
Ref: http://www.securityfocus.com/archive/1/494582
______________________________________________________________________

08.31.76 CVE: Not Available
Platform: Web Application
Title: IntelliTamper HTML "href" Parsing Buffer Overflow
Description: IntelliTamper is a spider application for scanning
web sites. The application is exposed to a buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. IntelliTamper version 2.07 is affected.
Ref: http://www.securityfocus.com/bid/30317
______________________________________________________________________

08.31.77 CVE: Not Available
Platform: Web Application
Title: EMC Retrospect Weak Hash Algorithm Insecure Password Weakness
Description: EMC Retrospect is a secured online backup system. The
application is exposed to an insecure password-hash weakness that
resides in the Server Authentication Module. This issue occurs because
the application uses a weak hash algorithm to generate encrypted
passwords.
Ref: http://www.securityfocus.com/archive/1/494636
______________________________________________________________________

08.31.78 CVE: Not Available
Platform: Web Application
Title: HiFriend "cgi-bin/hifriend.pl" Open Email Relay
Description: HiFriend is a Perl-based script for sending web page links
to arbitrary email addresses. The application is exposed to an open
email relay issue that occurs in the "cgi-bin/hifriend.pl" script.
Ref: http://www.securityfocus.com/archive/1/494605
______________________________________________________________________

08.31.79 CVE: Not Available
Platform: Web Application
Title: MyReview Remote Information Disclosure
Description: MyReview is a PHP-based application for submitting and
reviewing research papers. The application is exposed to a remote
information disclosure issue because it fails to properly secure
submitted content. MyReview version 1.9.9 is affected.
Ref: http://www.securityfocus.com/archive/1/494567
______________________________________________________________________

08.31.80 CVE: Not Available
Platform: Web Application
Title: EasyE-Cards SQL Injection Vulnerability and Multiple Cross-Site
Scripting Vulnerabilities
Description: EasyE-Cards is a PHP-based application for sending and
receiving greeting cards. Since it fails to sufficiently sanitize
user-supplied data, EasyE-Cards is exposed to multiple input
validation issues. EasyE-Cards version 3.10a is affected.
Ref: http://www.securityfocus.com/archive/1/494555
______________________________________________________________________

08.31.81 CVE: Not Available
Platform: Web Application
Title: RunCMS Multiple Remote File Include Vulnerabilities
Description: RunCMS is a PHP-based content manager. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. RunCMS version 1.6.1 is
affected.
Ref: http://www.securityfocus.com/bid/30331
______________________________________________________________________

08.31.82 CVE: Not Available
Platform: Web Application
Title: eSyndiCat "admin_lng" Cookie Parameter Authentication Bypass
Description: eSyndiCat is a PHP-based directory application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. eSyndiCat version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/30332
______________________________________________________________________

08.31.83 CVE: Not Available
Platform: Web Application
Title: AlphAdmin CMS "aa_login" Cookie Parameter Authentication Bypass
Description: AlphAdmin CMS is a PHP-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. AlphAdmin CMS version 1.0.5_03 is affected.
Ref: http://www.securityfocus.com/bid/30333
______________________________________________________________________

08.31.84 CVE: Not Available
Platform: Web Application
Title: AtomatiCMS "upload.php" Arbitrary File Upload
Description: AtomatiCMS is an ASP-based content manager. The
application is exposed to a vulnerability that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. The issue occurs because the
software fails to properly sanitize user-supplied input in the
"/admin/FCKeditor/editor/filemanager/upload/php/upload.php" script.
AtomatiCMS version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30336
______________________________________________________________________

08.31.85 CVE: Not Available
Platform: Web Application
Title: Ceica Groupware Multiple Remote File Upload Vulnerabilities
Description: Ceica Groupware is a web-based application. The
application is exposed to multiple issues that allow an attacker to
upload arbitrary script code and execute it in the context of the
web server process. Ceica Groupware version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/30338
______________________________________________________________________

