|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 40
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Oct 02 2008 - 18:56:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No big packages with critical vulnerabilities this week, but notice more
than 90 new web application vulnerabilities discovered this week. It's
an epidemic. The colleges have discovered a cool way to teach secure
coding so there's hope that we can turn the tide.
Alan
*****************************************************************************
RISK: The Consensus Security Vulnerability Alert
October 2nd, 2008 Vol. 7. Week 40
*****************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ----------------------- ------------------------------------
Other Microsoft Products 2
Third Party Windows Apps 13 (#1, #3, #4, #5)
Mac Os 2
Linux 1
Cross Platform 15 (#2)
Web Application - Cross Site Scripting 15
Web Application - SQL Injection 29
Web Application 59
Network Device 13
******************* Sponsored By SANS Forensics Summit *******************
Join other professionals at the Forensics & Incident Response Summit
October 13-14. Discuss the latest processes and technologies for
effective incident response and mitigation, forensic analysis, and
recovery as a result of a data breach in any size organization. Hear
what your peers are doing in this space and what the best tools are.
http://www.sans.org/info/33789
*****************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: RealFlex/DATAC RealWin Buffer Overflow
(2) HIGH: Trend Micro OfficeScan Multiple Vulnerabilities
(3) HIGH: Nokia PC Suite Buffer Overflow
(4) HIGH: Autodesk LiveUpdate and Express Viewer ActiveX Controsl Multiple
Vulnerabilities
(5) HIGH: Novell ZENworks Desktop Management ActiveX Control Buffer Overflow
*************************** TRAINING UPDATE *******************************
- - - SANS CDI in Washington (12/10 -12/16) 30 courses; big security tools
expo; lots of evening sessions: http://www.sans.org/ cdi08/
- - - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
- - - Las Vegas (1/24-2/3/2009) http://www.sans.org/securitywest09
and in 100 other cites and on line any time: www.sans.org
*****************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
08.40.1 - Microsoft WordPad ".doc" File Remote Denial of Service
08.40.2 - Microsoft GDI+ "GDIPLUS.dll" ICO File Divide-By-Zero Denial of Service
-- Third Party Windows Apps
08.40.3 - NMS DVD Burning SDK "NMSDVDX.dll" ActiveX Control Arbitrary File Overwrite
08.40.4 - K-Lite Mega Codec Pack "vsfilter.dll" Denial of Service
08.40.5 - CCProxy Server HTTP "CONNECT" Request Buffer Overflow
08.40.6 - DATAC RealWin SCADA Server Remote Stack Buffer Overflow
08.40.7 - Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service
08.40.8 - Win FTP Server "LSTR" Command Remote Denial of Service
08.40.9 - ZoneAlarm HTTP Proxy Remote Denial of Service
08.40.10 - Novell ZENworks Desktop Management ActiveX Control "CanUninstall()" Buffer Overflow
08.40.11 - WinZip "gdiplus.dll" Microsoft Module Unspecified Security
08.40.12 - Autodesk DWF Viewer Control "AdView.dll" Arbitrary File Download
08.40.13 - Autodesk "LiveUpdate16.DLL" ActiveX Control Arbitrary Program Execution
08.40.14 - GdPicture Pro "gdpicture4s.ocx" ActiveX Control Arbitrary File Overwrite
08.40.15 - Flip4Mac WMV Vulnerability
-- Mac Os
08.40.16 - Apple Mac OS X Java Applet HMAC Provider Handling Remote Code Execution
08.40.17 - Apple Mac OS X Java Plug-in "file://" URL Handling Remote Code Execution
-- Linux
08.40.18 - Linux Kernel "truncate()" Local Privilege Escalation
-- Cross Platform
08.40.19 - Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow
08.40.20 - PHP "create_function()" Code Injection Weakness
08.40.21 - Symantec Veritas NetBackup Java Administration GUI Remote Privilege Escalation
08.40.22 - Google Chrome Carriage Return Remote Denial of Service
08.40.23 - Fedora initscripts Arbitrary File Deletion
08.40.24 - ABB PCU400 Unspecified Remote Buffer Overflow
08.40.25 - Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling Buffer Overflow
08.40.26 - Lighttpd Duplicate Request Header Denial of Service
08.40.27 - Wireshark Packet Capture File Denial of Service
08.40.28 - JasPer 1.900.1 Multiple Vulnerabilities
08.40.29 - MPlayer "stream_read" Function Remote Heap-Based Buffer Overflow
08.40.30 - FileAlyzer Version Information Remote Stack-Based Buffer Overflow
08.40.31 - Mozilla Firefox User Interface Dispatcher Null Pointer Dereference Denial of Service
08.40.32 - Hewlett-Packard Insight Diagnostics Unspecified Unauthorized Access
08.40.33 - Xen XenStore Domain Configuration Data Unsafe Storage
-- Web Application - Cross Site Scripting
08.40.34 - Bitweaver Multiple Cross-Site Scripting Vulnerabilities
08.40.35 - Connectra NGX "index.php" Cross-Site Scripting
08.40.36 - TYPO3 freeCap CAPTCHA Unspecified Cross-Site Scripting Vulnerability
08.40.37 - FlatPress Multiple Cross-Site Scripting Vulnerabilities
08.40.38 - OpenNMS Multiple Cross-Site Scripting Vulnerabilities
08.40.39 - Computer Associates Service Desk Web Forms Multiple Cross-Site Scripting Vulnerabilities
08.40.40 - WhoDomLite "wholite.cgi" Cross-Site Scripting
08.40.41 - Lyrics Script "search_results.php" Cross-Site Scripting
08.40.42 - Clickbank Portal "search.php" Cross-Site Scripting
08.40.43 - Siteman "search.php" Cross-Site Scripting
08.40.44 - Membership Script Multiple Cross-Site Scripting Vulnerabilities
08.40.45 - Recipe Script "search.php" Cross-Site Scripting
08.40.46 - XAMPP for Windows "adodb.php" Multiple Cross-Site Scripting Vulnerabilities
08.40.47 - CAcert "analyse.php" Cross-Site Scripting
08.40.48 - Wordpress MU "wp-admin/wp-blogs.php" Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.40.49 - InterTech WCMS "etemplate.php" SQL Injection
08.40.50 - Jetik.net ESA "KayitNo" Parameter Multiple SQL Injection Vulnerabilities
08.40.51 - AJ Auction Pro Platinum Skin #2 "detail.php" SQL Injection
08.40.52 - Jadu CMS for Government "recruit_details.php" SQL Injection
08.40.53 - Drupal Ajax Checklist Module Multiple SQL Injection Vulnerabilities
08.40.54 - Drupal Brilliant Gallery Module Multiple SQL Injection Vulnerabilities
08.40.55 - EasyRealtorPRO "site_search.php" Multiple SQL Injection Vulnerabilities
08.40.56 - RPG.Board "index.php" SQL Injection
08.40.57 - Ultimate Webboard "webboard.php" SQL Injection
08.40.58 - PromoteWeb MySQL "go.php" SQL Injection
08.40.59 - 212cafe Board "view.php" SQL Injection
08.40.60 - Conkurent Real Estate Manager "cat_id" Parameter SQL Injection
08.40.61 - Joovili "id" Parameter Multiple SQL Injection Vulnerabilities
08.40.62 - E-Uploader Pro "id" Parameter Multiple SQL Injection Vulnerabilities
08.40.63 - BitmixSoft PHP-Lance "show.php" SQL Injection
08.40.64 - MyCard "gallery.php" SQL Injection
08.40.65 - ZEEWAYS ZEELYRICS "bannerclick.php" SQL Injection
08.40.66 - ParsaGostar ParsaWeb Multiple SQL Injection Vulnerabilities
08.40.67 - PHPcounter "index.php" SQL Injection
08.40.68 - VBGooglemap Hotspot Edition Multiple SQL Injection Vulnerabilities
08.40.69 - Pilot Group eTraining "news_read.php" SQL Injection
08.40.70 - Pro Chat Rooms Multiple SQL Injection Vulnerabilities
08.40.71 - PHP-Fusion Freshlinks Module "linkid" Parameter SQL Injection
08.40.72 - PG Matchmaking "id" Parameter Multiple SQL Injection Vulnerabilities
08.40.73 - SG Real Estate Portal Local File Include and SQL Injection Vulnerabilities
08.40.74 - Rianxosencabos CMS "id" Parameter SQL Injection
08.40.75 - QuidaScript BookMarks Favourites Script "id" Parameter SQL Injection
08.40.76 - Freeway Multiple SQL Injection Vulnerabilities
08.40.77 - eZoneScripts Adult Banner Exchange Website "click.php" SQL Injection
-- Web Application
08.40.78 - Vikingboard "upload/index.php" Local File Include
08.40.79 - osCMax "test.html" Arbitrary File Upload
08.40.80 - WebPortal CMS "index.php" Remote Code Execution
08.40.81 - web-cp "sendfile.php" Information Disclosure
08.40.82 - emergecolab "index.php" Local File Include
08.40.83 - PHPcounter "defs.php" Local File Include
08.40.84 - Drupal Simplenews "Newsletter Categories" HTML Injection
08.40.85 - MailWatch "docs.php" Local File Include
08.40.86 - Observer "query" Parameter Multiple Remote Command Execution Vulnerabilities
08.40.87 - Barcode Generator "image.php" Local File Include
08.40.88 - ADN Forum Cookie Authentication Bypass
08.40.89 - Drupal Plugin Manager Security Bypass
08.40.90 - Drupal Stock "stock quote" Page Authentication Bypass
08.40.91 - AJ Auction Pro SQL Injection and Cross Site Scripting Vulnerabilities
08.40.92 - phpOCS "index.php" Local File Include
08.40.93 - Lansuite "design" Parameter Local File Include
08.40.94 - Libra File Manager "fileadmin.php" Local File Include
08.40.95 - PHP infoBoard Cookie Authentication Bypass
08.40.96 - PHP infoBoard "idcat" Parameter SQL Injection and HTML Injection Vulnerabilities
08.40.97 - Mass Downloader Malformed Executable Denial of Service
