NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 38

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Sep 18 2008 - 20:06:03 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apple Macs and Apple Quicktime top the list of software with critical
vulnerabilities this week. Red Hat IPA and LANDesk round it out.
Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
Sept. 18, 2008 Vol. 7. Week 38
*************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 1
Third Party Windows Apps 7 (#4, #6, #7)
Mac Os 2 (#1, #8)
Linux 8 (#3, #5)
Cross Platform 14 (#2)
Web Application - Cross Site Scripting 9
Web Application - SQL Injection 26
Web Application 27
Network Device 3

******************** Sponsored By Sourcefire, Inc. *********************

Best of Open Source Security (BOSS) Conference

February 8-10, 2009 -- Flamingo -Las Vegas

Be sure to register the first IT security conference dedicated to
promoting open source security (OSS) technologies and the commercial
products that embrace them.

This long overdue conference will bring together passionate OSS
advocates and vendors under the same roof to share ideas and
experiences.

For more information, visit http://www.sans.org/info/33239
***********************************************************************
TRAINING SCHEDULE UPDATE
- - SANSFire 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
http://www.sans.org/info/26774
- - Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
http://www.sans.org/secureeurope08
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
Plus 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-006)
(2) CRITICAL: Apple QuickTime Memory Corruption
(3) CRITICAL: Red Hat Enterprise IPA Password Disclosure Vulnerability
(4) CRITICAL: LANDesk Management Suite Heal Packet Buffer Overflow
(5) HIGH: Red Hat Directory Server Multiple Vulnerabilities
(6) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
(7) HIGH: Data Dynamics ActiveReports ActiveX Control Multiple Vulnerabilities
(8) MODERATE: Adobe Illustrator File Parsing Remote Code Execution