08.31.86 CVE: Not Available
Platform: Web Application
Title: EZWebAlbum Cookie Authentication Bypass
Description: EZWebAlbum is a PHP-based application for managing photo
albums. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie-based authentication.
Ref: http://www.securityfocus.com/bid/30343
______________________________________________________________________

08.31.87 CVE: Not Available
Platform: Web Application
Title: YouTube Blog Multiple Input Validation Vulnerabilities
Description: YouTube Blog is a PHP-based videolog application for
posting YouTube videos. Since it fails to adequately sanitize
user-supplied data, the application is exposed to multiple input
validation issues. YouTube Blog version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/30345
______________________________________________________________________

08.31.88 CVE: Not Available
Platform: Web Application
Title: TamperData Firefox Plugin HTML Injection
Description: TamperData is a Firefox plugin for viewing and modifying
HTTP/HTTPS headers and post parameters. The application is exposed to
an HTML injection issue because it fails to properly sanitize
user-supplied input before using it in dynamically generated content.
TamperData version 10.0.4 is affected.
Ref: http://www.securityfocus.com/bid/30394
______________________________________________________________________

08.31.89 CVE: CVE-2008-3335
Platform: Web Application
Title: PunBB Unspecified Arbitrary SMTP Command Injection
Description: PunBB is a PHP-based forum application. The application
is exposed to an unspecified issue that can be leveraged to inject
arbitrary SMTP commands. PunBB versions prior to 1.2.19 are affected.
Ref: http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt
______________________________________________________________________

08.31.90 CVE: Not Available
Platform: Web Application
Title: Moodle "etitle" Parameter HTML Injection
Description: Moodle is an open-source application for managing online
courseware. It is freely available under the GNU Public license for
Unix and variants and for Microsoft Windows. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. This issue affects the "etitle" form-field parameter of the
"blog/edit.php" script.
Ref: http://www.securityfocus.com/archive/1/494656
______________________________________________________________________

08.31.91 CVE: Not Available
Platform: Web Application
Title: Mantis "account_prefs_update.php" Local File Include
Description: Mantis is bug-tracking software. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language" parameter of the
"account_prefs_update.php" script. Mantis versions prior to 1.1.2 are
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=456044
______________________________________________________________________

08.31.92 CVE: Not Available
Platform: Web Application
Title: Drupal Session Fixation
Description: Drupal is a PHP-based content manager. The application is
exposed to a session-fixation issue which is caused by a design error
when handling sessions. Drupal versions 5.x before 5.9, and Drupal
versions .x before 6.3 are affected.
Ref: http://drupal.org/node/280571
______________________________________________________________________

08.31.93 CVE: Not Available
Platform: Web Application
Title: ibase "download.php" Local File Include
Description: The "ibase" program is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "filename" parameter
of the "download.php" script. ibase version 2.0.3 is affected.
Ref: http://www.securityfocus.com/bid/30362
______________________________________________________________________

08.31.94 CVE: Not Available
Platform: Web Application
Title: WordPress Wp Downloads Manager Module "upload.php" Arbitrary
File Upload
Description: The Wp Downloads Manager module is a plugin for
WordPress. The application is exposed to an issue that lets attackers
upload and execute arbitrary code. This issue occurs because the
application fails to sufficiently sanitize user-supplied file
extensions before uploading files onto the web server via the
"upload.php" script. Wp Downloads Manager version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/30365
______________________________________________________________________

08.31.95 CVE: Not Available
Platform: Web Application
Title: XRMS 1.99.2 Multiple Remote Vulnerabilities
Description: XRMS is a customer relation management (CRM) application.
The application is exposed to multiple remote issues. Exploiting these
issues could allow an attacker to steal cookie-based authentication
credentials and execute arbitrary code within the context of the
web server process. XRMS version 1.99.2 is affected.
Ref: http://www.securityfocus.com/bid/30369
______________________________________________________________________