08.40.98 - Vikingboard "register.php" SQL Column Truncation Unauthorized Access
08.40.99 - Atomic Photo Album
08.40.100 - openEngine "cms/system/openengine.php" Remote File Include
08.40.101 - IBM Tivoli Netcool/Webtop Privilege Escalation
08.40.102 - Libra File Manager Security Bypass
08.40.103 - Barcode Generator "LSTable.php" Remote File Include
08.40.104 - Libra File Manager Cookie Authentication Bypass
08.40.105 - openEngine "filepool.php" Remote File Include
08.40.106 - Atomic Photo Album Cookie Authentication Bypass
08.40.107 - Esqlanelapse Cookie Authentication Bypass
08.40.108 - The Gemini Portal Cookie Authentication Bypass
08.40.109 - Crux Gallery "index.php" Cookie Authentication Bypass
08.40.110 - The Gemini Portal "lang" Parameter Multiple Local File Include Vulnerabilities
08.40.111 - Siteman "members.txt" Information Disclosure
08.40.112 - Yoxel "itpm_estimate.php" Multiple PHP Code Injection Vulnerabilities
08.40.113 - PowerPortal 2 "path" Parameter Directory Traversal
08.40.114 - Camera Life Arbitrary File Upload
08.40.115 - PlugSpace "index.php" Local File Include
08.40.116 - Joomla Image Browser Component "index.php" Directory Traversal
08.40.117 - LnBlog "showblog.php" Local File Include
08.40.118 - X7 Chat "mini.php" Local File Include
08.40.119 - Concord Consortium CoAST "header.php" Remote File Include
08.40.120 - BbZL.PhP Cookie Authentication Bypass
08.40.121 - BbZL.PhP "lien_2" Parameter Directory Traversal
08.40.122 - RPG.Board Cookie Authentication Bypass
08.40.123 - PHPJabbers Post Comments Cookie Authentication Bypass
08.40.124 - Events Calendar "header_setup.php" Multiple Remote File Include Vulnerabilities
08.40.125 - Easy PHP Calendar Add New Event HTML Injection
08.40.126 - ArabCMS "rss.php" Local File Include
08.40.127 - Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
08.40.128 - MySQL Command Line Client HTML Special Characters HTML Injection
08.40.129 - eFront Multiple Arbitrary File Upload Vulnerabilities
08.40.130 - MiNBank "minsoft_path" Parameter Multiple Remote File Include Vulnerabilities
08.40.131 - moziloWiki Prior to 1.0.2 Multiple Vulnerabilities
08.40.132 - moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
08.40.133 - SG Real Estate Portal Cookie Authentication Bypass
08.40.134 - Hardkap Pritlog "filename" Parameter File Disclosure
08.40.135 - A4Desk Event Calendar "v" Parameter Remote File Include
08.40.136 - EC-CUBE SQL Injection and Cross-Site Scripting Vulnerabilities
-- Network Device
08.40.137 - Cisco IOS AIC HTTP Transit Packet Remote Denial of Service
08.40.138 - Cisco uBR10012 Router Default SNMP Community
08.40.139 - Cisco IOS Protocol Independent Multicast (PIM) Multiple Denial of Service Vulnerablities
08.40.140 - Cisco IOS Layer 2 Tunneling Protocol Denial of Service
08.40.141 - Cisco IOS NAT Skinny Call Control Protocol Multiple Remote Denial of Service Vulnerabilities
08.40.142 - Cisco IOS MPLS Forwarding Infrastructure Remote Denial of Service
08.40.143 - Cisco IOS SIP Multiple Denial of Service Vulnerabilities
08.40.144 - Cisco IOS Remote IPC Denial of Service
08.40.145 - Cisco IOS IPS SERVICE.DNS Remote Denial of Service
08.40.146 - Cisco IOS SSL Session Termination Remote Denial of Service
08.40.147 - Cisco IOS MPLS VPN Information Disclosure
08.40.148 - Cisco Unified Communications Manager SIP Service Multiple Denial of Service Vulnerabilities
08.40.149 - Nokia PC Suite Remote Buffer Overflow
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort to
ensure that its intrusion prevention products effectively block exploits
using known vulnerabilities. TippingPoint's analysis is complemented by input
from a council of security managers from twelve large organizations who
confidentially share with SANS the specific actions they have taken to
protect their systems. A detailed description of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: RealFlex/DATAC RealWin Buffer Overflow
Affected:
RealFlex RealWin versions 2.0 and prior
Description: RealFlex/DATAC RealWin is a Supervisory Control And Data
Acquisition (SCADA) management application that runs on Microsoft
Windows. SCADA protocols are used in industrial control and monitoring
situations, including manufacturing plants and power generation
facilities. RealWin contains a buffer overflow in its handling of
certain SCADA messages. A specially crafted SCADA message sent to the
software could trigger this buffer overflow, allowing an attacker to
execute arbitrary code with the privileges of the vulnerable process.
This could be leveraged to additionally compromise any SCADA client
devices controlled by the server. Full technical details and a
proof-of-concept are publicly available for this vulnerability.
Status: Vendor has not confirmed, no updates available. Users are
advised to block all SCADA ports at the network perimeter, if possible.
References:
Advisory from Reversemode
http://reversemode.com/index.php?option=com_content&task=view&id=55&Itemid=1
Video Presentation by Ganesh Devarajan of TippingPoint DVLabs on SCADA
Vulnerabilities
http://www.youtube.com/watch?v=jdnC2GtmkuQ
Wikipedia Article on SCADA
http://en.wikipedia.org/wiki/SCADA
Vendor Home Page
http://www.dataconline.com/software/realwin.php
SecurityFocus BID
http://www.securityfocus.com/bid/31418
*********************************************************
(2) HIGH: Trend Micro OfficeScan Multiple Vulnerabilities
Affected:
Trend Micro OfficeScan versions 8.0 Service Pack 1 Patch 1 and prior
Trend Micro Worry-Free Business Security versions 5.0 and prior
Description: Trend Micro Office Scan is a popular malware scanning tool
for businesses. Its web interface contains multiple vulnerabilities in
its handling of a variety of user inputs. A specially crafted request
could trigger one of these vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the vulnerable process.
Some technical details are publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Secunia Advisory
http://secunia.com/Advisories/32097/
Product Home Page
http://uk.trendmicro.com/uk/products/enterprise/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31531
*********************************************************
(3) HIGH: Nokia PC Suite Buffer Overflow
Affected:
Nokia PC Suite versions 7.0 and prior
Description: Nokia PC Suite is a suite of applications designed to
provide connectivity between systems running Microsoft Windows and
various Nokia mobile devices. It contains a buffer overflow in its
handling of user requests. A specially crafted request sent to the
service could trigger this vulnerability. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the vulnerable process. Full technical details and a
proof-of-concept are publicly available for this vulnerability.
Status: Vendor has not confirmed, no updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31475.c
Product Home Page
http://www.nokiausa.com/A4494165
SecurityFocus BID
http://www.securityfocus.com/bid/31475
*********************************************************
(4) HIGH: Autodesk LiveUpdate and Express Viewer ActiveX Controsl Multiple
Vulnerabilities
Affected:
Autodesk Revit Architecture 2009
Autodesk Design Review 2009
Description: Autodesk LiveUpdate is an update component provided with
several Autodesk applications. Autodesk DWF Viewer is a component used
to view Autodesk design files. These components' functionality is
provided in ActiveX controls. These controls fail to properly sanitize
their input, leading to remote command execution and arbitrary file
download vulnerabilities. A specially crafted web page that
instantiated this control could leverage these vulnerabilities to
execute arbitrary commands with the privileges of the current user. Full
technical details and a proof-of-concept are publicly available for this
vulnerability.
Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of these vulnerabilities by disabling the affected
controls via Microsoft's "kill bit" mechanism using CLSIDs
"89EC7921-729B-4116-A819- DF86A4A5776B" and
"A662DA7E-CCB7-4743-B71A-D817F6D575DF". Note that this may affect normal
application functionality.
References:
Advisory by rgod
http://retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.autodesk.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/31490
http://www.securityfocus.com/bid/31487
*********************************************************
(5) HIGH: Novell ZENworks Desktop Management ActiveX Control Buffer Overflow
Affected:
Novell ZENworks Desktop Management versions 6.5 and prior
Description: Novell ZENworks is a popular enterprise systems management
application. Part of its functionality on Microsoft Windows is provided
by an ActiveX control. This control contains a buffer overflow
vulnerability in its "CanUninstall" method. A specially crafted web page
that instantiated this control could trigger this buffer overflow,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Full technical details and a proof-of-concept are
publicly available for this vulnerability.
Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"0F517994-A6FA-4F39-BD4B- EC2DF00AEEF1". Note that this may affect
normal application functionality.
References:
Posting by Satan_Hackers (includes proof-of-concept)
http://www.securityfocus.com/archive/1/496786
Product Home Page
http://www.novell.com/products/zenworks/configurationmanagement/
SecurityFocus BID
http://www.securityfocus.com/bid/31435
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 40, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.40.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft WordPad ".doc" File Remote Denial of Service
Description: WordPad is a simple text editor supplied with most
versions of Microsoft Windows. WordPad is exposed to a remote denial
of service issue when handling a specially crafted .doc file. The
problem occurs when converting Word 97 format files for use in
Wordpad.
Ref: http://www.securityfocus.com/bid/31399
______________________________________________________________________
08.40.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft GDI+ "GDIPLUS.dll" ICO File Divide-By-Zero Denial of
Service
Description: Microsoft GDI+ (graphics device interface) enables
applications to use graphics and formatted text on the video display
and on printers. The GDI+ library "GDIPLUS.dll" is exposed to a denial
of service issue. When processing a malformed ICO file, a
divide-by-zero exception can occur, causing the affected application
to crash.
Ref: http://www.securityfocus.com/bid/31432
______________________________________________________________________
08.40.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: NMS DVD Burning SDK "NMSDVDX.dll" ActiveX Control Arbitrary
File Overwrite
Description: Numedia Soft NMS DVD Burning SDK is exposed to an issue
that lets attackers overwrite files. This issue affects the
"LogMessage()" method of the "NMSDVDX.dll" ActiveX control library
because it fails to sanitize user-supplied input. Numedia Soft NMS DVD
Burning SDK version 1.013C is affected.
Ref: http://www.securityfocus.com/bid/31372
______________________________________________________________________
08.40.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: K-Lite Mega Codec Pack "vsfilter.dll" Denial of Service
Description: K-Lite Mega Codec pack is a collection of codec and
related tools for playing movie files. When the "vsfilter.dll" library
of the pack is installed on the affected computer, Windows Explorer
will crash when processing a malformed ".flv" file.
Ref: http://www.securityfocus.com/bid/31400
______________________________________________________________________
08.40.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: CCProxy Server HTTP "CONNECT" Request Buffer Overflow
Description: CCProxy is a proxy server for Microsoft Windows. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Specifically,
the issue occurs when an overly large string is provided as the
hostname with the "CONNECT" HTTP request. CCProxy version 6.61 is
affected.
Ref: http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html
______________________________________________________________________
08.40.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: DATAC RealWin SCADA Server Remote Stack Buffer Overflow
Description: DATAC RealWin is a SCADA (Supervisory Control And Data
Acquisition) server for Microsoft Windows platforms. RealWin is
exposed to a remote stack-based buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied data. RealWin
SCADA server version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/496759
______________________________________________________________________
08.40.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Windows Mobile Overly Long Bluetooth Device Name
Denial of Service
Description: Microsoft Windows Mobile is an operating system for smart
phones and PDAs. It includes various embedded versions of
applications, including Office and Internet Explorer. Windows Mobile
is exposed to a denial of service issue because it fails to adequately
validate user-supplied input. Windows Mobile version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/31420
______________________________________________________________________
08.40.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Win FTP Server "LSTR" Command Remote Denial of Service
Description: Win FTP Server is an FTP server application for Windows.
The server is exposed to a remote denial of service issue because it
fails to properly handle malformed "LSTR" requests. An authenticated
attacker sending an exceptionally long parameter to the "LSTR" command
may cause the server to become unresponsive, creating a
denial of service condition. Win FTP Server version 2.3.0 is affected.
Ref: http://www.securityfocus.com/bid/31421
______________________________________________________________________
08.40.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: ZoneAlarm HTTP Proxy Remote Denial of Service
Description: ZoneAlarm Internet Security Suite is a security suite for
Microsoft Windows platforms. ZoneAlarm Internet Security Suite is
exposed to a remote denial of service issue that occurs when
interacting with an HTTP proxy server. ZoneAlarm Internet Security
Suite version 8.0.020 is affected.
Ref: http://www.securityfocus.com/archive/1/496764
______________________________________________________________________
08.40.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Novell ZENworks Desktop Management ActiveX Control
"CanUninstall()" Buffer Overflow
Description: Novell Zenworks Desktop Management is a framework for the
management of Desktop workstations in enterprise environments. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. ZENworks
Desktop Management version 6.5 is affected.
Ref: http://www.securityfocus.com/archive/1/496786
______________________________________________________________________
08.40.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinZip "gdiplus.dll" Microsoft Module Unspecified Security
Description: WinZip is exposed to an unspecified issue that stems from
an error in the Microsoft "gdiplus.dll" component included with the
application. WinZip version 11.x (prior to 11.2 SR-1) on Windows 2000
systems is affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-052.mspx
______________________________________________________________________
08.40.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Autodesk DWF Viewer Control "AdView.dll" Arbitrary File
Download
Description: Autodesk DWF Viewer Control is exposed to an issue that
can allow malicious files to be downloaded and saved to arbitrary
locations on an affected computer. "AdView.dll" version 9.0.0.96 is
affected.
Ref: http://www.securityfocus.com/archive/1/496847
______________________________________________________________________
08.40.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Autodesk "LiveUpdate16.DLL" ActiveX Control Arbitrary Program
Execution
Description: Autodesk develops multiple applications related to
computer-aided design. The Autodesk LiveUpdate Module
"LiveUpdate16.DLL" ActiveX control is exposed to an issue that lets
attackers execute arbitrary local programs. "LiveUpdate61.DLL" version
17.2.56 is affected.
Ref: http://www.securityfocus.com/archive/1/496847
______________________________________________________________________
08.40.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: GdPicture Pro "gdpicture4s.ocx" ActiveX Control Arbitrary File
Overwrite
Description: GdPicture Pro SDK is prone to a vulnerability that lets
attackers overwrite files. This issue affects the "SaveAsPDF()" method
of the "gdpicture4s.ocx" ActiveX control library because it fails to
sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31504
______________________________________________________________________
08.40.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: Flip4Mac WMV Vulnerability
Description: Flip4Mac WMV is a collection of components used for
handling Windows Media files within QuickTime applications. The
application is exposed to an unspecified vulnerability within
Filp4Mac's Importer. Flip4Mac WMV versions prior to 2.2.1 are
affected.
Ref: http://www.securityfocus.com/bid/31505
______________________________________________________________________
08.40.16 CVE: CVE-2008-3637
Platform: Mac Os
Title: Apple Mac OS X Java Applet HMAC Provider Handling Remote Code
Execution
Description: Apple Mac OS X is exposed to an issue that lets attackers
run arbitrary code because the application fails to properly handle
Java applets containing malicious values in the Hash-based Message
Authentication Code (HMAC) provider. This issue arises as the
application fails to properly handle errors and uses an uninitialized
variable in the HMAC provider for generating MD5 and SHA-1 hashes. Mac
OS X versions 10.5.5 and earlier, Mac OS X Server versions 10.5.5 and
earlier, Mac OS X 10. versions 4.11 and earlier, and Mac OS X Server
versions 10.4.11 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31379
______________________________________________________________________
08.40.17 CVE: CVE-2008-3638
Platform: Mac Os
Title: Apple Mac OS X Java Plug-in "file://" URL Handling Remote Code
Execution
Description: Apple Mac OS X Java plug-in is exposed to a remote code
execution issue. Specifically, the Java plug-in fails to block Java
applets from launching "file://" URLs. Mac OS X versions 10.5.5 and
earlier, Mac OS X Server versions 10.5.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31380
______________________________________________________________________
08.40.18 CVE: CVE-2008-4210
Platform: Linux
Title: Linux Kernel "truncate()" Local Privilege Escalation
Description: The Linux kernel is exposed to a local privilege
escalation issue. This issue is a result of the "truncate()" and
"ftruncate()" functions not appropriately clearing the "suid" and
"sgid" bits from files modified. The Linux kernel versions prior to
2.6.22-rc1 are affected.
Ref: http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
______________________________________________________________________
08.40.19 CVE: CVE-2008-0016
Platform: Cross Platform
Title: Mozilla Firefox/SeaMonkey UTF-8 Stack-Based Buffer Overflow
Description: Mozilla Firefox is a web browser available for multiple
platforms. SeaMonkey is an all-in-one application suite. Firefox and
SeaMonkey are exposed to a stack-based buffer overflow issue that
affects URI parsing. Firefox versions prior to 2.0.0.17 and prior to
SeaMonkey 1.1.12 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
______________________________________________________________________
08.40.20 CVE: Not Available
Platform: Cross Platform
Title: PHP "create_function()" Code Injection Weakness
Description: PHP is a scripting language commonly used for web
applications. PHP includes the function "create_function()". This
function is used to create anonymous functions from user-supplied
data. PHP is exposed to a code injection weakness as it fails to
sufficiently sanitize input to "create_function()". PHP version 5.2.6
is affected.
