NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 35

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Aug 28 2008 - 16:42:36 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A nice week! Nothing extremely critical.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
August 28, 2008 Vol. 7. Week 35
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1
Third Party Windows Apps 6 (#1, #2, #3)
Linux 3 (#6)
BSD 1
Solaris 3
Unix 1
Cross Platform 13 (#4, #5)
Web Application - Cross Site Scripting 14
Web Application - SQL Injection 32
Web Application 32
Network Device 1

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) HIGH: JustSystems Ichitaro Remote Code Execution Vulnerability
(2) HIGH: Novell iPrint Client ActiveX Control Multiple Vulnerabilities
(3) HIGH: Anzio Web Print Object Buffer Overflow
(4) MODERATE: LibTIFF Decoding Buffer Underflow
(5) MODERATE: OpenOffice.org Memory Allocation Remote Code Execution
(6) LOW: Red Hat Enterprise and Fedora Linux Distributions Possible Package Compromise

************* Sponsored By SANS Forensics Summit ***********************

Join other professionals at the Forensics & Incident Response Summit
October 13-14. Discuss the latest processes and technologies for
effective incident response and mitigation, forensic analysis, and
recovery as a result of a data breach in any size organization. Hear
what your peers are doing in this space and what the best tools are.
http://www.sans.org/info/32243
*************************************************************************
TRAINING UPDATE:
SANS NETWORK SECURITY 2008 - LAS VEGAS September 28-October 6.
Fifty courses including the much sought after new penetration testing
and secure coding courses. A big exhibit; a big evening program. By far
the best value on security education. Discount deadline September 3.
http://www.sans.org/ns2008
ADDITIONAL TRAINING UPDATE
- - Chicago (9/3-9/10) http://www.sans.org/chicago08 AUDIT & COMPLIANCE
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
08.35.1 - Microsoft Windows Media Services "nskey.dll" ActiveX Control Remote Buffer Overflow
-- Third Party Windows Apps
08.35.2 - RhinoSoft Serv-U SFTP Remote Denial of Service
08.35.3 - Anzio Web Print Object ActiveX Control Remote Buffer Overflow
08.35.4 - Novell iPrint Client ActiveX Control Multiple Remote Vulnerabilities
08.35.5 - SoftArtisans XFile FileManager ActiveX Control Multiple Buffer Overflow Vulnerabilities
08.35.6 - JustSystems Ichitaro Document Handling Unspecified Code Execution
08.35.7 - HP OpenVMS "SMGSHR.EXE" Local Buffer Overflow
-- Linux
08.35.8 - Red Hat OpenSSH Backdoor
08.35.9 - Samba Group Mappings File Insecure Permissions Local Security Issue
08.35.10 - Linux Kernel "sctp_setsockopt_auth_key()" Remote Denial of Service
-- BSD
08.35.11 - NetBSD PPPoE Discovery Packet Remote Denial of Service
-- Solaris
08.35.12 - Sun Solaris NFSv4 Client Kernel Module Local Denial of Service
08.35.13 - Sun Solaris NFS Kernel Module Local Denial of Service
08.35.14 - Sun Solaris NFS RPC Local Denial of Service
-- Unix
08.35.15 - LibTIFF "tif_lzw.c" Remote Integer Underflow
-- Cross Platform
08.35.16 - Avaya SES Authentication Bypass Vulnerability and Information Disclosure Weakness
08.35.17 - Opera Web Browser 9.51 Multiple Security Vulnerabilities
08.35.18 - llcon Protocol Message Remote Denial of Service
08.35.19 - PowerDNS Source Port Randomization Remote Cache Poisoning
08.35.20 - libxml2 Recursive Entity Remote Denial of Service
08.35.21 - Vim Insufficient Shell Escaping Multiple Command Execution Vulnerabilities
08.35.22 - xine-lib 1.1.14 and Prior Multiple Remote Vulnerabilities
08.35.23 - libmodplug "s3m" Remote Buffer Overflow
08.35.24 - Ruby REXML Remote Denial of Service
08.35.25 - Multiple Vendor "inet_net_pton()" Function Integer Overflow Weakness
08.35.26 - VLC Media Player "mmstu.c" MMS Protocol Handling Buffer Overflow
08.35.27 - DriveCrypt Incorrect BIOS API Usage Security
08.35.28 - GPicView Multiple Local Security Vulnerabilities
-- Web Application - Cross Site Scripting
08.35.29 - NOAH Unspecified Cross-Site Scripting
08.35.30 - vBulletin "$newpm[title]" Parameter Cross-Site Scripting
08.35.31 - BandSite CMS Cross Site Scripting and Information Disclosure Vulnerabilities
08.35.32 - TimeTrex Time and Attendance Module Multiple Cross-Site Scripting Vulnerabilities
08.35.33 - DxShopCart "search.php" Cross-Site Scripting
08.35.34 - Accellion File Transfer Multiple Cross-Site Scripting Vulnerabilities
08.35.35 - PicturesPro Photo Cart Search Cross-Site Scripting
08.35.36 - GMOD GBrowse Unspecified Cross-Site Scripting
08.35.37 - AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities
08.35.38 - Civic Website Manager Multiple Cross-Site Scripting Vulnerabilities
08.35.39 - mysql-lists Unspecified Cross Site Scripting
08.35.40 - Smart Survey "surveyresults.asp" Cross Site Scripting
08.35.41 - MatterDaddy Market "admin/login.php" Cross Site Scripting
08.35.42 - Educe ASP Search Engine "search.asp" Cross-Site Scripting
-- Web Application - SQL Injection
08.35.43 - Active PHP Bookmarks "id" Parameter SQL Injection
08.35.44 - YourFreeWorld Programs Rating Script "id" Parameter SQL Injection
08.35.45 - YourFreeWorld Forced Matrix Script
08.35.46 - YourFreeWorld Classifieds Script "category" Parameter SQL Injection
08.35.47 - YourFreeWorld Ad-Exchange Script "id" Parameter SQL Injection
08.35.48 - YourFreeWorld Viral Marketing Script "id" Parameter SQL Injection
08.35.49 - YourFreeWorld URL Rotator Script "id" Parameter SQL Injection
08.35.50 - YourFreeWorld Stylish Text Ads Script "id" Parameter SQL Injection
08.35.51 - YourFreeWorld Short Url & Url Tracker Script "id" Parameter SQL Injection
08.35.52 - itMedia Multiple SQL Injection Vulnerabilities
08.35.53 - SFS Affiliate Directory "id" Parameter SQL Injection
08.35.54 - YourFreeWorld Ad Board Script "id" Parameter SQL Injection
08.35.55 - K Web CMS "sayfala.asp" SQL Injection
08.35.56 - SunShop Shopping Cart "class.ajax.php" Multiple SQL Injection Vulnerabilities
08.35.57 - Papoo "suchanzahl" Parameter SQL Injection
08.35.58 - YourFreeWorld Banner Management Script "id" Parameter SQL Injection
08.35.59 - Scripts4Profit DXShopCart "pid" Parameter SQL Injection
08.35.60 - phpBazar "adid" Parameter SQL Injection
08.35.61 - Simasy CMS "id" Parameter SQL Injection
08.35.62 - QuidaScript FAQ Management Script "catid" Parameter SQL Injection
08.35.63 - webEdition CMS "we_objectID" Parameter SQL Injection
08.35.64 - PicturesPro Photo Cart Multiple SQL Injection Vulnerabilities
08.35.65 - CustomCMS CCMS Gaming "print.php" SQL Injection
08.35.66 - MiaCMS "com_content" SQL Injection
08.35.67 - Web Directory Script "listing_view.php" SQL Injection
08.35.68 - Matterdaddy Market Multiple SQL Injection Vulnerabilities
08.35.69 - BtiTracker and xbtit "scrape.php" SQL Injection
08.35.70 - Calendarix Multiple SQL Injection Vulnerabilities
08.35.71 - Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities
08.35.72 - Z-Breaknews "single.php" SQL Injection
08.35.73 - Kolifa.net Download Script "indir.php" SQL Injection
08.35.74 - iFdate "members_search.php" SQL Injection
-- Web Application
08.35.75 - Interleave Information Disclosure Vulnerabilities
08.35.76 - Vanilla 1.1.4 HTML Injection and Cross-Site Scripting Vulnerabilities
08.35.77 - Aurora Password Manager System Tray Icon Information Disclosure
08.35.78 - WordPress "get_edit_post_link()" & "get_edit_comment_link()" Multiple Eavesdropping Vulnerabilities
08.35.79 - GE Fanuc Proficy Information Portal HTTP Basic Authentication Information Disclosure
08.35.80 - Folder Lock Weak Password Encryption Local Information Disclosure
08.35.81 - Pars4U Videosharing SQL Injection and Cross Site Scripting Vulnerabilities
08.35.82 - Fujitsu Web-Based Admin View Directory Traversal
08.35.83 - FAR-PHP "index.php" Local File Include
08.35.84 - EasySite Multiple Local File Include Vulnerabilities
08.35.85 - tinyCMS "templater.php" Local File Include
08.35.86 - LacoodaST and La!cooda WIZ Multiple Remote Vulnerabilities
08.35.87 - Trend Micro Web Management Authentication Bypass
08.35.88 - ACG-PTP "index.php" Multiple HTML Injection Vulnerabilities
08.35.89 - One-News Multiple Input Validation Vulnerabilities
08.35.90 - Five Star Review SQL Injection and Cross Site Scripting Vulnerabilities
08.35.91 - GNU ed File Processing "strip_escapes()" Heap Overflow
08.35.92 - NoName Script Multiple Remote Vulnerabilities
08.35.93 - AWStats Totals "sort" Parameter Remote Command Execution Vulnerabilities
08.35.94 - Simple PHP Blog 0.5.0 Multiple Remote Vulnerabilities
08.35.95 - Pluck "index.php" Multiple Local File Include Vulnerabilities
08.35.96 - ezContents CMS Multiple Local File Include Vulnerabilities
08.35.97 - PHP-Ultimate Webboard "admindel.php" Multiple Input Validation Vulnerabilities
08.35.98 - Bluemoon inc. PopnupBlog "index.php" Multiple Cross-Site Scripting Vulnerabilities
08.35.99 - Xen "XSM:Flask" Module Multiple Local Buffer Overflow Vulnerabilities
08.35.100 - TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
08.35.101 - K-Rate Multiple Input Validation Vulnerabilities
08.35.102 - ZoneMinder Multiple Input Validation Security Vulnerabilities
08.35.103 - HP System Management Homepage (SMH) "message.php" Cross Site Scripting
08.35.104 - Thickbox Gallery "conf/admins.php" Information Disclosure
08.35.105 - CMME Multiple Remote Security Vulnerabilities
08.35.106 - Kyocera Mita Scanner File Utility File Transfer Directory Traversal
-- Network Device
08.35.107 - Intel System Management Mode Local Privilege Escalation

