|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 50
From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Dec 11 2008 - 16:47:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This week saw a huge number (more than 150) of new vulnerabilities
including the largest number in at least three years of *critical* new
vulnerabilities (nine). Most of the critical new vulnerabilities were
from Microsoft (too many to list in this opening paragraph), but BMC
users should not overlook the Patrol vulnerability. Vulnerable system
management tools are like Patrol, and back up and security tools, are
the "back doors" that many sophisticated attackers are exploiting.
Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
December 11, 2008 Vol. 7. Week 50
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Windows 7 (#1, #4, #5, #6, #7, #12)
Microsoft Office 11 (#2, #8, #9, #11)
Other Microsoft Products 13
Third Party Windows Apps 5 (#10)
Linux 19
HP-UX 1
Solaris 1
Unix 2
Novell 1
Cross Platform 26 (#3)
Web Application - Cross Site Scripting 13
Web Application - SQL Injection 28
Web Application 25
Network Device 2
******************** Sponsored By Sourcefire, Inc. **********************
SANS Real-time Adaptive Security White Paper
Real-time Adaptive Security is the next step beyond an IPS
implementation. It gives you full network visibility, provides context
around events so you know which ones to investigate first, reduces your
false positives dramatically, offers automated impact assessment,
introduces automated IPS tuning, and more. Let SANS tell you how.
http://www.sans.org/info/36369
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community? http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (0day)
(2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (0day)
(3) CRITICAL: BMC Patrol Format String Vulnerability
(4) CRITICAL: Microsoft Windows GDI Multiple Vulnerabilities (MS08-071)
(5) CRITICAL: Microsoft Windows Search Multiple Vulnerabilities (MS08-075)
(6) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-073)
(7) CRITICAL: Microsoft Visual Basic ActiveX Controls Multiple Vulnerabilities (MS08-070)
(8) CRITICAL: Microsoft Office Word Multiple Vulnerabilities (MS08-072)
(9) CRITICAL: Microsoft Office Excel Multiple Vulnerabilities (MS08-074)
(10) HIGH: Microsoft SQL Server Remote Memory Corruption (0day)
(11) MODERATE: Microsoft SharePoint Authentication Bypass (MS08-077)
(12) MODERATE: Microsoft Media Components Credential Reflection Vulnerability (MS08-076)
********************** Sponsored Link *********************************
1) Learn to select and implement the right tools at the Log Management
Summit April 6-7.
http://www.sans.org/info/36379
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
-- Windows
08.50.1 - Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow
08.50.2 - Microsoft Windows GDI WMF Integer Overflow
08.50.3 - Microsoft Windows GDI File Size Parameter Heap Overflow
08.50.4 - Microsoft Windows Saved Search File Handling Remote Code Execution
08.50.5 - Microsoft Windows "search-ms" Protocol Parsing Remote Code Execution
08.50.6 - Microsoft Windows Media Components "Service Principle Name" Remote Code Execution
08.50.7 - Microsoft Windows Media Components ISATAP URL Handling Information Disclosure
-- Microsoft Office
08.50.8 - Microsoft Word RTF Polyline/Polygon Integer Overflow
08.50.9 - Microsoft Word Malformed Record Remote Code Execution
08.50.10 - Microsoft Word RTF "do" Drawing Object Remote Heap Memory Corruption
08.50.11 - Microsoft Word Malformed Value Remote Code Execution
08.50.12 - Microsoft Word Malformed Record Value Remote Code Execution
08.50.13 - Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution
08.50.14 - Microsoft Word RTF Malformed String Remote Code Execution
08.50.15 - Microsoft Excel Malformed Object Handling Remote Code Execution
08.50.16 - Microsoft Excel Formula Handling Remote Code Execution
08.50.17 - Microsoft Excel Name Record Array Remote Code Execution
08.50.18 - Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution
-- Other Microsoft Products
08.50.19 - Microsoft Outlook Express Malformed MIME Message Denial of Service
08.50.20 - Microsoft SQL Server 2000 "sp_replwritetovarbin" Remote Memory Corruption
08.50.21 - Microsoft Internet Explorer HTML Objects Remote Code Execution
08.50.22 - Microsoft DataGrid ActiveX Control Memory Corruption
08.50.23 - Microsoft FlexGrid ActiveX Control Memory Corruption
08.50.24 - Microsoft Internet Explorer Deleted Object Access Remote Code Execution
08.50.25 - Microsoft Internet Explorer Embedded Object Remote Code Execution
08.50.26 - Microsoft Internet Explorer Navigation Method Remote Code Execution
08.50.27 - Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption
08.50.28 - Microsoft Charts ActiveX Control Memory Corruption
08.50.29 - Microsoft SharePoint Server Unauthorized Access
08.50.30 - Microsoft WordPad Text Converter Remote Code Execution
08.50.31 - Microsoft Internet Explorer Unspecified XML Handling Remote Code Execution
-- Third Party Windows Apps
08.50.32 - RadASM ".rap" Project File Buffer Overflow
08.50.33 - Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite
08.50.34 - Linksys WVC54GC "NetCamPlayerWeb11gv2.ocx" ActiveX Control Buffer Overflow
08.50.35 - DesignWorks Professional ".cct" File Buffer Overflow
08.50.36 - EasyMail Objects "emmailstore.dll" ActiveX Control Remote Buffer Overflow
-- Linux
08.50.37 - Ubuntu Privacy Remix S/ATA-Disks Security Bypass
08.50.38 - Linux Kernel "parisc_show_stack()" Local Denial of Service
08.50.39 - Linux Kernel "net/atm/proc.c" Local Denial of Service
08.50.40 - Vinagre "vinarge_utils_show_error()" Function Format String
08.50.41 - Linux Kernel MIPS Untrusted User Application Local Denial of Service
08.50.42 - bash-doc Insecure Temporary File Creation Vulnerabilities
08.50.43 - Debian netdisco-mibs-installer Insecure Temporary File Creation Vulnerabilities
08.50.44 - noip2 Insecure Temporary File Creation
08.50.45 - PvPGN Insecure Temporary File Creation
08.50.46 - Screenie Insecure Temporary File Creation
08.50.47 - lessdisks.net sdm Insecure Temporary File Creation
08.50.48 - Debian ppp Insecure Temporary File Creation Vulnerabilities
08.50.49 - Debian ppp-udeb Insecure Temporary File Creation
08.50.50 - crip Insecure Temporary File Creation
08.50.51 - Avast! Linux Home Edition ISO and RPM File Multiple Buffer Overflow Vulnerabilities
08.50.52 - Sophos Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
08.50.53 - AVG Anti-Virus For Linux UPX File Parsing Denial of Service
08.50.54 - BitDefender Antivirus For Linux Multiple File Processing Remote Denial of Service Vulnerabilities
08.50.55 - F-Prot Antivirus for Linux ELF File Scanning Denial of Service
-- HP-UX
08.50.56 - HP-UX DCE Unspecified Remote Denial of Service
-- Solaris
08.50.57 - Sun Solaris OpenSSL "PKCS#11" Engine Remote Denial of Service
-- Unix
08.50.58 - RSyslog "$AllowedSender" Configuration Directive Security Bypass
08.50.59 - CUPS "pstopdf" Insecure Temporary File Creation
-- Novell
08.50.60 - Novell Netware ApacheAdmin Security Bypass
-- Cross Platform
08.50.61 - Null FTP Server "SITE" Command Arbitrary Command Injection
08.50.62 - Sun Java Runtime Environment 6 Update 11 Multiple Unspecified Security Vulnerabilities
08.50.63 - Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
08.50.64 - Nagios External Commands and Adaptive Commands Unspecified Vulnerability
08.50.65 - Sun Java Web Start and Java Plug-in Multiple Privilege Escalation Vulnerabilities
08.50.66 - PHP ZipArchive::extractTo() ".zip" Files Directory Traversal
08.50.67 - PowerDNS "CH HINFO" Remote Denial of Service
08.50.68 - Orb Networks Orb Unspecified Remote Denial of Service
08.50.69 - ccTiddly "cct_base" Parameter Multiple Remote File Include Vulnerabilities
08.50.70 - Trillian Multiple Remote Memory Corruption Vulnerabilities
08.50.71 - Tor Security Bypass And Privilege Escalation Weaknesses
08.50.72 - PHP 5.2.7 "magic_quotes_gpc" Security Bypass Weakness
08.50.73 - D-Bus "send_requested_reply" and "receive_requested_reply" Security Bypass
08.50.74 - IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
08.50.75 - PHP SAPI "php_getuid()" Safe Mode Restriction Bypass
08.50.76 - BMC Patrol Agent Remote Format String
08.50.77 - Aruba Mobility Controller EAP Frame Remote Denial of Service
08.50.78 - Multiple Laptop Face Recognition Authentication Bypass
08.50.79 - Little CMS Buffer Overflow and Integer Signedness Vulnerabilities
08.50.80 - HP DECnet-Plus OpenVMS "OSIT$NAMES" Security Bypass Weakness
08.50.81 - Compiz Fusion "Expo" Plugin Security Bypass
08.50.82 - PHP "proc_open()" Environment Parameter Safe Mode Restriction-Bypass
08.50.83 - GpsDrive "geo-nearest" Insecure Temporary File Creation
08.50.84 - CMus Insecure Temporary File Creation
08.50.85 - Muttprint Insecure Temporary File Creation
08.50.86 - ClamAV LZH File Unpacking Denial of Service
-- Web Application - Cross Site Scripting
08.50.87 - Tribiq CMS "index.php" Cross Site Scripting
08.50.88 - Movable Type Unspecified Cross-Site Scripting
08.50.89 - mvnForum Cross Site Scripting
08.50.90 - yappa-ng Multiple Cross Site Scripting Vulnerabilities
08.50.91 - DD-WRT Cross-Site Request Forgery
08.50.92 - Nightfall Personal Diary "login.asp" Multiple Cross Site Scripting Vulnerabilities
08.50.93 - TWiki URLPARAM Variable Cross Site Scripting
08.50.94 - yMonda Thread-IT "txtSearchString" Parameter Cross Site Scripting
08.50.95 - PrestaShop Multiple Cross-Site Scripting Vulnerabilities
08.50.96 - PhPepperShop Multiple Cross Site Scripting Vulnerabilities
08.50.97 - 3CX Phone System Multiple Cross Site Scripting Vulnerabilities
08.50.98 - Moodle Wiki Page Name Cross Site Scripting
08.50.99 - PHP Multiple Newsletters "index.php" Cross Site Scripting
-- Web Application - SQL Injection
08.50.100 - Tribiq CMS "index.php" SQL Injection
08.50.101 - Multiple Membership Script "sitepage.php" SQL Injection
08.50.102 - Mxmania Gallery MX "pics_pre.asp" SQL Injection
08.50.103 - Calendar MX Professional "calendar_Eventupdate.asp" SQL Injection
08.50.104 - Check Up New Generation "findoffice.php" SQL Injection
08.50.105 - JMovies Joomla! Component "id" Parameter SQL Injection
08.50.106 - Rae Media Web Based Contact Management Login SQL Injection
08.50.107 - Drupal Storm Module Multiple Unspecified SQL Injection Vulnerabilities
08.50.108 - dotnetindex Professional Download Assistant SQL Injection
08.50.109 - PHPSTREET Webboard "show.php" SQL Injection
08.50.110 - Joomla! and Mambo Mydyngallery Component "directory" Parameter SQL Injection
08.50.111 - ASPApps.com Template Creature "media_level.asp" SQL Injection
08.50.112 - RankEm "rankup.asp" SQL Injection
08.50.113 - ASPToys Teamworx Server "default.asp" SQL Injection
08.50.114 - ASPToys ASP Portal Multiple SQL Injection Vulnerabilities
08.50.115 - ASP AutoDealer "detail.asp" SQL Injection
08.50.116 - Kalptaru Infotech Product Sale Framework "forum_topic_id" Parameter SQL Injection
08.50.117 - yMonda Thread-IT "treplies.asp" SQL Injection
08.50.118 - RankEm "processlogin.asp" Multiple SQL Injection Vulnerabilities
08.50.119 - SIU Guarani SQL Injection and Arbitrary File Upload Vulnerabilities
08.50.120 - Secure Downloads for vBulletin "fileinfo.php" SQL Injection
08.50.121 - Tag Board 4 phpBB3 "tag_board.php" SQL Injection
08.50.122 - Poll Pro User and Passwrod SQL Injection Vulnerabilities
08.50.123 - PEEL "rubid" Parameter SQL Injection
08.50.124 - PostEcards "sendcard.cfm" SQL Injection
08.50.125 - phpMyAdmin "table" Parameter SQL Injection
08.50.126 - ProQuiz "Username" Parameter SQL Injection
08.50.127 - Netref "id" Parameter Multiple SQL Injection Vulnerabilities
-- Web Application
08.50.128 - Pro Clan Manager "PHPSESSID" Session Fixation
08.50.129 - SEO phpBB "include/global.php" Remote File Include
