NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> 2008

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 43

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Oct 23 2008 - 15:27:15 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The "big one" this week just happened a few hours ago when Microsoft
announced an extra patch was coming out early to fix an RPC problem that
is in XP and Vista (and other MS operating systems), meaning in tens of
millions of systems. Kudos to Microsoft for acting quickly. The
defenders need to act just as quickly.

In addition, many commercial email systems are at risk because they use
libspf2 versions prior to 1.2.8. And the third critical vulnerability
affects multiple security products from F-Secure.
Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
October 23, 2008 Vol. 7. Week 43
*************************************************************************

RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Microsoft Windows 1 (#1)
Other Microsoft Products 1
Third Party Windows Apps 4 (#4, #5)
Linux 2
Unix 1
Cross Platform 19 (#2, #3)
Web Application - Cross Site Scripting 7
Web Application - SQL Injection 31
Web Application 18

*********************** Sponsored By Sourcefire, Inc. *******************

Best of Open Source Security (BOSS) Conference
February 8-10, 2009 Flamingo Las Vegas

Be sure to register the first IT security conference dedicated to
promoting open source security (OSS) technologies and the commercial
products that embrace them.

This long overdue conference will bring together passionate OSS
advocates and vendors under the same roof to share ideas and
experiences.

For more information, visit http://www.sans.org/info/34513

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/ cdi08/
- - Monterey (10/31-11/6) http://www.sans.org/info/30738
- - Sydney Australia (10/27-11/1) http://www.sans.org/sydney08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
******************************************************************

Table Of Contents

Part I -- Critical Vulnerabilities from TippingPoint

(www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer Overflow
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
(5) HIGH: Hummingbird Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Other Microsoft Products
08.43.1 - Microsoft Outlook Web Access for Exchange Server "redir.asp" URI Redirection
-- Third Party Windows Apps
08.43.2 - Hummingbird HostExplorer ActiveX Control "PlainTextPassword()" Buffer Overflow
08.43.3 - Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX Control Multiple Security Vulnerabilities
08.43.4 - Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll" Buffer Overflow
08.43.5 - Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation
-- Linux
08.43.6 - Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory Corruption
08.43.7 - Linux Kernel SCTP Protocol Violation Remote Denial of Service
-- Unix
08.43.8 - Symantec Veritas File System "qioadmin" Local Information Disclosure
-- Cross Platform
08.43.9 - Adobe Flash CS3 Professional SWF File Remote Code Execution
08.43.10 - jhead versions Prior to 2.84 Multiple Vulnerabilities
08.43.11 - Hewlett-Packard Systems Insight Manager Unspecified Unauthorized Access
08.43.12 - Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of Service
08.43.13 - Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
08.43.14 - Apache HTTP Server OS Fingerprinting Unspecified Security
08.43.15 - Hitachi JP1/File Transmission Server/FTP File Modification Unauthorized Access
08.43.16 - Hitachi JP1/File Transmission Server/FTP Unspecified Denial of Service
08.43.17 - VLC Media Player TY File Stack Based Buffer Overflow
08.43.18 - "nfs-utils" Package "hosts_ctl()" Security Bypass
08.43.19 - MUSCLE "Message::AddToString()" Buffer Overflow
08.43.20 - FireGPG Insecure Temporary File Creation
08.43.21 - Symantec Veritas File System "qiomkfile" Local Information Disclosure
08.43.22 - Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic Emanation Capture
08.43.23 - RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution
08.43.24 - Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
08.43.25 - IBM WebSphere Application Server Denial of Service And Security Bypass Vulnerabilities
08.43.26 - F-Secure Multiple Products RPM File Integer Overflow
08.43.27 - Symantec Altiris Deployment Solution Clear Text Password Local Information Disclosure
-- Web Application - Cross Site Scripting
08.43.28 - Elxis CMS "index.php" Multiple Cross-Site Scripting and Session Fixation Vulnerabilities
08.43.29 - Habari "habari_username" Parameter Cross-Site Scripting
08.43.30 - WebGUI Security Bypass and Multiple Cross-Site Scripting Vulnerabilities
08.43.31 - cpCommerce Multiple Cross-Site Scripting Vulnerabilities
08.43.32 - Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting
08.43.33 - MyNETS Unspecified Cross-Site Scripting
08.43.34 - Wysi Wiki Wyg "index.php" Cross-Site Scripting
-- Web Application - SQL Injection
08.43.35 - AstroSPACES "profile.php" SQL Injection
08.43.36 - PhpWebGallery "comments.php" SQL Injection and Code Execution Vulnerabilities
08.43.37 - MyPHPDating "success_story.php" SQL Injection
08.43.38 - myStats Security Bypass and SQL Injection Vulnerabilities
08.43.39 - myEvent "viewevent.php" SQL Injection
08.43.40 - SweetCMS "index.php" SQL Injection
08.43.41 - WEB//NEWS Multiple SQL Injection Vulnerabilities
08.43.42 - Drupal Node Vote Module Cast Vote SQL Injection
08.43.43 - IP Reg "locationdel.php" SQL Injection
08.43.44 - Mosaic Commerce "category.php" SQL Injection
08.43.45 - CafeEngine "id" Parameter Multiple SQL Injection Vulnerabilities
08.43.46 - CafeEngine Easy Cafe Engine "itemid" Parameter SQL Injection
08.43.47 - ShiftThis Newsletter WordPress Plugin "stnl_iframe.php" SQL Injection
08.43.48 - Zeeproperty "bannerclick.php" SQL Injection
08.43.49 - XOOPS GesGaleri Module "index.php" SQL Injection
08.43.50 - Meeting Room Booking System "month.php" SQL Injection
08.43.51 - myWebland miniBloggie "del.php" SQL Injection
08.43.52 - Nice Talk Joomla! Component "tagid" Parameter SQL Injection
08.43.53 - DS-Syndicate Joomla! Component "feed_id" Parameter SQL Injection
08.43.54 - Woltlab Burning Board rGallery Plugin "itemID" Parameter SQL Injection
08.43.55 - e107 CMS
08.43.56 - Jetbox CMS Multiple SQL Injection Vulnerabilities
08.43.57 - PHP-Nuke Sarkilar Module "id" Parameter SQL Injection
08.43.58 - Makale XOOPS Module "makale.php" SQL Injection
08.43.59 - Limbo CMS "open.php" SQL Injection
08.43.60 - TYPO3 JobControl Extension Unspecified SQL Injection
08.43.61 - TYPO3 Econda Plugin Extension Unspecified SQL Injection
08.43.62 - TYPO3 Frontend Users View Extension Unspecified SQL Injection
08.43.63 - TYPO3 Mannschaftsliste Extension Unspecified SQL Injection
08.43.64 - TYPO3 M1 Intern Extension Unspecified SQL Injection
08.43.65 - TYPO3 Simple survey Extension Unspecified SQL Injection
-- Web Application
08.43.66 - myPHPNuke "displayCategory.php" Multiple Remote File Include Vulnerabilities
08.43.67 - Drupal Node Clone Module Information Disclosure
08.43.68 - Kure Multiple Local File Include Vulnerabilities
08.43.69 - Mic_blog SQL Injection and Unauthorized Access Vulnerabilities
08.43.70 - Mantis "manage_proj_page.php" PHP Code Injection
08.43.71 - Calendars for the Web Security Bypass
08.43.72 - XOOPS "hisa_cart" Module Remote Information Disclosure
08.43.73 - Post Affiliate Pro "index.php" Local File Include
08.43.74 - Slaytanic Scripts Content Plus Version 2.1.1 Multiple Unspecified Vulnerabilities
08.43.75 - FlashChat "connection.php" Role Filter Security Bypass
08.43.76 - phpFastNews Cookie Authentication Bypass
08.43.77 - FCKeditor "command.php" Arbitrary File Upload
08.43.78 - Vivvo Article Management "classified_path" Parameter Remote File Include
08.43.79 - HP SiteScope SNMP Trap HTML Injection
08.43.80 - Fast Click SQL Lite "init.php" Remote File Include
08.43.81 - Midgard Components Framework Multiple Unspecified Vulnerabilities
08.43.82 - yappa-ng "album" Parameter Local File Include
08.43.83 - Opera Web Browser HTML Injection and Cross-Site Scripting Vulnerabilities

