NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 37

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Sep 11 2008 - 18:06:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apple QuickTime and Microsoft Windows are the big problems this week.

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
September 11, 2008 Vol. 7. Week 37
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 7 (#1, #2, #5)
Microsoft Office 1 (#4)
Other Microsoft Products 1
Third Party Windows Apps 5
Linux 3
BSD 4
Aix 1
Cross Platform 29 (#3)
Web Application - Cross Site Scripting 9
Web Application - SQL Injection 25
Web Application 11
Network Device 8

************************** Sponsored By SANS ****************************

How are the latest forensic techniques used to help combat threats in
organizations today? Which products are the best in the incident
response and computer forensic community? Attend the Forensics &
Incident Response Summit October 13-14 and learn the answers to these
and other key Forensics & Incident Response questions.
http://www.sans.org/info/33043
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows Media Player Remote Code Execution (MS08-054)
(2) CRITICAL: Microsoft Windows GDI+ Multiple Vulnerabilities (MS08-052)
(3) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(4) HIGH: Microsoft Office OneNote URL Handling Vulnerability
(5) MODERATE: Microsoft Media Encoder Remote Code Execution (MS08-053)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
-- Windows
08.37.1 - Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite
08.37.2 - Microsoft GDI+ VML Heap-Based Buffer Overflow
08.37.3 - Microsoft GDI+ EMF Image Processing Memory Corruption
08.37.4 - Microsoft GDI+ GIF File Parsing Remote Code Execution
08.37.5 - Microsoft GDI+ WMF Image File Buffer Overflow
08.37.6 - Microsoft GDI+ BMP Integer Overflow
08.37.7 - Microsoft Windows Media Encoder 9 "wmex.dll" ActiveX Control Remote Buffer Overflow
-- Microsoft Office
08.37.8 - Microsoft Office OneNote URL Handler Remote Code Execution
-- Other Microsoft Products
08.37.9 - Microsoft Organization Chart Remote Code Execution
-- Third Party Windows Apps
08.37.10 - Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
08.37.11 - Apple Bonjour for Windows mDNSResponder Remote Forged DNS Response
08.37.12 - HP OpenView Select Identity Connectors Local Information Disclosure
08.37.13 - Apple Bonjour for Windows mDNSResponder NULL Pointer Dereference Denial of Service
08.37.14 - Peachtree Accounting "PAWWeb11.ocx" ActiveX Control Insecure Method
-- Linux
08.37.15 - gmanedit Multiple Buffer Overflow Vulnerabilities
08.37.16 - sSMTP "from_format()" Uninitialized Memory Information Disclosure
08.37.17 - XASTIR Insecure Temporary File Creation Vulnerabilities
-- BSD
08.37.18 - FreeBSD "mount(2)" and "nmount(2)" Multiple Stack-Based Buffer Overflow Vulnerabilities
08.37.19 - FreeBSD/amd64 Local Privilege Escalation Issue
08.37.20 - FreeBSD Malformed ICMPv6 Packet Remote Denial of Service
08.37.21 - NetBSD ICMPv6 MLD Packet Remote Denial of Service
-- Aix
08.37.22 - IBM AIX "swcons" Insecure File Creation
-- Cross Platform
08.37.23 - Google Chrome Malformed "href" Tag Remote Denial of Service
08.37.24 - Google Chrome Malformed "view-source" HTTP Header Remote Denial of Service
08.37.25 - Google Chrome Inspect Element Remote Denial of Service
08.37.26 - pam_mount "luserconf" Local Privilege Escalation
08.37.27 - Numark CUE 5 ".m3u" File Buffer Overflow
08.37.28 - Flock Infinite Loop Multiple Denial of Service Vulnerabilities
08.37.29 - ClamAV "chmunpack.c" Invalid Memory Access Denial Of Service
08.37.30 - Moodle Multiple Remote File Include Vulnerabilities
08.37.31 - Cisco Secure ACS EAP-Response Packet Parsing Denial of Service
08.37.32 - Google Chrome Arbitrary File Download
08.37.33 - Apple iPod Touch Prior to Version 2.1 Multiple Remote Vulnerabilities
08.37.34 - Wireshark 1.0.2 Multiple Vulnerabilities
08.37.35 - Dnsmasq DHCP Lease Multiple Remote Denial of Service Vulnerabilities
08.37.36 - Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
08.37.37 - Google Chrome Malformed Attachment Filename Remote Denial of Service
08.37.38 - Libpng Library "png_push_read_zTXt()" Off-By-One Denial of Service
08.37.39 - ClamAV Multiple Unspecified Memory Corruption Vulnerabilities
08.37.40 - GNU Emacs "python.el" Code Execution
08.37.41 - Simple Machines Forum Security Bypass
08.37.42 - Google Chrome Malformed "title" Tag Remote Denial of Service
08.37.43 - IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
08.37.44 - PHP Multiple Functions "safe_mode_exec_dir" and "open_basedir" Restriction Bypass Vulnerabilities
08.37.45 - Google Chrome "url_elider.cc" Buffer Overflow
08.37.46 - Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
08.37.47 - MySQL Empty Binary String Literal Remote Denial Of Service
08.37.48 - Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
08.37.49 - Apple iTunes Third Party Driver Local Privilege Escalation
08.37.50 - Apple iTunes Misleading Firewall Warning Weakness
08.37.51 - Maxthon Browser Remote Denial of Service
-- Web Application - Cross Site Scripting
08.37.52 - Mail and Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
08.37.53 - Celerondude Uploader "account.php" Cross-Site Scripting
08.37.54 - Pentasoft Avactis Shopping Cart Multiple Cross Site Scripting Vulnerabilities
08.37.55 - Silentum LoginSys Multiple Cross-Site Scripting Vulnerabilities
08.37.56 - phpAdultSite CMS "results_per_page" Parameter Cross-Site Scripting
08.37.57 - Gallery 2.0 Multiple Cross Site Scripting Vulnerabilities
08.37.58 - Movable Type Multiple Cross Site Scripting Vulnerabilities
08.37.59 - High Norm Sound Master 2nd Unspecified Cross Site Scripting
08.37.60 - PunBB "p" Parameter Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.37.61 - Multiple Vastal I-Tech Products Multiple SQL Injection Vulnerabilities
08.37.62 - EsFaq "questions.php" SQL Injection
08.37.63 - Vastal I-Tech Shaadi Zone "keyword_search_action.php" SQL Injection
08.37.64 - Vastal I-Tech Dating Zone "advanced_search_results.php" SQL Injection
08.37.65 - MemHT Portal "inc_statistics.php" SQL Injection
08.37.66 - Masir Camp "ordercode" Parameter SQL Injection
08.37.67 - eZoneScripts Living Local "listtest.php" SQL Injection
08.37.68 - ACG-PTP
08.37.69 - Words tag script "index.php" SQL Injection
08.37.70 - ACG-ScriptShop E-Gold Script Shop "cid" Parameter SQL Injection
08.37.71 - Zen Cart Multiple SQL Injection Vulnerabilities
08.37.72 - Agent Zone "view_ann.php" SQL Injection
08.37.73 - Alstrasoft Forum Pay Per Post Exchange "cat" Parameter SQL Injection
08.37.74 - Pligg "submit.php" Multiple SQL Injection Vulnerabilities
08.37.75 - eXtrovert software Thyme "pick_users.php" SQL Injection
08.37.76 - E-Php B2B Trading Marketplace Script "listings.php" SQL Injection
08.37.77 - UBB.threads "Forum[]" Array SQL Injection
08.37.78 - Hot Links SQL-PHP "report.php" SQL Injection
08.37.79 - Stash 1.0.3 Multiple SQL Injection Vulnerabilities
08.37.80 - Live TV Script "mid" Parameter SQL Injection
08.37.81 - Creator CMS "index.asp" SQL Injection
08.37.82 - CMS Buzz "id" Parameter SQL Injection
08.37.83 - AvailScript Classmate Script "viewprofile.php" SQL Injection
08.37.84 - AvailScript Job Portal Script "applynow.php" SQL Injection
08.37.85 - Libera CMS Cookie SQL Injection
-- Web Application
08.37.86 - devalcms Multiple Input Validation Vulnerabilities
08.37.87 - aspWebAlbum Multiple Input Validation Vulnerabilities
08.37.88 - AvailScript Article Script Multiple Input Validation Vulnerabilities
08.37.89 - Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site Scripting Vulnerabilities
08.37.90 - XRMS CRM Multiple Input Validation Vulnerabilities
08.37.91 - QwicsitePro "pageid" Parameter SQL Injection and Cross-Site Scripting Vulnerabilities
08.37.92 - Drupal Content Creation Kit Module Multiple HTML Injection Vulnerabilities
08.37.93 - eZoneScripts Dating Website Remote File Upload
08.37.94 - WordPress Lost Password SQL Column Truncation Unauthorized Access
08.37.95 - AvailScript Photo Album Script Multiple Input Validation Vulnerabilities
08.37.96 - Jaw Portal "index.php" Multiple Local File Include Vulnerabilities
-- Network Device
08.37.97 - Samsung DVR SHR-2040 HTTPD Denial of Service
08.37.98 - Cisco PIX and Cisco ASA Multiple Denial of Service and Information Disclosure Vulnerabilities
08.37.99 - NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of Service
08.37.100 - Atheros Communications AR5416-AC1E Information Element Denial of Service
08.37.101 - NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of Service
08.37.102 - MicroTik RouterOS SNMP Security Bypass
08.37.103 - D-Link DIR-100 Security Bypass
08.37.104 - Sagem Fst 2404 Router "wancfg.cmd" Denial of Service