************************** Sponsored Links ****************************
1) Register for Control Systems Cyber Security Training. SANS Process
Control and SCADA Summit September 8-9 - Amsterdam, NL.
http://www.sans.org/info/32248
***********************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: JustSystems Ichitaro Remote Code Execution Vulnerability
Affected:
JustSystems Ichitaro versions 2008 and possibly prior

Description: JustSystems Ichitaro is the second most popular word
processing application in Japan, and is popular throughout Asia. It
contains a remote code execution vulnerability in its handling of
documents. A specially crafted document could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Depending upon configuration, such
documents may be opened by the vulnerable application upon receipt,
without first prompting the user. According to reports, this flaw is
being actively exploited in the wild.

Status: Vendor confirmed, no updates available.

References:
JustSystems Advisory (Japanese)
http://www.justsystems.com/jp/info/pd8002.html
Product Home Page
http://www.ichitaro.com/
SecurityFocus BID
http://www.securityfocus.com/bid/30828

********************************************************

(2) HIGH: Novell iPrint Client ActiveX Control Multiple Vulnerabilities
Affected:
Novell iPrint Client ActiveX Control versions 5.06 and prior

Description: Novell iPrint is a popular network document printing
solution. Part of its client's functionality is implemented as an
ActiveX control. This control contains multiple vulnerabilities in its
handling of a variety of parameters and methods. A specially crafted web
page that instantiates this control could trigger one of these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the current user. Additional vulnerabilities range from
arbitrary file overwrites to information disclosure. Technical details
are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available. However, it is thought that
the available updates to not address all issues. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism. Note that this will affect normal
application functionality.

References:
Secunia Security Advisories
http://secunia.com/secunia_research/2008-27/advisory/
http://secunia.com/secunia_research/2008-30/advisory/
Novell Download Page
http://download.novell.com/Download?buildid=_BILqzyqc2g~
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/30813

********************************************************

(3) HIGH: Anzio Web Print Object Buffer Overflow
Affected:
Anzio Web Print Object ActiveX Control versions prior to 3.2.30

Description: The Anzio Web Print Object (WePO) is a popular "push"
printing solution. Its functionality is provided by an ActiveX control.
This control contains a buffer overflow in its handling of its "mainurl"
parameter. A specially crafted web page that instantiates this control
could trigger this buffer overflow, allowing an attacker to execute
arbitrary code with the privileges of the current user. Technical
details are publicly available for this vulnerability. A simple
proof-of-concept is also publicly available for this vulnerability.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control using
Microsoft's "kill bit" mechanism using CLSID
"4CE8026D-5DBF-48C9-B6E9-14A2B1974A3D". Note that this will affect
normal application functionality.