************************ Sponsored Link: ******************************
1) Learn about data leakage, PCI compliance, identity theft, botnets,
crimeware, security trends, and more. Register Today
http://www.sans.org/info/34518
*************************************************************************

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort to
ensure that its intrusion prevention products effectively block exploits
using known vulnerabilities. TippingPoint's analysis is complemented by
input from a council of security managers from twelve large organizations
who confidentially share with SANS the specific actions they have taken
to protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft has provided advanced notification of a
vulnerability in a Remote Procedure Call (RPC) service. The
vulnerability was deemed severe enough to warrant an out-of-cycle
security update from Microsoft. The exact details of the vulnerability
have yet to be released, but are expected to be released sometime on
October 23rd, with a question-and-answer session via webcast. The
vulnerability allows for unauthenticated users to execute arbitrary code
on vulnerable systems. Microsoft believes that the vulnerability could
be exploited in such a way as to provide creation of a worm.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Microsoft Webcast Information
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103239
3978&EventCategory=4&culture=en-US&CountryCode=US
Microsoft Security Bulletin Update
http://go.microsoft.com/fwlink/?LinkId=130719
Microsoft Advanced Notification
http://blogs.technet.com/sus/archive/2008/10/23/microsoft-security-
bulletin-advance-notification-for-october-2008.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/31874