************************ SPONSORED LINK *******************************
1) Get real-world forensic techniques from industry-recognized experts
at the Forensics & Incident Response Summit October 13-14 in Las Vegas.
http://www.sans.org/info/33244
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Windows
08.38.1 - Microsoft Windows WRITE_ANDX SMB Processing Remote Denial of Service
-- Third Party Windows Apps
08.38.2 - Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow
08.38.3 - ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow
08.38.4 - Microsoft SQL Server 2000 "sqlvdir.dll" ActiveX Buffer Overflow
08.38.5 - Baidu Hi "CSTransfer.dll" Remote Stack Buffer Overflow
08.38.6 - LANDesk Intel QIP Service "qipsrvr.exe" Buffer Overflow
08.38.7 - ComponentOne VSFlexGrid ActiveX Control "Archive()" Buffer Overflow
08.38.8 - Acresso FLEXnet Connect "GetRules.asp" Remote Code Execution
-- Mac Os
08.38.9 - Apple Mac OS X 2008-006 Multiple Security Vulnerabilities
-- Linux
08.38.10 - Red Hat Fedora Directory Server HTTP Unescaping Functions Buffer Overflow
08.38.11 - Red Hat Enterprise IPA Master Kerberos Password Information Disclosure
08.38.12 - Linux Kernel "SCTP" Module Multiple Vulnerabilities
08.38.13 - Linux Kernel "iov_iter_advance()" Page Fault Local Denial of Service
08.38.14 - Linux kernel NFSv4 ACL Buffer Overflow
08.38.15 - Linux Kernel "shmem_delete_inode()" Local Denial of Service
08.38.16 - Linux Kernel s390 ptrace Denial of Service
08.38.17 - Linux Kernel "add_to_page_cache_lru()" Local Denial of Service
-- Cross Platform
08.38.18 - Unreal Engine Failed Memory Allocation Remote Denial of Service
08.38.19 - Epic Games Unreal Engine Multiple Format String Vulnerabilities
08.38.20 - Adobe Flash Player Clipboard Security Weakness
08.38.21 - libxml XML Entity Name Heap Buffer Overflow
08.38.22 - IntegraMOD Backup Directory Information Disclosure
08.38.23 - Avant Browser JavaScript Engine Integer Overflow
08.38.24 - Apple iPhone and iPod touch Safari WebKit "alert()" Function Remote Denial of Service
08.38.25 - Kolab Groupware Server Apache Log File User Password Information Disclosure
08.38.26 - Personal FTP Server "RETR" Command Remote Denial of Service
08.38.27 - Python "move-faqwiz.sh" Insecure Temporary File Creation
08.38.28 - IBM WebSphere Application Server "FileServing" Feature Unspecified Vulnerability
08.38.29 - Sun Management Center Remote Denial of Service
08.38.30 - pdnsd "src/dns_query.c" Remote Denial of Service
08.38.31 - Unreal Engine "UnChan.cpp" Failed Assertion Remote Denial of Service
-- Web Application - Cross Site Scripting
08.38.32 - Horde Application Framework Forward Slash Insufficient Filtering Cross-Site Scripting
08.38.33 - Horde MIME Attachment Filename Insufficient Filtering Cross-Site Scripting
08.38.34 - NooMS Multiple Cross-Site Scripting Vulnerabilities
08.38.35 - DeluxeBB "tools.php" Cross-Site Scripting
08.38.36 - Pro2col Stingray FTS
08.38.37 - Dynamic MP3 Lister "index.php" Multiple Cross-Site Scripting Vulnerabilities
08.38.38 - Paranews Multiple Cross-Site Scripting Vulnerabilities
08.38.39 - Horde Turba Contact Manager "/imp/test.php" Cross-Site Scripting
08.38.40 - Opera Web Browser Unicode Whitespace Cross-Site Scripting Weakness
-- Web Application - SQL Injection
08.38.41 - Sports Clubs Web Panel "id" Parameter Multiple SQL Injection Vulnerabilities
08.38.42 - PHPortfolio "photo.php" SQL Injection
08.38.43 - Vastal I-Tech phpVID "group.php" SQL Injection
08.38.44 - Zanfi CMS lite "index.php" SQL Injection
08.38.45 - Hot Links SQL-PHP "news.php" SQL Injection
08.38.46 - E-Php CMS "article.php" SQL Injection
08.38.47 - Zanfi Autodealers CMS AutOnline "pageid" Parameter SQL Injection
08.38.48 - Zanfi Autodealers CMS AutOnline "id" Parameter SQL Injection
08.38.49 - Powie PHP Forum "showprofil.php" SQL Injection
08.38.50 - QuicO "photo.php" SQL Injection
08.38.51 - WebPortal CMS "download.php" SQL Injection
08.38.52 - vbLOGIX Tutorials "main.php" SQL Injection
08.38.53 - iBoutique "index.php" SQL Injection
08.38.54 - pNews "newskom.php" SQL Injection
08.38.55 - pLink "linkto.php" SQL Injection
08.38.56 - FoT Video scripti "izle.asp" SQL Injection
08.38.57 - phpSmartCom Local File Include and SQL Injection Vulnerabilities
08.38.58 - DownlineGoldmine Multiple Products "tr.php" SQL Injection
08.38.59 - Kasseler CMS "index.php" Multiple SQL Injection Vulnerabilities
08.38.60 - phsdev phsBlog "sid" Parameter SQL Injection
08.38.61 - Ruby on Rails ":offset" and ":limit" Parameters SQL Injection Vulnerabilities
08.38.62 - LinksCaffePRO "index.php" SQL Injection
08.38.63 - Link Bid Script "upgrade.php" SQL Injection
08.38.64 - Pre Real Estate Website "search.php" SQL Injection
08.38.65 - phsdev phsBlog "upload/index.php" SQL Injection
08.38.66 - iScripts EasyIndex "detaillist.php" SQL Injection
-- Web Application
08.38.67 - Joomla! Multiple Remote Vulnerabilites and Weaknesses
08.38.68 - MyBB Prior to 1.4.1 Multiple Unspecified Vulnerabilities
08.38.69 - Multiple Tor World CGI Scripts Remote Script Execution
08.38.70 - LedgerSMB Versions Prior to 1.2.15 Multiple Remote Vulnerabilities
08.38.71 - myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
08.38.72 - myPHPNuke "print.php" SQL Injection and Cross-Site Scripting Vulnerabilities
08.38.73 - WordPress Random Password Generation Insufficient Entropy Weakness
08.38.74 - Ananta "connectors.php" Arbitrary File Upload
08.38.75 - PhpWebGallery Local File Include and Cross-Site Scripting Vulnerabilities
08.38.76 - Easy Photo Gallery Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.38.77 - minb Multiple Arbitrary File Upload Vulnerabilities
08.38.78 - Sports Clubs Web Panel "index.php" Local File Include
08.38.79 - Grafitti Forums SQL Injection and HTML Injection Vulnerabilities
08.38.80 - D-iscussion Board "index.php" Local File Include
08.38.81 - DotNetNuke Multiple Security Bypass and Information Disclosure Vulnerabilities
08.38.82 - Drupal Answers Module "answer" Field HTML Injection
08.38.83 - YourOwnBux Cookie Authentication Bypass
08.38.84 - WebCMS Portal Edition Multiple Input Validation Vulnerabilities
08.38.85 - SkaLinks "register.php" Account Creation Access Validation
08.38.86 - Easy Photo Gallery "useradmin.php" Access Validation
08.38.87 - TalkBack "comments.php" Local File Include
08.38.88 - Free PHP VX Guestbook Cookie Authentication Bypass and Information Disclosure Vulnerabilities
08.38.89 - CzarNews "recook" Cookie Authentication Bypass
08.38.90 - SPAW Editor "theme.class.php" Unspecified Input Validation
08.38.91 - phpMyAdmin "server_databases.php" Remote Command Execution
08.38.92 - Fantastico De Luxe "fantasticopath" Parameter Local File Include
08.38.93 - OSADS Alliance Database "includes/functions.php" Unspecified
-- Network Device
08.38.94 - Nokia E90 Communicator Remote Denial of Service
08.38.95 - Accellion File Transfer Appliance Error Report Message Open Email Relay
08.38.96 - Beetel 220BX Series DSL Modem Provided by Airtel Multiple Security Vulnerabilities
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-006)
Affected:
Apple Mac OS X versions prior to 10.5.5
Description: Apple Mac OS X contains multiple vulnerabilities in various
subsystems. The impact of these vulnerabilities ranges from remote code
execution to information disclosure and denials-of-service. Most of the
remote code execution vulnerabilities stem from file parsing
vulnerabilities; however one flaw in the included ClamAV distribution
may be triggered by malicious emails. Various other local-only and
privilege escalation vulnerabilities are addressed in this update.
Status: Vendor confirmed, updates available.
References:
Apple Security Advisory
http://support.apple.com/kb/HT3137
SecurityFocus BID
http://www.securityfocus.com/bid/31189
*********************************************************
(2) CRITICAL: Apple QuickTime Memory Corruption
Affected:
Apple QuickTime versions 7.5.5 and prior
Apple iTunes versions 8.0 and prior
Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. iTunes is Apple's music and media
management application, based on QuickTime. QuickTime contains a flaw
in its parsing of certain file constructs. A specially crafted QuickTime
file could trigger this flaw, leading to memory corruption. It is
believed, though not confirmed, that this could be leveraged to allow
remote code execution with the privileges of the current user. This flaw
could also be executed via a malicious web page if the user has the
QuickTime browser plugin installed; this plugin is installed by default
along with the QuickTime framework. Full technical details and a
proof-of-concept are publicly available for this vulnerability.
Status: Apple has not confirmed, no updates available.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6471
QuickTime Home Page
http://www.apple.com/software/quicktime
SecurityFocus BID
http://www.securityfocus.com/bid/31212
*********************************************************
(3) CRITICAL: Red Hat Enterprise IPA Password Disclosure Vulnerability
Affected:
Red Hat Enterprise IPA v1 EL5
Description: Red Hat Enterprise IPA is an identity management suite for
enterprises. It contains a flaw in its installation procedure that
stores the master Kerberos password in such a way that it may be
retrieved by an anonymous Lightweight Directory Access Protocol (LDAP)
request. Kerberos is a password management and authentication protocol.
If the master Kerberos password is compromised, it would be possible to
retrieve or change the passwords of users managed by Kerberos. Some
technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available.
References:
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2008-0860.html
Wikipedia Article on Kerberos
http://en.wikipedia.org/wiki/Kerberos_(protocol)
Product Home Page
http://www.redhat.com/promo/ipa/
SecurityFocus BID
http://www.securityfocus.com/bid/31111
*********************************************************
(4) CRITICAL: LANDesk Management Suite Heal Packet Buffer Overflow
Affected:
LANDesk Management Suite versions 8.8 and prior
Description: LANDesk is a popular system management application. It
contains a flaw in its QIP Server service component. This component,
which listens for requests from the network, contains a buffer overflow
in its handling of QIP "heal" packets. A specially crafted packet could
trigger this buffer overflow, allowing an attacker to execute arbitrary
code with the privileges of the vulnerable process (usually SYSTEM).
Some technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP port 1275 at the
network perimeter.
References:
TippingPoint DVLabs Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-06
LANDesk Security Advisory
http://community.landesk.com/support/docs/DOC-3276
SecurityFocus BID
http://www.securityfocus.com/bid/31193
*********************************************************
(5) HIGH: Red Hat Directory Server Multiple Vulnerabilities
Affected:
Red Hat Directory Server adminutil versions prior to 1.1.7-1.fc9
Description: Red Hat Directory Server is Red Hat's Lightweight Directory
Access Protocol (LDAP) server. It contains a flaw in its handling of
parameters to some of the CGI scripts used to manage the server. A
specially crafted request to one of these scripts could result in a
buffer overflow. Successfully exploiting this buffer overflow would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process (usually 'nobody'). It is not known if authentication
is required to reach the vulnerable CGI applications. Various other
denial-of-service and related vulnerabilities have also been addressed.
Status: Vendor confirmed, updates available.
References:
Red Hat Bug
https://bugzilla.redhat.com/show_bug.cgi?id=454662
Red Hat Security Advisory
https://rhn.redhat.com/errata/RHSA-2008-0858.html
Product Home Page
http://www.redhat.com/directory_server/
SecurityFocus BID
http://www.securityfocus.com/bid/31106
*********************************************************
(6) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
Affected:
Trend Micro OfficeScan versions 7.3p4 and prior
Description: Trend Micro OfficeScan is a popular enterprise antivirus
solution. It contains a flaw in its CGI-based web interface. Its
"cgiRecvFile" component fails to properly handle overlong parameters. A
specially crafted request to this component could lead to a buffer
overflow. This would allow an attacker to execute arbitrary code with
the privileges of the vulnerable process. Some technical details are
publicly available for this vulnerability. It is currently not known if
authentication is required to exploit this vulnerability.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-35/
Trend Micro Patch Information
http://www.trendmicro.com/ftp/documentation/readme/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195_readme.txt
Product Home Page
http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/
SecurityFocus BID
http://www.securityfocus.com/bid/31139
*********************************************************
(7) HIGH: Data Dynamics ActiveReports ActiveX Control Multiple Vulnerabilities
Affected:
Data Dynamics ActiveReports ActiveX Control versions 2.5.0.1314 and prior
Description: Data Dynamics ActiveReports is a popular report development
system for Microsoft Visual Basic. It contains multiple vulnerabilities
in various methods. A malicious web page that instantiated this control
could call one of these methods. Successfully exploiting one of these
vulnerabilities would allow an attacker to overwrite arbitrary files
with the privileges of the current user. This could be leveraged to
execute arbitrary code with the privileges of the current user. Full
technical details and a proof-of-concept are publicly available for this
vulnerability.
Status: Vendor confirmed, no updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"8569D715-FF88-44BA-8D1D-AD3E59543DDE".
References:
Vuln.sg Advisory
http://vuln.sg/ddarviewer2501314-en.html
Product Home Page
http://www.datadynamics.com/Products/ProductOverview.aspx?Product=AR2
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/31227
*********************************************************
(8) MODERATE: Adobe Illustrator File Parsing Remote Code Execution
Affected:
Adobe Illustrator for Mac version CS2
Description: Adobe Illustrator is a popular vector graphics drawing
program. It contains a flaw in its parsing of its native "Ai" file
format. A specially crafted Ai file could trigger this flaw, allowing
an attacker to execute arbitrary code with the privileges of the current
user. Note that only the versions of Adobe Illustrator for the Apple
Macintosh are affected; Microsoft Windows versions are not affected.
Depending upon configuration, malicious files may be opened by the
vulnerable program upon receipt, without first prompting the user.
Status: Vendor confirmed, updates available.
References:
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-07.html
Product Home Page
http://www.adobe.com/products/illustrator/
SecurityFocus BID
http://www.securityfocus.com/bid/31208
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 38, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.38.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows WRITE_ANDX SMB Processing Remote Denial of
Service
Description: Microsoft Windows is exposed to a remote denial of
service issue because it fails to adequately handle specially crafted
Server Message Block (SMB) packets. This issue occurs when the
"srv.sys" driver handles malformed WRITE_ANDX SMB packets.
Ref: http://www.securityfocus.com/archive/1/496354
______________________________________________________________________