References:
Core Security Advisory
http://www.coresecurity.com/content/anzio-web-print-object-buffer-overflow
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/30545.html
Product Home Page
http://www.anzio.com/download-wepo.htm
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/30545

********************************************************

(4) MODERATE: LibTIFF Decoding Buffer Underflow
Affected:
LibTIFF versions 3.x

Description: LibTIFF is a decoding and manipulation library for the
Tagged Image File Format (TIFF), a popular image format. It contains a
flaw in its decoding of compressed TIFF data. A specially crafted TIFF
file could trigger this flaw, leading to a buffer underflow condition.
It is believed that this flaw could potentially lead to remote code
execution with the privileges of the vulnerable process, though this is
not confirmed. Full technical details for this vulnerability are
publicly available via source code analysis.

Status: Vendor has not confirmed, no updates available. Some
distributors have patched their systems.

References:
Debian Security Advisory
http://security-tracker.debian.net/tracker/CVE-2008-2327
Wikipedia Article on TIFF
http://en.wikipedia.org/wiki/Tagged_Image_File_Format
LibTIFF Home Page
http://www.libtiff.org/
SecurityFocus BID
http://www.securityfocus.com/bid/30832

********************************************************

(5) MODERATE: OpenOffice.org Memory Allocation Remote Code Execution
Affected:
OpenOffice.org versions 2.4.1 and prior

Description: OpenOffice.org is a popular cross-platform free office
suite, installed by default on numerous Linux- and Unix-based operating
systems. It is also available for Microsoft Windows and Mac OS X. It
contains a flaw in its handling of certain constructs in OpenOffice.org
documents. A specially crafted document could trigger this flaw, leading
to a misallocation of memory. Successfully exploiting this vulnerability
would allow an attacker to execute arbitrary code with the privileges
of the current user. Note that only OpenOffice.org on 64-bit platforms
is vulnerable. Note that, depending upon configuration, documents may
be opened by the vulnerable application upon receipt, without first
prompting the user. Full technical details for this vulnerability are
available via source code analysis.

Status: Vendor confirmed, updates available.

References:
OpenOffice.org Issue Tracker
http://www.openoffice.org/issues/show_bug.cgi?id=92217
OpenOffice.org Home Page
http://www.openoffice.org
SecurityFocus BID
http://www.securityfocus.com/bid/30866

********************************************************

(6) LOW: Red Hat Enterprise and Fedora Linux Distributions Possible Package Compromise
Affected:
Red Hat Enterprise Linux versions 4 and 5
Fedora Linux

Description: Red Hat, a major north American Linux vendor, and Fedora,
a popular free Linux distribution sponsored by Red Hat, suffered a
security breach. The attacker was able to sign and possibly modify
several packages for these operating systems, including the OpenSSH
server package. It is not currently believed that the attacker was able
to inject these packages into the automated update stream, but Red Hat
is advising users to double-check their systems to ensure that no
tainted packages were installed. Details on how to verify systems is
available in the links below.

Status: Vendor confirmed, updates available.

References:
Fedora Infrastructure Report
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
Red Hat Security Advisory
http://rhn.redhat.com/errata/RHSA-2008-0855.html
Red Hat Home Page
http://www.redhat.com
OpenSSH Home Page
http://www.openssh.com/

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 35, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.35.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Media Services "nskey.dll" ActiveX Control
Remote Buffer Overflow
Description: Windows Media Services (WMS) is a steaming media server
from Microsoft. The Microsoft Windows Media Services ActiveX control
is exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. "nskey.dll" version
4.1.00.3917 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.35.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: RhinoSoft Serv-U SFTP Remote Denial of Service
Description: RhinoSoft Serv-U is an FTP server for Windows platform.
The application is exposed to a remote denial of service issue that
arises when the application creates directories and logs SFTP commands
during SFTP sessions. Serv-U versions prior to 7.2.0.1 are affected.
Ref: http://www.serv-u.com/releasenotes/
______________________________________________________________________

08.35.3 CVE: CVE-2008-3480
Platform: Third Party Windows Apps
Title: Anzio Web Print Object ActiveX Control Remote Buffer Overflow
Description: Anzio Web Print Object is an ActiveX object that allows
users to push print jobs from files to a user's printer without
displaying it in HTML. Anzio Web Print Object ActiveX control is
exposed to a heap-based buffer overflow issue because the application
fails to perform adequate boundary checks on user-supplied input.
Ref:
http://www.coresecurity.com/content/anzio-web-print-object-buffer-overflow
______________________________________________________________________

08.35.4 CVE: CVE-2008-2431, CVE-2008-2432
Platform: Third Party Windows Apps
Title: Novell iPrint Client ActiveX Control Multiple Remote
Vulnerabilities
Description: Novell iPrint Client ActiveX control is a client
application for printing over the Internet. The control is exposed to
multiple remote buffer overflow issues because it fails to properly
bounds check user-supplied input. iPrint Client versions 4.36 and 5.04
are affected.
Ref: http://secunia.com/secunia_research/2008-30/advisory/
______________________________________________________________________

08.35.5 CVE: CVE-2007-1682
Platform: Third Party Windows Apps
Title: SoftArtisans XFile FileManager ActiveX Control Multiple Buffer
Overflow Vulnerabilities
Description: SoftArtisans XFile is an application that allows users to
transfer files. FileManager is an ActiveX component of XFile. The
application is exposed to multiple buffer overflow issues because it
fails to perform adequate boundary checks on user-supplied data.
SoftArtisans XFile versions prior to 2.4.0 are affected.
Ref: http://www.kb.cert.org/vuls/id/914785
______________________________________________________________________

08.35.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: JustSystems Ichitaro Document Handling Unspecified Code
Execution
Description: Ichitaro is a word processor available for Microsoft
Windows. The application is exposed to an unspecified code execution
issue. Attackers may exploit this issue by enticing a victim to open a
crafted ".JTD" document. Ichitaro 2008 is affected.
Ref: http://www.securityfocus.com/bid/30828
______________________________________________________________________

08.35.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP OpenVMS "SMGSHR.EXE" Local Buffer Overflow
Description: OpenVMS is a mainframe-like operating system originally
developed by Digital. It is maintained and distributed by HP. OpenVMS
is exposed to a local buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input.
Ref: http://mail.openvms.org:8100/Lists/alerts/Message/837.html
______________________________________________________________________

08.35.8 CVE: Not Available
Platform: Linux
Title: Red Hat OpenSSH Backdoor
Description: OpenSSH is a free implementation of the Secure Shell
protocol suite. It is available for various operating systems. OpenSSH
running on Red Hat operating systems are exposed to a backdoor issue;
as the attackers have managed to sign and deploy rogue OpenSSH packages
to the software repository. OpenSSH running on the following operating
systems are affected: Red Hat Enterprise Linux 4 i386, x86_64 and Red
Hat Enterprise Linux 5 x86_64.
Ref:
http://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html
______________________________________________________________________

08.35.9 CVE: Not Available
Platform: Linux
Title: Samba Group Mappings File Insecure Permissions Local Security Issue
Description: Samba is exposed to a local security issue because it
sets insecure permissions for a certain configuration file.
Specifically, the "group_mapping.tdb" file is recreated with the
permissions set to "0666" if the file was previously deleted. Samba
version 3.2.0 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073
______________________________________________________________________