***************************************************************
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
Affected:
libspf2 versions prior to 1.2.8
Description: SPF is the Sender Policy Framework (formerly "Sender
Permitted From"). SPF is a mechanism to help prevent unauthorized or
undesired email messages ("spam") by indicating from what servers a
domain can send email. Receiving mail servers can check SPF records
exported via DNS records to determine if a server sending email from a
domain is legitimately doing so. LibSPF2 is a popular implementation of
the SPF protocol and is used by a variety of mail and DNS products. It
contains a buffer overflow in its processing of SPF records exported from
DNS. A specially crafted SPF record could trigger this vulnerability. In
most common scenarios, an attacker could exploit this vulnerability by
simply sending an email message to a sever known to check SPF records.;
therefore no user interaction is required. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the vulnerable process, often a high-privilege account.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.
Status: Vendor confirmed, updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31881.pl
Documentation by Dan Kaminsky
http://www.doxpara.com/?page_id=1256
Wikipedia Article on Sender Policy Framework
http://en.wikipedia.org/wiki/Sender_Policy_Framework
Vendor Home Page
http://www.libspf2.org/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31881

***************************************************************
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer
Overflow
Affected:
Multiple F-Secure products; see vendor advisory
Description: The RPM Package Manager (formerly the Red Hat Package
Manager, commonly "RPM") is a package manager used by a number of Linux-
and Unix-based operating systems. Its packages are distributed in files
referred to as "RPMs". A number of F-Secure malware scanning products
contain an integer overflow when processing RPM packages. A specially
crafted RPM package could trigger this overflow, leading to arbitrary
code execution with the privileges of the vulnerable process. In
situations where the vulnerable product is used to scan email messages,
it is sufficient to have an email message transiting the server to
trigger the vulnerability; no user interaction is necessary. Some
technical details are publicly available for this vulnerability.
Additionally, the RPM file format is open and well documented, making it
amenable to fuzzing.
Status: Vendor confirmed, updates available.
References:
Vendor Security Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml
Wikipedia Article on RPM
http://en.wikipedia.org/wiki/RPM_Package_Manager
RPM Home Page
http://www.rpm.org
Vendor Home Page
http://www.f-secure.com/
SecurityFocus BID
http://www.securityfocus.com/bid/31846

***************************************************************
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
Affected:
Trend Microsoft OfficeScan versions 8.0 SP1 and prior
Description: Trend Micro OfficeScan is a popular enterprise malware
scanning application. It provides administrative and other facilities via
a web interface, using the Common Gateway Interface (CGI). Some of the
web interface CGI programs contain buffer overflow vulnerabilities in
their handling of HTTP requests. A specially crafted request to the web
interface could trigger one of these buffer overflows, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Some technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-40/
Vendor Security Advisory
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_Critica
lPatch_B3110_readme.txt
Wikipedia Article on the Common Gateway Interface
http://en.wikipedia.org/wiki/Common_Gateway_Interface
Vendor Home Page
http://www.trendmicro.com
SecurityFocus BID
http://www.securityfocus.com/bid/31859

***************************************************************
(5) HIGH: Hummingbird Multiple Vulnerabilities
Affected:
Hummingbird Deployment Wizard 10 ActiveX Control
Hummingbird Host Explorer ActiveX Control versions 8.0 and prior
Description: Hummingbird Host Explorer is a popular terminal access
solution for remote systems, and the Hummingbird Deployment Wizard is a
product used to deploy other Hummingbird products. Both products provide
some of their functionality via ActiveX controls. These controls contain
various vulnerabilities, including buffer overflow and input validation
vulnerabilities. A specially crafted web page that instantiated one of
these controls could trigger one of these vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current
user. Technical details are publicly available for these vulnerabilities.
A proof-of-concept is also publicly available.
Status: No confirmed updates available. Users can disable the affected
controls via Microsoft's "kill bit' mechanism. Note that this will affect
normal application functionality.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6776
Vendor Home Page
http://connectivity.hummingbird.com/home/connectivity.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/31799
http://www.securityfocus.com/bid/31783

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

08.43.1 CVE: CVE-2008-1547
Platform: Other Microsoft Products
Title: Microsoft Outlook Web Access for Exchange Server "redir.asp"
URI Redirection
Description: Outlook Web Access (OWA) is a web mail component of
Microsoft Exchange Server. Outlook Web Access is exposed to a remote
URI redirection issue because it fails to properly sanitize
user-supplied input in the "URL" parameter of the "redir.asp" script.
Outlook Web Access version 6.5 SP 2 is affected.
Ref: http://www.securityfocus.com/archive/1/497374
______________________________________________________________________

08.43.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird HostExplorer ActiveX Control "PlainTextPassword()"
Buffer Overflow
Description: Hummingbird HostExplorer is terminal emulation software.
HostExplorer includes an ActiveX control for Microsoft Windows
clients. The application is exposed to a buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________

08.43.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX
Control Multiple Security Vulnerabilities
Description: Hummingbird Deployment Wizard 10 ActiveX control is an
application used by Hummingbird products to aid in software
installation and configuration. The ActiveX control provided by the
"DeployRun.dll" file is exposed to multiple issues that attackers can
exploit to run arbitrary code. Hummingbird Deployment Wizard version
10 10.0.0.44 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.43.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll"
Buffer Overflow
Description: PowerTCP FTP for ActiveX is an ActiveX control that
utilizes an FTP client. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. PowerTCP FTP for ActiveX version 2.0.2.0
is affected.
Ref: http://www.securityfocus.com/bid/31814
______________________________________________________________________