______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows Media Player Remote Code Execution (MS08-054)
Affected:
Microsoft Windows Media Player 11
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Windows Media Player contains a flaw in its
handling server-side playlists (SSPLs), which specify lists of content
to be played by the client. A specially crafted SSPL could trigger this
vulnerability, leading to a memory corruption condition. Successfully
exploiting this flaw would allow an attacker to execute arbitrary code
with the privileges of the current user. Note that, in default
configuration, malicious data may be opened upon receipt, including when
opening a web page. Some technical details are publicly available for
this vulnerability.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-054.mspx
Information on Server Side Playlists
http://msdn.microsoft.com/en-us/library/ms753585(VS.85).aspx
SecurityFocus BID
http://www.securityfocus.com/bid/30550
*************************************************************
(2) CRITICAL: Microsoft Windows GDI+ Multiple Vulnerabilities (MS08-052)
Affected:
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Internet Explorer 6 on Microsoft Windows 2000
Microsoft .NET Framework on Microsoft Windows 2000
Description: The Graphics Device Interface (GDI+) subsystem of Microsoft
Windows is used to render graphics to output devices such as monitors
and printers. It contains multiple vulnerabilities in its handling of a
variety of file formats. Flaws in the handling of Vector Markup Language
(VML), Enhanced Metafile (EMF), Graphics Interchange Format (GIF),
Windows Metafile (WMF), and Windows Bitmap (BMP) files could result in
a variety of flaws leading to remote code execution with the privileges
of the current user. Any application that uses GDI+ for graphics
rendering, including Microsoft Internet Explorer, is vulnerable to these
flaws. Note that, in Microsoft Internet Explorer, at least some of the
vulnerable file formats are opened immediately upon receipt, without
first prompting the user. Some technical details are publicly available
for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-056/
http://zerodayinitiative.com/advisories/ZDI-08-055/
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
Wikipedia Articles on Affected File Formats
http://en.wikipedia.org/wiki/Vector_Markup_Language
http://en.wikipedia.org/wiki/BMP_file_format
http://en.wikipedia.org/wiki/Enhanced_Metafile
http://en.wikipedia.org/wiki/Graphics_Interchange_Format
SecurityFocus BIDs
http://www.securityfocus.com/bid/31021
http://www.securityfocus.com/bid/31020
http://www.securityfocus.com/bid/31018
http://www.securityfocus.com/bid/31022
http://www.securityfocus.com/bid/31019
*************************************************************
(3) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions 7.4.5 and prior
Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. It contains multiple vulnerabilities in
its handling of a variety of media formats. A specially crafted
QuickTime VR stream, PICT image file, or QuickTime movie could trigger
one of these vulnerabilities. Successfully exploiting one of these
vulnerabilities would allow an attacker to execute arbitrary code with
the privileges of the current user. QuickTime is installed by default
on Apple Mac OS X and is bundled and installed with iTunes and the
Safari web browser on Microsoft Windows. Full technical details are
publicly available for at least one of these vulnerabilities. Note that
affected content is usually displayed automatically upon receipt,
without first prompting the user.
References:
Apple Security Bulletin
http://support.apple.com/kb/HT3027
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-062/
http://zerodayinitiative.com/advisories/ZDI-08-061/
http://zerodayinitiative.com/advisories/ZDI-08-060/
http://zerodayinitiative.com/advisories/ZDI-08-059/
http://zerodayinitiative.com/advisories/ZDI-08-058/
http://zerodayinitiative.com/advisories/ZDI-08-057/
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744
Blog Post by Roee Hay
http://blog.watchfire.com/wfblog/2008/09/quicktime-patch.html
Product Home Page
http://www.apple.com/quicktime
SecurityFocus BID
http://www.securityfocus.com/bid/31086/references