Ref: http://www.securityfocus.com/archive/1/496728
______________________________________________________________________
08.40.21 CVE: Not Available
Platform: Cross Platform
Title: Symantec Veritas NetBackup Java Administration GUI Remote
Privilege Escalation
Description: Symantec Veritas NetBackup Server and Symantec Veritas
NetBackup Enterprise Server are network-enabled backup solutions that
are available for various platforms. The applications are exposed to a
remote privilege escalation issue that occurs in the Java
administration GUI (jnbSA).
Ref: http://www.symantec.com/avcenter/security/Content/2008.09.24a.html
______________________________________________________________________
08.40.22 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome Carriage Return Remote Denial of Service
Description: Google Chrome is a web browser. The application is
exposed to a remote denial of service issue because it fails to handle
user-supplied input. Google Chrome versions 0.2.149.29 and 0.2.149.30
are affected.
Ref: http://www.securityfocus.com/archive/1/496688
______________________________________________________________________
08.40.23 CVE: CVE-2008-3524
Platform: Cross Platform
Title: Fedora initscripts Arbitrary File Deletion
Description: The initscripts package consists of scripts that are used
to boot and shutdown a system cleanly. The Fedora initscripts package
is exposed to a file deletion issue. Specifically, the issue occurs
because the "/etc/rc.sysinit" deletes all files present in the
"/var/lock" and "/var/run" directory at the time of booting a system.
initscripts version 8.76.3 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458652
______________________________________________________________________
08.40.24 CVE: CVE-2008-2474
Platform: Cross Platform
Title: ABB PCU400 Unspecified Remote Buffer Overflow
Description: ABB PCU400 is used to control Supervisory Control And
Data Acquisition (SCADA) systems. ABB PCU400 is exposed to a remote
buffer overflow issue. PCU400 versions 4.4, 4.5 and 4.6 are affected.
Ref: http://www.kb.cert.org/vuls/id/343971
______________________________________________________________________
08.40.25 CVE: CVE-2008-4070
Platform: Cross Platform
Title: Mozilla SeaMonkey/Thunderbird Newsgroup Cancel Message Handling
Buffer Overflow
Description: Mozilla SeaMonkey is an Internet application suite.
Thunderbird is an email client. Both applications ship with a
newsgroup client. The applications are exposed to a remote heap-based
buffer overflow issue because they fail to properly bounds check
user-supplied data. Mozilla Thunderbird versions prior to 2.0.0.17 and
Mozilla SeaMonkey versions prior to 1.1.12 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-46.html
______________________________________________________________________
08.40.26 CVE: Not Available
Platform: Cross Platform
Title: Lighttpd Duplicate Request Header Denial of Service
Description: The "lighttpd" program is a freely available webserver
application. The application is exposed to a remote denial of service
issue. Specifically, the issue is caused by a memory leak when
handling multiple duplicate request headers. lighttpd versions prior
to 1.4.20 are affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=238180
______________________________________________________________________
08.40.27 CVE: Not Available
Platform: Cross Platform
Title: Wireshark Packet Capture File Denial of Service
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX-like operating systems. Wireshark is exposed to a denial of
service issue which occurs in the source file "wtap.c". Wireshark
version 1.0.3 is affected.
Ref: http://shinnok.evonet.ro/vulns_html/wireshark.html
______________________________________________________________________
08.40.28 CVE: CVE-2008-3520, CVE-2008-3521, CVE-2008-3522
Platform: Cross Platform
Title: JasPer 1.900.1 Multiple Vulnerabilities
Description: JasPer is an implementation of the image codec specified
in the JPEG-2000 standard. JasPer is exposed to multiple issues.
Successful exploits of the temporary file race condition may allow the
attacker to overwrite or corrupt files within the context of the
affected application. JasPer version 1.900.1 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=222819
______________________________________________________________________
08.40.29 CVE: CVE-2008-3827
Platform: Cross Platform
Title: MPlayer "stream_read" Function Remote Heap-Based Buffer
Overflow
Description: MPlayer is a movie player application that supports
multiple media formats. The application is exposed to a remote
heap-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input before copying it to an
insufficiently sized buffer. MPlayer version 1.0 rc2 is affected.
Ref: http://www.ocert.org/advisories/ocert-2008-013.html
______________________________________________________________________
08.40.30 CVE: Not Available
Platform: Cross Platform
Title: FileAlyzer Version Information Remote Stack-Based Buffer Overflow
Description: FileAlyzer is an application that allows users to analyze
files. The application is exposed to a remote stack-based buffer
overflow issue because the application fails to perform adequate
boundary checks on user-supplied data. FileAlyzer version 1.6.0.3 is
affected.
Ref: http://www.securityfocus.com/bid/31474
______________________________________________________________________
08.40.31 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox User Interface Dispatcher Null Pointer
Dereference Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue.
A malicious HTML web page containing multiple "dispatchEvent()" and
"initUIEvent()" JavaScript function calls may result in a NULL-pointer
dereference when viewed in a vulnerable browser. Firefox version 3.0.3
is affected.
Ref: http://www.securityfocus.com/bid/31476
______________________________________________________________________
08.40.32 CVE: CVE-2008-3542
Platform: Cross Platform
Title: Hewlett-Packard Insight Diagnostics Unspecified Unauthorized
Access
Description: Hewlett-Packard Insight Diagnostics is a tool for
performing hardware diagnostics. Insight Diagnostics is exposed to an
unspecified unauthorized access issue. A remote attacker may exploit
this issue to gain unauthorized access to files. Insight Diagnostics
versions prior to 7.9.1.2402 are affected.
Ref: http://www.securityfocus.com/archive/1/496810
______________________________________________________________________
08.40.33 CVE: Not Available
Platform: Cross Platform
Title: Xen XenStore Domain Configuration Data Unsafe Storage
Description: Xen is an open-source hypervisor or virtual machine
monitor. Xen allows domains to share information by reading and
writing from the XenStore shared database. Xen is exposed to an issue
that results in configuration information being stored in a location
that is writable by guest domains. Xen version 3.3 is affected.
Ref: http://lists.xensource.com/archives/html/xen-devel/2008-09/msg009
92.html
______________________________________________________________________
08.40.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Bitweaver Multiple Cross-Site Scripting Vulnerabilities
Description: Bitweaver is a web application framework and content
management system. The application is expsoed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
Bitweaver version 2.0.2 is affected.
Ref: http://www.securityfocus.com/bid/31395
______________________________________________________________________
08.40.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Connectra NGX "index.php" Cross-Site Scripting
Description: Connectra NGX is a VPN appliance, with a web-based
management interface application. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "dir" parameter of the "index.php" script.
Connectra NGX R62 HFA_01, Hotfix 601, Builds 006 and 014 are affected.
Ref: http://www.securityfocus.com/bid/31369
______________________________________________________________________
08.40.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 freeCap CAPTCHA Unspecified Cross-Site Scripting Vulnerability
Description: freeCap CAPTCHA (sr_freecap) is a CAPTCA plugin for
TYPO3. The application is exposed to an unspecified cross-site
scripting issue because it fails to properly sanitize user-supplied
input. freeCap CAPTCHA versions prior to 1.0.4 are affected.
Ref: http://www.securityfocus.com/bid/31371
______________________________________________________________________
08.40.37 CVE: CVE-2008-4120
Platform: Web Application - Cross Site Scripting
Title: FlatPress Multiple Cross-Site Scripting Vulnerabilities
Description: FlatPress is a PHP-based web log application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. FlatPress versions prior to
0.804.1 are affected.
Ref: http://www.securityfocus.com/archive/1/496740
______________________________________________________________________
08.40.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OpenNMS Multiple Cross-Site Scripting Vulnerabilities
Description: OpenNMS is a Java-based application for managing networks
and systems. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
OpenNMS versions prior to 1.5.94 are affected.
Ref: http://bugzilla.opennms.org/show_bug.cgi?id=2631
______________________________________________________________________
08.40.39 CVE: CVE-2008-4119
Platform: Web Application - Cross Site Scripting
Title: Computer Associates Service Desk Web Forms Multiple Cross-Site
Scripting Vulnerabilities
Description: Computer Associates Service Desk is a web-based application
used to manage service requests, incidents, problems, and changes. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to certain parameters in
multiple web forms.
Ref:
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36694#section3
______________________________________________________________________
08.40.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WhoDomLite "wholite.cgi" Cross-Site Scripting
Description: WhoDomLite is a web-based Whois lookup script implemented
in Perl. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
"dom" parameter of the "wholite.cgi" script. WhoDomLite version 1.1.3
is affected.
Ref: http://www.securityfocus.com/bid/31436
______________________________________________________________________
08.40.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Lyrics Script "search_results.php" Cross-Site Scripting
Description: Lyrics Script is a PHP-based song lyric management
application. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input
passed to the "k" parameter of the "search_results.php" script.
Ref: http://www.securityfocus.com/bid/31437
______________________________________________________________________
08.40.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Clickbank Portal "search.php" Cross-Site Scripting
Description: Clickbank Portal is a PHP-based web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "search.php"
script.
Ref: http://www.securityfocus.com/bid/31438
______________________________________________________________________
08.40.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Siteman "search.php" Cross-Site Scripting
Description: Siteman is a content management system. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "Search" form field
in the "search.php" script. Siteman version 1.1.11 is affected.