08.50.130 - RevSense SQL Injection and Cross Site Scripting Vulnerabilities
08.50.131 - WebCAF Multiple Input Validation Vulnerabilities
08.50.132 - PHPmyGallery Local and Remote File Include Vulnerabilities
08.50.133 - ImpressCMS "rank_title" Parameter HTML Injection
08.50.134 - Drennan Software My Simple Forum "index.php" Local File Include
08.50.135 - BNCwi "index.php" Local File Include
08.50.136 - Gravity GTD PHP Code Injection and Local File Include Vulnerabilities
08.50.137 - lcxbbportal "phpbb_root_path" Parameter Multiple Remote File Include Vulnerabilities
08.50.138 - Tizag Countdown Creater "index.php" Arbitrary File Upload
08.50.139 - TWiki SEARCH Variable Remote Command Execution
08.50.140 - phpPgAdmin "_language" Parameter Local File Include
08.50.141 - w3blabor Local File Include and Arbitrary File Upload Vulnerabilities
08.50.142 - BPowerHouse Mini Blog "index.php" Multiple Local File Include Vulnerabilities
08.50.143 - PHPmyGallery "index.php" Directory Traversal
08.50.144 - Mini-CMS "index.php" Multiple Local File Include Vulnerabilities
08.50.145 - XOOPS Local File Include and HTML Injection Vulnerabilities
08.50.146 - MG2 "includes/mg2_functions.php" PHP Code Injection
08.50.147 - Google Gears WorkerPool API "allowCrossOrigin()" Same Origin Policy Violation
08.50.148 - PunBB SQL Injection and Cross Site Scripting Vulnerabilities
08.50.149 - PHPmyGallery "common-tpl-vars.php" Local and Remote File Include Vulnerabilities
08.50.150 - PHP Multiple Newsletters "lang" Parameter Local File Include
08.50.151 - Atlassian JIRA Remote Security Bypass
08.50.152 - HTMPL "htmpl_admin.cgi" Remote Command Execution
-- Network Device
08.50.153 - Linksys WVC54GC Wireless-G Internet Video Camera Information Disclosure
08.50.154 - Neostrada Livebox ADSL Router HTTP Request Denial of Service
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Internet Explorer Remote Code Execution Vulnerability (0day)
Affected:
Microsoft Internet Explorer 7 and possibly prior
Description: Microsoft Internet Explorer contains a remote code
execution vulnerability in its handling of certain XML structures. A
specially crafted web page can result in remote code execution with the
privileges of the current user. This vulnerability is currently being
exploited in the wild, and is reportedly not mitigated by the most
recent Microsoft patches. No further technical details are publicly
available for this vulnerability.
Status: Vendor confirmed, no updates available.
References:
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/961051.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/32721
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/493881
Network World Article
http://www.networkworld.com/news/2008/120908-new-web-attack-exploits-unpatched.html?fsrc=rss-security
SecurityFocus BID
http://www.securityfocus.com/bid/32721
***********************************************
(2) CRITICAL: Microsoft WordPad Text Converter Remote Code Execution (0day)
Affected:
Microsoft Windows XP prior to Service Pack 3.
Description: Microsoft WordPad is a Rich Text Format (RTF) editor
included by default in Microsoft Windows. It is the default viewer for
RTF files. It contains a flaw in its Text Converter component. A
specially crafted RTF document could trigger this vulnerability,
allowing an attacker to execute arbitrary code with the privileges of
the current user. This vulnerability is being actively exploited in the
wild and is reportedly not mitigated by the most recent set of Microsoft
patches.
Status: Vendor confirmed, no updates available.
References:
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/960906.mspx
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/926676
SecurityFocus BID
http://www.securityfocus.com/bid/32718
***********************************************
(3) CRITICAL: BMC Patrol Format String Vulnerability
Affected:
BMC Patrol versions prior to 3.7.30
Description: BMC Patrol is an enterprise monitoring software package.
It contains a flaw in its logging code. A specially crafted message sent
to the vulnerable process could trigger a format string vulnerability
in this code, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable process (usually SYSTEM). Some technical
details are publicly available for this vulnerability. No authentication
is required to exploit this vulnerability.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking TCP port 3181 at the network
perimeter.
References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-082/
Vendor Home Page
http://www.bmc.com/
SecurityFocus BID
http://www.securityfocus.com/bid/32692
***********************************************
(4) CRITICAL: Microsoft Windows GDI Multiple Vulnerabilities (MS08-071)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: GDI, the Graphics Device Interface, is the Microsoft
Windows component responsible for drawing graphics and text to output
devices. It contains multiple vulnerabilities in its handling of Windows
Metafile (WMF) graphics files. A specially crafted WMF file could
trigger one of these vulnerabilities, allowing an attacker to execute
arbitrary code with the privileges of the current user. Generally any
application that parses WMF files using GDI would be vulnerable.
Depending on configuration, a malicious WMF file may be opened upon
receipt without first prompting the user. Some technical details are
publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-071.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=762
Wikipedia Article on GDI
http://en.wikipedia.org/wiki/Graphics_Device_Interface
Wikipedia Article on WMF
http://en.wikipedia.org/wiki/Windows_Metafile
SecurityFocus BIDs
http://www.securityfocus.com/bid/32634
http://www.securityfocus.com/bid/32637
***********************************************
(5) CRITICAL: Microsoft Windows Search Multiple Vulnerabilities (MS08-075)
Affected:
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Windows Search is the component of Windows that
allows users to search filesystems and other sources for information.
A specially crafted web page containing a URL using the "search-ms"
protocol handler, which is handled by WIndows Search, could trigger a
remote code execution vulnerability with the privileges of the current
user. Additionally, if a user saves a specially crafted "search-ms"
file, a remote code execution vulnerability may be triggered. Note that,
in the latter vulnerability, user interaction beyond visiting a web page
is required to exploit this vulnerability. Some technical details are
publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx
Microsoft Technet Blog Post
http://blogs.technet.com/swi/archive/2008/12/09/ms08-075-reducing-attack-surface-by-turning-off-protocol-handlers.aspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/32651
http://www.securityfocus.com/bid/32652
***********************************************
(6) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-073)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Internet Explorer contains multiple
vulnerabilities in its handling of a variety of web page structures and
scripts. A specially crafted web page could trigger one of these
vulnerabilities, allowing an attacker to perform various actions,
including executing arbitrary code with the privileges of the current
user. Some technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-087/
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=761
SecurityFocus BIDs
http://www.securityfocus.com/bid/32596
http://www.securityfocus.com/bid/32586
http://www.securityfocus.com/bid/32593
http://www.securityfocus.com/bid/32595
***********************************************
(7) CRITICAL: Microsoft Visual Basic ActiveX Controls Multiple Vulnerabilities (MS08-070)
Affected:
Microsoft Visual Basic 6.0
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
Microsoft Visual FoxPro 8.0
Microsoft Visual FoxPro 9.0
Microsoft Office FrontPage 2002
Microsoft Office Project 2003
Microsoft Office Project 2007
Description: Visual Basic is a popular programming language from
Microsoft. It provides some of its runtime functionality via a
collection of ActiveX controls. Several of these controls contain
vulnerabilities in their handling of a variety of inputs. A specially
crafted web page that instantiates one of these controls could trigger
one of these vulnerabilities, allowing an attacker to execute arbitrary
code with the privileges of the current user. Some technical details are
publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of these vulnerabilities by disabling the affected controls via
Microsoft's "kill bit" mechanism; affected CLSIDs are available in
Microsoft's advisory. Note that disabling this controls may affect
normal application functionality.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/ms08-070.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-083/
SecurityFocus BID
http://www.securityfocus.com/bid/32591
http://www.securityfocus.com/bid/32592
http://www.securityfocus.com/bid/32612
http://www.securityfocus.com/bid/32613
http://www.securityfocus.com/bid/30674
***********************************************
(8) CRITICAL: Microsoft Office Word Multiple Vulnerabilities (MS08-072)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Word Viewer 2003
Microsoft Works 8
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Description: Microsoft Office contains multiple vulnerabilities in its
handling of Microsoft Office Word and Rich Text Format (RTF) files. A
specially crafted Word or RTF file could trigger one of these
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to perform a variety of actions, including
executing arbitrary code with the privileges of the current user. In
most configurations, a user will be prompted before opening a
potentially malicious file. Some technical details are publicly
available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx
TippingPoint DVLabs Security Advisories
http://dvlabs.tippingpoint.com/advisory/TPTI-08-08
http://dvlabs.tippingpoint.com/advisory/TPTI-08-09
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-086/
http://zerodayinitiative.com/advisories/ZDI-08-085/
http://zerodayinitiative.com/advisories/ZDI-08-084/
SecurityFocus BIDs
http://www.securityfocus.com/bid/32580
http://www.securityfocus.com/bid/32579
http://www.securityfocus.com/bid/32583
http://www.securityfocus.com/bid/32581
http://www.securityfocus.com/bid/32585
http://www.securityfocus.com/bid/32642
http://www.securityfocus.com/bid/32594
***********************************************
(9) CRITICAL: Microsoft Office Excel Multiple Vulnerabilities (MS08-074)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Excel Viewer 2003
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Open XML File Format Converter for Mac
Description: Microsoft Excel, the spreadsheet component of Microsoft
Office, contains multiple vulnerabilities in its parsing of Microsoft
Excel files. A specially crafted Excel file could trigger one of these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that, in most configurations, users
will be prompted before opening potentially malicious Excel files. Some
technical details are publicly available for these vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=763
SecurityFocus BID
http://www.securityfocus.com/bid/32618
http://www.securityfocus.com/bid/32621
http://www.securityfocus.com/bid/32622
***********************************************
(10) HIGH: Microsoft SQL Server Remote Memory Corruption (0day)
Affected:
Microsoft SQL Server 2000
Microsoft SQL Server 2005
Description: Microsoft SQL Server contains a flaw in its handling of the
"sp_replwritetovarbin" procedure. A call to this procedure with
specially crafted values could result in a memory corruption condition.