08.31.96 CVE: Not Available
Platform: Web Application
Title: CMScout "common.php" Local File Include
Description: CMScout is a content manager. The application is exposed
to a local file include issue because it fails to properly sanitize
user-supplied input to the "bit" parameter of the "common.php" script.
CMScout version 2.05 is affected.
Ref: http://www.securityfocus.com/bid/30385
______________________________________________________________________

08.31.97 CVE: Not Available
Platform: Web Application
Title: TalkBack "help.php" Local File Include
Description: TalkBack is a web-based application implemented in PHP.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "language"
parameter of the "help.php" script. TalkBack version 2.3.5 is
affected.
Ref: http://www.securityfocus.com/bid/30393
______________________________________________________________________

08.31.98 CVE: CVE-2008-3199
Platform: Web Application
Title: Pixelpost "index.php" Local File Include
Description: Pixelpost is a photoblog application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language_full" parameter of the
"index.php" script. Pixelpost versions 1.7.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/494817
______________________________________________________________________

08.31.99 CVE: Not Available
Platform: Web Application
Title: Trac Unspecified Quickjump Function URI Redirection
Description: Trac is a wiki and issue-tracking system. Trac is exposed
to a remote URI redirection issue because it fails to properly
sanitize user-supplied input in the quickjump function. Trac versions
prior to 0.10.5 are affected.
Ref: http://trac.edgewall.org/wiki/ChangeLog
______________________________________________________________________

08.31.100 CVE: Not Available
Platform: Web Application
Title: Jamroom Cookie Authentication Bypass Vulnerability and Multiple
Unspecified Security Vulnerabilities
Description: Jamroom is a web-based content manager for artists. The
application is exposed to fourteen security issues, including an
authentication-bypass issue because the application fails to
adequately verify user-supplied input used for cookie-based
authentication.
Ref: http://www.securityfocus.com/archive/1/494820
______________________________________________________________________

08.31.101 CVE: Not Available
Platform: Web Application
Title: ATutor "import.php" Remote File Include
Description: ATutor is a web-based content manager. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "type" parameter of
the "tools/packages/import.php" script. ATutor versions 1.6.1-pl1 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/30412
______________________________________________________________________

08.31.102 CVE: Not Available
Platform: Web Application
Title: IDevSpot BizDirectory Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: IDevSpot BizDirectory is a business listing directory.
Since it fails to sufficiently sanitize user-supplied input,
BizDirectory is exposed to multiple input validation issues which are
caused by a failure to sufficiently sanitize user-supplied data.
IDevSpot BizDirectory versions prior to 2.07 are affected.
Ref: http://idevspot.com/forum/index.php/topic,764.0.html
______________________________________________________________________

08.31.103 CVE: Not Available
Platform: Web Application
Title: Cerberus Content Management System "cerberus_user" Cookie
Parameter HTML Injection
Description: Cerberus Content Management System is a web-based content
manager. The application is exposed to an HTML injection issue because
it fails to properly sanitize user supplied input before using it in
dynamically generated content. This issue affects the "cerberus_user"
cookie parameter. Cerberus Content Management System version 3_1.3_0.9
is affected.
Ref: http://www.securityfocus.com/bid/30416
______________________________________________________________________

08.31.104 CVE: Not Available
Platform: Web Application
Title: miniBB RSS Plugin Multiple Remote File Include Vulnerabilities
Description: miniBB is a web-based bulletin board application. The RSS
plugin provides XML RSS feeds for miniBB forums. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the following parameters
of the "rss2.php" script: "premodDir" and "pathToFiles".
Ref: http://www.securityfocus.com/archive/1/494861
______________________________________________________________________