08.38.2 CVE: CVE-2008-2437
Platform: Third Party Windows Apps
Title: Trend Micro OfficeScan "cgiRecvFile.exe" Buffer Overflow
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. Trend Micro OfficeScan is exposed to a buffer
overflow issue because the application fails to properly bounds check
user-supplied data before copying it into an insufficiently sized
memory buffer.
Ref: http://www.securityfocus.com/archive/1/496281
______________________________________________________________________

08.38.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: ZoneAlarm Security Suite AntiVirus Directory Path Buffer
Overflow
Description: ZoneAlarm Security Suite is a security suite for
Microsoft Windows platforms. ZoneAlarm Anti-Virus is included. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. The issue
arises when the application attempts to scan a number of nested
directories with long names. ZoneAlarm Security Suite version
7.0.483.000 is affected.
Ref: http://www.securityfocus.com/archive/1/496226
______________________________________________________________________

08.38.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft SQL Server 2000 "sqlvdir.dll" ActiveX Buffer Overflow
Description: Microsoft SQL Server is an implementation of an SQL
relational database developed by Microsoft. It is commercially
available for Microsoft Windows. The application's "sqlvdir.dll"
ActiveX control is exposed to a buffer overflow issue because it fails
to bounds check user-supplied data before copying it into an
insufficiently sized buffer. The issue occurs when passing excessive
amounts of data to the "Control()" method. Microsoft SQL Server 2000
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.38.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Baidu Hi "CSTransfer.dll" Remote Stack Buffer Overflow
Description: Baidu Hi is an instant messaging application available
for Microsoft Windows. Baidu Hi is exposed to a remote stack-based
buffer overflow issue because it fails to bounds check user-supplied
data. This issue occurs in the "CSTransfer.dll" library.
Ref: http://www.securityfocus.com/archive/1/496322
______________________________________________________________________

08.38.6 CVE: CVE-2008-2468
Platform: Third Party Windows Apps
Title: LANDesk Intel QIP Service "qipsrvr.exe" Buffer Overflow
Description: LANDesk Intel QIP Service is exposed to a buffer overflow
issue because the application fails to properly bounds check
user-supplied data before copying it into an insufficiently sized
memory buffer.
Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-06
______________________________________________________________________

08.38.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: ComponentOne VSFlexGrid ActiveX Control "Archive()" Buffer
Overflow
Description: ComponentOne VSFlexGrid is a grid component designed to
display, edit, format, and organize tabular data. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.38.8 CVE: CVE-2008-1093
Platform: Third Party Windows Apps
Title: Acresso FLEXnet Connect "GetRules.asp" Remote Code Execution
Description: Acresso FLEXnet Connect is used to provide software
updates for other products. It is available for Microsoft Windows.
FLEXnet Connect is exposed to a remote code execution issue because it
fails to adequately verify the authenticity of downloaded content.
Ref: http://www.kb.cert.org/vuls/id/837092
______________________________________________________________________