It is believed that this condition could be exploited to execute
arbitrary code with the privileges of the current user. Authentication
is required to exploit this vulnerability, but this vulnerability could
be exploited via SQL injection, thus using the authentication
credentials of the vulnerable web application. A proof-of-concept is
publicly available for this vulnerability.
Status: Vendor has not confirmed, no updates available.
References:
SEC Consult Advisory (includes proof-of-concept)
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
Product Home Page
http://www.microsoft.com/sqlserver/2008/en/us/default.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/32710
***********************************************
(11) MODERATE: Microsoft SharePoint Authentication Bypass (MS08-077)
Affected:
Microsoft Office SharePoint Server 2007
Microsoft Search Server 2008
Description: Microsoft Office SharePoint Server is an enterprise
document management and collaboration system. It contains an
authentication bypass vulnerability in its handling of requests to its
web interface. An unauthenticated user could exploit this vulnerability
to execute certain actions with the privileges of the SharePoint
administrator. Note that full access is not granted; only a subset of
actions are available via this vulnerability. Attackers could exploit
this vulnerability to create a denial-of-service condition, create
scripts that execute in the context of the affected SharePoint site, or
gain access to potentially sensitive information.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx
Product Home Page
http://office.microsoft.com/en-us/sharepointserver/FX100492001033.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/32638
***********************************************
(12) MODERATE: Microsoft Media Components Credential Reflection Vulnerability (MS08-076)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft Media Components are a set of components used to
play various media formats on Microsoft Windows. These components
contain a credential reflection vulnerability. A malicious media server
that requires the user to input his or her authentication credentials
could then use the sent credentials to access the victim's system. Note
that successfully exploiting this vulnerability requires a user to input
authentication credentials. Some technical details are publicly
available for this vulnerability. This update also addresses an
information disclosure vulnerability.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/32653
http://www.securityfocus.com/bid/32654
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 50, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.50.1 CVE: CVE-2008-4255
Platform: Windows
Title: Microsoft Windows Common AVI ActiveX Control File Parsing
Buffer Overflow
Description: Microsoft Windows Common AVI ActiveX control is an
application used for playing AVI files in the browser. The Windows
Common AVI ActiveX control is exposed to a remote buffer overflow
issue. The problem can occur when AVI stream lengths aren't properly
validated.
Ref: http://www.securityfocus.com/archive/1/499061
______________________________________________________________________
08.50.2 CVE: CVE-2008-2249
Platform: Windows
Title: Microsoft Windows GDI WMF Integer Overflow
Description: Microsoft GDI (graphics device interface) enables
applications to use graphics and formatted text on the video display
and on printers. The GDI component of Microsoft Windows is exposed to
an integer overflow issue.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx
______________________________________________________________________
08.50.3 CVE: CVE-2008-3465
Platform: Windows
Title: Microsoft Windows GDI File Size Parameter Heap Overflow
Description: Microsoft GDI (graphics device interface) enables
applications to use graphics and formatted text on the video display
and on printers. The GDI component of Microsoft Windows is exposed to
a heap overflow issue because the software fails to sufficiently
validate the file size parameters in WMF images.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-071.mspx
______________________________________________________________________
08.50.4 CVE: CVE-2008-4268
Platform: Windows
Title: Microsoft Windows Saved Search File Handling Remote Code
Execution
Description: Microsoft Windows Search is a component of Windows Vista
and Windows Server 2008. Microsoft Windows is exposed to a remote
code execution issue because Windows Explorer fails to correctly free
memory when saving the Windows Search saved-search files. Windows
Vista and Windows Server 2008 are affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx
______________________________________________________________________
08.50.5 CVE: CVE-2008-4269
Platform: Windows
Title: Microsoft Windows "search-ms" Protocol Parsing Remote Code
Execution
Description: Microsoft Windows Search is a component of Windows Vista
and Windows Server 2008. It allows a user to search for various
resources. Microsoft Windows is exposed to a remote code execution
issue because Windows Explorer fails to correctly interpret parameters
when parsing the "search-ms" protocol. Windows Vista and Windows
Server 2008 are affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx
______________________________________________________________________
08.50.6 CVE: CVE-2008-3009
Platform: Windows
Title: Microsoft Windows Media Components "Service Principle Name"
Remote Code Execution
Description: Microsoft Windows Media Components is a multimedia
application for the Windows platform. This application is exposed to a
remote code execution issue in the SPN (Service Principle Name)
implementation. The vulnerability occurs because the software fails to
correctly opt-in to NTLM credential-reflection protections.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-076.mspx
______________________________________________________________________
08.50.7 CVE: CVE-2008-3010
Platform: Windows
Title: Microsoft Windows Media Components ISATAP URL Handling
Information Disclosure
Description: Microsoft Windows Media Components is a multimedia
application for the Windows platform. The software is exposed to an
information disclosure issue when handling "ISATAP" (Intra-Site
Automatic Tunnel Addressing Protocol) URLs because it incorrectly
treats an external resource as internal when connecting to a server
that uses an "ISATAP" address.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-076.mspx
______________________________________________________________________
08.50.8 CVE: CVE-2008-4025
Platform: Microsoft Office
Title: Microsoft Word RTF Polyline/Polygon Integer Overflow
Description: Microsoft Word is a word processing application.
Microsoft Word is exposed to an integer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
data. The vulnerability occurs when calculating the space required for
the number of points contained in a polyline or polygon.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.9 CVE: CVE-2008-4024
Platform: Microsoft Office
Title: Microsoft Word Malformed Record Remote Code Execution
Description: Microsoft Word is a word processor available for multiple
platforms. Word is exposed to a remote code execution issue when it
processes a specially-crafted Office file with a malformed record
value.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.10 CVE: CVE-2008-4027
Platform: Microsoft Office
Title: Microsoft Word RTF "do" Drawing Object Remote Heap Memory
Corruption
Description: Microsoft Word is a word processing application.
Microsoft Word is exposed to a remote heap memory corruption issue
when processing consecutive "do" drawing object tags. Specifically,
the application fails to validate the integrity of the object, which
may cause a memory buffer to be freed twice.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.11 CVE: CVE-2008-4026
Platform: Microsoft Office
Title: Microsoft Word Malformed Value Remote Code Execution
Description: Microsoft Word is a word processor available for multiple
platforms. Word is exposed to a remote code execution issue when it
processes a specially-crafted Word file with a malformed value.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.12 CVE: CVE-2008-4837
Platform: Microsoft Office
Title: Microsoft Word Malformed Record Value Remote Code Execution
Description: Microsoft Word is a word processor available for multiple
platforms. Word is exposed to a remote code execution issue when it
processes a specially-crafted Office file with a malformed record
value. Specifically, the size of stack buffer is calculated using
user-controlled contents of a malformed table property.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.13 CVE: CVE-2008-4028
Platform: Microsoft Office
Title: Microsoft Word RTF Multiple Drawing Object Tags Remote Code
Execution
Description: Microsoft Word is a word processing application.
Microsoft Word is exposed to a remote code execution issue when
handling multiple drawing objects. Specifically, code in the
"wwlib.dll" library allocates a buffer for the tag objects.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.14 CVE: CVE-2008-4031
Platform: Microsoft Office
Title: Microsoft Word RTF Malformed String Remote Code Execution
Description: Microsoft Word is exposed to a remote code execution
issue because of memory-calculation errors when handling malformed
strings in a Rich Text Format (RTF) document. Successfully exploiting
this issue would allow the attacker to corrupt memory and execute
arbitrary code in the context of the currently logged-in user.
Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-09
______________________________________________________________________
08.50.15 CVE: CVE-2008-4265
Platform: Microsoft Office
Title: Microsoft Excel Malformed Object Handling Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote code
execution issue when parsing malformed Excel files. This issue stems
from memory corruption because the application fails to validate
record values when processing malformed objects in Excel files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
______________________________________________________________________
08.50.16 CVE: CVE-2008-4253
Platform: Microsoft Office
Title: Microsoft Excel Formula Handling Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because of memory corruption when the application loads Excel
formulas from a malicious Excel file.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
______________________________________________________________________
08.50.17 CVE: CVE-2008-4266
Platform: Microsoft Office
Title: Microsoft Excel Name Record Array Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. Excel is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to perform sufficient validation
of an index value in the "NAME" record.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
______________________________________________________________________
08.50.18 CVE: CVE-2008-4030
Platform: Microsoft Office
Title: Microsoft Word RTF Malformed Control Word Variant 2 Remote Code
Execution
Description: Microsoft Word is exposed to a remote code execution
issue that occurs because of memory calculation errors when handling
malformed control words in a Rich Text Format (RTF) document.