08.35.10 CVE: CVE-2008-3526
Platform: Linux
Title: Linux Kernel "sctp_setsockopt_auth_key()" Remote Denial of
Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to properly handle user-supplied input. This
issue occurs because of inadequate checks in the
"sctp_setsockopt_auth_key()" function of the "net/sctp/socket.c"
source file. Linux kernel versions prior to 2.6.24-rc1 are affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/861
______________________________________________________________________

08.35.11 CVE: Not Available
Platform: BSD
Title: NetBSD PPPoE Discovery Packet Remote Denial of Service
Description: NetBSD is exposed to a remote denial of service issue
that occurs because of insufficient length checks to tags within PPPoE
(Point-to-Point Protocol over Ethernet) discovery packets. An attacker
can exploit this issue to crash the affected computer, denying service
to legitimate users.
Ref: http://www.securityfocus.com/bid/30838
______________________________________________________________________

08.35.12 CVE: Not Available
Platform: Solaris
Title: Sun Solaris NFSv4 Client Kernel Module Local Denial of Service
Description: Sun Solaris is an operating system developed by Sun
Microsystems. Sun Solaris is exposed to a local denial of service
issue that affects the NFSv4 client kernel module.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240546-1
______________________________________________________________________

08.35.13 CVE: Not Available
Platform: Solaris
Title: Sun Solaris NFS Kernel Module Local Denial of Service
Description: Sun Solaris is a UNIX-based operating system. Sun Solaris
is exposed to a local denial of service issue. A local unprivileged
attacker can exploit this issue to cause a system panic that will
result in a denial of service condition. Solaris 10 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241066-1
______________________________________________________________________

08.35.14 CVE: Not Available
Platform: Solaris
Title: Sun Solaris NFS RPC Local Denial of Service
Description: Sun Solaris is a UNIX-based operating system. Sun Solaris
is exposed to a local denial of service issue in the NFS Remote
Procedure Calls (RPC) zones implementation.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240866-1
______________________________________________________________________

08.35.15 CVE: CVE-2008-2327
Platform: Unix
Title: LibTIFF "tif_lzw.c" Remote Integer Underflow
Description: LibTIFF is a library for reading and manipulating Tag
Image File Format (TIFF) files. It is freely available for UNIX and
UNIX-like operating systems as well as Microsoft Windows. The library
is exposed to an integer underflow issue because it fails to
bounds check user-supplied input before copying it into an
insufficiently sized memory buffer. LibTIFF versions 3.7.2 and 3.8.2
are affected.
Ref: http://security-tracker.debian.net/tracker/CVE-2008-2327
______________________________________________________________________

08.35.16 CVE: Not Available
Platform: Cross Platform
Title: Avaya SES Authentication Bypass Vulnerability and Information
Disclosure Weakness
Description: SIP Enablement Services server is a Session Initiation
Protocol (SIP) management application for SIP routers produced by
Avaya. The application is exposed to an authentication bypass issue
because it fails to protect access to the router's system-update
section of the interface. Avaya SES versions 5.0 and CM 5.0 on S8300C
with SES enabled are affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
______________________________________________________________________

08.35.17 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.51 Multiple Security Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. Opera is exposed to multiple security issues. Opera
versions prior to 9.52 are affected.
Ref: http://www.opera.com/support/search/view/896/
______________________________________________________________________

08.35.18 CVE: Not Available
Platform: Cross Platform
Title: llcon Protocol Message Remote Denial of Service
Description: llcon is a client/server communication application that
enables musicians to play together over the Internet. The application
is exposed to a denial of service issue because the application fails
to handle malformed protocol messages. llcon version 2.1.1 is
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=158367&release_id=619929
______________________________________________________________________

08.35.19 CVE: CVE-2008-3217
Platform: Cross Platform
Title: PowerDNS Source Port Randomization Remote Cache Poisoning
Description: A remote DNS cache-poisoning issue affects PowerDNS
because it fails to use a secure random number generator when
selecting UDP source ports. Attackers may leverage this issue to
manipulate cache data, potentially facilitating man in the middle,
site impersonation, or denial of service attacks. PowerDNS versions
prior to 3.1.6 are affected.
Ref: http://doc.powerdns.com/changelog.html
______________________________________________________________________

08.35.20 CVE: CVE-2008-3281
Platform: Cross Platform
Title: libxml2 Recursive Entity Remote Denial of Service
Description: The libxml2 library is a freely available package that is
used to parse and create XML content. The libxml2 library is exposed
to a denial of service issue because it fails to handle recursive
entities contained in XML files.
Ref: http://www.securityfocus.com/bid/30783
______________________________________________________________________

08.35.21 CVE: Not Available
Platform: Cross Platform
Title: Vim Insufficient Shell Escaping Multiple Command Execution
Vulnerabilities
Description: Vim is a text editor available for multiple operating
platforms. The application is exposed to multiple command execution
issues because it fails to sufficiently sanitize user-supplied data.
Vim version 7.2 is affected.
Ref: http://www.securityfocus.com/archive/1/495703
______________________________________________________________________

08.35.22 CVE: Not Available
Platform: Cross Platform
Title: xine-lib 1.1.14 and Prior Multiple Remote Vulnerabilities
Description: The "xine" application is a media player; xine-lib is the
core library for applications that use xine. Attackers can exploit
these issues to execute arbitrary code in the context of applications
that use the library or cause a denial of service condition. xine-lib
versions 1.1.14 and earlier are affected.
Ref: http://www.ocert.org/analysis/2008-008/analysis.txt
______________________________________________________________________

08.35.23 CVE: Not Available
Platform: Cross Platform
Title: libmodplug "s3m" Remote Buffer Overflow
Description: The libmodplug library allows various media players to
play various media formats. The library is exposed to a remote buffer
overflow issue that occurs because it fails to perform adequate
boundary checks on user-supplied data. libmodplug version 0.8.4 is
affected.
Ref: http://www.securityfocus.com/bid/30801
______________________________________________________________________

08.35.24 CVE: Not Available
Platform: Cross Platform
Title: Ruby REXML Remote Denial of Service
Description: Ruby is an object-oriented scripting language. REXML is a
module used to create and parse XML content. Ruby is exposed to a
remote denial of service issue in its REXML module. Ruby versions up
to and including 1.9.0-3 are affected.
Ref:
http://weblog.rubyonrails.com/2008/8/23/dos-vulnerabilities-in-rexml
______________________________________________________________________

08.35.25 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor "inet_net_pton()" Function Integer Overflow
Weakness
Description: The "inet_net_pton()" function is used to convert a
string representation of an IP addresses into a network-format binary
representation. OpenBSD version 4.3, Mac OS X version 10.5 and ISC
BIND version 9.5.0-P2 is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064051.html
______________________________________________________________________

08.35.26 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player "mmstu.c" MMS Protocol Handling Buffer Overflow
Description: VLC is a cross-platform media player that can be used to
serve streaming data. VLC is exposed to a heap-based buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This occurs within the "modulesaccessmmsmmstu.c"
source file when parsing MMS protocol data. VLC media player version
0.8.6i is affected.
Ref:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048504.html
______________________________________________________________________