Ref: http://www.securityfocus.com/bid/31439
______________________________________________________________________
08.40.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Membership Script Multiple Cross-Site Scripting Vulnerabilities
Description: Membership Script is a PHP-based web application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31441
______________________________________________________________________
08.40.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Recipe Script "search.php" Cross-Site Scripting
Description: Recipe Script is a web-based application. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "keyword" parameter
of the "search.php" script.
Ref: http://www.securityfocus.com/bid/31442
______________________________________________________________________
08.40.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XAMPP for Windows "adodb.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: XAMPP for Windows is a package bundle containing the
Apache webserver, MySQL, PHP, Perl, FTP server, and phpMyAdmin. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. These issues affect
unspecified text boxes in the "adodb.php" script. XAMPP version 1.6.8
for Windows is affected.
Ref: http://www.securityfocus.com/bid/31472
______________________________________________________________________
08.40.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CAcert "analyse.php" Cross-Site Scripting
Description: CAcert is an open-source certificate authority. Their
source code is available for download and is implemented in PHP. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input within certificates
that are parsed by the "analyse.php" script. CAcert source code
released on or before September 21, 2008 is affected.
Ref: http://www.securityfocus.com/bid/31481
______________________________________________________________________
08.40.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Wordpress MU "wp-admin/wp-blogs.php" Multiple Cross-Site
Scripting Vulnerabilities
Description: WordPress MU allows users to generate news pages and
web-logs dynamically; it is implemented in PHP with a MySQL database.
The application is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied input to the
"s" and "ip_address" parameters of the "wp-admin/wp-blogs.php" script.
Wordpress MU versions prior to 2.6 are affected.
Ref: http://www.securityfocus.com/archive/1/496852
______________________________________________________________________
08.40.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: InterTech WCMS "etemplate.php" SQL Injection
Description: InterTech Web Content Management System (WCMS) is a
web-based content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "etemplate.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31350
______________________________________________________________________
08.40.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jetik.net ESA "KayitNo" Parameter Multiple SQL Injection
Vulnerabilities
Description: ESA is a web-based application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input to the following "KayitNo"
parameters:
"diger.php" and "sayfalar.php". ESA version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31352
______________________________________________________________________
08.40.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Auction Pro Platinum Skin #2 "detail.php" SQL Injection
Description: AJ Auction Pro Platinum Skin #2 is a look and feel plugin
for AJ Auction Pro Platinum. The application is exposed to an SQL
injection issue because it fails to properly sanitize user-supplied
input to the "item_id" parameter of the "detail.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31362
______________________________________________________________________
08.40.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jadu CMS for Government "recruit_details.php" SQL Injection
Description: Jadu CMS for Government is a PHP-based content manager.
The application is exposed to an SQL injection issue because it fails
to properly sanitize user-supplied input to the "id" parameter of the
"recruit_details.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31376
______________________________________________________________________
08.40.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Ajax Checklist Module Multiple SQL Injection
Vulnerabilities
Description: Ajax Checklist is a PHP-based component for Drupal. It is
used to add dynamic checklists into nodes. The application is exposed
to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data. Ajax Checklist versions prior to 5.x-1.1
are affected.
Ref: http://www.securityfocus.com/archive/1/496727
______________________________________________________________________
08.40.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Brilliant Gallery Module Multiple SQL Injection
Vulnerabilities
Description: Brilliant Gallery is a PHP-based component for Drupal. It
is used for image management. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data. All versions of Brilliant Gallery are affected.
Ref: http://drupal.org/node/313054
______________________________________________________________________
08.40.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasyRealtorPRO "site_search.php" Multiple SQL Injection
Vulnerabilities
Description: EasyRealtorPRO is a web-based Real-Estate listing
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied input
to the "item", "search_ordermethod", and "search_order" parameters of
"site_search.php". EasyRealtorPRO version 2008 is affected.
Ref: http://www.securityfocus.com/archive/1/496744
______________________________________________________________________
08.40.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RPG.Board "index.php" SQL Injection
Description: RPG.Board is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "showtopic" parameter of
the "index.php" script before using it in an SQL query. RPG.Board
version 0.8 Beta 2 is affected.
Ref: http://www.securityfocus.com/archive/1/496760
______________________________________________________________________
08.40.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ultimate Webboard "webboard.php" SQL Injection
Description: Ultimate Webboard is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Category" parameter
of the "webboard.php" script before using it in an SQL query. Ultimate
Webboard version 3.00 is affected.
Ref: http://www.securityfocus.com/bid/31424
______________________________________________________________________
08.40.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PromoteWeb MySQL "go.php" SQL Injection
Description: PromoteWeb MySQL is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "go.php
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31425
______________________________________________________________________
08.40.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 212cafe Board "view.php" SQL Injection
Description: 212cafe Board is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "qID" parameter of the "view.php"
script before using it in an SQL query. 212cafe Board version 0.07 is
affected.
Ref: http://www.securityfocus.com/bid/31426
______________________________________________________________________
08.40.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Conkurent Real Estate Manager "cat_id" Parameter SQL Injection
Description: Conkurent Real Estate Manager is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat_id" parameter
of the "index.php" script before using it in an SQL query. Real Estate
Manager version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/31443
______________________________________________________________________
08.40.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joovili "id" Parameter Multiple SQL Injection Vulnerabilities
Description: Joovili is a PHP-based application for social networking.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Joovili version 3.0
is affected.
Ref: http://www.securityfocus.com/bid/31444
______________________________________________________________________
08.40.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Uploader Pro "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: E-Uploader Pro is a web-based uploader script. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. E-Uploader Pro
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31445
______________________________________________________________________
08.40.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BitmixSoft PHP-Lance "show.php" SQL Injection
Description: PHP-Lance is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "catid" parameter of the "show.php"
script before using it in an SQL query. PHP-Lance version 1.52 is
affected.
Ref: http://www.securityfocus.com/bid/31446
______________________________________________________________________
08.40.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyCard "gallery.php" SQL Injection
Description: MyCard is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "gallery.php"
script before using it in an SQL query. MyCard version 1.0.2 is
affected.
Ref: http://www.securityfocus.com/bid/31447
______________________________________________________________________
08.40.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZEEWAYS ZEELYRICS "bannerclick.php" SQL Injection
Description: ZEELYRICS is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "adid" parameter of the
"bannerclick.php" script before using it in an SQL query. ZEELYRICS
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31449
______________________________________________________________________
08.40.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ParsaGostar ParsaWeb Multiple SQL Injection Vulnerabilities
Description: ParsaWeb is a web-based content management system. It is
written in ASP.NET. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "default.aspx" script
and the "txtSearch" field in the "Search" section.
Ref: http://www.securityfocus.com/archive/1/496799
______________________________________________________________________
08.40.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPcounter "index.php" SQL Injection
Description: PHPcounter is a web-hit-counter. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "name" parameter of the "index.php"
script before using it in an SQL query. PHPcounter versions 1.3.2 and
earlier versions are affected.
Ref: http://www.securityfocus.com/bid/31451
______________________________________________________________________
08.40.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VBGooglemap Hotspot Edition Multiple SQL Injection
Vulnerabilities
Description: VBGooglemap Hotspot Edition is a modification for
vBulletin which allows integration with Google Maps. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data to the "mapid" parameter of
the "vbgooglemaphse.php" and "mapa.php" scripts. VBGooglemap Hotspot
Edition version 1.0.3 is affected.
Ref: http://www.vbulletin.org/forum/showthread.php?t=114149
______________________________________________________________________
08.40.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pilot Group eTraining "news_read.php" SQL Injection
Description: eTraining is a web-based learning management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"news_read.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31455
______________________________________________________________________
08.40.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pro Chat Rooms Multiple SQL Injection Vulnerabilities
Description: Pro Chat Rooms is a web-based chat room application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "gud"
parameter of the "index.php" and "admin.php" scripts. Pro Chat Rooms
version 3.0.3 is affected.
Ref: http://www.securityfocus.com/bid/31463
______________________________________________________________________
08.40.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion Freshlinks Module "linkid" Parameter SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue affecting the
"freshlinks" module because it fails to sufficiently sanitize
user-supplied data to the "linkid" parameter of the
"infusions/freslinks_panel/index.php" script before using it in an SQL
query.
Ref:
http://beta.phpfusion-mods.com/forum/viewthread.php?forum_id=13&thread_id=563&pid=10554
______________________________________________________________________
08.40.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PG Matchmaking "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: PG Matchmaking is matchmaking and online dating software.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the following scripts: "news_read.php" and
"gifts_show.php".
Ref: http://www.securityfocus.com/bid/31477
______________________________________________________________________
08.40.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SG Real Estate Portal Local File Include and SQL Injection
Vulnerabilities
Description: SG Real Estate Portal is a PHP-based real-estate
application. The application is exposed to multiple input validation
issues. The attacker can exploit the issues to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database. SG Real Estate Portal version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31489
______________________________________________________________________
08.40.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rianxosencabos CMS "id" Parameter SQL Injection
Description: Rianxosencabos CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query. Rianxosencabos CMS
version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/31502
______________________________________________________________________
08.40.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuidaScript BookMarks Favourites Script "id" Parameter SQL
Injection
Description: QuidaScript BookMarks Favourites Script is a PHP-based
application for managing bookmarks. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "view_group.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31506
______________________________________________________________________
08.40.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Freeway Multiple SQL Injection Vulnerabilities
Description: Freeway is an open-source ecommerce application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Freeway versions
prior to 1.4.3.210 are affected.