08.38.9 CVE: CVE-2008-2305, CVE-2008-2329, CVE-2008-2330,
CVE-2008-2331, CVE-2008-3613, CVE-2008-2332, CVE-2008-3608,
CVE-2008-3609, CVE-2008-3610, CVE-2008-3611, CVE-2008-3616,
CVE-2008-2312, CVE-2008-3617, CVE-2008-3618, CVE-2008-3619,
CVE-2008-3621, CVE-2008-3622
Platform: Mac Os
Title: Apple Mac OS X 2008-006 Multiple Security Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security
vulnerabilities that have been addressed in Security Update 2008-006.
The security update addresses a total of 17 new vulnerabilities that
affect the Apple Type Services, Directory Services, Finder, ImageIO,
Kernel, Login Windows, SearchKit, System Configuration, System
Preferences, Time Machine, VideoConference, and Wiki Server components
of Mac OS X. The advisory also contains security updates for 17
previously reported issues.
Ref: http://support.apple.com/kb/HT3137
______________________________________________________________________

08.38.10 CVE: CVE-2008-2932
Platform: Linux
Title: Red Hat Fedora Directory Server HTTP Unescaping Functions
Buffer Overflow
Description: Red Hat Directory Server is a centralization server based
on the Lightweight Directory Access Protocol (LDAP). The server is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. The problem occurs in
the HTTP unescaping functions in the "adminutil" library used in the
Directory Server's CGI scripts. The issue was introduced in adminutils
version 1.1.6.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=454662
______________________________________________________________________

08.38.11 CVE: CVE-2008-3274
Platform: Linux
Title: Red Hat Enterprise IPA Master Kerberos Password Information
Disclosure
Description: Red Hat Enterprise IPA is an integrated solution that
manages Identity, Policies and Audits. Red Hat Enterprise IPA is
exposed to an information disclosure issue because the application
allows anonymous users to gain access to the master Kerberos password.
Red Hat Enterprise IPA version 1 for Red Hat Enterprise Linux 5 Server
is affected.
Ref: http://www.securityfocus.com/bid/31111
______________________________________________________________________

08.38.12 CVE: CVE-2008-3792
Platform: Linux
Title: Linux Kernel "SCTP" Module Multiple Vulnerabilities
Description: Linux Kernel "SCTP" module is exposed to multiple issues.
Successful exploitation will allow local attackers to disclose
sensitive information or cause kernel crashes and deny service to
legitimate users. Linux Kernel versions 2.6.26.3 and earlier are
affected.
Ref: http://www.trapkit.de/advisories/TKADV2008-007.txt
______________________________________________________________________

08.38.13 CVE: CVE-2008-3535
Platform: Linux
Title: Linux Kernel "iov_iter_advance()" Page Fault Local Denial of
Service
Description: The Linux kernel is exposed to a local denial of service
issue caused by an error in the "iov_iter_advance()" function in the
file "mm/filemap.c". This issue occurs due to an off-by-one error in
the affected function. Linux kernel versions 2.6 prior to version
2.6.27-rc2 are affected.
Ref: http://lkml.org/lkml/2008/7/30/446
______________________________________________________________________

08.38.14 CVE: CVE-2008-3915
Platform: Linux
Title: Linux kernel NFSv4 ACL Buffer Overflow
Description: The Linux kernel is exposed to a buffer overflow issue
because the application fails to perform adequate boundary checks on
user-supplied data. The issue occurs in the "init_state()" function
when decoding NFSv4 ACL's. Linux kernel versions prior to 2.6.26.4 are
affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
______________________________________________________________________

08.38.15 CVE: CVE-2008-3534
Platform: Linux
Title: Linux Kernel "shmem_delete_inode()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle a specific sequence of file
create, remove, and overwrite operations. The problem occurs in the
"shmem_delete_inode()" function of "mm/shmem.c" in the tmpfs
implementation and is related to the allocation of "useless pages" and
improper maintenance of the "i_blocks" count. Linux kernel versions
prior to 2.6.21.1 are affected.
Ref: http://lkml.org/lkml/2008/7/26/71
______________________________________________________________________

08.38.16 CVE: CVE-2008-1514
Platform: Linux
Title: Linux Kernel s390 ptrace Denial of Service
Description: The Linux kernel is exposed to a denial of service issue
when process traces are performed on 32-bit computers. Local attackers
can leverage the issue to crash the kernel and deny service to
legitimate users. Linux kernel versions prior to 2.6.27-rc6 for the
s390 architecture are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=438147
______________________________________________________________________

08.38.17 CVE: Not Available
Platform: Linux
Title: Linux Kernel "add_to_page_cache_lru()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because of an error in the "splice()" system call. The problem
occurs in the file "fs/splice.c". Specifically when a call to
"add_to_page_cache_lru()" fails, the memory page in question will not
be locked. Linux kernel versions prior to 2.6.22.2 are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
______________________________________________________________________

08.38.18 CVE: Not Available
Platform: Cross Platform
Title: Unreal Engine Failed Memory Allocation Remote Denial of Service
Description: Unreal Engine is a platform to develop 3D games. The
engine is exposed to a remote denial of service issue because of an
error in memory allocation. This issue affects Unreal Engine 3; other
versions may also be affected.
Ref: http://www.securityfocus.com/archive/1/496280
______________________________________________________________________

08.38.19 CVE: Not Available
Platform: Cross Platform
Title: Epic Games Unreal Engine Multiple Format String Vulnerabilities
Description: Unreal Engine is a platform to develop 3D games. Unreal
Engine is exposed to multiple remote format string issues. Two of the
issues occur when format-string characters are provided to the
following commands and parameters: "DLMGR": "CLASS" and "WELCOME":
"LEVEL".
Ref: http://www.securityfocus.com/archive/1/496297
______________________________________________________________________

08.38.20 CVE: CVE-2008-3873
Platform: Cross Platform
Title: Adobe Flash Player Clipboard Security Weakness
Description: Adobe Flash Player is an application for playing Flash
media files. Adobe Flash Player is exposed to a security weakness that
may allow attackers to inject arbitrary content into a user's
clipboard.
Ref: http://blogs.zdnet.com/security/?p=1733
______________________________________________________________________

08.38.21 CVE: CVE-2008-3529
Platform: Cross Platform
Title: libxml XML Entity Name Heap Buffer Overflow
Description: libxml is a library for manipulating XML files. libxml is
exposed to a heap-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Specifically,
the "xmlParseAttValueComplex()" function in
"parser.c" does not perform adequate bounds checks. The vulnerability
occurs when parsing overly long XML entity names.
Ref: http://www.securityfocus.com/bid/31126
______________________________________________________________________

08.38.22 CVE: Not Available
Platform: Cross Platform
Title: IntegraMOD Backup Directory Information Disclosure
Description: IntegraMOD is a distribution of phpBB that incorporates
various third-party modules. The application is exposed to an
information disclosure issue because the application fails to restrict
access to the backup folder. IntegraMOD version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/31149
______________________________________________________________________