*************************************************************
(4) HIGH: Microsoft Office OneNote URL Handling Vulnerability
Affected:
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office OneNote 2007
Description: Microsoft OneNote is a digital notekeeping application used
with Microsoft Office. It contains a flaw in its handling of
"onenote://" URLs. Clicking on a specially crafted OneNote URL could
trigger this vulnerability. Successfully exploiting this vulnerability
would allow an attacker to execute arbitrary code with the privileges
of the current user. Note that a user must click on a malicious link
for this vulnerability to be exploited.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx
Insomnia Security Advisory
http://www.insomniasec.com/advisories/ISVA-080910.1.htm
Microsoft TechNet Blog Post
http://blogs.technet.com/swi/archive/2008/09/09/ms08-055-microsoft-security-response-process-behind-the-scenes.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/31067/
*************************************************************
(5) MODERATE: Microsoft Media Encoder Remote Code Execution (MS08-053)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 2008
Description: The Microsoft Media Encoder suite is used to encode media
files. Part of its functionality is provided by an ActiveX control. This
control contains a buffer overflow in its handling of certain calls. A
malicious web page that instantiated this control would be able to
exploit this buffer overflow and execute arbitrary code with the
privileges of the current user. Some technical details are publicly
available for this vulnerability. Note that the vulnerable software is
not installed by default on any version of Microsoft Windows.
Proofs-of-concept are available for the commercial Core Security CORE
IMPACT and Immunity CANVAS exploit tools.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism, using CLSID
"A8D3AD02-7508-4004-B2E9-AD33F087F43C".
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx
Proof-of-Concept
https://www.immunityinc.com/downloads/immpartners/ms08_053.tar.gz
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.microsoft.com/windows/windowsmedia/forpros/encoder/default.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/31065

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 37, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.37.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Image Acquisition Logger ActiveX Control
Arbitrary File Overwrite
Description: Microsoft Windows Image Acquisition allows graphics
applications to communicate with various imaging devices. Microsoft
Windows Image Acquisition Logger ActiveX control is exposed to an
issue that lets attackers overwrite files with arbitrary,
attacker-controlled content. The issue occurs because the control
fails to sanitize user-supplied input.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.37.2 CVE: CVE-2007-5348
Platform: Windows
Title: Microsoft GDI+ VML Heap-Based Buffer Overflow
Description: Microsoft's GDI+ (Graphics Device Interface) enables
applications to use graphics and formatted text on the video display
and on printers. Microsoft GDI+ is exposed to a heap-based buffer
overflow issue because the vector graphics link library improperly
processes gradient sizes.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743
______________________________________________________________________

08.37.3 CVE: CVE-2008-3012
Platform: Windows
Title: Microsoft GDI+ EMF Image Processing Memory Corruption
Description: Microsoft GDI+ (Graphics Device Interface) enables
applications to use graphics and formatted text on the video display
and on printers. GDI+ is exposed to a remote memory corruption issue
that occurs when an application that uses the library tries to process
a specially-crafted EMF (Enhanced MetaFile) image file. Specifically,
this issue occurs when the GDI+ library tries to allocate memory.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
______________________________________________________________________

08.37.4 CVE: CVE-2008-3013
Platform: Windows
Title: Microsoft GDI+ GIF File Parsing Remote Code Execution
Description: Microsoft GDI+ (Graphics Device Interface) enables
applications to use graphics and formatted text on the video display
and on printers. GDI+ is exposed to a remote code execution
vulnerability because the vector graphics link library improperly
parses GIF image files.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-056/
______________________________________________________________________

08.37.5 CVE: CVE-2008-3014
Platform: Windows
Title: Microsoft GDI+ WMF Image File Buffer Overflow
Description: Microsoft GDI+ (Graphics Device Interface) enables
applications to use graphics and formatted text on the video display
and on printers. GDI+ is exposed to a buffer overflow issue because
the vector graphics linked library improperly allocates memory when
parsing WMF image files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
______________________________________________________________________

08.37.6 CVE: CVE-2008-3015
Platform: Windows
Title: Microsoft GDI+ BMP Integer Overflow
Description: Microsoft GDI+ (Graphics Device Interface) enables
applications to use graphics and formatted text on the video display
and on printers. GDI+ is exposed to an integer overflow issue that
occurs because the software fails to perform adequate boundary checks
on malformed headers contained in a BMP file.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-055/
______________________________________________________________________

08.37.7 CVE: CVE-2008-3008
Platform: Windows
Title: Microsoft Windows Media Encoder 9 "wmex.dll" ActiveX Control
Remote Buffer Overflow
Description: Microsoft Windows Media Encoder 9 is a Windows
application for capturing audio and video content. The application's
ActiveX control is exposed to a buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied input.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-053.mspx
______________________________________________________________________

08.37.8 CVE: CVE-2008-3007
Platform: Microsoft Office
Title: Microsoft Office OneNote URL Handler Remote Code Execution
Description: Microsoft Office OneNote is a notebook application
designed for storing and managing notes and information. Office
OneNote is exposed to a remote code execution issue. This issue occurs
when users follow specially-crafted OneNote "onenote://" URIs that
point to specially-crafted OneNote documents. This issue occurs when
the affected software attempts to validate the URI.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-055.mspx
______________________________________________________________________

08.37.9 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Organization Chart Remote Code Execution
Description: Microsoft Organization Chart is a chart creation tool.
The application is expsoed to a remote code execution issue because of
a memory access violation. This issue affects the "orgchart.exe"
binary file, and can be triggered with a specially-crafted function.
Microsoft Organization Chart version 2.00.19 is affected.
Ref: http://www.securityfocus.com/bid/31059
______________________________________________________________________

08.37.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Open-FTPD Multiple Command Remote Denial of Service
Vulnerabilities
Description: Open-FTPD is an FTP server application available for
Microsoft Windows. Open-FTPD is exposed to multiple remote denial of
service issues because the application fails to perform adequate
boundary checks on user-supplied data. Open-FTPD version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/30993
______________________________________________________________________

08.37.11 CVE: CVE-2008-3630
Platform: Third Party Windows Apps
Title: Apple Bonjour for Windows mDNSResponder Remote Forged DNS
Response
Description: Apple Bonjour for Windows provides Zero Configuration
Networking, Multicast DNS, and Network Service Discovery for Windows
users. Apple Bonjour for Windows mDNSResponder is exposed to a remote
issue that can allow attackers to spoof DNS responses because of a
weakness in its DNS protocol implementation. Bonjour for Windows
versions prior to 1.0.5, included in Apple iTunes 8.0, are affected.
Ref: http://www.apple.com/support/downloads/bonjourforwindows105.html
______________________________________________________________________

08.37.12 CVE: CVE-2008-3539
Platform: Third Party Windows Apps
Title: HP OpenView Select Identity Connectors Local Information
Disclosure
Description: HP OpenView Select Identity is the core of the OpenView
Identity Managment solution. HP OpenView Select Identity Connectors
running on Windows are exposed to an unspecified information
disclosure issue.
Ref: http://www.securityfocus.com/archive/1/496028
______________________________________________________________________

08.37.13 CVE: CVE-2008-2326
Platform: Third Party Windows Apps
Title: Apple Bonjour for Windows mDNSResponder NULL Pointer
Dereference Denial of Service
Description: Apple Bonjour for Windows is used to provide service
discovery and announcement on a local network. The mDNSResponder
system service included with Bonjour is used for DNS service
discovery. mDNSResponder is exposed to a denial of service issue
related to domain name resolution. Bonjour for Windows version 1.0.4
is affected.
Ref: http://www.apple.com/support/downloads/bonjourforwindows105.html
______________________________________________________________________