Ref: http://www.openfreeway.org/download/change-log.html
______________________________________________________________________
08.40.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eZoneScripts Adult Banner Exchange Website "click.php" SQL
Injection
Description: eZoneScripts Adult Banner Exchange Website is a PHP-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"targetid" parameter of the "click.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/31510
______________________________________________________________________
08.40.78 CVE: Not Available
Platform: Web Application
Title: Vikingboard "upload/index.php" Local File Include
Description: Vikingboard is a PHP-based bulletin board application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "task" parameter
of the "upload/index.php" script. Vikingboard version 0.2 Beta is
affected.
Ref: http://www.securityfocus.com/bid/31393
______________________________________________________________________
08.40.79 CVE: Not Available
Platform: Web Application
Title: osCMax "test.html" Arbitrary File Upload
Description: osCMax is a web-based e-commerce application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. The issue occurs because the
"fckeditor" module fails to properly verify file extensions before
uploading files onto the web server. osCMax version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31351
______________________________________________________________________
08.40.80 CVE: Not Available
Platform: Web Application
Title: WebPortal CMS "index.php" Remote Code Execution
Description: WebPortal CMS is a web-based content manager. The
application is exposed to an issue that lets remote attackers execute
arbitrary code. The problem occurs because the application performs an
"eval()" function call on user-supplied input. WebPortal CMS version
0.7.4 is affected.
Ref: http://www.securityfocus.com/bid/31353
______________________________________________________________________
08.40.81 CVE: Not Available
Platform: Web Application
Title: web-cp "sendfile.php" Information Disclosure
Description: web-cp is a web-based control panel application. web-cp
is exposed to an information disclosure issue because it fails to
sufficiently sanitize user-supplied input to the "filelocation"
parameter of the "sendfile.php" script. web-cp version 0.5.7 is
affected.
Ref: http://www.securityfocus.com/bid/31371
______________________________________________________________________
08.40.82 CVE: Not Available
Platform: Web Application
Title: emergecolab "index.php" Local File Include
Description: emergecolab is a PHP-based application for blended
collaborative learning. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "sitecode" parameter of the "connect/index.php" script.
emergecolab version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31372
______________________________________________________________________
08.40.83 CVE: Not Available
Platform: Web Application
Title: PHPcounter "defs.php" Local File Include
Description: PHPcounter is a web-hit-counter. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "l" parameter of the "defs.php"
script. PHPcounter version 1.3.2 is affected.
Ref: http://www.securityfocus.com/bid/31373
______________________________________________________________________
08.40.84 CVE: Not Available
Platform: Web Application
Title: Drupal Simplenews "Newsletter Categories" HTML Injection
Description: The Simplenews module is a module for Drupal that allows
users to send and publish newsletters to users. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the "Newsletter categories" before
using it in dynamically generated content.
Ref: http://drupal.org/node/312944
______________________________________________________________________
08.40.85 CVE: Not Available
Platform: Web Application
Title: MailWatch "docs.php" Local File Include
Description: MailWatch is a web-based front end for MailScanner. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "doc" parameter of the
"docs.php" script. MailWatch version 1.0.4 is affected.
Ref: http://www.securityfocus.com/bid/31378
______________________________________________________________________
08.40.86 CVE: Not Available
Platform: Web Application
Title: Observer "query" Parameter Multiple Remote Command Execution
Vulnerabilities
Description: Observer is a web-based network management application.
Observer is exposed to multiple issues that attackers can leverage to
execute arbitrary commands. These issues occur because the application
fails to adequately validate user-supplied input to the "query"
parameter of the "whois.php" and "netcmd.php" scripts. Observer
versions 0.3.2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31381
______________________________________________________________________
08.40.87 CVE: Not Available
Platform: Web Application
Title: Barcode Generator "image.php" Local File Include
Description: Barcode Generator is a web-based front end for
MailScanner. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"code" parameter of the "image.php" script. Barcode Generator versions
2.0.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31382
______________________________________________________________________
08.40.88 CVE: Not Available
Platform: Web Application
Title: ADN Forum Cookie Authentication Bypass
Description: ADN Forum is a web-based forum application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. ADN Forum versions 1.0b and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/496741
______________________________________________________________________
08.40.89 CVE: Not Available
Platform: Web Application
Title: Drupal Plugin Manager Security Bypass
Description: Plugin Manager is a module for Drupal that provides an
interface to install themes and modules. The module is exposed to an
issue that may allow users to bypass authentication and uninstall or
remove modules installed with Plugin Manager. Plugin Manager versions
prior to 6.x-1.2 are affected.
Ref: http://drupal.org/node/312898
______________________________________________________________________
08.40.90 CVE: Not Available
Platform: Web Application
Title: Drupal Stock "stock quote" Page Authentication Bypass
Description: Stock is a module for Drupal that allows users to query
price quotes and trading volume for various stock markets. The Stock
module for Drupal is exposed to an authentication bypass issue. The
problem stems from a design flaw in the menu permission that permits
normal users to change the heading text at the top of the "stock
quotes" page.
Ref: http://drupal.org/node/312923
______________________________________________________________________
08.40.91 CVE: Not Available
Platform: Web Application
Title: AJ Auction Pro SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: AJ Auction Pro is a web-based application. The
application is exposed to multiple issues because it fails to
adequately sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31390
______________________________________________________________________
08.40.92 CVE: Not Available
Platform: Web Application
Title: phpOCS "index.php" Local File Include
Description: phpOCS is a PHP-based application for managing online
communities. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the "act"
parameter of the "index.php" script. phpOCS version 0.1-beta3 is
affected.
Ref: http://www.securityfocus.com/bid/31392
______________________________________________________________________
08.40.93 CVE: Not Available
Platform: Web Application
Title: Lansuite "design" Parameter Local File Include
Description: Lansuite is a PHP-based LAN party administration
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"design" parameter of the "index.php" script. Lansuite version v3.4
beta r1363 is affected.
Ref: http://www.securityfocus.com/bid/31402
______________________________________________________________________
08.40.94 CVE: Not Available
Platform: Web Application
Title: Libra File Manager "fileadmin.php" Local File Include
Description: Libra File Manager is a PHP-based bulletin board
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"folder" parameter of the "fileadmin.php" script. Libra File Manager
version 1.18 is affected.
Ref: http://www.securityfocus.com/archive/1/496742
______________________________________________________________________
08.40.95 CVE: Not Available
Platform: Web Application
Title: PHP infoBoard Cookie Authentication Bypass
Description: PHP infoBoard is a web-based application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. PHP infoBoard v7.0 is vulnerable; other versions may
also be affected.
Ref: http://www.securityfocus.com/bid/31404
______________________________________________________________________
08.40.96 CVE: Not Available
Platform: Web Application
Title: PHP infoBoard "idcat" Parameter SQL Injection and HTML
Injection Vulnerabilities
Description: PHP infoBoard is a web-based application. PHP infoBoard
is exposed to multiple input validation issues because it fails to
adequately sanitize user-supplied input. PHP infoBoard version 7.0 is
affected.
Ref: http://www.securityfocus.com/bid/31405
______________________________________________________________________
08.40.97 CVE: Not Available
Platform: Web Application
Title: Mass Downloader Malformed Executable Denial of Service
Description: Mass Downloader is a download management application. The
application is exposed to a remote denial of service issue that
affects the "massdown.dll" library when downloading malicious
executable files. Mass Downloader version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/31406
______________________________________________________________________
08.40.98 CVE: Not Available
Platform: Web Application
Title: Vikingboard "register.php" SQL Column Truncation Unauthorized
Access
Description: Vikingboard is a web-based application. Vikingboard is
exposed to an unauthorized access issue that stems from an SQL
column-truncation issue. Vikingboard version 0.2 Beta is affected.
Ref: http://www.securityfocus.com/bid/31408
______________________________________________________________________
08.40.99 CVE: Not Available
Platform: Web Application
Title: Atomic Photo Album
Description: Atomic Photo Album is a web-based application. The
application is exposed to multiple issues because it fails to
adequately sanitize user-supplied input. Atomic Photo Album version
1.1.0pre4 is affected.
Ref: http://www.securityfocus.com/bid/31409
______________________________________________________________________
08.40.100 CVE: Not Available
Platform: Web Application
Title: openEngine "cms/system/openengine.php" Remote File Include
Description: openEngine is a web-based content manager. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "oe_classpath"
parameter of the "cms/system/openengine.php" script. openEngine
versions 2.0 beta4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31413
______________________________________________________________________
08.40.101 CVE: Not Available
Platform: Web Application
Title: IBM Tivoli Netcool/Webtop Privilege Escalation
Description: IBM Tivoli Netcool/Webtop is a web-based application used
to deliver graphical maps, tables, and event lists to a remote
operator. The application is exposed to a privilege escalation issue.
IBM Tivoli Netcool/Webtop versions prior to 2.1.0 Fix Pack 5 are
affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ21888
______________________________________________________________________
08.40.102 CVE: Not Available
Platform: Web Application
Title: Libra File Manager Security Bypass
Description: Libra File Manager is a PHP-based application for
managing files. Libra File Manager is exposed to an issue that may
allow attackers to obtain potentially sensitive information. Libra
File Manager version 1.18 is affected.