08.35.27 CVE: Not Available
Platform: Cross Platform
Title: DriveCrypt Incorrect BIOS API Usage Security
Description: DriveCrypt is an application that allows users to encrypt
data contained in a storage device. DriveCrypt is exposed to a
security issue that may allow attackers to cause a denial of service
condition, allowing attackers to gain access to plain text passwords.
DriveCrypt Plus Pack version 3.9 is affected.
Ref: http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html
______________________________________________________________________

08.35.28 CVE: Not Available
Platform: Cross Platform
Title: GPicView Multiple Local Security Vulnerabilities
Description: GPicView is an open source image viewer. GPicView is
affected by multiple local security issues. An attacker may leverage
these issues to overwrite arbitrary files with the privileges of the
user running the application. GPicView version 0.1.9 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495968
______________________________________________________________________

08.35.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NOAH Unspecified Cross-Site Scripting
Description: NOAH (The Nordicwind Document Management System) is a
central repository document management system. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize unspecified user-supplied input. NOAH versions prior to 3.2.2
are affected.
Ref: http://www.nordicwind.ca/noah/bugs/inputval.html
______________________________________________________________________

08.35.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: vBulletin "$newpm[title]" Parameter Cross-Site Scripting
Description: vBulletin is Internet forum software. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "$newpm[title]" parameter before
displaying it on a private message presented to users. vBulletin
versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 are affected.
Ref: http://www.securityfocus.com/archive/1/495631
______________________________________________________________________

08.35.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BandSite CMS Cross-Site Scripting and Information Disclosure
Vulnerabilities
Description: BandSite CMS is a PHP-based content manager. The
application is exposed to multiple remote issues. A cross-site
scripting issue exists because the application fails to sufficiently sanitize
user-supplied input to the "type" parameter of the "merchandise.php"
script. An information disclosure issue affects the
"phpmydump.php" script. BandSite CMS version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/30788
______________________________________________________________________

08.35.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TimeTrex Time and Attendance Module Multiple Cross-Site
Scripting Vulnerabilities
Description: TimeTrex is payroll and time management software. The
application is expsoed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input to the "username"
and "password" parameters of the "Login.php" script. TimeTrex version
2.2.11 is affected.
Ref: http://www.securityfocus.com/archive/1/495678
______________________________________________________________________

08.35.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DxShopCart "search.php" Cross-Site Scripting
Description: DxShopCart is an e-commerce application. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "search" form field
in the "search.php" script. DxShopCart version 4.30mc is affected.
Ref: http://www.securityfocus.com/bid/30790
______________________________________________________________________

08.35.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Accellion File Transfer Multiple Cross-Site Scripting
Vulnerabilities
Description: Accellion File Transfer is a file transfer appliance.
Accellion File Transfer is exposed to multiple cross-site scripting
issues because it fails to properly sanitize user-supplied input
to the following HTML pages: "administrator forgot password" and
"forgot password". Accellion File Transfer version FTA_7_0_135 is
affected.
Ref:
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_XSS_Vulnerability_200808.txt
______________________________________________________________________

08.35.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PicturesPro Photo Cart Search Cross-Site Scripting
Description: PicturesPro Photo Cart is a web-based shopping cart
system. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
search function in the "index.php" script. Photo Cart version 3.9 is
affected.
Ref: http://www.securityfocus.com/bid/30798
______________________________________________________________________

08.35.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: GMOD GBrowse Unspecified Cross-Site Scripting
Description: GBrowse (Generic Genome Browser) is used to display
genomic annotations as interactive web pages. It is implemented in
Perl. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize unspecified user-supplied input.
GBrowse versions prior to 1.69 are affected.
Ref: http://gmod.org/wiki/GMOD_News#GBrowse_1.69_Released
______________________________________________________________________

08.35.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AN Guestbook Unspecified Cross-Site Scripting Vulnerabilities
Description: AN Guestbook (ANG) is a web-based guest book application.
It is implemented in PHP and MySQL. AN Guestbook is exposed to
multiple cross-site scripting issues because it fails to sanitize
user-supplied input to unspecified parameters. AN Guestbook versions
prior to 0.7.6 are affected.
Ref: http://www.securityfocus.com/bid/30830
______________________________________________________________________

08.35.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Civic Website Manager Multiple Cross-Site Scripting
Vulnerabilities
Description: Civic Website Manager is a web-based content management
application. Civic Website Manager is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input to
unspecified parameters. These issues affect the "Calendar" component.
Civic Website Manager versions prior to 1.0.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=234663&release_id=621954
______________________________________________________________________

08.35.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: mysql-lists Unspecified Cross-Site Scripting
Description: mysql-lists is an application provided by AquaGardenSoft.
mysql-lists is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input. mysql-lists
version 1.2 is affected.
Ref: http://jvn.jp/en/jp/JVN27417220/index.html
______________________________________________________________________

08.35.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Smart Survey "surveyresults.asp" Cross-Site Scripting
Description: Smart Survey is a customer feedback application
implemented in ASP. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "sid" parameter of the "surveyresults.asp"
script. Smart Survey version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/30841
______________________________________________________________________

08.35.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MatterDaddy Market "admin/login.php" Cross-Site Scripting
Description: Matterdaddy Market is a web-based classifieds system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "msg"
parameter of the "admin/login.php" script. MatterDaddy Market version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/30848
______________________________________________________________________

08.35.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Educe ASP Search Engine "search.asp" Cross-Site Scripting
Description: ASP Search Engine is an indexing and search application
implemented in ASP. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "look_for" parameter of the "search.asp"
script. ASP Search Engine version 1.5.6 is affected.
Ref: http://www.securityfocus.com/bid/30849
______________________________________________________________________

08.35.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Active PHP Bookmarks "id" Parameter SQL Injection
Description: Active PHP Bookmarks is a bookmark-management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "view_group.php" script before using it in an
SQL query. Active PHP Bookmarks version 1.1.02 is affected.
Ref: http://www.securityfocus.com/bid/30757
______________________________________________________________________

08.35.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Programs Rating Script "id" Parameter SQL
Injection
Description: YourFreeWorld Programs Rating Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "details.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30759
______________________________________________________________________

08.35.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Forced Matrix Script
Description: YourFreeWorld Forced Matrix Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr1.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30760
______________________________________________________________________

08.35.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Classifieds Script "category" Parameter SQL
Injection
Description: YourFreeWorld Classifieds Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"category" parameter of the "view.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/30761
______________________________________________________________________

08.35.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Ad-Exchange Script "id" Parameter SQL Injection
Description: YourFreeWorld Ad-Exchange Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30762
______________________________________________________________________

08.35.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Viral Marketing Script "id" Parameter SQL
Injection
Description: YourFreeWorld Viral Marketing Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30764
______________________________________________________________________

08.35.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld URL Rotator Script "id" Parameter SQL Injection
Description: YourFreeWorld URL Rotator Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30766
______________________________________________________________________