08.37.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: Peachtree Accounting "PAWWeb11.ocx" ActiveX Control Insecure
Method
Description: Peachtree Accounting is a suite of accounting
applications. The Peachtree Accounting "PAWWeb11.ocx" ActiveX control
is exposed to an insecure method issue. Specifically, the issue
affects the "ExecutePreferredApplication" function of the ActiveX
control. Peachtree Accounting 2004 is affected.
Ref:
http://jbrownsec.blogspot.com/2008/09/peachtree-accounting-is-not-safe.html
______________________________________________________________________

08.37.15 CVE: Not Available
Platform: Linux
Title: gmanedit Multiple Buffer Overflow Vulnerabilities
Description: gmanedit (Gnome Manual Pages Editor) is a manual page
editor that uses the GTK+ libraries. gmanedit is exposed to two buffer
overflow issues because it fails to properly bounds check
user-supplied input. gmanedit version 0.4.1 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835
______________________________________________________________________

08.37.16 CVE: CVE-2008-3962
Platform: Linux
Title: sSMTP "from_format()" Uninitialized Memory Information
Disclosure
Description: sSMTP is is a simple MTA (MAil Transport Agent)
application. sSMTP is exposed to an information disclosure issue that
occurs in the "from_format()" function of the "ssmtp.c" source file.
sSMTP version 2.6.2 is affected.
Ref:
http://linux.softpedia.com/get/Communications/Email/sSMTP-36989.shtml
______________________________________________________________________

08.37.17 CVE: Not Available
Platform: Linux
Title: XASTIR Insecure Temporary File Creation Vulnerabilities
Description: XASTIR (X Amateur Tracking and Information System) is
an application for receiving and plotting APRS position packets.
XASTIR creates temporary files in an insecure manner. This issue
affects the "get-maptool.sh" and "getshapelib.sh" scripts. Apertium
version 3.0.7 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496390
______________________________________________________________________

08.37.18 CVE: CVE-2008-3531
Platform: BSD
Title: FreeBSD "mount(2)" and "nmount(2)" Multiple Stack-Based Buffer
Overflow Vulnerabilities
Description: FreeBSD is exposed to multiple stack-based buffer
overflow issues because the kernel fails to perform adequate boundary
checks on user-supplied data. The issue occurs when user-defined input
such as mountpoints, devices, or mount options are passed as arguments
to the "mount(2)" and "nmount(2)" system calls. FreeBSD versions
7.0-RELEASE and 7.0-STABLE are affected.
Ref: http://www.securityfocus.com/archive/1/495958
______________________________________________________________________

08.37.19 CVE: CVE-2008-3890
Platform: BSD
Title: FreeBSD/amd64 Local Privilege Escalation Issue
Description: FreeBSD/amd64 is a port of FreeBSD for 64-bit AMD and
Intel processors. FreeBSD/amd64 is exposed to a local privilege
escalation issue. The "gs" system register is used to access state
data. FreeBSD/amd64 versions 6.3 and 7.0 are affected.
Ref: http://www.securityfocus.com/archive/1/495969
______________________________________________________________________

08.37.20 CVE: CVE-2008-3530
Platform: BSD
Title: FreeBSD Malformed ICMPv6 Packet Remote Denial of Service
Description: FreeBSD is exposed to a remote denial of service issue
that occurs when handling a malicious ICMPv6 "Packet Too Big" message.
Specifically, the application fails to validate the proposed new MTU
for a path to a specific destination.
Ref: http://www.securityfocus.com/bid/31004
______________________________________________________________________

08.37.21 CVE: Not Available
Platform: BSD
Title: NetBSD ICMPv6 MLD Packet Remote Denial of Service
Description: NetBSD is exposed to a remote denial of service issue.
The vulnerability occurs when processing a crafted MLD packet
containing certain values in the "Maximum Response Delay" field.
NetBSD 4.0 and NetBSD-current are affected.
Ref: http://www.kb.cert.org/vuls/id/817940
______________________________________________________________________

08.37.22 CVE: Not Available
Platform: Aix
Title: IBM AIX "swcons" Insecure File Creation
Description: AIX "swcons" is a utility for temporarily redirecting
system console output to a specified device or file. The utility is
exposed to an issue that lets attackers create root-owned files that
have insecure permissions. AIX versions 5.2, 5.3, and 6.1 are
affected.
Ref: http://www.securityfocus.com/bid/30999
______________________________________________________________________

08.37.23 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "href" Tag Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because the application
fails to handle specially-crafted HTML "href" tags. Google Chrome
version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31034
______________________________________________________________________

08.37.24 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "view-source" HTTP Header Remote Denial
of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTTP "view-source" headers. Google Chrome version
0.2.149.27 is affected.
Ref: http://www.securityfocus.com/archive/1/496031
______________________________________________________________________

08.37.25 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Inspect Element Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTML "imb" tags. An attacker can trigger this issue
by enticing an unsuspecting user into visiting a malicious web page
with an "img" link containing excessive data in the "src" field.
Google Chrome version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31038
______________________________________________________________________

08.37.26 CVE: Not Available
Platform: Cross Platform
Title: pam_mount "luserconf" Local Privilege Escalation
Description: The "pam_mount" PAM (Pluggable Authentication Module)
module allows users to mount volumes for their login session. The
"pam_mount" module is exposed to a local privilege escalation issue
that stems from a regression error. "pam_mount" versions 0.10 through
0.45 are affected.
Ref:
http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db
______________________________________________________________________

08.37.27 CVE: Not Available
Platform: Cross Platform
Title: Numark CUE 5 ".m3u" File Buffer Overflow
Description: Numark CUE 5 is a music mixing application. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. This issue
occurs when the application fails to handle malformed ".m3u" files.
Numark CUE version 5 5.0 rev 2 is affected.
Ref: http://www.securityfocus.com/bid/31042
______________________________________________________________________

08.37.28 CVE: Not Available
Platform: Cross Platform
Title: Flock Infinite Loop Multiple Denial of Service Vulnerabilities
Description: Flock is a web browser. Flock is exposed to multiple
remote denial of service issues because it fails to properly handle
unexpected input. These issues occur when an infinite loop is used to
launch multiple sidebar panels or add multiple URI's designated as
"favorites". Flock version 1.2.5 is affected.
Ref: http://www.securityfocus.com/bid/31044
______________________________________________________________________

08.37.29 CVE: CVE-2008-1389
Platform: Cross Platform
Title: ClamAV "chmunpack.c" Invalid Memory Access Denial Of Service
Description: ClamAV is a multi-platform toolkit used for scanning
email messages for viruses. ClamAV is exposed to a denial of service
issue because of invalid memory access errors when processing
malformed CHM files. The issue occurs in the "libclamav/chmunpack.c"
source file. ClamAV versions prior to 0.94 are affected.
Ref: http://www.securityfocus.com/archive/1/496009
______________________________________________________________________

08.37.30 CVE: Not Available
Platform: Cross Platform
Title: Moodle Multiple Remote File Include Vulnerabilities
Description: Moodle is an open-source application for managing online
courseware. It is freely available under the GNU Public license for
UNIX and variants and for Microsoft Windows. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input. Moodle version 1.8.4 is
affected.
Ref: http://www.securityfocus.com/bid/30995
______________________________________________________________________