08.43.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Client User Interface
Local Privilege Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local privilege
escalation issue. The problem occurs in the client graphical user
interface (GUI).
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
______________________________________________________________________

08.43.6 CVE: CVE-2008-3831
Platform: Linux
Title: Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory
Corruption
Description: The Linux kernel is exposed to a memory corruption issue
because of insufficient boundary checks in the i915 driver. This
issue affects the "drivers/char/drm/i915_dma.c" source file and can be
exploited with specially-crafted "DRM_I915_HWS_ADDR" IOCTL calls.
Linux kernel versions 2.6.24.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31792
______________________________________________________________________

08.43.7 CVE: CVE-2008-4618
Platform: Linux
Title: Linux Kernel SCTP Protocol Violation Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to handle SCTP protocol violations. This issue
occurs when handling certain SCTP protocol violations resulting from
invalid parameter lengths. Linux kernel versions prior to 2.6.27 are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1079
______________________________________________________________________

08.43.8 CVE: Not Available
Platform: Unix
Title: Symantec Veritas File System "qioadmin" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to a local information disclosure issue that is
present in the "qioadmin" utility for the Quick I/O for Database
feature.
Ref: http://seer.entsupport.symantec.com/docs/310872.htm
______________________________________________________________________

08.43.9 CVE: CVE-2008-4473
Platform: Cross Platform
Title: Adobe Flash CS3 Professional SWF File Remote Code Execution
Description: Adobe Flash CS3 Professional is an application for
creating Flash media files. Flash CS3 Professional is exposed to a
remote code execution issue when processing specially crafted SWF
files. Flash CS3 Professional for Microsoft Windows is affected.
Ref: http://www.securityfocus.com/archive/1/497397
______________________________________________________________________

08.43.10 CVE: CVE-2008-4575
Platform: Cross Platform
Title: jhead versions Prior to 2.84 Multiple Vulnerabilities
Description: jhead is an exif jpeg header manipulation tool. jhead is
exposed to multiple remote issues. Attackers can exploit these issues
to execute arbitrary code within the context of the affected
application, crash the affected application, perform symbolic link
attacks and overwrite arbitrary files on the affected computer. jhead
versions prior to 2.84 are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________

08.43.11 CVE: CVE-2008-4412
Platform: Cross Platform
Title: Hewlett-Packard Systems Insight Manager Unspecified
Unauthorized Access
Description: Hewlett Packard Systems Insight Manager (SIM) is a tool
for managing HP servers. SIM is exposed to an unspecified unauthorized
access issue. A remote attacker may exploit this issue to gain
unauthorized access to data. SIM versions prior to 5.2 SP2 are
affected.
Ref: http://www.securityfocus.com/bid/31777
______________________________________________________________________

08.43.12 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service
Description: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client are
exposed to a denial of service issue that occurs when the applications
are configured to report JP1 events.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-019/index.html
______________________________________________________________________

08.43.13 CVE: Not Available
Platform: Cross Platform
Title: Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
Description: Hitachi XFIT/S/JCA and XFIT/S/ZGN are exposed to an
unspecified denial of service issue because they fail to properly
handle unexpected data.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-020/index.html
______________________________________________________________________

08.43.14 CVE: Not Available
Platform: Cross Platform
Title: Apache HTTP Server OS Fingerprinting Unspecified Security
Description: Apache is an HTTP server available for various operating
systems. The application is exposed to an unspecified security issue
related to OS fingerprinting at the application level. Apache version
2.2.9 is affected.
Ref: http://www.securityfocus.com/archive/1/497506
______________________________________________________________________

08.43.15 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise
FTP application. Hitachi JP1/File Transmission Server/FTP is exposed
to an issue that may allow attackers to modify file permissions.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-018/index.html
______________________________________________________________________

08.43.16 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service
Description: Hitachi JP1/File Transmission Server/FTP is exposed to an
unspecified denial of service issue because it fails to properly
handle unexpected data.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vu s/HS08-017/index.html
______________________________________________________________________

08.43.17 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player TY File Stack-Based Buffer Overflow
Description: VLC is a cross-platform media player. VLC is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
checks on user-supplied input. This occurs when the application parses
specially-crafted TY files. VLC Media Player versions prior to 0.9.0
up to and including 0.9.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497587
______________________________________________________________________

08.43.18 CVE: CVE-2008-4552
Platform: Cross Platform
Title: "nfs-utils" Package "hosts_ctl()" Security Bypass
Description: The "nfs-utils" package provides a daemon for the kernel
NFS server and related tools. The application is exposed to a security
bypass issue because of an error in the implementation of TCP
wrappers. This issue is caused due to a wrong number of arguments
passed to the "hosts_ctl()" function, causing TCP Wrappers to ignore
netgroups. "nfs-utils" package version 1.0.9 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458676
______________________________________________________________________

08.43.19 CVE: Not Available
Platform: Cross Platform
Title: MUSCLE "Message::AddToString()" Buffer Overflow
Description: MUSCLE (Multi User Server Client Linkage Environment) is
a cross-platform client server messaging system. The library is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. MUSCLE version 4.30 is
affected.
Ref: https://public.msli.com/lcs/muscle/muscle/HISTORY.txt
______________________________________________________________________

