NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> current

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 16

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu Apr 17 2008 - 21:24:04 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Apple Safari users should ensure their browsers have the latest updates
as multiple critical vulnerabilities were fixed in the latest update,
and companies that rely on EMC's DiskXtender for enterprise backup
should get patched right away. Attackers swarm over back-up
vulnerabilities like the ones reported this week in DiskXtender. In
fact, back-up products are among the least frequently updated by users.
"It ain't broke; don't touch it" seems to be the mindset, but RISK has
shown over and over that backup products have an unending series of
security flaws. A good reminder to make sure your software configuration
management plans include patching of backup software. ClamAV users and
Borland InterBase users also have critical flaws to fix.

Alan
*************************************************************************
RISK: The Consensus Security Vulnerability Alert
April 17, 2008 Vol. 7. Week 16
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 6 (#3, #5)
Linux 2
Solaris 4
Unix 3 (#6)
Cross Platform 25 (#1, #2, #4, #7, #8)
Web Application - Cross Site Scripting 7
Web Application - SQL Injection 28
Web Application 25
Network Device 2

******************** Sponsored By Sourcefire, Inc. *********************

Learn more about the industry's first 10Gbps IPS _ Sourcefire 3D 9800.
It supports copper or fiber networks. Now you can monitor multiple
networks from one core. Get high port density and a highly redundant,
scalable architecture to handle your high-traffic environment. Call
1.800.917.4134 for more information.
http://www.sans.org/info/27858

*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFire 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
      with many bonus sessions and a big exhibition of security products:
      http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21)
      http://www.sans.org/secureeurope08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Apple Safari Multiple Vulnerabilities
(2) CRITICAL: ClamAV Multiple Vulnerabilities
(3) CRITICAL: EMC DiskXtender Multiple Vulnerabilities
(4) CRITICAL: Borland InterBase Buffer Overflow
(5) HIGH: ICQ Message Handling Buffer Overflow
(6) MODERATE: CUPS Multiple Image Handling Integer Overflows
(7) MODERATE: Rsync Extended Attributes Integer Overflow
(8) LOW: Mozilla Web Browsers Garbage Collection Possible Remote Code Execution