08.37.31 CVE: CVE-2008-2441
Platform: Cross Platform
Title: Cisco Secure ACS EAP-Response Packet Parsing Denial of Service
Description: Cisco Secure ACS (Access Control Server) is an
authentication, authorization, and accounting application. Cisco
Secure ACS is exposed to a denial of service issue because it fails to
properly validate user-supplied input. Specifically, it fails to
correctly parse the length field of EAP-Response packets.
Ref: http://www.securityfocus.com/archive/1/495952
______________________________________________________________________

08.37.32 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Arbitrary File Download
Description: Google Chrome is a web browser. Google Chrome is exposed
to a security issue because the application allows users to download
arbitrary files without confirmation. This issue may allow attackers
to perform social engineering or other attacks to trick users into
downloading a malicious file.
Ref: http://www.securityfocus.com/archive/1/496049
______________________________________________________________________

08.37.33 CVE: CVE-2008-3631, CVE-2008-3612, CVE-2008-3632
Platform: Cross Platform
Title: Apple iPod Touch Prior to Version 2.1 Multiple Remote
Vulnerabilities
Description: Apple iPod touch is a portable music player that also
contains the Safari browser. iPod touch is exposed to multiple remote
issues. iPod touch versions prior to 2.1 are affected.
Ref: http://www.securityfocus.com/bid/31092
______________________________________________________________________

08.37.34 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.2 Multiple Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX-like operating systems. Wireshark is exposed to multiple issues
when handling certain types of packets and protocols in varying
conditions. Wireshark versions 0.9.7 up to and including 1.0.2 are
affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-05.html
______________________________________________________________________

08.37.35 CVE: CVE-2008-3350
Platform: Cross Platform
Title: Dnsmasq DHCP Lease Multiple Remote Denial of Service
Vulnerabilities
Description: Dnsmasq is a DNS server which includes an integrated DHCP
server. Dnsmasq is exposed to multiple remote denial of service issues
related to the following DHCP requests: a client attempting to renew a
non-existent DHCP lease for an invalid subnet and a client without a
current DHCP lease issuing a DHCPINFORM request. Dnsmasq version 2.43
is affected.
Ref: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
______________________________________________________________________

08.37.36 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome "SaveAs" Function "Title" Tag Buffer Overflow
Description: Google Chrome is a web browser. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary-checks on user-supplied data. An attacker must
trick an unsuspecting user into saving a malicious web page containing
overly long strings in the "title" tag with the browser's "SaveAs"
function. Google Chrome version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/archive/1/496042
______________________________________________________________________

08.37.37 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed Attachment Filename Remote Denial of
Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because the application
fails to perform adequate boundary checks on the "filename" attribute
of "Content-Disposition: attachment" HTTP headers. Google Chrome
version 0.2.149.27 is affected.
Ref: http://www.securityfocus.com/bid/31031
______________________________________________________________________

08.37.38 CVE: Not Available
Platform: Cross Platform
Title: Libpng Library "png_push_read_zTXt()" Off-By-One Denial of
Service
Description: The "libpng" library is a PNG reference library. The
library is exposed to a remote denial of service issue because it
fails to handle malicious PNG files. Specifically, this vulnerability
resides in the "png_push_read_zTXt()" function of the "pngread.c"
file. "libpng" library versions 1.2.30beta04 and 1.2.31 are affected.
Ref:
http://sourceforge.net/tracker/index.php?func=detail&aid=2095669&group_id=5624&atid=105624
______________________________________________________________________

08.37.39 CVE: CVE-2008-3914, CVE-2008-3912, CVE-2008-3913
Platform: Cross Platform
Title: ClamAV Multiple Unspecified Memory Corruption Vulnerabilities
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. ClamAV is exposed to multiple unspecified memory
corruption issues. Attackers may be able to exploit this issue to
exhaust resources or possibly crash the affected application, denying
service to legitimate users. ClamAV versions prior to 0.94 are
affected.
Ref: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
______________________________________________________________________

08.37.40 CVE: Not Available
Platform: Cross Platform
Title: GNU Emacs "python.el" Code Execution
Description: GNU Emacs is an opensource text editor. GNU Emacs is
exposed to a local code execution issue in the following two
circumstances: 1) a user runs the Emacs command "run-python" while his
current working directory is world writable and 2) a user toggles the
"eldoc-mode" and opens a Python source file present in a world writable
directory. GNU Emacs versions prior to 23.0.60_20080624-22-6 and
22.1-17-17 are affected.
Ref: http://bugs.pardus.org.tr/show_bug.cgi?id=8128
______________________________________________________________________

08.37.41 CVE: Not Available
Platform: Cross Platform
Title: Simple Machines Forum Security Bypass
Description: Simple Machines Forum is online-community software.
Simple Machines Forum is exposed to a security bypass issue because
the application leaks the current state of the random number
generator. Simple Machines Forum versions up to and including 1.1.5
are affected.
Ref: http://www.simplemachines.org/community/index.php?topic=260145.0
______________________________________________________________________

08.37.42 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Malformed "title" Tag Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
specially-crafted HTML "title" tags. An attacker can trigger this
issue by enticing an unsuspecting user into visiting a malicious web
page with an overly long "title". Google Chrome version 0.2.149.27 is
affected.
Ref: http://www.securityfocus.com/archive/1/496078
______________________________________________________________________

08.37.43 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17
Multiple Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms, including Linux, AIX, Solaris,
and Microsoft Windows. IBM DB2 Universal Database Server is exposed to
multiple issues. IBM DB2 Universal Database Server versions prior to
8.2 Fixpak 17 are affected.
Ref:
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT
______________________________________________________________________

08.37.44 CVE: Not Available
Platform: Cross Platform
Title: PHP Multiple Functions "safe_mode_exec_dir" and "open_basedir"
Restriction Bypass Vulnerabilities
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to Multiple "safe_mode_exec_dir" and "open_basedir"
restriction bypass issues. PHP version 5.2.5 is affected.
Ref: http://www.securityfocus.com/bid/31064
______________________________________________________________________

08.37.45 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome "url_elider.cc" Buffer Overflow
Description: Google Chrome is a web browser. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. This issue resides in
the "url_elider.cc" source file. Google Chrome version 0.2.149.27 is
affected.
Ref: http://codereview.chromium.org/259/patch/1/2
______________________________________________________________________

08.37.46 CVE: CVE-2008-3910
Platform: Cross Platform
Title: Dns2tcp Multiple Remote Buffer Overflow Vulnerabilities
Description: Dns2tcp is a network tool designed to relay TCP
connections through DNS traffic. The application is exposed to two
buffer overflow issues because it fails to properly validate
user-supplied input. Dns2tcp versions prior to 0.4.1 are affected.
Ref: http://www.securityfocus.com/bid/31080
______________________________________________________________________

08.37.47 CVE: CVE-2008-3963
Platform: Cross Platform
Title: MySQL Empty Binary String Literal Remote Denial Of Service
Description: MySQL is an open-source SQL database available for
multiple operating systems. MySQL is exposed to a remote denial of
service issue because it fails to handle empty binary string literals.
MySQL versions prior to 5.0.66, 5.1.26, and 6.0.6 are affected.
Ref: http://bugs.mysql.com/bug.php?id=35658
______________________________________________________________________