08.43.20 CVE: Not Available
Platform: Cross Platform
Title: FireGPG Insecure Temporary File Creation
Description: FireGPG is an add on providing GNU Privacy Guard (GPG)
functionality for the Firefox web browser. FireGPG creates temporary
files in an insecure manner. Specifically, when decrypting email,
FireGPG creates temporary files with predictable names for the
encrypted content, the decrypted content, and the user passphrase.
FireGPG versions prior to 6.0 are affected.
Ref: http://www.securityfocus.com/archive/1/497547
______________________________________________________________________

08.43.21 CVE: CVE-2008-3248
Platform: Cross Platform
Title: Symantec Veritas File System "qiomkfile" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to an information disclosure issue which may
result in sensitive information being made available to local
attackers. Veritas File System versions prior to 5.0 MP3 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20.html
______________________________________________________________________

08.43.22 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture
Description: Keyboards from multiple vendors are exposed to an
information disclosure issue because the devices do not adequately
shield electromagnetic emanations. This issue affects USB, PS/2, and
laptop keyboards manufactured between 2001 and 2008.
Ref: http://www.securityfocus.com/bid/31831
______________________________________________________________________

08.43.23 CVE: Not Available
Platform: Cross Platform
Title: RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution
Description: RealVNC (Virtual Network Computing) allows users to
access remote computers for administration purposes. RealVNC Viewer is
exposed to a remote code execution issue because it fails to
adequately handle certain encoding types. RealVNC Free Edition
versions prior to 4.1.3 are affected.
Ref: http://www.realvnc.com/products/free/4.1/release-notes.html
______________________________________________________________________

08.43.24 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX like operating systems. Wireshark is exposed to multiple denial
of service issues when handling certain types of packets and protocols
in varying conditions. Wireshark versions 0.10.3 up to and including
1.0.3 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-06.html
______________________________________________________________________

08.43.25 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities
Description: IBM WebSphere Application Server (WAS) is an application
infrastructure used for service oriented architecture. The application
is exposed to multiple issues. Successful exploits may allow attackers
to hang the server causing a denial of service condition or bypass
certain security restrictions. IBM WebSphere Application Server
versions prior to 6.0.2.31 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006876
______________________________________________________________________

08.43.26 CVE: Not Available
Platform: Cross Platform
Title: F-Secure Multiple Products RPM File Integer Overflow
Description: Multiple F-Secure products are exposed to an integer
overflow issue because the applications fail to properly handle
user-supplied input. Specifically, the issue occurs when an affected
application parses a specially-crafted malicious RPM archive file.
Ref: http://www.f-secure.com/security/fsc-2008-3.shtml
______________________________________________________________________

08.43.27 CVE: Not Available
Platform: Cross Platform
Title: Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, and notebooks. The
application is exposed to a local information disclosure issue because
it stores Application Identity Account passwords in clear text on the
affected computer. Symantec Altiris Deployment Solution versions prior
to 6.9.355 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20b.html
______________________________________________________________________

08.43.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Elxis CMS "index.php" Multiple Cross-Site Scripting and Session
Fixation Vulnerabilities
Description: Elxis CMS is a content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. Elxis CMS version 2006.1 is
affected.
Ref: http://www.securityfocus.com/bid/31764
______________________________________________________________________

08.43.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Habari "habari_username" Parameter Cross-Site Scripting
Description: Habari is a PHP based content manager. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "habari_username"
parameter. Habari version 0.5.1 is affected.
Ref: http://www.securityfocus.com/bid/31794
______________________________________________________________________

08.43.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities
Description: WebGUI is a web-based content manager. The application is
exposed to multiple issues. WebGUI version 7.5.25 is affected.
Ref: http://www.webgui.org/getwebgui/advisories/webgui-7.5.26-stable-released
______________________________________________________________________

08.43.31 CVE: CVE-2008-4121
Platform: Web Application - Cross Site Scripting
Title: cpCommerce Multiple Cross-Site Scripting Vulnerabilities
Description: cpCommerce is a PHP based e-commerce application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. cpCommerce versions
prior to 1.2.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497545
______________________________________________________________________

08.43.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Prior to Version 4.22 Unspecified Cross-Site
Scripting
Description: Movable Type is a web-log application written in PERL.
Movable Type is exposed to an unspecified cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. This
issue affects the application management section of the application.
Movable Type versions prior to 4.22 are affected.
Ref: http://www.securityfocus.com/bid/31826
______________________________________________________________________

08.43.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNETS Unspecified Cross-Site Scripting
Description: MyNETS is a web-based application. MyNETS is exposed to
an unspecified cross-site scripting issue because it fails to properly
sanitize user-supplied input. An attacker may leverage this issue to
execute arbitrary script code in the browser of an unsuspecting user
in the context of the affected site.
Ref: http://www.securityfocus.com/bid/31835
______________________________________________________________________

08.43.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Wysi Wiki Wyg "index.php" Cross-Site Scripting
Description: Wysi Wiki Wyg is a PHP based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input passed to the "s"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/31836
______________________________________________________________________