Ref: http://www.securityfocus.com/bid/31415
______________________________________________________________________
08.40.103 CVE: Not Available
Platform: Web Application
Title: Barcode Generator "LSTable.php" Remote File Include
Description: Barcode Generator is a PHP-based web application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "class_dir" parameter
of the "class/LSTable.php" script. Barcode Generator version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31419
______________________________________________________________________
08.40.104 CVE: Not Available
Platform: Web Application
Title: Libra File Manager Cookie Authentication Bypass
Description: Libra File Manager is a PHP-based application for
managing files. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Libra File Manager version 1.18 is
affected.
Ref: http://www.securityfocus.com/bid/31422
______________________________________________________________________
08.40.105 CVE: Not Available
Platform: Web Application
Title: openEngine "filepool.php" Remote File Include
Description: openEngine is a web-based content manager. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "oe_classpath"
parameter of the "cms/classes/openengine/filepool.php" script.
openEngine version 2.0 beta2 is affected.
Ref: http://www.securityfocus.com/bid/31423
______________________________________________________________________
08.40.106 CVE: Not Available
Platform: Web Application
Title: Atomic Photo Album Cookie Authentication Bypass
Description: Atomic Photo Album is a web-based application implemented
in PHP. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie-based authentication. Atomic Photo Album version 1.1.0pre4 is
affected.
Ref: http://www.securityfocus.com/bid/31427
______________________________________________________________________
08.40.107 CVE: Not Available
Platform: Web Application
Title: Esqlanelapse Cookie Authentication Bypass
Description: Esqlanelapse is a PHP-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Esqlanelapse version 2.6.2 is affected.
Ref: http://www.securityfocus.com/bid/31428
______________________________________________________________________
08.40.108 CVE: Not Available
Platform: Web Application
Title: The Gemini Portal Cookie Authentication Bypass
Description: The Gemini Portal is a PHP-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. The Gemini Portal version 4.7 is affected.
Ref: http://www.securityfocus.com/archive/1/496761
______________________________________________________________________
08.40.109 CVE: Not Available
Platform: Web Application
Title: Crux Gallery "index.php" Cookie Authentication Bypass
Description: Crux Gallery is a PHP-based photo gallery. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Crux Gallery version 1.32 is affected.
Ref: http://www.securityfocus.com/archive/1/496763
______________________________________________________________________
08.40.110 CVE: Not Available
Platform: Web Application
Title: The Gemini Portal "lang" Parameter Multiple Local File Include
Vulnerabilities
Description: The Gemini Portal is a PHP-based content manager. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "lang"
parameter of the following scripts: "page/forums/bottom.php" and
"page/forums/category.php". The Gemini Portal version 4.7 is affected.
Ref: http://www.securityfocus.com/bid/31433
______________________________________________________________________
08.40.111 CVE: Not Available
Platform: Web Application
Title: Siteman "members.txt" Information Disclosure
Description: Siteman is a PHP-based content manager. Siteman is
exposed to an information disclosure issue because it fails to
restrict access to sensitive information. Specifically, the file
"data/members.txt" is by default available for viewing by remote
attackers. Siteman version 1.1.11 is affected.
Ref: http://www.securityfocus.com/bid/31440
______________________________________________________________________
08.40.112 CVE: Not Available
Platform: Web Application
Title: Yoxel "itpm_estimate.php" Multiple PHP Code Injection
Vulnerabilities
Description: Yoxel is a web-based application used to provide product
management tools. The application is exposed to issues that let
attackers inject arbitrary PHP code. The problem occurs because the
application fails to validate user-supplied input to the "proj_id"
parameter at multiple places in the "itpm_estimate.php" script. Yoxel
versions 1.23beta and earlier are affected.
Ref: http://www.securityfocus.com/bid/31448
______________________________________________________________________
08.40.113 CVE: Not Available
Platform: Web Application
Title: PowerPortal 2 "path" Parameter Directory Traversal
Description: PowerPortal 2 is a web-based application. Pivot is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "path" parameter.
PowerPortal version 2.0.13 is affected.
Ref: http://www.securityfocus.com/bid/31454
______________________________________________________________________
08.40.114 CVE: Not Available
Platform: Web Application
Title: Camera Life Arbitrary File Upload
Description: Camera Life is a web-based photo management application.
The application is exposed to an issue that lets remote attackers
upload and execute arbitrary script code on an affected computer with
the privileges of the web server process. The issue occurs because the
application fails to sanitize user-supplied input in the image upload
section of the application. Camera Life version 2.6.2b4 is affected.
Ref: http://www.securityfocus.com/bid/31456
______________________________________________________________________
08.40.115 CVE: Not Available
Platform: Web Application
Title: PlugSpace "index.php" Local File Include
Description: PlugSpace is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "navi" parameter of the
"index.php" script. PlugSpace version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/31457
______________________________________________________________________
08.40.116 CVE: Not Available
Platform: Web Application
Title: Joomla Image Browser Component "index.php" Directory Traversal
Description: Image Browser is a gallery component for the Joomla
content management system. Image Browser is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the "folder" parameter of the
"index.php" script when the option parameter is set to
"com_imagebrowser". Image Browser version 0.1.5 is affected.
Ref:
http://extensions.joomla.org/component/option,com_mtree/task,viewlink/link_id,3506/Itemid,35/
______________________________________________________________________
08.40.117 CVE: Not Available
Platform: Web Application
Title: LnBlog "showblog.php" Local File Include
Description: LnBlog is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "plugin" parameter of the
"pages/showblog.php" script. LnBlog versions 0.9.0 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31459
______________________________________________________________________
08.40.118 CVE: Not Available
Platform: Web Application
Title: X7 Chat "mini.php" Local File Include
Description: X7 Chat is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "help_file" parameter of the
"help/mini.php" script. X7 Chat versions 2.0.1A1 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31460
______________________________________________________________________
08.40.119 CVE: Not Available
Platform: Web Application
Title: Concord Consortium CoAST "header.php" Remote File Include
Description: CoAST is a web-based application. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "sections_file"
parameter of the "coast/header.php" script. CoAST version 0.95 is
affected.
Ref: http://www.securityfocus.com/bid/31461
______________________________________________________________________
08.40.120 CVE: Not Available
Platform: Web Application
Title: BbZL.PhP Cookie Authentication Bypass
Description: BbZL.PhP is a web-based application implemented in PHP.
It is used to deploy web portals. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. BbZL.PhP
version 0.92 is affected.
Ref: http://www.securityfocus.com/bid/31462
______________________________________________________________________
08.40.121 CVE: Not Available
Platform: Web Application
Title: BbZL.PhP "lien_2" Parameter Directory Traversal
Description: BbZL.PhP is a web-based application implemented in PHP.
It is used to deploy web portals. The application is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input to the "lien_2" parameter. BbZL.PhP version 0.92
is affected.
Ref: http://www.securityfocus.com/bid/31464
______________________________________________________________________
08.40.122 CVE: Not Available
Platform: Web Application
Title: RPG.Board Cookie Authentication Bypass
Description: RPG.Board is a web-based application. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. RPG.Board version 0.0.8 Beta2 is affected.
Ref: http://www.securityfocus.com/bid/31466
______________________________________________________________________
08.40.123 CVE: Not Available
Platform: Web Application
Title: PHPJabbers Post Comments Cookie Authentication Bypass
Description: PHPJabbers Post Comments is a PHP-based application that
allows users to post comments onto a web site. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. PHPJabbers Post Comments version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/31467
______________________________________________________________________
08.40.124 CVE: Not Available
Platform: Web Application
Title: Events Calendar "header_setup.php" Multiple Remote File Include
Vulnerabilities
Description: Events Calendar is PHP-based application that allows
users to inform customers about events. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "component" and "path[docroot]"
parameters of the "header_setup.php" script. Events Calendar version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/31471
______________________________________________________________________
08.40.125 CVE: Not Available
Platform: Web Application
Title: Easy PHP Calendar Add New Event HTML Injection
Description: Easy PHP Calendar is a PHP-based calendar application.
The application is exposed to an HTML injection issue because it fails
to properly sanitize user-supplied input before using it in
dynamically generated content. This issue affects the "details:"
field of the "Add New Event" page. Easy PHP Calendar version 6.3.25 is
affected.
Ref: http://www.securityfocus.com/archive/1/496796
______________________________________________________________________
08.40.126 CVE: Not Available
Platform: Web Application
Title: ArabCMS "rss.php" Local File Include
Description: ArabCMS is a web-based content manager. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "rss" parameter of the "rss.php"
script. ArabCMS version 2.0 beta 1 is affected.
Ref: http://www.securityfocus.com/bid/31480
______________________________________________________________________
08.40.127 CVE: CVE-2008-2831
Platform: Web Application
Title: Marshal MailMarshal SMTP Spam Quarantine Management Multiple
HTML Injection Vulnerabilities
Description: Marshal MailMarshal SMTP is a security application for
handling email content; it is designed for use on Microsoft Windows.
The Spam Quarantine Management (SQM) component of the application is
exposed to multiple HTML injection issues because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. MailMarshal SMTP versions 6.0 up to and including 6.3 are
affected.
Ref: http://www.dcsl.ul.ie/marshal.htm
______________________________________________________________________
08.40.128 CVE: Not Available
Platform: Web Application
Title: MySQL Command Line Client HTML Special Characters HTML
Injection
Description: MySQL is an open-source SQL database application
available for multiple operating platforms. The application is exposed
to an HTML injection issue because the command-line client fails to
properly sanitize user-supplied input before using it in dynamically
generated content.