08.37.48 CVE: CVE-2008-3615, CVE-2008-3635, CVE-2008-3624,
CVE-2008-3625, CVE-2008-3614, CVE-2008-3626, CVE-2008-3627,
CVE-2008-3628, CVE-2008-3629
Platform: Cross Platform
Title: Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
Description: Apple QuickTime is a media player that supports multiple
file formats. QuickTime is exposed to multiple remote issues that may
allow remote attackers to execute arbitrary code and carry out denial
of service attacks.
Ref: http://www.securityfocus.com/archive/1/496163
______________________________________________________________________

08.37.49 CVE: CVE-2008-3636
Platform: Cross Platform
Title: Apple iTunes Third Party Driver Local Privilege Escalation
Description: Apple iTunes is a media player for Microsoft Windows and
Apple MAC OS/X. Apple iTunes is exposed to a local privilege
escalation issue caused by an integer overflow issue that occurs in a
third-party driver provided with iTunes. iTunes versions prior to 8.0
for Microsoft Windows XP and Microsoft Windows Vista are affected.
Ref: http://www.securityfocus.com/bid/31089
______________________________________________________________________

08.37.50 CVE: CVE-2008-3634
Platform: Cross Platform
Title: Apple iTunes Misleading Firewall Warning Weakness
Description: Apple iTunes is a media player for Microsoft Windows and
Apple Mac OS X. Apple iTunes is exposed to a security weakness because
it contains a misleading firewall warning that conveys erroneous
information to users. Apple iTunes versions prior to 8.0 are
affected.
Ref: http://www.securityfocus.com/bid/31090
______________________________________________________________________

08.37.51 CVE: Not Available
Platform: Cross Platform
Title: Maxthon Browser Remote Denial of Service
Description: Maxthon Browser is a Web browser that is based on the
Microsoft Internet Explorer engine. Maxthon Browser includes tabbed
browsing support. Maxthon Browser is exposed to a denial of service
issue that can be triggered when the "window.sidebar.addPanel()" or
"window.external.AddFavorite()" functions are called multiple times in
a loop. Maxthon Browser version 2.1.4.443 is affected.
Ref: http://www.securityfocus.com/bid/31098
______________________________________________________________________

08.37.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mail and Mail WebMail Multiple Cross-Site Scripting
Vulnerabilities
Description: Mail and Mail WebMail are PHP-based webmail
applications. The applications are exposed to multiple cross-site
scripting issues because they fail to sufficiently sanitize
user-supplied input. These issues affect the following versions: Mail
WebMail 5.05 running on Microsoft Windows and Mail 5.42 running on
CentOS.
Ref: http://www.securityfocus.com/bid/30992
______________________________________________________________________

08.37.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Celerondude Uploader "account.php" Cross-Site Scripting
Description: Celerondue Uploader is a PHP-based application used for
managing file content. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "username" parameter of the "account.php"
script. Uploader version 6.1 is affected.
Ref: http://www.securityfocus.com/bid/31010
______________________________________________________________________

08.37.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pentasoft Avactis Shopping Cart Multiple Cross-Site Scripting
Vulnerabilities
Description: Avactis Shopping Cart is a PHP-based shopping cart
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input. Avactis Shopping Cart versions 1.8.1 and 1.8.0
are affected.
Ref: http://www.avactis.com/forums/index.php?showtopic=3577
______________________________________________________________________

08.37.55 CVE: CVE-2008-3101
Platform: Web Application - Cross Site Scripting
Title: Silentum LoginSys Multiple Cross-Site Scripting Vulnerabilities
Description: Silentum LoginSys is a login system. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input to unspecified parameters. Silentum
LoginSys version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/31055
______________________________________________________________________

08.37.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpAdultSite CMS "results_per_page" Parameter Cross-Site
Scripting
Description: phpAdultSite is a content management system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the
"results_per_page" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/496075
______________________________________________________________________

08.37.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Gallery 2.0 Multiple Cross-Site Scripting Vulnerabilities
Description: Gallery is a PHP-based photo gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. Gallery version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/31060
______________________________________________________________________

08.37.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Multiple Cross-Site Scripting Vulnerabilities
Description: Movable Type is a web-log application written in Perl and
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sufficiently sanitize user-supplied input
passed to unspecified scripts and parameters. Movable Type versions
3.36, 4.01 and 4.13 as well as Movable Type Community Solution 1.51
and Movable Type Enterprise 1.55 are affected.
Ref:
http://www.movabletype.org/2008/08/movable_type_42_rc5_and_security_updates.html
______________________________________________________________________

08.37.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: High Norm Sound Master 2nd Unspecified Cross-Site Scripting
Description: The High Norm Sound Master 2nd is a multimedia
application implemented in Perl. The application is exposed to an
unspecified cross-site scripting issue because it fails to properly
sanitize user-supplied input. High Norm Sound Master 2nd version 1.0.0
is affected.
Ref: http://jvn.jp/en/jp/JVN55010230/index.html
______________________________________________________________________

08.37.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PunBB "p" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: PunBB is a PHP-based forum application. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. PunBB versions prior to 1.2.20 are
affected.
Ref: http://punbb.informer.com/
______________________________________________________________________

08.37.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Vastal I-Tech Products Multiple SQL Injection
Vulnerabilities
Description: Multiple Vastal I-Tech Products are exposed to multiple
SQL injection issues because they fail to sufficiently sanitize
user-supplied data before using it in an SQL query. A successful
exploit may allow an attacker to compromise one of the applications,
access or modify data, or exploit latent vulnerabilities in the
underlying database.
Ref: http://www.securityfocus.com/bid/31033
______________________________________________________________________

08.37.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EsFaq "questions.php" SQL Injection
Description: EsFaq is a web-based frequently-asked-questions
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"idcat" parameter of the "questions.php" script before using it in an
SQL query. EsFaq version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31036
______________________________________________________________________

08.37.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vastal I-Tech Shaadi Zone "keyword_search_action.php" SQL
Injection
Description: Vastal I-Tech Shaadi Zone is a matrimonial services
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"tage" parameter of the "keyword_search_action.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31039
______________________________________________________________________

08.37.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vastal I-Tech Dating Zone "advanced_search_results.php" SQL
Injection
Description: Vastal I-Tech Dating Zone is a dating application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "fage" parameter of
the "advanced_search_results.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/31043
______________________________________________________________________

08.37.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MemHT Portal "inc_statistics.php" SQL Injection
Description: MemHT Portal is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "$_COOKIE["stats_res"]" parameter
of the "inc/inc_statistics.php" script before using it in an SQL
query. MemHT Portal versions 3.9.0 and earlier are affected.
Ref:
http://www.memht.com/news_95_Important-fix-for-all-MemHT-Versions.html
______________________________________________________________________

08.37.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Masir Camp "ordercode" Parameter SQL Injection
Description: Masir Camp is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "ordercode" parameter before using
it in an SQL query. Masir Camp versions 3.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31046
______________________________________________________________________