08.43.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AstroSPACES "profile.php" SQL Injection
Description: AstroSPACES is a web-based social networking application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "profile.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31771
______________________________________________________________________

08.43.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpWebGallery "comments.php" SQL Injection and Code Execution
Vulnerabilities
Description: PhpWebGallery is a PHP based photo gallery. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sort_by" parameter of
the "comments.php" script before using it in an SQL query.
PhpWebGallery versions up to and including 1.7.2 are affected.
Ref: http://www.securityfocus.com/bid/31762
______________________________________________________________________

08.43.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHPDating "success_story.php" SQL Injection
Description: MyPHPDating is a PHP based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"success_story.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31763
______________________________________________________________________

08.43.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myStats Security Bypass and SQL Injection Vulnerabilities
Description: myStats is a web-based application. The application is
exposed to multiple security issues.
Ref: http://www.securityfocus.com/bid/31772
______________________________________________________________________

08.43.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myEvent "viewevent.php" SQL Injection
Description: myEvent is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "eventdate" parameter of the
"viewevent.php" script before using it in an SQL query. myEvent
version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/31773
______________________________________________________________________

08.43.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SweetCMS "index.php" SQL Injection
Description: SweetCMS is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the "index.php"
script before using it in an SQL query. SweetCMS version 1.5.2 is
affected.
Ref: http://www.securityfocus.com/bid/31774
______________________________________________________________________

08.43.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WEB//NEWS Multiple SQL Injection Vulnerabilities
Description: WEB//NEWS is a web-based news script. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input.
WEB//NEWS versions prior to 1.4.1a are affected.
Ref: http://www.securityfocus.com/archive/1/497399
______________________________________________________________________

08.43.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Node Vote Module Cast Vote SQL Injection
Description: Drupal Node Vote is a voting module for the Drupal
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data. This
issue occurs in an unspecified field when changing a previous cast
vote.
Ref: http://drupal.org/node/321685
______________________________________________________________________

08.43.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IP Reg "locationdel.php" SQL Injection
Description: IP Reg is an IPAM tool to keep track of assets and nodes
(IP addresses, MAC addresses, DNS aliases) within different subnets
over different locations or VLANs. The application is exposed to an
SQL injection issue because it fails to properly sanitize
user-supplied input to the "location_id" parameter of the
"locationdel.php" script before using it in SQL queries. IP Reg
version 0.4 is affected.
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________

08.43.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mosaic Commerce "category.php" SQL Injection
Description: Mosaic Commerce is a PHP based e-commerce application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "category.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31782
______________________________________________________________________

08.43.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CafeEngine "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: CafeEngine is online cafe management software. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of these scripts: "dish.php" and "menu.php".
Ref: http://www.securityfocus.com/bid/31786
______________________________________________________________________

08.43.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CafeEngine Easy Cafe Engine "itemid" Parameter SQL Injection
Description: CafeEngine Easy Cafe Engine is a PHP-based application
for managing cafe web pages. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "itemid" parameter of the "index.php" script
before using it in an SQL query. Easy Cafe Engine version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/31788
______________________________________________________________________

08.43.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ShiftThis Newsletter WordPress Plugin "stnl_iframe.php" SQL
Injection
Description: ShiftThis Newsletter is a plugin for the WordPress web log
application. The plugin is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"newsletter" parameter of the "plugins/st_newsletter/stnl_iframe.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31806
______________________________________________________________________

08.43.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Zeeproperty "bannerclick.php" SQL Injection
Description: Zeeproperty is a real estate portal application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "adid" parameter of
the "bannerclick.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31807
______________________________________________________________________

08.43.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS GesGaleri Module "index.php" SQL Injection
Description: GesGaleri is a gallery module for the XOOPS content
management system. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "kategorino" parameter of the "index.php" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/31808
______________________________________________________________________

08.43.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Meeting Room Booking System "month.php" SQL Injection
Description: Meeting Room Booking System is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "area" parameter of
the "month.php" script before using it in an SQL query. Meeting Room
Booking System version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/31809
______________________________________________________________________

08.43.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myWebland miniBloggie "del.php" SQL Injection
Description: miniBloggie is a web log application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "post_id" parameter of the
"del.php" script before using it in an SQL query. miniBloggie version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/31810
______________________________________________________________________

08.43.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nice Talk Joomla! Component "tagid" Parameter SQL Injection
Description: Nice Talk is a PHP-based component for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"tagid" parameter.
Ref: http://www.securityfocus.com/bid/31818
______________________________________________________________________

08.43.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DS-Syndicate Joomla! Component "feed_id" Parameter SQL
Injection
Description: DS-Syndicate is a PHP-based component for the Joomla!
content manager. The application is prone to an SQL injection
vulnerability because it fails to sufficiently sanitize user-supplied
data to the "feed_id" parameter.
Ref: http://www.securityfocus.com/bid/31819
______________________________________________________________________

08.43.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Woltlab Burning Board rGallery Plugin "itemID" Parameter SQL
Injection
Description: The rGallery plugin for Woltlab Burning Board is a
web-based application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "itemID" parameter of the "RGalleryImageWrapper" page. rGallery
version 1.09 is affected.
Ref: http://www.securityfocus.com/bid/31820
______________________________________________________________________