Specifically, this issue is caused by an error when parsing mismatched
"dpgroup" and "dpendgroup" control words.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-072.mspx
______________________________________________________________________
08.50.19 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Outlook Express Malformed MIME Message Denial of
Service
Description: Microsoft Outlook Express is an email client for
Microsoft Windows platforms. The application is exposed to a denial of
service issue because it fails to properly handle malformed multi-part
MIME messages. An attacker can exploit this issue to crash the
application process during delivery.
Ref: http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro
______________________________________________________________________
08.50.20 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft SQL Server 2000 "sp_replwritetovarbin" Remote Memory
Corruption
Description: Microsoft SQL Server 2000 is exposed to a remote
memory-corruption issue because it fails to properly handle
user-supplied input. Specifically, the issue occurs when the server
handles the "sp_replwritetovarbin" extended stored procedure call.
Microsoft SQL Server 2000 is affected.
Ref:
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
______________________________________________________________________
08.50.21 CVE: CVE-2008-4259
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer HTML Objects Remote Code Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote
code execution issue because it incorrectly handles an error when
attempting to access uninitialized memory related to HTML objects.
Ref: http://www.securityfocus.com/archive/1/499065
______________________________________________________________________
08.50.22 CVE: CVE-2008-4252
Platform: Other Microsoft Products
Title: Microsoft DataGrid ActiveX Control Memory Corruption
Description: Microsoft DataGrid ActiveX control is part of the
Microsoft Help engine. The DataGrid ActiveX control is exposed to a
remote memory corruption issue. The problem occurs because the control
fails tp properly initialize objects.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
______________________________________________________________________
08.50.23 CVE: CVE-2008-4264
Platform: Other Microsoft Products
Title: Microsoft FlexGrid ActiveX Control Memory Corruption
Description: Microsoft FlexGrid ActiveX control is an application used
with databases. The FlexGrid ActiveX control is exposed to a remote
memory-corruption issue. The problem can occur when objects within the
control aren't properly initialized.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx
______________________________________________________________________
08.50.24 CVE: CVE-2008-4260
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Deleted Object Access Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote
code execution issue because it may attempt to access deleted objects
when handling webpages.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx
______________________________________________________________________
08.50.25 CVE: CVE-2008-4261
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Embedded Object Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote
code execution issue because of an error in handling embedded objects
when rendering HTML content. The problem is due to a stack-based
buffer overflow when handling specific HTML tags.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx
______________________________________________________________________
08.50.26 CVE: CVE-2008-4258
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Navigation Method Remote Code
Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote code
execution issue because of an error in validating parameters to an
unspecified navigation method.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx
______________________________________________________________________
08.50.27 CVE: CVE-2008-4254
Platform: Other Microsoft Products
Title: Microsoft Hierarchical FlexGrid ActiveX Control Memory
Corruption
Description: Microsoft Hierarchical FlexGrid ActiveX control is an
application used with databases. The Hierarchical FlexGrid ActiveX
control is exposed to a remote memory corruption issue. The problem
can occur when objects within the control aren't properly initialized.
Microsoft Hierarchical FlexGrid Control version 6.0.88.4 is affected.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
______________________________________________________________________
08.50.28 CVE: CVE-2008-4256
Platform: Other Microsoft Products
Title: Microsoft Charts ActiveX Control Memory Corruption
Description: Microsoft Charts ActiveX control is an application for
making chart objects. The Charts ActiveX control is exposed to a
remote memory corruption issue. The problem can occur when objects
within the control aren't properly initialized.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
______________________________________________________________________
08.50.29 CVE: CVE-2008-4032
Platform: Other Microsoft Products
Title: Microsoft SharePoint Server Unauthorized Access
Description: Microsoft SharePoint Server is an integrated server
application providing content management and search capabilities.
Microsoft SharePoint Server is exposed to an issue that could let
remote attackers gain unauthorized access. The issue occurs because of
how the software handles authentication to affected administrative
functions of the server.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-077.mspx
______________________________________________________________________
08.50.30 CVE: CVE-2008-4841
Platform: Other Microsoft Products
Title: Microsoft WordPad Text Converter Remote Code Execution
Description: microsoft WordPad is a simple text editor supplied with
most versions of Microsoft Windows. Microsoft WordPad is exposed to a
remote code execution vulnerability because of an unspecified error
that may result in corrupted memory. This issue can be triggered when
WordPad is used to open specially-crafted .doc, .wri and .rtf files.
Ref: http://www.microsoft.com/technet/security/advisory/960906.mspx
______________________________________________________________________
08.50.31 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Unspecified XML Handling Remote
Code Execution
Description: Microsoft Internet Explorer is a browser for the Windows
operating system. Internet Explorer is exposed to a remote code
execution issue due to an unspecified error in the handling of XML
content. Internet Explorer 7 on Microsoft Windows XP and 2003 is
affected.
Ref: http://research.eeye.com/html/alerts/zeroday/20081209.html
______________________________________________________________________
08.50.32 CVE: Not Available
Platform: Third Party Windows Apps
Title: RadASM ".rap" Project File Buffer Overflow
Description: RadASM is an assembly language IDE for the Microsoft
Windows operating system. RadASM is exposed to a buffer overflow issue
because it fails to perform adequate checks on user-supplied input.
RadASM version 2.2.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32617
______________________________________________________________________
08.50.33 CVE: Not Available
Platform: Third Party Windows Apps
Title: Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File
Overwrite
Description: Visagesoft eXPert PDF EditorX ActiveX control is an
application for editing, printing, and viewing PDF documents. The
application is exposed to an issue that allows attackers to overwrite
files with arbitrary, attacker-supplied content. Visagesoft eXPert PDF
EditorX ActiveX control version 1.0.200.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.50.34 CVE: CVE-2008-4391
Platform: Third Party Windows Apps
Title: Linksys WVC54GC "NetCamPlayerWeb11gv2.ocx" ActiveX Control
Buffer Overflow
Description: WVC54GC is a wireless video camera. The
NetCamPlayerWeb11gv2 control is prone to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input to the "SetSource()" method. WVC53GC with firmware versions
prior to 1.25 that include the ActiveX control are affected.
Ref: http://www.kb.cert.org/vuls/id/639345
______________________________________________________________________
08.50.35 CVE: Not Available
Platform: Third Party Windows Apps
Title: DesignWorks Professional ".cct" File Buffer Overflow
Description: DesignWorks Professional is a circuit design and
diagramming tool for the Microsoft Windows operating system.
DesignWorks Professional is exposed to a buffer overflow issue because
it fails to perform adequate checks on user-supplied input.
DesignWorks Professional version 4.3.1 is affected.
Ref: http://www.securityfocus.com/bid/32667
______________________________________________________________________
08.50.36 CVE: Not Available
Platform: Third Party Windows Apps
Title: EasyMail Objects "emmailstore.dll" ActiveX Control Remote
Buffer Overflow
Description: EasyMail Objects is an application that provides email
sending/receiving for ActiveX applications. EasyMail Objects ActiveX
control is exposed to a remote buffer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
data.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.50.37 CVE: Not Available
Platform: Linux
Title: Ubuntu Privacy Remix S/ATA-Disks Security Bypass
Description: Ubuntu Privacy Remix is a modified live-CD based on
Ubuntu Linux. The read-only CD provides an isolated and unmodifiable
environment. Ubuntu Privacy Remix (UPR) is prone to a security-bypass
issue that may allow attackers to modify the operating system. This
issue occurs because UPR allows attackers to mount RAID-Arrays onto
the affected computer. Ubutnu Privacy Remix versions prior to 8.04 r1
are affected.
Ref: http://www.securityfocus.com/bid/32629
______________________________________________________________________
08.50.38 CVE: Not Available
Platform: Linux
Title: Linux Kernel "parisc_show_stack()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue caused by an error in the "parisc_show_stack()" function in the
"arch/parisc/kernel/unwind.c" source file. The issue occurs when
unwinding a stack containing userspace memory addresses. Linux kernel
versions prior to 2.6.28-rc7 are affected.
Ref: http://marc.info/?l=linux-parisc&m=121736357203624&w=2
______________________________________________________________________
08.50.39 CVE: CVE-2008-5079
Platform: Linux
Title: Linux Kernel "net/atm/proc.c" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. Specifically, the issue is triggered when the "svc_listen()"
function in the "net/atm/svc.c" file is called two times on the same
socket. Attackers can exploit this issue to cause the Linux kernel to
go into an infinite loop.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5079
______________________________________________________________________
08.50.40 CVE: Not Available
Platform: Linux
Title: Vinagre "vinarge_utils_show_error()" Function Format String
Description: Vinagre is a VNC client for the GNOME Desktop. Vinagre is
exposed to a remote format string issue because the application fails
to sufficiently sanitize user-supplied input before using it in a
formatted printing function. This issue occurs in the
"vinagre_utils_show_error()" function of the "src/vinagre-utils.c"
source file.
Ref: http://www.securityfocus.com/archive/1/499057
______________________________________________________________________
08.50.41 CVE: Not Available
Platform: Linux
Title: Linux Kernel MIPS Untrusted User Application Local Denial of
Service
Description: The Linux kernel is exposed to a local denial of service
issue affecting 64 bit MIPS architectures. The issue can occur in some
cases when system calls are read from outside the bounds of the system
call table. This issue can be triggered when 32 bit system calls with
a number less than 4000 are made on 64 bit kernels.
Ref:
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.28-rc7-git6.log
______________________________________________________________________
08.50.42 CVE: CVE-2008-5374
Platform: Linux
Title: bash-doc Insecure Temporary File Creation Vulnerabilities
Description: The bash-doc package contains documentation and examples
for the GNU Bourne Again Shell. bash-doc creates temporary files in an
insecure manner. Successfully mounting a symlink attack may allow the
attacker to delete or corrupt sensitive files, which may result in a
denial of service. bash-doc version 3.2 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________
08.50.43 CVE: CVE-2008-5379
Platform: Linux
Title: Debian netdisco-mibs-installer Insecure Temporary File Creation
Vulnerabilities
Description: Debian netdisco-mibs-installer is a set of download and
install scripts for the Netdisco MIB bundle. The application creates
temporary files in an insecure manner. Successfully mounting a symlink
attack may allow the attacker to delete or corrupt sensitive files,
which may result in a denial of service. netdisco-mibs-installer
version 1.0 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________
08.50.44 CVE: CVE-2008-5369
Platform: Linux
Title: noip2 Insecure Temporary File Creation
Description: noip2 is a client for dynamic DNS service. The
application creates temporary files in an insecure manner.