08.37.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eZoneScripts Living Local "listtest.php" SQL Injection
Description: eZoneScripts Living Local is a PHP-based application for
rental listings. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"r" parameter of the "Script/listtest.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31001
______________________________________________________________________

08.37.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ACG-PTP
Description: ACG-PTP is a web application. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "adid" parameter of the "index.php" script
before using it in an SQL query. ACG-PTP version 1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/31005
______________________________________________________________________

08.37.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Words tag script "index.php" SQL Injection
Description: Words tag script is a PHP-based application that allows
users to develop word ad pages. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "word" parameter of the "index.php" script
when the "command" parameter is set to "claim" before using it in an
SQL query. Words tag script version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/31011
______________________________________________________________________

08.37.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ACG-ScriptShop E-Gold Script Shop "cid" Parameter SQL Injection
Description: ACG-ScriptShop E-Gold Script Shop is a PHP-based
application that allows users to list their applications for sale
online. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cid"
parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31015
______________________________________________________________________

08.37.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zen Cart Multiple SQL Injection Vulnerabilities
Description: Zen Cart is a PHP-based ecommerce application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input before using it in
an SQL query. Zen Cart versions 1.2.0 through 1.3.8a are affected.
Ref: http://www.gulftech.org/?node=research&article_id=00129-09042008
______________________________________________________________________

08.37.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Agent Zone "view_ann.php" SQL Injection
Description: Agent Zone is PHP-based real estate application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "ann_id" parameter of
the "view_ann.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31032
______________________________________________________________________

08.37.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Alstrasoft Forum Pay Per Post Exchange "cat" Parameter SQL
Injection
Description: Alstrasoft Forum Pay Per Post Exchange is a web-based
application enabling users to get paid for submitting forum posts. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31048
______________________________________________________________________

08.37.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pligg "submit.php" Multiple SQL Injection Vulnerabilities
Description: Pligg is a content management system implemented in PHP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
SQL queries. The parameters "id" and "category" of the script
"submit.php" are affected. Pligg version 9.9.5 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-pligg
______________________________________________________________________

08.37.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eXtrovert software Thyme "pick_users.php" SQL Injection
Description: eXtrovert software Thyme is a web-based calendar
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"pick_users.php" script before using it in an SQL query. Thyme version
1.3 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-thyme
______________________________________________________________________

08.37.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Php B2B Trading Marketplace Script "listings.php" SQL
Injection
Description: E-Php B2B Trading Marketplace Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cid" parameter of the "listings.php" script before using it in an SQL
query.
Ref: http://www.ephpscripts.com/b2b-trading-portal.php
______________________________________________________________________

08.37.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UBB.threads "Forum[]" Array SQL Injection
Description: UBB.threads is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Forum[]" array
parameter in the "index.php" script before using it in an SQL query.
UBB.threads versions 7.3.1 released before September 2, 2008 and
earlier are affected.
Ref: http://www.gulftech.org/?node=research&article_id=00130-09082008
______________________________________________________________________

08.37.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Hot Links SQL-PHP "report.php" SQL Injection
Description: Hot Links SQL-PHP is a link management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"report.php" script before using it in an SQL query. Hot Links SQL-PHP
version 3 is affected.
Ref: http://www.securityfocus.com/bid/31078
______________________________________________________________________

08.37.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Stash 1.0.3 Multiple SQL Injection Vulnerabilities
Description: Stash is a PHP-based content manager for band web sites.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Stash version 1.0.3
is affected.
Ref: http://www.securityfocus.com/archive/1/496142
______________________________________________________________________

08.37.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Live TV Script "mid" Parameter SQL Injection
Description: Live TV Script is a PHP-based application for adding
multimedia feeds to web pages. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "mid" parameter of the "index.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31083
______________________________________________________________________

08.37.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Creator CMS "index.asp" SQL Injection
Description: Creator CMS is an ASP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sideid" parameter of
the "index.asp" script before using it in an SQL query. Creator CMS
version 5.0 is affected.
Ref: http://www.securityfocus.com/bid/31084
______________________________________________________________________

08.37.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Buzz "id" Parameter SQL Injection
Description: CMS Buzz is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31097
______________________________________________________________________

08.37.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AvailScript Classmate Script "viewprofile.php" SQL Injection
Description: AvailScript Classmate Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "p" parameter of
the "viewprofile.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31100
______________________________________________________________________

08.37.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AvailScript Job Portal Script "applynow.php" SQL Injection
Description: AvailScript Job Portal Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "jid" parameter of
the "applynow.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31101
______________________________________________________________________

08.37.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Libera CMS Cookie SQL Injection
Description: Libera CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "libera_staff_pass"
cookie parameter before using it in an SQL query. Libera CMS versions
1.12 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31102
______________________________________________________________________

08.37.86 CVE: Not Available
Platform: Web Application
Title: devalcms Multiple Input Validation Vulnerabilities
Description: devalcms is a content management system. davalcms is
exposed to multiple input validation issues because the application
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/31037
______________________________________________________________________

08.37.87 CVE: Not Available
Platform: Web Application
Title: aspWebAlbum Multiple Input Validation Vulnerabilities
Description: aspWebAlbum is an ASP-based photo album application.
Since it fails to adequately sanitize user-supplied input, aspWebAlbum
is exposed to multiple input validation issues. aspWebAlbum version
3.2 is affected.
Ref: http://www.securityfocus.com/bid/30996
______________________________________________________________________

08.37.88 CVE: Not Available
Platform: Web Application
Title: AvailScript Article Script Multiple Input Validation
Vulnerabilities
Description: AvailScript Article Script is a PHP-based article
management script. The application is exposed to a cross-site
scripting issue and an SQL injection issue because the application
fails to sufficiently sanitize user-supplied input to the "aIDS"
parameter of the "article.php" script.
Ref: http://www.securityfocus.com/bid/31095
______________________________________________________________________

08.37.89 CVE: Not Available
Platform: Web Application
Title: Webservice-DIC shop_v50 And shop_v52 Multiple Cross-Site
Scripting Vulnerabilities
Description: shop_v50 and shop_v52 are web-based applications. The
applications are exposed to multiple cross-site scripting issues
because they fail to sufficiently sanitize user-supplied input to
unspecified parameters.
Ref: http://www.securityfocus.com/bid/31006
______________________________________________________________________

08.37.90 CVE: CVE-2008-3664
Platform: Web Application
Title: XRMS CRM Multiple Input Validation Vulnerabilities
Description: XRMS CRM is a customer relationship management
application. The application is exposed to multiple input validation
issues. An unspecified SQL injection issue affects the
"admin/users/self-2.php" script, and an HTML injection issue affects
the user's "real name" field.
Ref: http://www.securityfocus.com/archive/1/495981
______________________________________________________________________

08.37.91 CVE: Not Available
Platform: Web Application
Title: QwicsitePro "pageid" Parameter SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: QwicsitePro is a web-based content manager written in
PHP. The application is exposed to a cross-site scripting issue and an
SQL injection issue because it fails to sufficiently sanitize
user-supplied input to the "pageid" parameter of the "index.php"
script.
Ref: http://www.securityfocus.com/bid/31016
______________________________________________________________________