08.43.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 CMS
Description: e107 CMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "ue[]" array parameter of the
"usersettings.php" script before using it in an SQL query. e107 CMS
versions 0.7.13 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31821
______________________________________________________________________

08.43.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jetbox CMS Multiple SQL Injection Vulnerabilities
Description: Jetbox CMS is a content manager. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. Jetbox CMS version 2.1 is
affected.
Ref: http://www.digitrustgroup.com/advisories/web-application-security-jetbox
______________________________________________________________________

08.43.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Sarkilar Module "id" Parameter SQL Injection
Description: Sarkilar is a plugin for PHP Nuke. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31830
______________________________________________________________________

08.43.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Makale XOOPS Module "makale.php" SQL Injection
Description: The "makale" module is a PHP-based application for the
XOOPS content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "modules/makale/makale.php" script before
using it in an SQL query. The "makale" XOOPS module update025 is
affected.
Ref: http://www.securityfocus.com/bid/31834
______________________________________________________________________

08.43.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Limbo CMS "open.php" SQL Injection
Description: Limbo CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter in the
"com_privmsg/open.php" before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31837
______________________________________________________________________

08.43.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 JobControl Extension Unspecified SQL Injection
Description: JobControl is an extension for the TYPO3 content manager.
JobControl is not a part of the TYPO3 default installation. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input before using it in an SQL query. TYPO3
JobControl versions up to and including 1.15.4 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Econda Plugin Extension Unspecified SQL Injection
Description: Econda Plugin is an extension for the TYPO3 content
manager. Econda Plugin is not a part of the TYPO3 default
installation. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 Econda Plugin versions up to and including 0.0.4 are
affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Frontend Users View Extension Unspecified SQL Injection
Description: Frontend Users View is an extension for the TYPO3 content
manager. Frontend Users View is not a part of the TYPO3 default
installation. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 Frontend Users View versions up to and including
0.1.6 are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Mannschaftsliste Extension Unspecified SQL Injection
Description: Mannschaftsliste is an extension for the TYPO3 content
manager. Mannschaftsliste is not a part of the TYPO3 default
installation. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize input before using it in an
SQL query. TYPO3 Mannschaftsliste versions up to and including 1.0.3
are affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 M1 Intern Extension Unspecified SQL Injection
Description: M1 Intern is an extension for the TYPO3 content manager.
M1 Intern is not a part of the TYPO3 default installation. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize input before using it in an SQL query. TYPO3 M1
Intern version 1.0.0 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Simple survey Extension Unspecified SQL Injection
Description: TYPO3 Simple survey is a PHP-based survey application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize input before using it in an SQL query. TYPO3
Simple survey versions 1.7.0 and prior are vulnerable.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/
______________________________________________________________________

08.43.66 CVE: Not Available
Platform: Web Application
Title: myPHPNuke "displayCategory.php" Multiple Remote File Include
Vulnerabilities
Description: MyPHPNuke is a PHP-based content manager. The application
is exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "basepath" and
"adminpath" parameters of the "gallery/displayCategory.php" script.
MyPHPNuke version 188_8 rc2 is affected.
Ref: http://www.securityfocus.com/bid/31778
______________________________________________________________________

08.43.67 CVE: Not Available
Platform: Web Application
Title: Drupal Node Clone Module Information Disclosure
Description: Node Clone module is a module for Drupal that allows
users to copy existing items of content (nodes). The application is
exposed to an information disclosure issue because it fails to restrict
access to certain portions of the affected application.
Ref: http://drupal.org/node/321737
______________________________________________________________________

08.43.68 CVE: Not Available
Platform: Web Application
Title: Kure Multiple Local File Include Vulnerabilities
Description: Kure is a web log application. The application is exposed
to multiple local file include issues because it fails to properly
sanitize user-supplied input to the "post" and "doc" parameters of the
"index.php" script. Kure version 0.6.3 is affected.
Ref: http://www.securityfocus.com/bid/31785
______________________________________________________________________

08.43.69 CVE: Not Available
Platform: Web Application
Title: Mic_blog SQL Injection and Unauthorized Access Vulnerabilities
Description: Mic_blog is a blog application. The application is
exposed to multiple remote issues. An SQL injection issue
affects the "cat" parameter of the "category.php" script. An
unauthorized access issue permits attackers to add administrative
accounts to the affected application. Mic_blog version 0.0.3 is
affected.
Ref: http://www.securityfocus.com/bid/31812
______________________________________________________________________

08.43.70 CVE: Not Available
Platform: Web Application
Title: Mantis "manage_proj_page.php" PHP Code Injection
Description: Mantis is a web-based bug tracking system. Mantis is
exposed to an issue that lets attackers inject arbitrary PHP code. The
issue occurs because the application fails to properly sanitize
user-supplied input to the "sort" parameter of the
"manage_proj_page.php" script. Mantis versions 1.1.3 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/31789
______________________________________________________________________