08.35.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Stylish Text Ads Script "id" Parameter SQL
Injection
Description: YourFreeWorld Stylish Text Ads Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr1.php" script before using it in an SQL
query.
Ref: http://www.yourfreeworld.com/script/textads.asp
______________________________________________________________________

08.35.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Short Url & Url Tracker Script "id" Parameter SQL
Injection
Description: YourFreeWorld Short Url & Url Tracker Script is a
web-based application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "tr.php" script before using it in an SQL
query.
Ref: http://www.yourfreeworld.com/script/shorturl.asp
______________________________________________________________________

08.35.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: itMedia Multiple SQL Injection Vulnerabilities
Description: itMedia is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "op" parameter of the
"galerija.php", "ponuda.php" and "slike.php" scripts before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/30740
______________________________________________________________________

08.35.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SFS Affiliate Directory "id" Parameter SQL Injection
Description: SFS Affiliate Directory is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"directory.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30741
______________________________________________________________________

08.35.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Ad Board Script "id" Parameter SQL Injection
Description: YourFreeWorld Ad Board Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "trr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30742
______________________________________________________________________

08.35.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: K Web CMS "sayfala.asp" SQL Injection
Description: K Web CMS is a content manager implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"sayfala.asp" script file before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30745
______________________________________________________________________

08.35.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SunShop Shopping Cart "class.ajax.php" Multiple SQL Injection
Vulnerabilities
Description: SunShop Shopping Cart is a web-based ecommerce
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "_POST[id]" variable in the "class.ajax.php" source file before
using it in an SQL query. SunShop Shopping Cart versions prior to
4.1.5 are affected.
Ref: http://www.securityfocus.com/archive/1/495578
______________________________________________________________________

08.35.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Papoo "suchanzahl" Parameter SQL Injection
Description: Papoo is a content manager. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "suchanzahl" parameter of the "index.php"
script. Papoo versions prior to 3.7.2 are affected.
Ref: http://www.papoo.de/cms-news-und-infos/security/patch1-10808.html

______________________________________________________________________

08.35.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Banner Management Script "id" Parameter SQL
Injection
Description: YourFreeWorld Banner Management Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30756
______________________________________________________________________

08.35.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts4Profit DXShopCart "pid" Parameter SQL Injection
Description: DXShopCart is a web-based shopping cart application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pid" parameter of the
"product_detail.php" script before using it in an SQL query.
DXShopCart version 4.30mc is affected.
Ref: http://www.securityfocus.com/bid/30772
______________________________________________________________________

08.35.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpBazar "adid" Parameter SQL Injection
Description: phpBazar is a classified ads script. phpBazar is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "adid" parameter of the "classified.php"
script before using it in an SQL query. phpBazar versions 2.0.2 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/30773
______________________________________________________________________

08.35.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simasy CMS "id" Parameter SQL Injection
Description: Simasy CMS is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30774
______________________________________________________________________

08.35.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuidaScript FAQ Management Script "catid" Parameter SQL
Injection
Description: QuidaScript FAQ Management Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter of the "index.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/30775
______________________________________________________________________

08.35.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: webEdition CMS "we_objectID" Parameter SQL Injection
Description: webEdition CMS is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "we_objectID"
parameter of an unspecified script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30778
______________________________________________________________________

08.35.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PicturesPro Photo Cart Multiple SQL Injection Vulnerabilities
Description: PicturesPro Photo Cart is a web-based shopping cart
system. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data before
using it in SQL queries. Photo Cart version 3.9 is affected.
Ref: http://www.securityfocus.com/bid/30786
______________________________________________________________________

08.35.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CustomCMS CCMS Gaming "print.php" SQL Injection
Description: CCMS Gaming is a commercially available web-based content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "print.php" script before using it in an SQL query.
CustomCMS CCMS Gaming version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/30787
______________________________________________________________________

08.35.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MiaCMS "com_content" SQL Injection
Description: MiaCMS is a commercially available web-based content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "com_content" component before using it in an SQL
query. MiaCMS versions up to and including 4.6.5 are affected.
Ref: http://www.securityfocus.com/bid/30805
______________________________________________________________________

08.35.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Web Directory Script "listing_view.php" SQL Injection
Description: Web Directory Script is a web-based classifieds
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "name" parameter of the "listing_view.php" script before using it
in an SQL query. Web Directory Script version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30807
______________________________________________________________________

08.35.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Matterdaddy Market Multiple SQL Injection Vulnerabilities
Description: Matterdaddy Market is a web-based classifieds system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
SQL queries. Matterdaddy Market version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/30809
______________________________________________________________________

08.35.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BtiTracker and xbtit "scrape.php" SQL Injection
Description: BtiTracker and xbtit are tracking systems for BitTorrent.
The applications are exposed to an SQL injection issue because both fail
to sufficiently sanitize user-supplied data to the "info_hash" parameter
of the "scrape.php" script before using it in an SQL query. Affected
are: BtiTracker versions up to and including 1.4.7, and xbtit versions
up to and including 2.0.542.
Ref: http://www.securityfocus.com/bid/30811
______________________________________________________________________

08.35.70 CVE: CVE-2008-2429
Platform: Web Application - SQL Injection
Title: Calendarix Multiple SQL Injection Vulnerabilities
Description: Calendarix is a web-based calendar. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the following scripts and
parameters before using it in an SQL query: "cal_search.php":
"catsearch" and "cal_cat.php": "catview". Calendarix version
0.8.20071118 is affected.
Ref: http://secunia.com/secunia_research/2008-28/advisory/
______________________________________________________________________

08.35.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Crafty Syntax Live Help Multiple SQL Injection Vulnerabilities
Description: Crafty Syntax Live Help is a web-based content manager.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "department"
parameter of the "is_xmlhttp.php" script and an unspecified parameter
of the "is_flush.php" script. Crafty Syntax Live Help version 2.14.6
is affected.
Ref: http://www.securityfocus.com/archive/1/495729
______________________________________________________________________

08.35.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Z-Breaknews "single.php" SQL Injection
Description: Z-Breaknews is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"single.php" script before using it in an SQL query.
Z-Breaknews version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30831
______________________________________________________________________

08.35.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Kolifa.net Download Script "indir.php" SQL Injection
Description: Kolifa.net Download Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "indir.php" script before using it in an SQL query.
Kolifa.netDownload Script version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/30839
______________________________________________________________________

08.35.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iFdate "members_search.php" SQL Injection
Description: iFdate is a web application. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "Search Name/Nickname" form field of the
"members_search.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/30850
______________________________________________________________________

08.35.75 CVE: Not Available
Platform: Web Application
Title: Interleave Information Disclosure Vulnerabilities
Description: Interleave is a PHP-based workflow application.
Interleave is exposed to multiple information disclosure issues. An
unprivileged attacker may exploit these issues to obtain sensitive
information.
Ref: http://dev.crm-ctt.com/CHANGELOG
______________________________________________________________________