Ref:
http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability/
______________________________________________________________________
08.40.129 CVE: Not Available
Platform: Web Application
Title: eFront Multiple Arbitrary File Upload Vulnerabilities
Description: eFront is a PHP-based eLearning and Human Capital
Development application. The application is exposed to multiple issues
that allow remote attackers to upload and execute arbitrary script
code on an affected computer with the privileges of the web server
process. The issues occur because the application fails to
sufficiently sanitize file extensions before uploading files onto the
web server. eFront version 3.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496851
______________________________________________________________________
08.40.130 CVE: Not Available
Platform: Web Application
Title: MiNBank "minsoft_path" Parameter Multiple Remote File Include
Vulnerabilities
Description: MiNBank (Micronation Banking System) is a role-playing
game that simulates economics. The application is exposed to multiple
remote file include issues because it fails to sufficiently sanitize
user-supplied input to the "minsoft_path" parameter of the
"utility/utgn_message.php" and "utility/utdb_access.php" scripts.
MiNBank version 1.5.0 is affected.
Ref: http://www.securityfocus.com/bid/31492
______________________________________________________________________
08.40.131 CVE: Not Available
Platform: Web Application
Title: moziloWiki Prior to 1.0.2 Multiple Vulnerabilities
Description: moziloWiki is a PHP-based wiki application. The
application is exposed to multiple issues. An attacker may leverage
these issues to view arbitrary local files within the context of the
web server, to execute arbitrary script code in the browser of an
unsuspecting user, or to hijack a valid user's session. moziloWiki
versions prior to 1.0.2 are affected.
Ref: http://www.securityfocus.com/archive/1/496841
______________________________________________________________________
08.40.132 CVE: Not Available
Platform: Web Application
Title: moziloCMS Prior to 1.10.3 Multiple Vulnerabilities
Description: moziloCMS is a PHP-based content manager. The application
is exposed to multiple issues. An attacker may leverage these issues
to view arbitrary local files within the context of the web server, to
execute arbitrary script code in the browser of an unsuspecting user,
or to hijack a valid user's session. moziloCMS versions prior to
1.10.3 are affected.
Ref: http://www.majorsecurity.de/index_2.php?major_rls=major_rls55
______________________________________________________________________
08.40.133 CVE: Not Available
Platform: Web Application
Title: SG Real Estate Portal Cookie Authentication Bypass
Description: SG Real Estate Portal is a PHP-based real estate
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. SG Real Estate Portal version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31500
______________________________________________________________________
08.40.134 CVE: Not Available
Platform: Web Application
Title: Hardkap Pritlog "filename" Parameter File Disclosure
Description: Pritlog is a content manager. The application is exposed
to a file disclosure issue because it fails to properly sanitize
user-supplied input to the "filename" parameter of the "index.php"
script when the "viewEntry()" function is used. Pritlog versions up to
and including 0.4 are affected.
Ref: http://www.securityfocus.com/archive/1/496880
______________________________________________________________________
08.40.135 CVE: Not Available
Platform: Web Application
Title: A4Desk Event Calendar "v" Parameter Remote File Include
Description: A4Desk Event Calendar is a web-based calender. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "v" parameter of
the "index.php" script.
Ref: http://www.securityfocus.com/bid/31507
______________________________________________________________________
08.40.136 CVE: Not Available
Platform: Web Application
Title: EC-CUBE SQL Injection and Cross-Site Scripting Vulnerabilities
Description: EC-CUBE is an open-source system for creating shopping
web sites. The application is exposed to multiple unspecified
input-validation issues. An attacker may leverage the cross-site
scripting issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site.
Ref: http://jvn.jp/en/jp/JVN36085487/index.html
______________________________________________________________________
08.40.137 CVE: CVE-2008-3812
Platform: Network Device
Title: Cisco IOS AIC HTTP Transit Packet Remote Denial of Service
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
when configured for IOS firewall AIC (Application Inspection Control)
with an HTTP application-specific policy is exposed to a denial of
service issue that occurs when handling malformed HTTP transit
packets.
Ref: http://www.securityfocus.com/archive/1/496703
______________________________________________________________________
08.40.138 CVE: Not Available
Platform: Network Device
Title: Cisco uBR10012 Router Default SNMP Community
Description: Cisco uBR10012 routers are high-performance network
devices. The routers are exposed to a weak default configuration
issue. Specifically, a default Simple Network Management Protocol
(SNMP) community "private" with read and write access to the device is
created when the router is configured for linecard redundancy. Cisco
uBR10012 routers are affected.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
______________________________________________________________________
08.40.139 CVE: CVE-2008-3808, CVE-2008-3809
Platform: Network Device
Title: Cisco IOS Protocol Independent Multicast (PIM) Multiple Denial
of Service Vulnerabilities
Description: Cisco IOS is exposed to multiple remote denial of service
issues because the software fails to properly handle malformed
Protocol Independent Multicast (PIM) datagrams.
Ref:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
______________________________________________________________________
08.40.140 CVE: CVE-2008-3813
Platform: Network Device
Title: Cisco IOS Layer 2 Tunneling Protocol Denial of Service
Description: Cisco IOS is exposed to a remote denial of service issue
in the Layer 2 Tunneling Protocol (L2TP). When processing a specially
crafted L2TP packet, an affected device will reload, effectively
denying service to legitimate users.
Ref: http://www.securityfocus.com/archive/1/496698
______________________________________________________________________
08.40.141 CVE: CVE-2008-3810, CVE-2008-3811
Platform: Network Device
Title: Cisco IOS NAT Skinny Call Control Protocol Multiple Remote
Denial of Service Vulnerabilities
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
is exposed to multiple denial of service issues that occur in the
SCCP. Specifically, these issues occur when handling a series of
fragmented SCCP messages.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
______________________________________________________________________
08.40.142 CVE: CVE-2008-3804
Platform: Network Device
Title: Cisco IOS MPLS Forwarding Infrastructure Remote Denial of
Service
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI)
is exposed to a denial of service issue that occurs when handling
malicious packets in the software path, including transit packets.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml
______________________________________________________________________
08.40.143 CVE: CVE-2008-3799, CVE-2008-3800, CVE-2008-3801,
CVE-2008-3802
Platform: Network Device
Title: Cisco IOS SIP Multiple Denial of Service Vulnerabilities
Description: Session Initiation Protocol (SIP) is a signaling protocol
used to manage voice and video calls across IP networks. Devices
running Cisco IOS with SIP enabled are exposed to multiple issues that
attackers can exploit to cause denial of service conditions. The
problems occur when processing a valid SIP message.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml
______________________________________________________________________
08.40.144 CVE: CVE-2008-3805
Platform: Network Device
Title: Cisco IOS Remote IPC Denial of Service
Description: Multiple Cisco products running Cisco IOS (Internetwork
Operating System) are exposed to a denial of service issue when
handling maliciously crafted UDP-based IPC traffic. The affected
devices have an interprocess communication (IPC) service listening on
IP addresses in the 127.0.0.0/8 range on UDP port 1975.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml
______________________________________________________________________
08.40.145 CVE: CVE-2008-2739
Platform: Network Device
Title: Cisco IOS IPS SERVICE.DNS Remote Denial of Service
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
IPS is exposed to a denial of service issue when processing certain
IPS signatures in the "SERVICE.DNS" signature engine.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01556.shtml
______________________________________________________________________
08.40.146 CVE: CVE-2008-3798
Platform: Network Device
Title: Cisco IOS SSL Session Termination Remote Denial of Service
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
is exposed to a denial of service issue when handling SSL connections.
Specifically, this issue is triggered when affected devices try to
terminate SSL sessions.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
______________________________________________________________________
08.40.147 CVE: CVE-2008-3803
Platform: Network Device
Title: Cisco IOS MPLS VPN Information Disclosure
Description: Cisco IOS (Internetwork Operating System) is an operating
system commonly used on Cisco routers and network switches. Cisco IOS
is exposed to an information disclosure issue. This issue occurs with
Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs)
or VPN Routing and Forwarding Lite (VRF Lite).
Ref: http://www.securityfocus.com/archive/1/496712
______________________________________________________________________
08.40.148 CVE: CVE-2008-3800, CVE-2008-3801
Platform: Network Device
Title: Cisco Unified Communications Manager SIP Service Multiple
Denial of Service Vulnerabilities
Description: Cisco Unified Communications Manager (CUCM) is a
software-based call processing component of the Cisco IP telephony
solution. The application was formerly named Unified CallManager. CUCM
is exposed to multiple denial of service issues that affect the
Session Initiation Protocol (SIP) service.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080924-cucm.shtml
______________________________________________________________________
08.40.149 CVE: Not Available
Platform: Network Device
Title: Nokia PC Suite Remote Buffer Overflow
Description: Nokia PC Suite is an application for connecting a Nokia
device to a PC. Nokia PC Suite is exposed to a remote stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data.
Ref: http://www.securityfocus.com/bid/31475
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAkjlVIAACgkQ+LUG5KFpTkY68wCglMdpJd4TxlKTcgDJUObFuFxY
X6EAn0+NVOM1X/N2VbIJ/xGwaGsSYPEJ
=Ovn0
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]