Specifically, the "noip2" script creates files with predictable names.
noip2 version 2.1.7 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.45 CVE: CVE-2008-5370
Platform: Linux
Title: PvPGN Insecure Temporary File Creation
Description: PvPGN is a server that emulates Battle.net. The
application creates temporary files in an insecure manner.
Specifically, the "pvpgn-support-installer" script creates files with
predictable names. PvPGN version 1.8.1 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.46 CVE: CVE-2008-5371
Platform: Linux
Title: Screenie Insecure Temporary File Creation
Description: Screenie is a small and lightweight GNU screen(1)
wrapper. The application creates temporary files in an insecure
manner. Specifically, the "screenie" script creates files with
predictable names. Screenie version 1.30.0 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.47 CVE: CVE-2008-5372
Platform: Linux
Title: lessdisks.net sdm Insecure Temporary File Creation
Description: sdm is a secure display manager similar to X11. The
application creates temporary files in an insecure manner.
Specifically, the "sdm-login" script creates files with predictable
names. An attacker with local access could perform symbolic-link
attacks, overwriting arbitrary files in the context of the affected
application. sdm version 0.4.0b is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.48 CVE: CVE-2008-5366
Platform: Linux
Title: Debian ppp Insecure Temporary File Creation Vulnerabilities
Description: Debian ppp is a Point-to-Point Protocol (PPP) daemon. The
application creates temporary files in an insecure manner. An attacker
with local access could potentially exploit these issues to perform
symbolic-link attacks, overwriting temporary files in the context of
the affected application. Debian ppp version 2.4.4rel is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.49 CVE: CVE-2008-5367
Platform: Linux
Title: Debian ppp-udeb Insecure Temporary File Creation
Description: Debian ppp-udeb is a minimal ppp package used by the
Debian installer. The application creates a temporary file in an
insecure manner. Specifically, the issue affects the "ip-up" script.
Debian ppp-udeb version 2.4.4rel is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.50 CVE: CVE-2008-5376
Platform: Linux
Title: crip Insecure Temporary File Creation
Description: crip is a terminal-based application used to rip, encode,
and tag Ogg Vorbis files. crip creates temporary files in an insecure
manner. The issue occurs because the "editcomment" script creates the
"/tmp/*.tag.tmp" file in an insecure manner. crip version 3.7 is
affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________
08.50.51 CVE: Not Available
Platform: Linux
Title: Avast! Linux Home Edition ISO and RPM File Multiple Buffer
Overflow Vulnerabilities
Description: Avast! Linux Home Edition is a virus scanning application
for the Linux operating system. The application is exposed to multiple
buffer overflow issues because it fails to adequately bounds check
user-supplied data before copying it into an insufficiently sized
buffer. Avast! Linux Home Edition version 1.0.8 is affected.
Ref: http://www.securityfocus.com/bid/32747
______________________________________________________________________
08.50.52 CVE: Not Available
Platform: Linux
Title: Sophos Antivirus For Linux Multiple File Processing Remote
Denial of Service Vulnerabilities
Description: Sophos Antivirus For Linux is security software providing
antivirus, antispyware, and firewall capabilities for both enterprise
and endpoint-based systems. Sophos Antivirus For Linux is exposed to
multiple remote denial of service isssues because it fails to properly
handle malformed files. Sophos Antivirus For Linux version 4.33.0 is
affected.
Ref: http://www.securityfocus.com/bid/32748
______________________________________________________________________
08.50.53 CVE: Not Available
Platform: Linux
Title: AVG Anti-Virus For Linux UPX File Parsing Denial of Service
Description: AVG Anti-Virus for Linux is an anti-vrius application.
AVG Anti-Virus is exposed to a denial of service issue. An attacker
can exploit this issue by supplying a malicious UPX file. AVG
Anti-Virus versions prior to 7.5.51 are affected.
Ref: http://www.securityfocus.com/bid/32749
______________________________________________________________________
08.50.54 CVE: Not Available
Platform: Linux
Title: BitDefender Antivirus For Linux Multiple File Processing Remote
Denial of Service Vulnerabilities
Description: BitDefender Antivirus For Linux is security software
providing antivirus capabilities. BitDefender Antivirus For Linux is
exposed to multiple remote denial of service issues because it fails
to properly handle malformed files. BitDefender Antivirus For Linux
7.60825 is affected.
Ref: http://www.securityfocus.com/archive/1/499079
______________________________________________________________________
08.50.55 CVE: Not Available
Platform: Linux
Title: F-Prot Antivirus for Linux ELF File Scanning Denial of Service
Description: F-Prot Antivirus for Linux is a virus scanning
application for the Linux operating system. The application is exposed
to a denial of service issue because it fails to handle malformed ELF
files. F-Prot Antivirus for Linux version 4.6.8 is affected.
Ref: http://www.securityfocus.com/archive/1/499083
______________________________________________________________________
08.50.56 CVE: CVE-2008-4418
Platform: HP-UX
Title: HP-UX DCE Unspecified Remote Denial of Service
Description: HP-UX is exposed to a remote denial of service issue. Few
details regarding this vulnerability are available. Exploiting this
issue allows remote attackers to trigger denial of service conditions.
HP-UX versions B.11.11, B.11.23, and B.11.31 running DCE (Distributed
Computing Environment) are affected.
Ref: http://www.securityfocus.com/bid/32754
______________________________________________________________________
08.50.57 CVE: Not Available
Platform: Solaris
Title: Sun Solaris OpenSSL "PKCS#11" Engine Remote Denial of Service
Description: Sun Solaris OpenSSL "PKCS#11" is an SSL library. This
OpenSSL "PKCS#11" engine in Sun Solaris is exposed to a denial of
service issue when handling malicious "RSA_sign" and "RSA_verify"
cryptographic operations. The OpenSSL "PKCS#11" engine implementation that
ships with Sun Solaris 10 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246846-1
______________________________________________________________________
08.50.58 CVE: Not Available
Platform: Unix
Title: RSyslog "$AllowedSender" Configuration Directive Security
Bypass
Description: RSyslog is a system log management daemon for Unix and
Linux variants. RSyslog is exposed to a security bypass issue because
of an error in the daemon's ACL (Access Control List) handling.
Ref: http://www.rsyslog.com/Article327.phtml
______________________________________________________________________
08.50.59 CVE: CVE-2008-5377
Platform: Unix
Title: CUPS "pstopdf" Insecure Temporary File Creation
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. CUPS creates temporary
files in an insecure manner. The issue occurs because the "pstopdf"
script creates the "/tmp/pstopdf.log" file in an insecure manner. CUPS
version 1.3,8 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________
08.50.60 CVE: Not Available
Platform: Novell
Title: Novell Netware ApacheAdmin Security Bypass
Description: Novell NetWare is a network operating system. Novell
Netware is exposed to a security bypass issue. Specifically, after
installing an OES2 Linux server into the tree running Netware, it is
possible for attackers to log into the ApacheAdmin console without
using a password.
Ref: http://www.novell.com/support/viewContent.do?externalId=7001907
______________________________________________________________________
08.50.61 CVE: Not Available
Platform: Cross Platform
Title: Null FTP Server "SITE" Command Arbitrary Command Injection
Description: Null FTP server is an FTP server application available
for Microsoft Windows. The application is exposed to an
arbitrary command injection issue because it fails to sufficiently
sanitize user-supplied input to the "SITE" FTP server command. Null
FTP server version 1.1.0.7 is affected.
Ref: http://vuln.sg/nullftpserver1107-en.html
______________________________________________________________________
08.50.62 CVE: Not Available
Platform: Cross Platform
Title: Sun Java Runtime Environment 6 Update 11 Multiple Unspecified
Security Vulnerabilities
Description: Sun Java Runtime Environment (JRE) allows users to run
Java applications. The application is exposed to multiple remote
security issues caused by unspecified errors. Java Runtime Environment
versions prior to 1.6.0_11 are affected.
Ref: http://www.securityfocus.com/archive/1/498922
______________________________________________________________________
08.50.63 CVE: Not Available
Platform: Cross Platform
Title: Adobe Acrobat 9 Unspecified PDF Document Encryption Weakness
Description: Adobe Acrobat 9 is prone to an unspecified weakness
related to encrypted PDF documents. Attackers may take advantage of
this issue to aid in attempts to recover encryption keys or to decrypt
documents, possibly allowing greater efficiency in brute-force
attacks.
Ref:
http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html
______________________________________________________________________
08.50.64 CVE: Not Available
Platform: Cross Platform
Title: Nagios External Commands and Adaptive Commands Unspecified Vulnerability
Description: Nagios is an open-source application designed to monitor
networks and services for interruptions and to notify administrators
when various events occur. Nagios is exposed to an unspecified issue
related to the CGI submission of external commands and the processing
of adaptive commands. Nagios versions prior to 3.0.6 are affected.
Ref: http://www.nagios.org/development/history/nagios-3x.php
______________________________________________________________________
08.50.65 CVE: CVE-2008-2086
Platform: Cross Platform
Title: Sun Java Web Start and Java Plug-in Multiple Privilege
Escalation Vulnerabilities
Description: Sun Java Web Start is a utility included in the Java
Runtime Environment. It enables Java applications to launch either
from a desktop or from a web page. Sun Java Web Start and Java Plug-in
are exposed to multiple issues.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-081/
______________________________________________________________________
08.50.66 CVE: Not Available
Platform: Cross Platform
Title: PHP ZipArchive::extractTo() ".zip" Files Directory Traversal
Description: PHP is an open-source scripting language used for web
development. The application is exposed to a directory traversal issue
because the application fails to adequately sanitize user-supplied
input. PHP versions 5.2.6 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/498909
______________________________________________________________________
08.50.67 CVE: CVE-2008-5277
Platform: Cross Platform
Title: PowerDNS "CH HINFO" Remote Denial of Service
Description: PowerDNS is a DNS nameserver application available for
various platforms. The application is exposed to a denial of service
issue that is triggered when malicious "CH HINFO" queries are sent to
the server. PowerDNS versions prior to 2.9.21.2 are affected.
Ref: http://doc.powerdns.com/powerdns-advisory-2008-03.html
______________________________________________________________________
08.50.68 CVE: Not Available
Platform: Cross Platform
Title: Orb Networks Orb Unspecified Remote Denial of Service
Description: Orb is an application that allows users to access media
stored on remote computers. The application is exposed to a remote
denial of service issue. Exploiting this issue allows remote attackers
to crash the application and trigger denial of service conditions,
denying further service to legitimate users.