08.43.71 CVE: Not Available
Platform: Web Application
Title: Calendars for the Web Security Bypass
Description: Calendars for the Web is a web-based application. The
application is exposed to a security bypass issue. Specifically, the
vulnerability exists in the administration page because the
application saves the past session. Calendars for the Web version 4.01
is affected.
Ref: http://www.securityfocus.com/bid/31791
______________________________________________________________________

08.43.72 CVE: Not Available
Platform: Web Application
Title: XOOPS "hisa_cart" Module Remote Information Disclosure
Description: "hisa_cart" is a module for XOOPS content manager. The
module is exposed to a remote information disclosure issue due to an
unspecified error. "hisa_cart" versions prior to 1.29 are affected.
Ref: http://www.securityfocus.com/bid/31795
______________________________________________________________________

08.43.73 CVE: Not Available
Platform: Web Application
Title: Post Affiliate Pro "index.php" Local File Include
Description: Post Affiliate Pro is an affiliate management
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the "md"
parameter of the "index.php" script. Post Affiliate Pro version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31796
______________________________________________________________________

08.43.74 CVE: Not Available
Platform: Web Application
Title: Slaytanic Scripts Content Plus Version 2.1.1 Multiple
Unspecified Vulnerabilities
Description: Slaytanic Scripts Content Plus is an enhancement
distribution for PHP Nuke. The application is exposed to multiple
issues caused by unspecified errors. Slaytanic Scripts Content Plus
version 2.1.1 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=632842
______________________________________________________________________

08.43.75 CVE: Not Available
Platform: Web Application
Title: FlashChat "connection.php" Role Filter Security Bypass
Description: FlashChat is a chat room application. The application is
exposed to a security bypass issue that may allow attackers to gain
administrative access to the affected application. This issue affects
the "s" parameter of the "connection.php" script.
Ref: http://www.securityfocus.com/archive/1/497474
______________________________________________________________________

08.43.76 CVE: Not Available
Platform: Web Application
Title: phpFastNews Cookie Authentication Bypass
Description: phpFastNews is a web-based news application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. phpFastNews version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/31811
______________________________________________________________________

08.43.77 CVE: Not Available
Platform: Web Application
Title: FCKeditor "command.php" Arbitrary File Upload
Description: FCKeditor is an online text/DHTML editor. FCKeditor is
exposed to an arbitrary file upload issue because it fails to
adequately sanitize user-supplied input. This issue affects the
"editor/filemanager/browser/default/connectors/php/connector.php"
script.
Ref: http://www.securityfocus.com/bid/31812
______________________________________________________________________

08.43.78 CVE: Not Available
Platform: Web Application
Title: Vivvo Article Management "classified_path" Parameter Remote
File Include
Description: Vivvo Article Management is a content manager. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "classified_path"
parameter of the "HTML_function.php" script. Vivvo Article Management
versions 3.2 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31815
______________________________________________________________________

08.43.79 CVE: Not Available
Platform: Web Application
Title: HP SiteScope SNMP Trap HTML Injection
Description: HP SiteScope is an agentless distribution system for IT
infrastructure. The web interface is prone to an HTML injection issue
because it fails to properly sanitize input from received SNMP trap
messages. HP SiteScope version 9.0 build 911 is affected.
Ref: http://www.securityfocus.com/archive/1/497548
______________________________________________________________________

08.43.80 CVE: Not Available
Platform: Web Application
Title: Fast Click SQL Lite "init.php" Remote File Include
Description: Fast Click SQL Lite is an application that counts web site
visitors. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"CFG[CDIR]" parameter of the "init.php" script. Fast Click SQL Lite
version 1.1.7 is affected.
Ref: http://www.securityfocus.com/bid/31817
______________________________________________________________________

08.43.81 CVE: Not Available
Platform: Web Application
Title: Midgard Components Framework Multiple Unspecified
Vulnerabilities
Description: Midgard Components Framework is a PHP based web
development component library. The library is exposed to multiple
issues caused by unspecified errors. Midgard Components Framework
versions prior to 8.09.1 are affected.
Ref: http://freshmeat.net/projects/midcom/?branch_id=38063&release_id=286210
______________________________________________________________________

08.43.82 CVE: Not Available
Platform: Web Application
Title: yappa-ng "album" Parameter Local File Include
Description: yappa-ng is a photo album application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "album" parameter of the
"index.php" script. yappa-ng version 2.3.2 is affected.
Ref: http://www.securityfocus.com/bid/31828
______________________________________________________________________

08.43.83 CVE: Not Available
Platform: Web Application
Title: Opera Web Browser HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is prone to HTML injection and
cross-site scripting issues because it fails to properly sanitize
user-supplied input. Opera Web Browser versions prior to 9.61 are
affected.
Ref: http://www.opera.com/support/search/view/905/
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.Subscriptions:

RISK is distributed free of charge by the SANS Institute to people
responsible for managing and securing information systems and networks.
You may forward this newsletter to others with such responsibility
inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkkA2IsACgkQ+LUG5KFpTkY51QCfQrVHTHHeXtLn0BqzFkeRKMMO
wvoAnikoavEi3dhRW4v4b9YtN6NJsgdK
=CdyW
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]