08.38.23 CVE: Not Available
Platform: Cross Platform
Title: Avant Browser JavaScript Engine Integer Overflow
Description: Avant Browser is a web browser application available for
Microsoft Windows. Avant Browser is exposed to an integer overflow
issue that occurs in the JavaScript engine. This issue occurs when
handling specially crafted strings. Avant Browser version 11.7 Build 9
is affected.
Ref: http://www.securityfocus.com/archive/1/496301
______________________________________________________________________

08.38.24 CVE: CVE-2008-3950
Platform: Cross Platform
Title: Apple iPhone and iPod touch Safari WebKit "alert()" Function
Remote Denial of Service
Description: Apple iPhone is a mobile phone that runs on the ARM
architecture. Apple iPod touch is a portable music player that also
contains the Safari browser. Apple iPhone and iPod touch are exposed
to a remote denial of service issue that occurs in the WebKit library
used by the Safari web browser. iPhone versions 1.1.4 and 2.0 and iPod
touch versions 1.1.4 and 2.0 are affected.
Ref:
http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service
______________________________________________________________________

08.38.25 CVE: Not Available
Platform: Cross Platform
Title: Kolab Groupware Server Apache Log File User Password
Information Disclosure
Description: Kolab Groupware Server is a Groupware solution for
managing emails, appointments and contacts. Kolab Groupware Server is
exposed to an information disclosure issue because the application
stores user passwords in the Apache log file.
Ref: https://qa.mandriva.com/show_bug.cgi?id=43434
______________________________________________________________________

08.38.26 CVE: Not Available
Platform: Cross Platform
Title: Personal FTP Server "RETR" Command Remote Denial of Service
Description: Personal FTP Server is an FTP server available for
Microsoft Windows. The application is exposed to a remote denial of
service issue occurs when multiple "RETR" commands with overly long
filenames are requested from the server. Personal FTP Server version
6.0f is affected.
Ref: http://www.securityfocus.com/bid/31173
______________________________________________________________________

08.38.27 CVE: Not Available
Platform: Cross Platform
Title: Python "move-faqwiz.sh" Insecure Temporary File Creation
Description: Python is an interpreted dynamic object-oriented
programming language that is available for many operating systems.
Python creates temporary files in an insecure manner. The issue occurs
because the "Tools/faqwiz/move-faqwiz.sh" script creates files in an
insecure manner. Python version 2.3.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899
______________________________________________________________________

08.38.28 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server "FileServing" Feature
Unspecified Vulnerability
Description: IBM WebSphere Application Server is a utility designed to
facilitate the creation of various enterprise web applications. IBM
WebSphere Application Server is exposed to an unspecified issue that
affects the "FileServing" feature in the "Servlet Engine/Web
Container" component. WebSphere Application Server versions prior to
6.1.0.19 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61019
______________________________________________________________________

08.38.29 CVE: Not Available
Platform: Cross Platform
Title: Sun Management Center Remote Denial of Service
Description: Sun Management Center provides management capabilities
for Sun enterprise servers. This application is exposed to a denial of
service issue due to an unspecified error. Sun Management Center
versions 3.6.1 and 4.0 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241686-1
______________________________________________________________________

08.38.30 CVE: Not Available
Platform: Cross Platform
Title: pdnsd "src/dns_query.c" Remote Denial of Service
Description: pdnsd is a DNS proxy server. pdnsd is exposed to a remote
denial of service issue that occurs when the application receives
crafted DNS response packets with multiple "answer" sections.
Specifically, the issue occurs in the "p_exec_query()" function of the
"src/dns_query.c" file. pdnsd versions prior to 1.2.7-par are
affected.
Ref: http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
______________________________________________________________________

08.38.31 CVE: Not Available
Platform: Cross Platform
Title: Unreal Engine "UnChan.cpp" Failed Assertion Remote Denial of
Service
Description: Unreal Engine is a platform to develop 3D games. The
engine is exposed to a remote denial of service issue when the
"Closing" flag in the "UnChan.cpp" source file is set.
Ref: http://aluigi.org/adv/unreaload-adv.txt
______________________________________________________________________

08.38.32 CVE: CVE-2008-3824
Platform: Web Application - Cross Site Scripting
Title: Horde Application Framework Forward Slash Insufficient
Filtering Cross-Site Scripting
Description: Horde Application Framework is an application framework
used with other Horde Project products. Horde Application Framework is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input. Horde Framework prior to
versions 3.1.9 and 3.2.2 are affected.
Ref: http://www.ocert.org/advisories/ocert-2008-012.html
______________________________________________________________________

08.38.33 CVE: CVE-2008-3823
Platform: Web Application - Cross Site Scripting
Title: Horde MIME Attachment Filename Insufficient Filtering
Cross-Site Scripting
Description: Horde Application Framework is an application framework
used with other Horde Project products. The application is exposed to
a cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. Specifically, the filenames of MIME attachments
to webmail messages are not properly sanitized before being displayed
to the user. Horde Framework versions 3.2 through 3.2.1 are affected.
Ref:
http://www.nruns.com/security_advisory_horde_xss_in_filename_mime_attachments.php
______________________________________________________________________

08.38.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NooMS Multiple Cross-Site Scripting Vulnerabilities
Description: NooMS is a PHP-based content management system. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input passed to the
following scripts and parameters: "smileys.php":"page_id" and
"search.php":"q". NooMS version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496236
______________________________________________________________________

08.38.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DeluxeBB "tools.php" Cross-Site Scripting
Description: DeluxeBB is a web-based bulletin board. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to an unspecified parameter of
the "tools.php" script. DeluxeBB version 1.2 is affected.
Ref: http://www.deluxebb.com/community/topic.php?tid=858
______________________________________________________________________

08.38.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pro2col Stingray FTS
Description: Stingray FTS is a hardware-based file transfer system. It
includes web-based tools for users and administrators. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "login.jsp" script.
Ref: http://www.securityfocus.com/archive/1/496302
______________________________________________________________________

08.38.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dynamic MP3 Lister "index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Dynamic MP3 Lister is a PHP-based application that allows
users to share MP3 files. The application is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied input. Dynamic MP3 Lister version 2.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31151
______________________________________________________________________

08.38.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Paranews Multiple Cross-Site Scripting Vulnerabilities
Description: Paranews is a PHP-based news script application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input passed to the
"page" and "id" parameters of the "news.php" script when the "pn_go"
parameter is set to "details". Paranews version 3.4 is affected.
Ref: http://www.securityfocus.com/bid/31152
______________________________________________________________________

08.38.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Horde Turba Contact Manager "/imp/test.php" Cross-Site
Scripting
Description: Turba Contact Manager is a Horde contact manager
application implemented in PHP. The application is exposed to a
cross-site scripting issue because it fails to sanitize user-supplied
input to the "user" parameter of the "/imp/test.php" script. Turba
Contact Manager version H3 2.2.1 is affected.
Ref: http://www.securityfocus.com/bid/31168
______________________________________________________________________