Ref: http://www.securityfocus.com/archive/1/498904
______________________________________________________________________
08.50.69 CVE: Not Available
Platform: Cross Platform
Title: ccTiddly "cct_base" Parameter Multiple Remote File Include
Vulnerabilities
Description: ccTiddly is a server side implementation of TiddlyWiki.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input to the
"cct_base" parameter. ccTiddly version 1.7.4 is affected.
Ref: http://www.securityfocus.com/bid/32631
______________________________________________________________________
08.50.70 CVE: Not Available
Platform: Cross Platform
Title: Trillian Multiple Remote Memory Corruption Vulnerabilities
Description: Trillian is a chat client that supports many instant
messaging protocols. The application is exposed to multiple memory
corruption issues. Attackers can exploit these issues to execute
arbitrary code in the context of the affected application or cause
denial of service conditions. Trillian versions prior to 3.1.12.0 are
affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-077/
______________________________________________________________________
08.50.71 CVE: Not Available
Platform: Cross Platform
Title: Tor Security Bypass And Privilege Escalation Weaknesses
Description: Tor is an implementation of second-generation onion
routing, a connection oriented anonymous communication service.
Successful exploitation may allow attackers to exploit other
vulnerabilities that facilitate privilege escalation and
security-bypass attacks. Tor versions prior to 0.2.0.32 are affected.
Ref: http://blog.torproject.org/blog/tor-0.2.0.32-released
______________________________________________________________________
08.50.72 CVE: Not Available
Platform: Cross Platform
Title: PHP 5.2.7 "magic_quotes_gpc" Security Bypass Weakness
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a security bypass weakness that occurs because the
"magic_quotes_gpc" directive remains off even when set to on. PHP
version 5.2.7 is affected.
Ref: http://bugs.php.net/bug.php?id=42718
______________________________________________________________________
08.50.73 CVE: CVE-2008-4311
Platform: Cross Platform
Title: D-Bus "send_requested_reply" and "receive_requested_reply"
Security Bypass
Description: D-Bus is a message bus system for applications to talk to
one another. The application is exposed to a security bypass issue
because of an issue with the default configuration. D-Bus version
1.2.6 is affected.
Ref:
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00436.html
______________________________________________________________________
08.50.74 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Multiple Unspecified
Vulnerabilities
Description: IBM WebSphere Application Server (WAS) is an application
server used for service-oriented architecture. The application is
exposed to multiple issues. WAS version 7.0 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27014463
______________________________________________________________________
08.50.75 CVE: Not Available
Platform: Cross Platform
Title: PHP SAPI "php_getuid()" Safe Mode Restriction Bypass
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a "safe_mode" restriction bypass issue. This allows
PHP applications to bypass some security restrictions. PHP version
5.2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/499004
______________________________________________________________________
08.50.76 CVE: Not Available
Platform: Cross Platform
Title: BMC Patrol Agent Remote Format String
Description: BMC Patrol is an application used for remote system
monitoring and management. Patrol Agent is the central component of
the Patrol architecture. Patrol Agent is exposed to a remote format
string issue because it fails to perform adequate boundary checks on
user-supplied input. Patrol Agent versions prior to 3.7.30 are
affected.
Ref: http://www.securityfocus.com/archive/1/499013
______________________________________________________________________
08.50.77 CVE: Not Available
Platform: Cross Platform
Title: Aruba Mobility Controller EAP Frame Remote Denial of Service
Description: Aruba Mobility Controller is used to scale ArubaOS and
other software modules on enterprise networks. Access to the device's
web-based management interface is protected with X.509 certificates.
Aruba Mobility Controller is exposed to a remote denial of service
issue because it fails to handle malformed Extensible Authentication
Protocol (EAP) frames.
Ref: http://www.securityfocus.com/archive/1/499014
______________________________________________________________________
08.50.78 CVE: Not Available
Platform: Cross Platform
Title: Multiple Laptop Face Recognition Authentication Bypass
Description: Face Reacquisition authentication is an authentication
mechanism that allows users to authenticate themselves to devices
using certain facial characteristics. An attacker can exploit this
issue to gain unauthorized access to the affected device.
Ref: http://www.securityfocus.com/archive/1/498997
______________________________________________________________________
08.50.79 CVE: CVE-2008-5316, CVE-2008-5317
Platform: Cross Platform
Title: Little CMS Buffer Overflow and Integer Signedness
Vulnerabilities
Description: Little CMS is an open-source color management engine that
has been ported to a variety of platforms. The application is exposed
to a buffer overflow issue because it fails to perform adequate checks
on user-supplied input. The buffer overflow issue affects all versions
of Little CMS prior to 1.16.
Ref: http://www.securityfocus.com/bid/32708
______________________________________________________________________
08.50.80 CVE: Not Available
Platform: Cross Platform
Title: HP DECnet-Plus OpenVMS "OSIT$NAMES" Security Bypass Weakness
Description: HP DECNet-Plus for OpenVMS is a network protocol
application for VAX and ALPHA systems. The application is exposed to a
security bypass weakness because the default user has read and write
privileges for the "OSIT$NAMES" table. HP DECnet-Plus OpenVMS versions
prior to V8.3 ECO03 are affected.
Ref: http://www.securityfocus.com/bid/32711
______________________________________________________________________
08.50.81 CVE: Not Available
Platform: Cross Platform
Title: Compiz Fusion "Expo" Plugin Security Bypass
Description: Compiz Fusion is a framework for 3-D desktop addons. The
application is exposed to a security bypass issue because of an issue
with the "Expo" plugin. This plugin does not correctly restrict the
movement of the screensaver and as a result can allow attackers to
access the locked desktop underneath by simply moving the screensaver
out of the way with the mouse. Compiz Fusion versions prior to 0.5.2,
0.7.4 and 0.7.8 are affected.
Ref: http://www.securityfocus.com/bid/32712
______________________________________________________________________
08.50.82 CVE: Not Available
Platform: Cross Platform
Title: PHP "proc_open()" Environment Parameter Safe Mode
Restriction Bypass
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a "safe_mode" restriction bypass issue. PHP version
5.2.8 on the Linux operating system is affected.
Ref: http://www.securityfocus.com/archive/1/499041
______________________________________________________________________
08.50.83 CVE: CVE-2008-5380
Platform: Cross Platform
Title: GpsDrive "geo-nearest" Insecure Temporary File Creation
Description: GpsDrive is a GPS navigation application. GpsDrive
creates temporary files in an insecure manner. The issue occurs
because the "geo-nearest" script creates files in an insecure manner.
GpsDrive version 2.09 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________
08.50.84 CVE: CVE-2008-5375
Platform: Cross Platform
Title: CMus Insecure Temporary File Creation
Description: CMus is an audio player application. CMus creates
temporary files in an insecure manner. The issue occurs because the
"cmus-status-display" script creates the "/tmp/cmus-status" file in an
insecure manner. CMus version 2.2.0 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________
08.50.85 CVE: CVE-2008-5368
Platform: Cross Platform
Title: Muttprint Insecure Temporary File Creation
Description: Muttprint is an application used to format the output of
mail clients. The application creates a temporary file in an insecure
manner. Specifically, the issue affects the "muttprint" script.
Muttprint version 0.72d is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00283.html
______________________________________________________________________
08.50.86 CVE: Not Available
Platform: Cross Platform
Title: ClamAV LZH File Unpacking Denial of Service
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. ClamAV is exposed to a denial of service issue
because the external unpacker used by the application fails to handle
malformed LZH files. ClamAV versions 0.93.3 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/499078
______________________________________________________________________
08.50.87 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tribiq CMS "index.php" Cross-Site Scripting
Description: Tribiq CMS is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "cID"
parameter of the "index.php" script. Tribiq CMS versions 5.0.10b and
5.0.11e are affected.
Ref: http://www.securityfocus.com/bid/32650
______________________________________________________________________
08.50.88 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Unspecified Cross-Site Scripting
Description: Movable Type is a web-log application. Movable Type is
exposed to an unspecified cross-site scripting issue because it fails
to sufficiently sanitize user-supplied data. This issue affects the
application management section.
Ref: http://www.securityfocus.com/bid/32604
______________________________________________________________________
08.50.89 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: mvnForum Cross-Site Scripting
Description: mvnForum is a web-based bulletin board in JSP. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data in the "Who's
online" function of the forum. mvnForum versions 1.2 GA and earlier
are affected.
Ref: http://security.bkis.vn/?p=286
______________________________________________________________________
08.50.90 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: yappa-ng Multiple Cross-Site Scripting Vulnerabilities
Description: yappa-ng is a web-based photo album implemented in PHP.
The application is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied data to the
"album" and unspecified parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/32623
______________________________________________________________________
08.50.91 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DD-WRT Cross-Site Request Forgery
Description: DD-WRT is a modification of the original Linksys Firmware
for supporting simple Radius Authentication. The device is exposed to
a cross-site request forgery issue. DD-WRT version v24-sp1 is
affected.
Ref: http://www.securityfocus.com/bid/32703
______________________________________________________________________
08.50.92 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Nightfall Personal Diary "login.asp" Multiple Cross-Site
Scripting Vulnerabilities
Description: Nightfall Personal Diary is a web-based application
implemented in ASP. The application is exposed to multiple cross-site
scripting vulnerabilities because it fails to sufficiently sanitize
user-supplied input passed to the "Username" and "Password" form
fields of the "login.asp" script.
Ref: http://www.securityfocus.com/bid/32658
______________________________________________________________________
08.50.93 CVE: CVE-2008-5304
Platform: Web Application - Cross Site Scripting
Title: TWiki URLPARAM Variable Cross-Site Scripting
Description: TWiki is a wiki-based content managment system (CMS)
implemented in Perl. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "%URLPARAM{}%" parameter.
Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
______________________________________________________________________
08.50.94 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: yMonda Thread-IT "txtSearchString" Parameter Cross-Site
Scripting
Description: yMonda Thread-IT is a web-based application implemented
in ASP. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data to the
"txtSearchString" parameter of the "default.asp" script when called
through the search form. Thread-IT versions 1.6 and Thread-ITSQL
version 2.0 are affected.
Ref: http://www.securityfocus.com/bid/32681
______________________________________________________________________
08.50.95 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PrestaShop Multiple Cross-Site Scripting Vulnerabilities
Description: PrestaShop is a PHP-based ecommerce application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "admin/login.php" and
"order.php" scripts. PrestaShop version 1.1 beta 3 is affected.