08.35.76 CVE: Not Available
Platform: Web Application
Title: Vanilla 1.1.4 HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: Vanilla is a web-based discussion forum. Since it fails
to properly sanitize user-supplied input, the application is prone to
multiple input validation issues. Vanilla version 1.1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/495577
______________________________________________________________________

08.35.77 CVE: Not Available
Platform: Web Application
Title: Aurora Password Manager System Tray Icon Information Disclosure
Description: Aurora Password Manager is an application for storing
web site and email passwords, credit card numbers, and other sensitive
data. The application is exposed to an information disclosure issue
because it fails to restrict access to sensitive data in certain
circumstances. Aurora Password Manager version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/30749
______________________________________________________________________

08.35.78 CVE: Not Available
Platform: Web Application
Title: WordPress "get_edit_post_link()" & "get_edit_comment_link()"
Multiple Eavesdropping Vulnerabilities
Description: WordPress is a web-based publishing application.
WordPress is exposed to an eaves dropping issue because the
"get_edit_post_link()" and "get_edit_comment_link()" functions fail to
use SSL when transmitting data. WordPress versions prior to 2.6.1 are
affected.
Ref: http://www.securityfocus.com/bid/30750
______________________________________________________________________

08.35.79 CVE: CVE-2008-0174
Platform: Web Application
Title: GE Fanuc Proficy Information Portal HTTP Basic Authentication
Information Disclosure
Description: GE-Fanuc's Proficy Information Portal is a web-based reporting
application for the SCADA environment. The application is exposed to
an information disclosure issue because the application transmits user
authentication credentials using HTTP basic authentication. GE Fanuc
Proficy Information Portal version 2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/487075
______________________________________________________________________

08.35.80 CVE: Not Available
Platform: Web Application
Title: Folder Lock Weak Password Encryption Local Information
Disclosure
Description: Folder Lock is an application used to password-protect
files and folders. The application is exposed to an information
disclosure issue because it stores credentials in an insecure manner.
Folder Lock version 5.9.5 is affected.
Ref: http://www.securityfocus.com/archive/1/495612
______________________________________________________________________

08.35.81 CVE: Not Available
Platform: Web Application
Title: Pars4U Videosharing SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Pars4U Videosharing is a web-based application for
sharing videos online. Since it fails to sufficiently sanitize
user-supplied input, Pars4U Videosharing is exposed to multiple input
validation issues.
Ref: http://www.securityfocus.com/bid/30779
______________________________________________________________________

08.35.82 CVE: Not Available
Platform: Web Application
Title: Fujitsu Web-Based Admin View Directory Traversal
Description: Fujitsu Web-Based Admin View is an operational management
tool for Solaris. Web-Based Admin View is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. This issue occurs in the application's HTTP
server. Web-Based Admin View version 2.1.2 is affected.
Ref: http://www.securityfocus.com/bid/30780
______________________________________________________________________

08.35.83 CVE: Not Available
Platform: Web Application
Title: FAR-PHP "index.php" Local File Include
Description: FAR-PHP is a PHP-based content management application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "c" parameter of
the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/495628
______________________________________________________________________

08.35.84 CVE: Not Available
Platform: Web Application
Title: EasySite Multiple Local File Include Vulnerabilities
Description: EasySite is a content management application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. EasySite version
2.3 is affected.
Ref: http://www.securityfocus.com/bid/30784
______________________________________________________________________

08.35.85 CVE: Not Available
Platform: Web Application
Title: tinyCMS "templater.php" Local File Include
Description: tinyCMS is a PHP-based content manager. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "config[template]" parameter of
the "modules/ZZ_Templater/templater.php" script. tinyCMS version 1.1.2
is affected.
Ref: http://www.securityfocus.com/bid/30785
______________________________________________________________________

08.35.86 CVE: CVE-2008-3736, CVE-2008-3737, CVE-2008-3738,
CVE-2008-3739
Platform: Web Application
Title: LacoodaST and La!cooda WIZ Multiple Remote Vulnerabilities
Description: LacoodaST and La!cooda WIZ are task management
applications. The applications are exposed to multiple issues. An
attacker can predefine a victim user's session ID. LacoodaST versions
2.1.3 and earlier and La!cooda WIZ versions 4.1.0 and earlier
are affected.
Ref: http://jvn.jp/en/jp/JVN83428818/index.html
______________________________________________________________________

08.35.87 CVE: CVE-2008-2433
Platform: Web Application
Title: Trend Micro Web Management Authentication Bypass
Description: Trend Micro Web Management is a web-based configuration
console used to manage settings for many of Trend Micro's security
products. The application is exposed to an authentication bypass issue
because of insufficient entropy used when creating session tokens.
Affected are: Trend Micro OfficeScan versions 7.0, 7.3 and 8.0;
Worry-Free Business Security version 5.0; and Trend Micro
Client/Server/Messaging Suite versions 3.5 and 3.6.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/Readme_WFBS5%200_EN_CriticalPatch1404.txt
______________________________________________________________________

08.35.88 CVE: Not Available
Platform: Web Application
Title: ACG-PTP "index.php" Multiple HTML Injection Vulnerabilities
Description: ACG-PTP is a web application implemented in PHP. The
application is exposed to multiple HTML injection issues because it
fails to sufficiently sanitize user-supplied data to the "index.php"
script. ACG-PTP version 1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/30793
______________________________________________________________________

08.35.89 CVE: Not Available
Platform: Web Application
Title: One-News Multiple Input Validation Vulnerabilities
Description: One-News is a news-based web application. The application
is exposed to multiple input validation issues. Multiple
HTML injection issues affect the following scripts and parameters:
"add.php": "title", "content" and "index.php":"itemnum", "author",
"comment". An SQL injection issue affects the "q" parameter of the
"index.php" script. Beta 2 of One-News is affected.
Ref: http://www.securityfocus.com/archive/1/495679
______________________________________________________________________

08.35.90 CVE: Not Available
Platform: Web Application
Title: Five Star Review SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Five Star Review is a web-based application. Since it
fails to sufficiently sanitize user-supplied input, Five Star Review
is exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/30808
______________________________________________________________________

08.35.91 CVE: Not Available
Platform: Web Application
Title: GNU ed File Processing "strip_escapes()" Heap Overflow
Description: GNU ed is a line-oriented text editor. The application is
exposed to a heap-based buffer overflow issue because the application
fails to perform adequate boundary checks on user-supplied data. GNU
ed versions prior to 1.0 are affected.
Ref: http://lists.gnu.org/archive/html/bug-ed/2008-07/msg00000.html
______________________________________________________________________

08.35.92 CVE: Not Available
Platform: Web Application
Title: NoName Script Multiple Remote Vulnerabilities
Description: NonName Script is a web-based script. NoName Script is
exposed to multiple issues. A directory traversal issue affects the
"action" parameter of the "index.php" file. Two cross-site
request forgery issues may allow attackers to modify profile
information of purposely logout an admin user by tricking the victim
into following a specially crafted HTTP request. An SQL injection
issue affects the "file_id" parameter of the "index.php" script.
NoName Script versions 1.1 BETA and earlier are affected.
Ref: http://www.milw0rm.com/exploits/6291
______________________________________________________________________