08.38.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Opera Web Browser Unicode Whitespace Cross-Site Scripting
Weakness
Description: Opera Web Browser is exposed to a weakness that can
facilitate cross-site scripting attacks. This issue occurs due to the
processing of Unicode characters flagged with the "white_space"
property. Opera versions prior to 9.52 are affected.
Ref:
http://lookout.net/2008/08/26/advisory-attack-of-the-mongolian-space-evaders-and-other-medieval-xss-vectors/
______________________________________________________________________

08.38.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Sports Clubs Web Panel "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: Sports Clubs Web Panel is a PHP-based content manager for
band web sites. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
Sports Clubs Web Panel version 0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31142
______________________________________________________________________

08.38.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPortfolio "photo.php" SQL Injection
Description: PHPortfolio is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "photo.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31143
______________________________________________________________________

08.38.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vastal I-Tech phpVID "group.php" SQL Injection
Description: phpVID is a web-based, video-sharing application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"group.php" script before using it in an SQL query. phpVID version 1.1
is affected.
Ref: http://www.securityfocus.com/bid/31108
______________________________________________________________________

08.38.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zanfi CMS lite "index.php" SQL Injection
Description: Zanfi CMS lite is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pageid" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31116
______________________________________________________________________

08.38.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Hot Links SQL-PHP "news.php" SQL Injection
Description: Hot Links SQL-PHP is a PHP-based link manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"news.php" script before using it in an SQL query. Hot Links SQL-PHP
versions 3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31118
______________________________________________________________________

08.38.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Php CMS "article.php" SQL Injection
Description: E-Php CMS is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "es_id" parameter of the
"article.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31119
______________________________________________________________________

08.38.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zanfi Autodealers CMS AutOnline "pageid" Parameter SQL
Injection
Description: Autodealers CMS AutOnline is a web-based content manager.
The application is prone to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pageid" parameter of
the "index.php' script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31120
______________________________________________________________________

08.38.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zanfi Autodealers CMS AutOnline "id" Parameter SQL Injection
Description: Autodealers CMS AutOnline is a web-based content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31137
______________________________________________________________________

08.38.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Powie PHP Forum "showprofil.php" SQL Injection
Description: Powie PHP Forum (pForum) is a web forum. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"showprofil.php" script file before using it in an SQL query. Powie
PHP Forum version 1.30 is affected.
Ref: http://www.securityfocus.com/bid/31150
______________________________________________________________________

08.38.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuicO "photo.php" SQL Injection
Description: QuicO is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "photo.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31154
______________________________________________________________________

08.38.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebPortal CMS "download.php" SQL Injection
Description: WebPortal CMS is a web-based content manager. The
application is expsoed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "aid" parameter of the
"download.php" script before using it in an SQL query. WebPortal CMS
version 0.7.4 is affected.
Ref: http://www.securityfocus.com/bid/31156
______________________________________________________________________

08.38.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vbLOGIX Tutorials "main.php" SQL Injection
Description: vbLOGIX Tutorials is a tutorial management tool. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "main.php" script file before using it in an SQL query. vbLOGIX
Tutorials version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31157
______________________________________________________________________

08.38.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iBoutique "index.php" SQL Injection
Description: iBoutique is an e-commerce application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat" parameter of the "index.php"
script when the "mod" parameter is set to "products" before using it
in an SQL query. iBoutique version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/31159
______________________________________________________________________

08.38.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pNews "newskom.php" SQL Injection
Description: pNews is a web application. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "newsid" parameter of the "newskom.php"
script before using it in an SQL query. pNews version 2.03 is
affected.
Ref: http://www.securityfocus.com/bid/31160
______________________________________________________________________

08.38.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: pLink "linkto.php" SQL Injection
Description: pLink is a web application. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "linkto.php" script
before using it in an SQL query. pLink version 2.07 is affected.
Ref: http://www.securityfocus.com/bid/31163
______________________________________________________________________

08.38.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FoT Video scripti "izle.asp" SQL Injection
Description: FoT Video scripti is an ASP-based video script
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"oyun" parameter of the "izle.asp" script before using it in an SQL
query. FoT Video scripti version 1.1 Beta is affected.
Ref: http://www.securityfocus.com/bid/31166
______________________________________________________________________

08.38.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpSmartCom Local File Include and SQL Injection
Vulnerabilities
Description: phpSmartCom is a PHP-based virtual community application.
The application is exposed to a local file include issue and an SQL
injection issue because it fails to properly sanitize user-supplied
input to the "p" parameter of the "index.php" script. phpSmartCom
version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/31167
______________________________________________________________________

08.38.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DownlineGoldmine Multiple Products "tr.php" SQL Injection
Description: Multiple DownlineGoldmine products are exposed to an SQL
injection issue because they fail to sufficiently sanitize
user-supplied data to the "id" parameter of the "tr.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31169
______________________________________________________________________

08.38.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Kasseler CMS "index.php" Multiple SQL Injection Vulnerabilities
Description: Kasseler CMS is a content manager application. Kasseler
CMS is exposed to multiple SQL injection issues because it fails to
properly sanitize user-supplied input before using it in SQL queries.
These issues affect "nid", "vid", "fid", "tid", "uname" and "module"
parameters of the "index.php" script. Kasseler CMS versions 1.1.0 and
1.2.0 Lite are affected.
Ref: http://www.securityfocus.com/bid/31170
______________________________________________________________________

08.38.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phsdev phsBlog "sid" Parameter SQL Injection
Description: phsBlog is a PHP-based blogging application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sid" parameter before
using it in an SQL query. phsBlog version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/31172
______________________________________________________________________

08.38.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ruby on Rails ":offset" and ":limit" Parameters SQL Injection
Vulnerabilities
Description: Ruby on Rails is a content manager application. Ruby on
Rails is exposed to multiple SQL injection issues because it fails to
properly sanitize user-supplied input before using it in SQL queries.
These issues affect the ":offset" and ":limit" parameters. Ruby on
Rails versions prior to 2.1.1 are affected.
Ref:
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
______________________________________________________________________

08.38.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LinksCaffePRO "index.php" SQL Injection
Description: LinksCaffePRO is a classified advertisement application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "idd" parameter of
the "index.php" script before using it in an SQL query. LinksCaffePRO
version 4.5 is affected.
Ref: http://www.securityfocus.com/bid/31187
______________________________________________________________________

08.38.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Link Bid Script "upgrade.php" SQL Injection
Description: Link Bid Script is a PHP-based bid for position directory
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ucat" parameter of the "upgrade.php" script before using it in an SQL
query. Link Bid Script version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/31191
______________________________________________________________________

08.38.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Real Estate Website "search.php" SQL Injection
Description: Pre Real Estate Website is a PHP-based web application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "c" parameter of
the "search.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31192
______________________________________________________________________