Ref: http://www.securityfocus.com/archive/1/498994
______________________________________________________________________
08.50.96 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PhPepperShop Multiple Cross-Site Scripting Vulnerabilities
Description: PhPepperShop is an e-commerce application. The
application is prone to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. PhPepperShop
version 1.4 is affected.
Ref: http://www.securityfocus.com/archive/1/498998
______________________________________________________________________
08.50.97 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: 3CX Phone System Multiple Cross-Site Scripting Vulnerabilities
Description: 3CX Phone System is an IP PBX and SIP server available
for Windows platform. The web-based interface of the application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied data to the "fName" and
"fPassword" form fields in the "login.php" script. 3CX Phone System
version 6.1793 is affected.
Ref: http://www.securityfocus.com/bid/32709
______________________________________________________________________
08.50.98 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Moodle Wiki Page Name Cross-Site Scripting
Description: Moodle is a content manager for online courseware. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to Wiki page names.
Moodle versions prior to 1.6.8, Moodle 1.7.6, Moodle 1.8.7 and Moodle
1.9.3 are affected.
Ref: http://www.securityfocus.com/bid/32714/references
______________________________________________________________________
08.50.99 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Multiple Newsletters "index.php" Cross-Site Scripting
Description: PHP Multiple Newsletters is a web-based email marketing
application. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied data to
the "index.php" script. PHP Multiple Newsletters version 2.7 is
affected.
Ref: http://www.securityfocus.com/bid/32727
______________________________________________________________________
08.50.100 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tribiq CMS "index.php" SQL Injection
Description: Tribiq CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cID" parameter of the
"index.php" script before using it in an SQL query. Tribiq CMS
versions 5.0 10b and 5.0.11e are affected.
Ref: http://www.securityfocus.com/bid/32649
______________________________________________________________________
08.50.101 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Membership Script "sitepage.php" SQL Injection
Description: Multiple Membership Script is a membership and
affiliation application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "sitepage.php" script
before using it in an SQL query. Multiple Membership Script version
2.5 is affected.
Ref: http://www.securityfocus.com/bid/32655
______________________________________________________________________
08.50.102 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mxmania Gallery MX "pics_pre.asp" SQL Injection
Description: Mxmania Gallery MX is a photo gallery application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "ID" parameter of the "pics_pre.asp" script before using it in an
SQL query. Mxmania Gallery MX version 2.0.0 is affected.
Ref: http://www.securityfocus.com/bid/32607
______________________________________________________________________
08.50.103 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Calendar MX Professional "calendar_Eventupdate.asp" SQL
Injection
Description: Calendar MX Professional is an ASP-based calendar
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ID" parameter of the "calendar_Eventupdate.asp" script before using
it in an SQL query. Calendar MX Professional version 2.0.0 is
affected.
Ref: http://www.securityfocus.com/bid/32609
______________________________________________________________________
08.50.104 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Check Up New Generation "findoffice.php" SQL Injection
Description: Check Up New Generation is a patient record management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"search" parameter of the "findoffice.php" script before using it in
an SQL query. Check Up New Generation version 4.52 is affected.
Ref: http://www.securityfocus.com/bid/32590
______________________________________________________________________
08.50.105 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JMovies Joomla! Component "id" Parameter SQL Injection
Description: JOOMItaly JMovies is a video and movie library component
for the Joomla! content manager. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_jmovies"
component before using it in an SQL query. JMovies version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/32615
______________________________________________________________________
08.50.106 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Rae Media Web Based Contact Management Login SQL Injection
Description: Rae Media Web Based Contact Management is a web
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to "User Name" and "Password" textboxes when
logging in to the affected application.
Ref: http://www.securityfocus.com/bid/32616
______________________________________________________________________
08.50.107 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Storm Module Multiple Unspecified SQL Injection
Vulnerabilities
Description: Storm (SpeedTech Organization and Resource Manager) is a
project management module for the Drupal content management system.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to unspecified
parameters before using it in SQL queries. Storm versions prior to
5.x-1.14 and 6.x-1.18 are affected.
Ref: http://drupal.org/node/342246
______________________________________________________________________
08.50.108 CVE: Not Available
Platform: Web Application - SQL Injection
Title: dotnetindex Professional Download Assistant SQL Injection
Description: Professional Download Assistant is a web-based
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the password field of the login page before
using it in an SQL query. Professional Download Assistant version 0.1
is affected.
Ref: http://www.securityfocus.com/bid/32706
______________________________________________________________________
08.50.109 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPSTREET Webboard "show.php" SQL Injection
Description: PHPSTREET Webboard is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"show.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/7337
______________________________________________________________________
08.50.110 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Mydyngallery Component "directory" Parameter
SQL Injection
Description: Mydyngallery is a photo-gallery module for the Mambo and
Joomla! content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "directory" parameter of the
"com_mydyngallery" component before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/498916
______________________________________________________________________
08.50.111 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPApps.com Template Creature "media_level.asp" SQL Injection
Description: ASPApps.com Template Creature is an e-commerce
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "mcatid" parameter of the
"media/media_level.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32641
______________________________________________________________________
08.50.112 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RankEm "rankup.asp" SQL Injection
Description: RankEm is an ASP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "siteID" parameter of the
"rankup.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32659
______________________________________________________________________
08.50.113 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPToys Teamworx Server "default.asp" SQL Injection
Description: ASPToys Teamworx Server is a project management
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "password" field of the "default.asp" login
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32660
______________________________________________________________________
08.50.114 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPToys ASP Portal Multiple SQL Injection Vulnerabilities
Description: ASPToys ASP Portal is a web-based application implemented
in ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32662
______________________________________________________________________
08.50.115 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP AutoDealer "detail.asp" SQL Injection
Description: ASP AutoDealer is an ASP-based application that allows
users to sell vehicles online. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "ID" parameter of the "detail.asp" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32663
______________________________________________________________________
08.50.116 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Kalptaru Infotech Product Sale Framework "forum_topic_id"
Parameter SQL Injection
Description: Kalptaru Infotech Product Sale Framework is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"forum_topic_id" parameter of the "customer/customer.forumtopic.php"
script before using it in an SQL query. Kalptaru Infotech Product Sale
Framework version 0.1 beta is affected.
Ref: http://www.securityfocus.com/bid/32672
______________________________________________________________________
08.50.117 CVE: Not Available
Platform: Web Application - SQL Injection
Title: yMonda Thread-IT "treplies.asp" SQL Injection
Description: yMonda Thread-IT is a web-based application implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "message"
parameter of the "treplies.asp" script before using it in an SQL
query. Thread-IT version 1.6 and Thread-ITSQL version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32684
______________________________________________________________________
08.50.118 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RankEm "processlogin.asp" Multiple SQL Injection
Vulnerabilities
Description: RankEm is a web-based application implemented in ASP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "txtusername"
and "txtpassword" parameters of the "processlogin.asp" script.
Ref: http://www.securityfocus.com/bid/32686
______________________________________________________________________
08.50.119 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SIU Guarani SQL Injection and Arbitrary File Upload
Vulnerabilities
Description: SIU Guarani is a web-based application that keeps track
of academic activities. The application is exposed to multiple remote
issues. Exploiting these issues could allow an attacker to compromise
the application, upload arbitrary files and execute arbitrary code,
access or modify data, or exploit latent vulnerabilities in the
underlying database.
Ref: http://www.securityfocus.com/bid/32697
______________________________________________________________________
08.50.120 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Secure Downloads for vBulletin "fileinfo.php" SQL Injection
Description: Secure Downloads is a file-download management add-on for
the vBulletin bulletin board. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "fineinfo.php" script
before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/7385
______________________________________________________________________
08.50.121 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tag Board 4 phpBB3 "tag_board.php" SQL Injection
Description: Tag Board 4 phpBB3 is a plugin module available for
PHPBB. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "tag_board.php" script before using it in an SQL
query. Tag Board 4 phpBB3 version 3.0.2 is affected.
Ref: http://bx67212.netsons.org/forum/viewtopic.php?f=3&t=3&sid=980fd3
8ff5f3ca40919d28be3f2e2d08#p3
______________________________________________________________________
08.50.122 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Poll Pro User and Passwrod SQL Injection Vulnerabilities
Description: Poll Pro is a web-based application used to add polls.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the username and
password fields. Poll Pro version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32707
______________________________________________________________________
08.50.123 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PEEL "rubid" Parameter SQL Injection
Description: PEEL is a PHP-based e-commerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "rubid" parameter of
the "index.php" script before using it in an SQL query. PEEL version
3.1 is affected.
Ref: http://www.securityfocus.com/bid/32715
______________________________________________________________________
08.50.124 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PostEcards "sendcard.cfm" SQL Injection
Description: PostEcards is a web-based application that creates and
emails postcards. The application is implemented in ColdFusion. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"sendcard.cfm" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32719
______________________________________________________________________
08.50.125 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMyAdmin "table" Parameter SQL Injection
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"table" parameter of the "tbl_structure.php" script before using it in
an SQL query. phpMyAdmin versions prior to 2.11.9.4 and 3.1.1.0 are
affected.
Ref: http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
______________________________________________________________________
08.50.126 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProQuiz "Username" Parameter SQL Injection
Description: ProQuiz is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Username" text box when logging into
the application through the "admin/index.php" script. ProQuiz version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/32724
______________________________________________________________________
08.50.127 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Netref "id" Parameter Multiple SQL Injection Vulnerabilities
Description: Netref is a URL management application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. Netref version 4.0 is
affected.
Ref: http://www.securityfocus.com/bid/32725
______________________________________________________________________
08.50.128 CVE: Not Available
Platform: Web Application
Title: Pro Clan Manager "PHPSESSID" Session Fixation
Description: Pro Clan Manager is a PHP-based content manager. Pro Clan
Manager is exposed to a session-fixation issue caused by a design
error when handling sessions. Specifically, an attacker can predefine
a victim user's session ID by setting the "PHPSESSID" parameter of
the "index.php" script. Pro Clan Manager version 0.4.2 is affected.
Ref: http://www.securityfocus.com/bid/32606
______________________________________________________________________
08.50.129 CVE: Not Available
Platform: Web Application
Title: SEO phpBB "include/global.php" Remote File Include
Description: SEO phpBB is web-based application based on phpBB. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "pfad" parameter of
the "include/global.php" script. SEO phpBB version 1.1.0 is affected.