08.35.93 CVE: Not Available
Platform: Web Application
Title: AWStats Totals "sort" Parameter Remote Command Execution
Vulnerabilities
Description: AWStats Totals is a script used to display summary
information from AWStats. AWStats Totals is exposed to an issue that
attackers can leverage to execute arbitrary commands. This issue
occurs because the application fails to adequately validate
user-supplied input to the "sort" parameter of the
"awstatstotals.php" script. AWStats Totals versions 1.14 and earlier
are affected.
Ref: http://www.securityfocus.com/archive/1/495770
______________________________________________________________________

08.35.94 CVE: Not Available
Platform: Web Application
Title: Simple PHP Blog 0.5.0 Multiple Remote Vulnerabilities
Description: Simple PHP Blog is PHP-based weblog application. The
application is exposed to multiple remote issues. Simple PHP Blog
version 0.5.0 is affected.
Ref: http://www.securityfocus.com/bid/30857
______________________________________________________________________

08.35.95 CVE: Not Available
Platform: Web Application
Title: Pluck "index.php" Multiple Local File Include Vulnerabilities
Description: Pluck is a PHP-based content manager. The application is
exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input to the following parameters of
the "index.php" script: "file", "blogpost" and "cat". Pluck version
4.5.2 is affected.
Ref: http://www.securityfocus.com/archive/1/495706
______________________________________________________________________

08.35.96 CVE: Not Available
Platform: Web Application
Title: ezContents CMS Multiple Local File Include Vulnerabilities
Description: ezContents CMS is a PHP-based content manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. ezContents CMS
version 2.0.3 is affected.
Ref: http://www.securityfocus.com/archive/1/495705
______________________________________________________________________

08.35.97 CVE: Not Available
Platform: Web Application
Title: PHP-Ultimate Webboard "admindel.php" Multiple Input Validation
Vulnerabilities
Description: PHP-Ultimate Webboard is a web-based bulletin board
application implemented in PHP. The application is exposed to multiple
input validation issues because it fails to sufficiently sanitize
user-supplied input to the "qno" and "ano" parameters of the
"admindel.php" script when the "action" parameter is set to "delete"
and the "mode" parameter is set to "question". PHP-Ultimate Webboard
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/30822
______________________________________________________________________

08.35.98 CVE: Not Available
Platform: Web Application
Title: Bluemoon inc. PopnupBlog "index.php" Multiple Cross-Site
Scripting Vulnerabilities
Description: Bluemoon inc. PopnupBlog is a module for the XOOPS CMS.
The application is exposed to multiple cross-site scripting issues
because it fails to properly sanitize user-supplied input. PopnupBlog
version 3.30 is affected.
Ref:
http://lostmon.blogspot.com/2008/08/popnupblog-indexphp-multiple-variables.html
______________________________________________________________________

08.35.99 CVE: CVE-2008-3687
Platform: Web Application
Title: Xen "XSM:Flask" Module Multiple Local Buffer Overflow
Vulnerabilities
Description: Xen is an open-source hypervisor or virtual machine
monitor. Xen is exposed to multiple local buffer overflow issues
because it fails to perform adequate boundary checks on user-supplied
inputs. Xen version 3.2.0 is affected.
Ref: http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a
______________________________________________________________________

08.35.100 CVE: CVE-2008-3338
Platform: Web Application
Title: TIBCO Hawk Multiple Remote Buffer Overflow Vulnerabilities
Description: TIBCO Hawk is used to monitor and manage distributed
applications and systems in an enterprise environment. TIBCO Hawk is
exposed to multiple buffer overflow issues because the application
fails to perform adequate boundary checks on user-supplied data.
Ref: http://www.tibco.com/mk/hawk_advisory_20080729.jsp
______________________________________________________________________

08.35.101 CVE: Not Available
Platform: Web Application
Title: K-Rate Multiple Input Validation Vulnerabilities
Description: K-Rate is a PHP-based picture rating application. Since
it fails to adequately sanitize user-supplied input, the application
is prone to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/30842
______________________________________________________________________

08.35.102 CVE: Not Available
Platform: Web Application
Title: ZoneMinder Multiple Input Validation Security Vulnerabilities
Description: ZoneMinder is a freely available application designed to
control and record video from security cameras. It contains a
web-based administrative application. ZoneMinder is exposed to
multiple input validation issues because it fails to adequately
sanitize user-supplied input. ZoneMinder version 1.23.3 is affected.
Ref: http://www.securityfocus.com/archive/1/495745
______________________________________________________________________

08.35.103 CVE: Not Available
Platform: Web Application
Title: HP System Management Homepage (SMH) "message.php" Cross-Site
Scripting
Description: HP System Management Homepage (SMH) provides a web-based
management interface for ProLiant and Integrity servers. SMH is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "message.php" script.
Ref: http://www.securityfocus.com/archive/1/495744
______________________________________________________________________

08.35.104 CVE: Not Available
Platform: Web Application
Title: Thickbox Gallery "conf/admins.php" Information Disclosure
Description: Thickbox Gallery is PHP-based photo gallery application.
Thickbox Gallery is exposed to an information disclosure issue that
occurs in the "conf/admins.php" script. Thickbox Gallery version 2 is
affected.
Ref: http://www.securityfocus.com/bid/30845
______________________________________________________________________

08.35.105 CVE: Not Available
Platform: Web Application
Title: CMME Multiple Remote Security Vulnerabilities
Description: CMME (Content Management Made Easy) is a PHP-based
content manager. The application is exposed to multiple issues. An
attacker may leverage these issues to obtain potentially sensitive
information, to create arbitrary directories within the web root, and
to execute arbitrary script code in the browser of an unsuspecting
user in the context of the affected site. CMME version 1.12 is
affected.
Ref: http://www.securityfocus.com/bid/30854
______________________________________________________________________

08.35.106 CVE: Not Available
Platform: Web Application
Title: Kyocera Mita Scanner File Utility File Transfer Directory
Traversal
Description: Kyocera Mita Scanner File Utility is an application that
allows users to save scanned images on a PC or AT compatible PC.
Kyocera Mita Scanner File Utility is exposed to a directory traversal
issue because the application fails to sanitize user-supplied input.
Kyocera Mita Scanner File Utility version 3.3.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/495772
______________________________________________________________________

08.35.107 CVE: Not Available
Platform: Network Device
Title: Intel System Management Mode Local Privilege Escalation
Description: Intel BIOS is exposed to an unspecified privilege
escalation isue. System Management Mode is a privileged mode of
execution in which all normal operations, including the operating
system, are suspended.
Ref:
http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00017&languageid=en-fr
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current
subscription, visit http://portal.sans.org/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAki3D70ACgkQ+LUG5KFpTkbndQCfdVGiIEur0rE7rxtAkDP/iMhJ
NrYAn3PIQ2Sq9b7WBxgQ//9354z4Hs+o
=geFr
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]