08.38.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phsdev phsBlog "upload/index.php" SQL Injection
Description: phsBlog is a PHP-based web-log from phsdev. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sql_cid" parameter of
the "upload/index.php" script before using it in an SQL query. phsBlog
version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/31171
______________________________________________________________________

08.38.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iScripts EasyIndex "detaillist.php" SQL Injection
Description: iScripts EasyIndex is a PHP-based business directory
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"produid" parameter of the "detaillist.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31202
______________________________________________________________________

08.38.67 CVE: CVE-2007-0373
Platform: Web Application
Title: Joomla! Multiple Remote Vulnerabilites and Weaknesses
Description: Joomla! is a PHP-based content manager. Joomla! is
exposed to multiple remote issues and a weakness. Remote attackers can
exploit these issues to send unsolicited spam email, redirect victims
to attacker-controlled web sites and conduct phishing-style attacks.
Joomla! versions prior to 1.5.7 are affected.
Ref: http://www.securityfocus.com/archive/1/496237
______________________________________________________________________

08.38.68 CVE: CVE-2008-3965, CVE-2008-3966, CVE-2008-3967
Platform: Web Application
Title: MyBB Prior to 1.4.1 Multiple Unspecified Vulnerabilities
Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board
application. The application is exposed to multiple unspecified
issues. MyBB versions prior to 1.4.1 are affected.
Ref: http://community.mybboard.net/showthread.php?tid=36022
______________________________________________________________________

08.38.69 CVE: Not Available
Platform: Web Application
Title: Multiple Tor World CGI Scripts Remote Script Execution
Description: Tor World is a company that provides CGI scripts for
implementing search engines, message boards, and other tools. Multiple
Tor World CGI scripts are exposed to a remote script execution issue
because it fails to adequately sanitize user-supplied input.
Ref: http://jvn.jp/en/jp/JVN18616622/index.html
______________________________________________________________________

08.38.70 CVE: Not Available
Platform: Web Application
Title: LedgerSMB Versions Prior to 1.2.15 Multiple Remote
Vulnerabilities
Description: LedgerSMB is an accounting application implemented in
Perl. LedgerSMB is a fork of SQL-Ledger. The application is exposed to
multiple remote issues. LedgerSMB versions prior to 1.2.15 are
affected.
Ref: http://www.securityfocus.com/archive/1/496181
______________________________________________________________________

08.38.71 CVE: Not Available
Platform: Web Application
Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: myPHPNuke is a web-based content manager written in PHP.
The application is exposed to multiple input validation issues. A
cross-site scripting issue affects the "sid" parameter of the
"print.php" script. An SQL injection issue affects the "sid"
parameter of the "print.php" script. myPHPNuke verions prior to
1.8.8_8rc2 are affected.
Ref: http://www.securityfocus.com/bid/31112
______________________________________________________________________

08.38.72 CVE: Not Available
Platform: Web Application
Title: myPHPNuke "print.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: myPHPNuke is a web-based content manager. The application
is exposed to multiple input validation issues. A cross-site scripting
issue affects the "sid" parameter of the "print.php" script. A SQL
injection issue affects the "sid" parameter of the "print.php" script.
myPHPNuke versions prior to 1.8.8_8rc2 are affected.
Ref: http://www.securityfocus.com/bid/31114
______________________________________________________________________

08.38.73 CVE: Not Available
Platform: Web Application
Title: WordPress Random Password Generation Insufficient Entropy
Weakness
Description: WordPress is a web-based publishing application.
WordPress is exposed to a weakness in the generation of new random
passwords. Specifically, when the password for an existing
account is reset, a confirmation code and a new password are generated
in sequence. WordPress version 2.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496287
______________________________________________________________________

08.38.74 CVE: Not Available
Platform: Web Application
Title: Ananta "connectors.php" Arbitrary File Upload
Description: Ananta is a PHP-based content manager. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code on an affected computer with the privileges of
the web server process. The issue occurs because the "fckeditor" module
fails to properly verify file extensions before uploading files onto
the web server. Specifically, the
"admin/editor/filemanager/connectors/php/connectors.php" script is
vulnerable. Ananta version 1.0b6 is affected.
Ref: http://www.securityfocus.com/bid/31122
______________________________________________________________________

08.38.75 CVE: Not Available
Platform: Web Application
Title: PhpWebGallery Local File Include and Cross-Site Scripting
Vulnerabilities
Description: PhpWebGallery is a photo gallery application.
PhpWebGallery is exposed to multiple input validation issues.
PhpWebGallery version 1.3.4 is affected.
Ref: http://www.securityfocus.com/archive/1/496228
______________________________________________________________________

08.38.76 CVE: Not Available
Platform: Web Application
Title: Easy Photo Gallery Multiple SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Easy Photo Gallery is a PHP-based photo gallery
application. The application is exposed to multiple input validation
issues. Easy Photo Gallery version 2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496220
______________________________________________________________________

08.38.77 CVE: Not Available
Platform: Web Application
Title: minb Multiple Arbitrary File Upload Vulnerabilities
Description: minb is a PHP-based content manager. The application is
exposed to multiple issues that allow remote attackers to upload and
execute arbitrary script code on an affected computer with the
privileges of the web server process. The issues occur because the
application fails to sufficiently sanitize file extensions before
uploading files onto the web server. minb version 0.1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/496234
______________________________________________________________________

08.38.78 CVE: Not Available
Platform: Web Application
Title: Sports Clubs Web Panel "index.php" Local File Include
Description: Sports Clubs Web Panel is a PHP-based content manager
used for managing sports clubs. The application is exposed to a local
file include issue because it fails to properly sanitize user-supplied
input to the "p" parameter of the "index.php" script. Sports Clubs Web
Panel version 0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31128
______________________________________________________________________

08.38.79 CVE: Not Available
Platform: Web Application
Title: Grafitti Forums SQL Injection and HTML Injection
Vulnerabilities
Description: Grafitti Forums is a web-based forum application. Since
it fails to adequately sanitize user-supplied input, Brim is exposed
to multiple input validation issues. Grafitti Forums version 1.0
is affected.
Ref: http://www.securityfocus.com/bid/31130
______________________________________________________________________

08.38.80 CVE: Not Available
Platform: Web Application
Title: D-iscussion Board "index.php" Local File Include
Description: D-iscussion Board is a PHP-based forum application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "topic" parameter of
the "index.php" script. D-iscussion Board version 3.01 is affected.
Ref: http://www.securityfocus.com/bid/31135
______________________________________________________________________

08.38.81 CVE: Not Available
Platform: Web Application
Title: DotNetNuke Multiple Security Bypass and Information Disclosure
Vulnerabilities
Description: DotNetNuke is a framework to develop web sites. The
application is exposed to multiple issues. DotNetNuke versions 2.0 up
to and including 4.8.4 are affected.
Ref: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno2
3/tabid/1176/Default.aspx
______________________________________________________________________