Ref: http://www.securityfocus.com/bid/32619
______________________________________________________________________
08.50.130 CVE: Not Available
Platform: Web Application
Title: RevSense SQL Injection and Cross-Site Scripting Vulnerabilities
Description: RevSense is a web-based application for managing ads.
RevSense is exposed to an SQL injection issue and a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data. RevSense version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32624
______________________________________________________________________
08.50.131 CVE: Not Available
Platform: Web Application
Title: WebCAF Multiple Input Validation Vulnerabilities
Description: WebCAF is a web-based application. The application is
exposed to multiple input validation issues. WebCAF version 1.4 is
affected.
Ref: http://www.securityfocus.com/bid/32704
______________________________________________________________________
08.50.132 CVE: Not Available
Platform: Web Application
Title: PHPmyGallery Local and Remote File Include Vulnerabilities
Description: PHPmyGallery is a web-based application. The application
is exposed to multiple input validation issues. A remote attacker can
exploit these issues to obtain sensitive information or execute
malicious PHP code in the context of the web server process.
PHPmyGallery version 1.0beta2 is affected.
Ref: http://www.securityfocus.com/bid/32705
______________________________________________________________________
08.50.133 CVE: Not Available
Platform: Web Application
Title: ImpressCMS "rank_title" Parameter HTML Injection
Description: ImpressCMS is a content manager. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. ImpressCMS versions prior to 1.0.3 "Janus" RC 1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=634159
______________________________________________________________________
08.50.134 CVE: Not Available
Platform: Web Application
Title: Drennan Software My Simple Forum "index.php" Local File Include
Description: Drennan Software My Simple Forum is a web-based forum.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "action"
parameter of the "index.php" script. My Simple Forum version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/32643
______________________________________________________________________
08.50.135 CVE: Not Available
Platform: Web Application
Title: BNCwi "index.php" Local File Include
Description: BNCwi is a web interface for psyBNC IRC application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "newlanguage" HTTP
POST parameter of the "index.php" script. BNCwi versions 1.04 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/32644
______________________________________________________________________
08.50.136 CVE: Not Available
Platform: Web Application
Title: Gravity GTD PHP Code Injection and Local File Include
Vulnerabilities
Description: Gravity GTD is a PHP-based list manager used to track
action items. Gravity GTD is exposed to multiple input validation
issues because it fails to properly sanitize user-supplied input. The
issues include a PHP code injection and a local file include issue
that affect the "objectname" parameter of the "library/setup/rpc.php"
script. Gravity GTD versions 0.4.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32646
______________________________________________________________________
08.50.137 CVE: Not Available
Platform: Web Application
Title: lcxbbportal "phpbb_root_path" Parameter Multiple Remote File
Include Vulnerabilities
Description: lcxbbportal is a web-based application. The application
is exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "phpbb_root_path"
parameter. lcxbbportal version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/32647
______________________________________________________________________
08.50.138 CVE: Not Available
Platform: Web Application
Title: Tizag Countdown Creater "index.php" Arbitrary File Upload
Description: Tizag Countdown Creater is a countdown application. The
application is exposed to an unspecified issue that lets attackers
upload arbitrary files. The issue occurs because the application fails
to adequately sanitize user-supplied input. Tizag Countdown Creater
version 3 is affected.
Ref: http://www.securityfocus.com/bid/32661
______________________________________________________________________
08.50.139 CVE: CVE-2008-5305
Platform: Web Application
Title: TWiki SEARCH Variable Remote Command Execution
Description: TWiki is a wiki-based content managment system (CMS)
implemented in Perl. The application is exposed to an issue that
attackers can leverage to execute arbitrary commands in the context of
the application. This issue occurs because the application fails to
adequately validate user-supplied input.
Ref: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
______________________________________________________________________
08.50.140 CVE: Not Available
Platform: Web Application
Title: phpPgAdmin "_language" Parameter Local File Include
Description: phpPgAdmin is a web-based administration utility. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "_language" parameter
of the "libraries/lib.inc.php" script. phpPgAdmin versions 4.2.1 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/32670
______________________________________________________________________
08.50.141 CVE: Not Available
Platform: Web Application
Title: w3blabor Local File Include and Arbitrary File Upload
Vulnerabilities
Description: w3blabor is a web-based content management system. The
application is exposed to multiple input validation issues. By
exploiting the arbitrary file upload and local file include
vulnerabilities at the same time, the attacker may be able to execute
remote code. w3blabor version 3.0.5 is affected.
Ref: http://www.securityfocus.com/bid/32675
______________________________________________________________________
08.50.142 CVE: Not Available
Platform: Web Application
Title: BPowerHouse Mini Blog "index.php" Multiple Local File Include
Vulnerabilities
Description: BPowerHouse Mini Blog is a PHP-based blog application.
The application is exposed to multiple local file include issues
because it fails to properly sanitize user-supplied input to the
"page" and "admin" parameters of the "index.php" scripts. BPowerHouse
Mini Blog version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32677
______________________________________________________________________
08.50.143 CVE: Not Available
Platform: Web Application
Title: PHPmyGallery "index.php" Directory Traversal
Description: PHPmyGallery is a web-based application. The application
is exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "group" parameter of
the "index.php" script. PHPmyGallery version 1.51gold is affected.
Ref: http://www.securityfocus.com/bid/32678
______________________________________________________________________
08.50.144 CVE: Not Available
Platform: Web Application
Title: Mini-CMS "index.php" Multiple Local File Include
Vulnerabilities
Description: Mini-CMS is a PHP-based web application. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input. Mini-CMS version 1.0.1 is
affected.
Ref: http://www.securityfocus.com/bid/32680
______________________________________________________________________
08.50.145 CVE: Not Available
Platform: Web Application
Title: XOOPS Local File Include and HTML Injection Vulnerabilities
Description: XOOPS is a PHP-based content manager. The application is
exposed to multiple input-validation issues. An attacker can exploit
the local file include vulnerabilities using directory traversal
strings to execute local files within the context of the web server
process. XOOPS versions prior to 2.3.2b are affected.
Ref: http://www.securityfocus.com/archive/1/499002
______________________________________________________________________
08.50.146 CVE: Not Available
Platform: Web Application
Title: MG2 "includes/mg2_functions.php" PHP Code Injection
Description: MG2 (MiniGal2) is a PHP-based photo gallery application.
MG2 is exposed to an issue that lets attackers inject arbitrary PHP
code. The issue occurs because the application fails to properly
sanitize user-supplied input to the "name" parameter of the
"includes/mg2_functions.php" script. MG2 version 0.5.1 is affected.
Ref: http://www.securityfocus.com/bid/32695
______________________________________________________________________
08.50.147 CVE: Not Available
Platform: Web Application
Title: Google Gears WorkerPool API "allowCrossOrigin()" Same Origin
Policy Violation
Description: Google Gears is a browser extension intended to help in
the development of web applications. It is available for a number of
platforms and browsers. This issue exists in the WorkerPool API, used
to create worker objects within the Gears framework. Google Gears
versions prior to 0.5.4 are affected.
Ref:
http://blog.watchfire.com/wfblog/2008/12/breaking-google-gears-cross-origin-communication-model.html
______________________________________________________________________
08.50.148 CVE: Not Available
Platform: Web Application
Title: PunBB SQL Injection and Cross-Site Scripting Vulnerabilities
Description: PunBB is a PHP-based forum application. PunBB is exposed
to multiple input validation issues. An attacker can exploit these
issues to steal cookie-based authentication credentials, compromise
the application, access or modify data, or exploit latent
vulnerabilities in the underlying database. PunBB versions prior to
1.3.2 are affected.
Ref: http://punbb.informer.com/forums/topic/20475/punbb-132/
______________________________________________________________________
08.50.149 CVE: Not Available
Platform: Web Application
Title: PHPmyGallery "common-tpl-vars.php" Local and Remote File
Include Vulnerabilities
Description: PHPmyGallery is a web-based application. The application
is exposed to the multiple input validation issues. PHPmyGallery
version 1.5beta is affected.
Ref: http://www.securityfocus.com/bid/32723
______________________________________________________________________
08.50.150 CVE: Not Available
Platform: Web Application
Title: PHP Multiple Newsletters "lang" Parameter Local File Include
Description: PHP Multiple Newsletters is a web-based email marketing
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"lang" parameter of the "index.php" script. PHP Multiple Newsletters
version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/32726
______________________________________________________________________
08.50.151 CVE: Not Available
Platform: Web Application
Title: Atlassian JIRA Remote Security Bypass
Description: Atlassian JIRA is a web-based issue tracking system. The
application is exposed to a security bypass issue that attackers can
leverage to execute certain methods in the context of the application.
This issue occurs because the application fails to adequately validate
user-supplied input resulting in specific URL parameters being
transformed into method calls. Atlassian JIRA versions prior to 3.13.2
are affected.
Ref:
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09
______________________________________________________________________
08.50.152 CVE: Not Available
Platform: Web Application
Title: HTMPL "htmpl_admin.cgi" Remote Command Execution
Description: HTMPL is an HTML editor implemented in Perl. HTMPL is
exposed to an issue that attackers can leverage to execute arbitrary
commands. This issue occurs because the application fails to
adequately sanitize user-supplied input to the "help" parameter of the
"htmpl_admin.cgi" script. HTMPL version 1.11 is affected.
Ref: http://www.securityfocus.com/bid/32755
______________________________________________________________________
08.50.153 CVE: CVE-2008-4390
Platform: Network Device
Title: Linksys WVC54GC Wireless-G Internet Video Camera Information
Disclosure
Description: Linksys WVC54GC Wireless-G Internet Video Camera is
exposed to an information disclosure issue because it fails to encrypt
sensitive information before transmitting it over the network.
Firmware for the Linksys WVC54GC Wireless-G Internet Video Camera
versions prior to 1.25 are affected.
Ref: http://www.kb.cert.org/vuls/id/528993
______________________________________________________________________
08.50.154 CVE: Not Available
Platform: Network Device
Title: Neostrada Livebox ADSL Router HTTP Request Denial of Service
Description: Neostrada Livebox ADSL Router is a networking device
provided by Telekomunikacja Polska. The device is exposed to a denial
of service issue because it fails to adequately handle malformed HTTP
requests.
Ref: http://www.securityfocus.com/archive/1/499010
______________________________________________________________________
(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.
Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
iEYEARECAAYFAklBjrwACgkQ+LUG5KFpTkZNFACfe0LDc1dwZUfzEX6qyoF/shl/
vfcAn3u4vlbzVu1GtqHQHMpgBUfxzdbq
=BIFD
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]