08.31.105 CVE: Not Available
Platform: Web Application
Title: HTTrack URI Parsing Remote Buffer Overflow
Description: HTTrack is a utility used for creating mirrors of web
sites so they can be stored for offline browsing. HTTrack is exposed
to a remote buffer overflow issue because of insufficient boundary
checks when parsing long URIs. This issue is caused by incorrect
length validation of URIs used on the command-line. HTTrack versions
prior to 3.42-3 are affected.
Ref: http://www.httrack.com/history.txt
______________________________________________________________________

08.31.106 CVE: Not Available
Platform: Web Application
Title: Unreal Tournament 2004 NULL Pointer Remote Denial of Service
Description: Unreal Tournament 2004 is a multiplayer
first-person-shooter game. The game is exposed to a remote denial of
service issue because it fails to handle NULL-pointer exceptions.
Specifically, the issue occurs when sending a specific sequence of
crafted packets to the game server. Unreal Tournament 2004 versions
3369 and earlier are affected.
Ref: http://aluigi.org/adv/ut2004null-adv.txt
______________________________________________________________________

08.31.107 CVE: Not Available
Platform: Web Application
Title: JnSHosts PHP Hosting Directory "admin.php" Remote File Include
Description: PHP Hosting Directory is a web-based application
implemented in PHP. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "rd" parameter of the include/admin.php" script. PHP
Hosting Directory version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30428
______________________________________________________________________

08.31.108 CVE: Not Available
Platform: Web Application
Title: ScrewTurn Software ScrewTurn Wiki
Description: ScrewTurn Wiki is a Wiki engine implemented in C# for the
ASP.NET 2.0 platform. The application is exposed to an HTML injection
issue because it fails to properly sanitize user-supplied input before
using it in dynamically generated content. ScrewTurn Wiki versions
2.0.29 and 2.0.30 are affected.
Ref: http://www.portcullis.co.uk/281.php
______________________________________________________________________

08.31.109 CVE: Not Available
Platform: Web Application
Title: Unreal Tournament 3 Denial of Service and Memory Corruption
Vulnerabilities
Description: Unreal Tournament 3 is a multiplayer first-person-shooter
game. The game is exposed to multiple remote issues. Unreal Tournament
versions 3 1.3beta4 and 3 1.2 and earlier are affected.
Ref: http://aluigi.org/adv/ut3mendo-adv.txt
______________________________________________________________________

08.31.110 CVE: Not Available
Platform: Web Application
Title: PhpWebGallery Information Disclosure
Description: PhpWebGallery is a PHP-based photo gallery. PhpWebGallery
is exposed to a remote information disclosure issue because it fails
to properly secure sensitive content. PhpWebGallery versions prior to
1.7.2 are affected.
Ref: http://www.securityfocus.com/bid/30431
______________________________________________________________________

08.31.111 CVE: Not Available
Platform: Web Application
Title: InfoMining BookMine SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: BookMine is a web-based book management application.
Since it fails to sufficiently sanitize user-supplied input, BookMine
is exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/30432
______________________________________________________________________

08.31.112 CVE: Not Available
Platform: Web Application
Title: Unica Affinium Campaign Multiple Remote Vulnerabilities
Description: Affinium Campaign is a web-based campaign management
solution. The application is exposed to
multiple issues. Affinium Campaign version 7.2.1.0.55 is affected.
Ref: http://www.portcullis.co.uk/286.php
______________________________________________________________________

08.31.113 CVE: Not Available
Platform: Network Device
Title: Axesstel AXW-D800 Multiple Remote Authentication Bypass
Vulnerabilities
Description: Axesstel AXW-D800 is a wireless modem. The application is
exposed to multiple authentication bypass issues. Specifically, the
application fails to restrict access to certain administrative scripts
which are used to modify the modem's configuration settings.
Ref: http://www.securityfocus.com/archive/1/494815
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkiSK9sACgkQ+LUG5KFpTkY+qwCfTwQ/pnA7wI5zOXlgG2Aec2wv
4VgAn31AVam6de2lYF1ayqY4oxIUu/oA
=F1mw
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]