08.37.92 CVE: Not Available
Platform: Web Application
Title: Drupal Content Creation Kit Module Multiple HTML Injection
Vulnerabilities
Description: Content Creation Kit (CCK) is a module for Drupal, an
open source content manager that is available for a number of
platforms. The module is exposed to multiple HTML injection issues
because it fails to properly sanitize user-supplied input before using
it in dynamically generated content. Content Creation Kit versions
prior to 5.x-1.8 are affected.
Ref: http://drupal.org/node/304093
______________________________________________________________________

08.37.93 CVE: Not Available
Platform: Web Application
Title: eZoneScripts Dating Website Remote File Upload
Description: eZoneScripts Dating Website is a web-based application.
The application is exposed to an issue that allows an attacker to
upload arbitrary script code and execute it in the context of the
web server process. The attacker can upload arbitrary files using the
application's "admin/upload_banner.php" script.
Ref: http://www.securityfocus.com/bid/31028
______________________________________________________________________

08.37.94 CVE: Not Available
Platform: Web Application
Title: WordPress Lost Password SQL Column Truncation Unauthorized
Access
Description: WordPress is a web-based publishing application.
WordPress is exposed to an unauthorized access issue. The problem
stems from an SQL column-truncation issue which allows the creation of
accounts with names that differ only in trailing spaces. WordPress
version 2.6.1 is affected.
Ref: http://www.securityfocus.com/bid/31068
______________________________________________________________________

08.37.95 CVE: Not Available
Platform: Web Application
Title: AvailScript Photo Album Script Multiple Input Validation
Vulnerabilities
Description: AvailScript Photo Album Script is a PHP-based image
gallery. Since it fails to sufficiently sanitize user-supplied data,
the application is exposed to multiple input validation issues.
Ref: http://www.securityfocus.com/bid/31085
______________________________________________________________________

08.37.96 CVE: Not Available
Platform: Web Application
Title: Jaw Portal "index.php" Multiple Local File Include
Vulnerabilities
Description: Jaw Portal is a PHP-based content manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the following
parameters of the "index.php" script: "flag" and "inc". Jaw Portal
version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/31099
______________________________________________________________________

08.37.97 CVE: Not Available
Platform: Network Device
Title: Samsung DVR SHR-2040 HTTPD Denial of Service
Description: Samsung DVR SHR-2040 is a digital video recorder.
Samsung DVR SHR-2040 is exposed to a denial of service issue because
it fails to properly validate user-supplied input. Specifically, it
fails to correctly handle maliciously crafted requests sent to its
HTTPD service. SHR-2040 device with firmware version
B3.03E-K1.53-V2.19_0705281908 is affected.
Ref:
http://www.sybsecurity.com/advisors/SYBSEC-ADV16-Samsung_DVR_SHR_2040_HTTPD_Remote_Denial_Of_Service
______________________________________________________________________

08.37.98 CVE: CVE-2008-2732, CVE-2008-2733, CVE-2008-2734,
CVE-2008-2735, CVE-2008-2736
Platform: Network Device
Title: Cisco PIX and Cisco ASA Multiple Denial of Service and
Information Disclosure Vulnerabilities
Description: Cisco PIX and ASA are security appliances. They are
exposed to multiple remote issues. An attacker can exploit these
issues to obtain sensitive information or cause the affected devices
to reload.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml
______________________________________________________________________

08.37.99 CVE: CVE-2008-1197
Platform: Network Device
Title: NETGEAR WN802T With Marvell 88W8361P-BEM1 Chipset WAP Denial of
Service
Description: The NETGEAR WN802T wireless access point is exposed to a
local denial of service issue because it fails to adequately verify
user-supplied input. The device fails to correctly parse SSID (service
set identifier) elements in association requests with wireless
clients. The NETGEAR WN802T wireless access point running firmware
version 1.3.16 on the Marvell 88W8361P-BEM1 chipset is affected.
Ref: http://www.securityfocus.com/archive/1/495983
______________________________________________________________________

08.37.100 CVE: CVE-2007-5474
Platform: Network Device
Title: Atheros Communications AR5416-AC1E Information Element Denial
of Service
Description: Atheros Communications AR5416-AC1E is a chipset included
in wireless routers. AR5416-AC1E is exposed to a denial of service
issue because it fails to perform adequate boundary checks on
user-supplied data. The issue occurs when parsing Atheros vendor
specific information included in the association requests. Atheros
AR5416-AC1E included in Linksys WRT35ON wireless router running
firmware version 2.00.17 is affected.
Ref: http://www.securityfocus.com/archive/1/495984
______________________________________________________________________

08.37.101 CVE: CVE-2008-1144
Platform: Network Device
Title: NETGEAR WN802T Wireless Access Point EAPoL Key Length Denial of
Service
Description: The NETGEAR WN802T is a WiFi network access point. The
WN802T is exposed to a denial of service issue because it fails to
adequately handle long key lengths in EAPoL packets. An attacker who
has authenticated in 802.11 open mode may exploit this issue under
some configurations, causing the access point to restart or crash.
NETGEAR WN802T firmware version 1.3.16 with the MARVELL 88W8361P-BEM1
chipset is affected.
Ref: http://www.securityfocus.com/archive/1/495982
______________________________________________________________________

08.37.102 CVE: Not Available
Platform: Network Device
Title: MicroTik RouterOS SNMP Security Bypass
Description: MicroTik RouterOS is a router operating system and
software used to create dedicated router devices. MicroTik RouterOS is
exposed to a security bypass issue because the application fails to
sufficiently sanitize SNMP requests. Microtik RouterOS versions up to
and including 3.13 and 2.9.51 are affected.
Ref: http://www.securityfocus.com/bid/31025
______________________________________________________________________

08.37.103 CVE: Not Available
Platform: Network Device
Title: D-Link DIR-100 Security Bypass
Description: D-Link DIR-100 is an Ethernet broadband router. It
includes various security features including a web proxy service that
allows network administrators to block users from accessing certain
URLs. D-Link DIR-100 is affected by an issue that allows attackers to
bypass security restrictions. This issue can allow users to bypass
security restrictions and access sites that are blocked by an
administrator. D-Link DIR-100 devices with firmware version 1.12 are
affected.
Ref: http://www.securityfocus.com/archive/1/496072
______________________________________________________________________

08.37.104 CVE: Not Available
Platform: Network Device
Title: Sagem Fst 2404 Router "wancfg.cmd" Denial of Service
Description: Sagem Fst 2404 is a high-speed wireless router. Sagem
Fst 2404 is exposed to a remote denial of service issue because it
fails to perform adequate boundary checks on user-supplied data. The
vulnerability affects the "action" parameter of the "wancfg.cmd"
script.
Ref: http://www.securityfocus.com/archive/1/496075
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current
subscription, visit http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjJnT0ACgkQ+LUG5KFpTkZKiwCgh3US8wjXwZzc/H4zZyfqxFs+
UxAAniRPhWe5G9eQbMFecVxPAqlKZ1YU
=1StM
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]