08.38.82 CVE: Not Available
Platform: Web Application
Title: Drupal Answers Module "answer" Field HTML Injection
Description: Answers is a PHP-based question and answer component for
Drupal. The application is exposed to an HTML injection issue because
it fails to properly sanitize user-supplied input to the "answer"
field before using it in dynamically generated content. Answers
version 5.x-1.x-dev is affected.
Ref: http://www.securityfocus.com/bid/31146
______________________________________________________________________

08.38.83 CVE: Not Available
Platform: Web Application
Title: YourOwnBux Cookie Authentication Bypass
Description: YourOwnBux is PHP-based software for managing ad links.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication. YourOwnBux version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/31147
______________________________________________________________________

08.38.84 CVE: Not Available
Platform: Web Application
Title: WebCMS Portal Edition Multiple Input Validation Vulnerabilities
Description: WebCMS Portal Edition is a PHP-based content management
system. Since it fails to sufficiently sanitize user-supplied data,
the application is exposed to multiple input validation issues in the
script "index.php". Specifically there is an SQL injection issue
affecting the "id_doc" parameter, and a cross-site scripting
vulnerability affecting the "patron" parameter.
Ref: http://www.securityfocus.com/bid/31153
______________________________________________________________________

08.38.85 CVE: Not Available
Platform: Web Application
Title: SkaLinks "register.php" Account Creation Access Validation
Description: SkaLinks is a PHP-based link manager application. The
application is exposed to an access validation issue that attackers
can leverage to create unauthorized administrative user accounts. This
issue occurs as a result of authentication not being required to
access the "admin/register.php" script. SkaLinks version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/31158
______________________________________________________________________

08.38.86 CVE: Not Available
Platform: Web Application
Title: Easy Photo Gallery "useradmin.php" Access Validation
Description: Easy Photo Gallery is a PHP-based photo gallery
application. The application is exposed to an access validation issue
that attackers can leverage to create user accounts (including
administrative accounts) and delete arbitrary user accounts. This
issue occurs as a result of authentication not being required to
access the "useradmin.php" script. Easy Photo Gallery version 2.1 is
affected.
Ref: http://www.securityfocus.com/bid/31161
______________________________________________________________________

08.38.87 CVE: Not Available
Platform: Web Application
Title: TalkBack "comments.php" Local File Include
Description: TalkBack is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "language" parameter of the
"comments.php" script. TalkBack version 2.3.6 is affected.
Ref: http://www.securityfocus.com/bid/31164
______________________________________________________________________

08.38.88 CVE: Not Available
Platform: Web Application
Title: Free PHP VX Guestbook Cookie Authentication Bypass and
Information Disclosure Vulnerabilities
Description: Free PHP VX Guestbook is a guestbook application. Free
PHP VX Guestbook is exposed to two issues. An authentication bypass
issue exists because the application fails to adequately verify
user-supplied input used for cookie-based authentication. An
information disclosure issue affects the "admin/backupdb.php" script.
Free PHP VX Guestbook version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/31174
______________________________________________________________________

08.38.89 CVE: Not Available
Platform: Web Application
Title: CzarNews "recook" Cookie Authentication Bypass
Description: CzarNews is a news manager. The application is exposed to
an authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. CzarNews
version 1.20 is affected.
Ref: http://www.securityfocus.com/bid/31182
______________________________________________________________________

08.38.90 CVE: Not Available
Platform: Web Application
Title: SPAW Editor "theme.class.php" Unspecified Input Validation
Description: SPAW Editor is a web based editor control. SPAW Editor is
exposed to an unspecified input validation issue in the file
"theme.class.php". Specifically, adequate checks are not performed on
the theme name. SPAW Editor versions prior to 2.0.8.1 are affected.
Ref:
http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/
______________________________________________________________________

08.38.91 CVE: Not Available
Platform: Web Application
Title: phpMyAdmin "server_databases.php" Remote Command Execution
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. phpMyAdmin is exposed to an issue that attackers can
leverage to execute arbitrary commands. This issue occurs because the
application fails to adequately validate user-supplied input to the
"sort_by" parameter of the "server_database.php" script. phpMyAdmin
versions prior to 2.11.9.1 are affected.
Ref: http://fd.the-wildcat.de/pma_e36a091q11.php
______________________________________________________________________

08.38.92 CVE: Not Available
Platform: Web Application
Title: Fantastico De Luxe "fantasticopath" Parameter Local File
Include
Description: Fantastico De Luxe is a module for cPanel. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "fantasticopath"
parameter of the "fantastico/includes/xml.php" script. Fantastico De
Luxe versions prior to 2.10.4 r19 are affected.
Ref: http://www.netenberg.com/forum/index.php?topic=6768.0
______________________________________________________________________

08.38.93 CVE: Not Available
Platform: Web Application
Title: OSADS Alliance Database "includes/functions.php" Unspecified
Description: OSADS Alliance Database is a web-based application. The
application is exposed to an unspecified issue in the file
"includes/functions.php". OSADS Alliance Database versions prior to
2.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=163285&release_id=625654
______________________________________________________________________

08.38.94 CVE: Not Available
Platform: Network Device
Title: Nokia E90 Communicator Remote Denial of Service
Description: Nokia E90 Communicator is a 3G mobile phone device. Nokia
E90 Communicator is exposed to a denial of service issue because the
device fails to handle multiple 802.11 frames. Specifically, the issue
occurs when affected devices receive 10 consecutive "deauthenticate"
frames. Nokia E90 Communicator devices running Symbian OS S60 3rd
Edition are affected.
Ref: http://www.securityfocus.com/bid/31175
______________________________________________________________________

08.38.95 CVE: Not Available
Platform: Network Device
Title: Accellion File Transfer Appliance Error Report Message Open
Email Relay
Description: Accellion File Transfer is a file transfer appliance. The
appliance is exposed to an open email relay issue that occurs in the
"error reporting" page. This issue occurs because the device fails to
validate the URL address before sending an email to an unsuspecting
victim. Accellion File Transfer Appliance versions prior to
FTA_7_0_189 are affected.
Ref:
http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt
______________________________________________________________________

08.38.96 CVE: Not Available
Platform: Network Device
Title: Beetel 220BX Series DSL Modem Provided by Airtel Multiple
Security Vulnerabilities
Description: Beetel 220BX series DSL modems are provided for broadband
connectivity by Airtel in India. The device is exposed to multiple
security issues.
Ref: http://www.securityfocus.com/archive/1/496383
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

For a free subscription, (and for free posters) or to update a current
subscription, visit http://portal.sans.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjS6wwACgkQ+LUG5KFpTkZ/DACcDpeU5jfqbQMmAMJuyRl1kB2X
nhAAn2nXOt3yifTaOIizLhFZ2WzzR8IL
=ct5r
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]