************************** Sponsored Links: ***************************
1) Join some of the most advanced application security managers and many
people who are just getting their application security program started
to learn about the most critical issues and to find the best tools to
use resolve them - all at the Application Security Summit June 2-3.
http://www.sans.org/info/27863
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
08.16.1 - IBiz E-Banking Integrator ActiveX Control "WriteOFXDataFile()" Insecure Method
08.16.2 - Symantec Altiris Deployment Solution AClient Password Disclosure
08.16.3 - WinWebMail IMAP Login Data Handling Denial of Service
08.16.4 - Trillian DTD File XML Parser Buffer Overflow
08.16.5 - Nero MediaHome NMMediaServer.EXE Remote Denial of Service
08.16.6 - ICQ "Personal Status Manager" Remote Buffer Overflow
-- Linux
08.16.7 - GNU m4 Format String and Filename Quoting Vulnerabilities
08.16.8 - Red Hat "redhat-ds-admin" Shell Command Injection and Security Bypass Vulnerabilities
-- Solaris
08.16.9 - Sun N1 Grid Engine "Qmaster" Daemon Local Denial of Service
08.16.10 - Sun Solaris Self Encapsulated IP Packets Remote Denial of Service
08.16.11 - Sun Solaris Floating Point Context Switch Implementation Unspecified Security
08.16.12 - Sun Solaris Trusted Extensions Labeled Networking Security Bypass
-- Unix
08.16.13 - Rsync "xattr" Support Integer Overflow
08.16.14 - MirBSD Korn Shell Local Privilege Escalation
08.16.15 - CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
-- Cross Platform
08.16.16 - HP OpenView Network Node Manager "ovspmd" Buffer Overflow
08.16.17 - Nortel Networks Communication Server 1000 Multiple Security Vulnerabilities
08.16.18 - Squid Web Proxy Cache "arrayShrink()" Remote Denial of Service
08.16.19 - Adobe Flash Player SWF File "DeclareFunction2" Actionscript Tag Remote Code Execution
08.16.20 - Adobe Flash Player Multimedia File Remote Buffer Overflow
08.16.21 - Adobe Flash Player Arbitrary Cross Domain HTTP Request Headers Security
08.16.22 - Adobe Flash Player Unspecified DNS Rebinding
08.16.23 - Adobe ColdFusion CFC Method Access Level Security Bypass
08.16.24 - VLC Media Player Browser Plugin Arbitrary File Overwrite
08.16.25 - TIBCO Multiple Products Buffer Overflow Vulnerabilities
08.16.26 - Drupal Simple Access Module Security Bypass
08.16.27 - Openfire Unspecified Remote Denial of Service
08.16.28 - EMC DiskXtender Default Credentials Privilege Escalation
08.16.29 - EMC DiskXtender File System Manager Stack-Based Buffer Overflow
08.16.30 - EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
08.16.31 - Borland InterBase IBServer.EXE Remote Buffer Overflow
08.16.32 - HP OpenView Network Node Manager Directory Traversal and Multiple Denial of Service Vulnerabilities
08.16.33 - Python "stringobject.c" Multiple Remote Buffer Overflow Vulnerabilities
08.16.34 - ClamAV "libclamav/pe.c" UPACK File Heap-Based Buffer Overflow
08.16.35 - Novell eDirectory HTTP "Connection" Header Denial Of Service
08.16.36 - XM Easy Personal FTP Server "PORT" and "XCWD" Multiple Remote Denial of Service Vulnerabilities
08.16.37 - ClamAV ARJ File Denial of Service
08.16.38 - ClamAV 0.92.1 Multiple Vulnerabilities
08.16.39 - BigAnt IM Server HTTP GET Request Remote Buffer Overflow
08.16.40 - DivX Player .SRT "subtitle" Remote Buffer Overflow
-- Web Application - Cross Site Scripting
08.16.41 - SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting
08.16.42 - WiKID wClient-PHP "sample.php" Cross-Site Scripting
08.16.43 - Business Objects Infoview "jsessionid" Parameter Cross-Site Scripting
08.16.44 - Cezanne Software Multiple Cross-Site Scripting Vulnerabilities
08.16.45 - Cezanne Software "CFLogon.asp" Cross-Site Scripting
08.16.46 - WORK system e-commerce "main.php" Multiple Cross-Site Scripting Vulnerabilities
08.16.47 - amfphp Multiple Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.16.48 - Pligg "editlink.php" SQL Injection
08.16.49 - Avaya SIP Enablement Services and Communications Manager Multiple SQL Injection Vulnerabilities
08.16.50 - Pragmatic Utopia PU Arcade "gid" Parameter SQL Injection
08.16.51 - WordPress "wp-comments-post.php" Multiple SQL Injection Vulnerabilities
08.16.52 - SuperNET Shop Multiple SQL Injection Vulnerabilities
08.16.53 - Koobi Pro "galid" Parameter Multiple SQL Injection Vulnerabilities
08.16.54 - Koobi "img_id" Parameter SQL Injection
08.16.55 - MyKnowledgeQuest KnowledgeQuest Multiple SQL Injection Vulnerabilities
08.16.56 - MyKnowledgeQuest KnowledgeQuest "articletextonly.php" Script SQL Injection
08.16.57 - LiveCart "id" Parameter SQL Injection
08.16.58 - RS MAXSOFT "popup_img.php" SQL Injection
08.16.59 - W2B phpHotResources "cat.php" SQL Injection
08.16.60 - KwsPHP ConcoursPhoto Module "C_ID" Parameter SQL Injection
08.16.61 - PHPKB "comment.php" SQL Injection
08.16.62 - phpAddressBook "view.php" SQL Injection
08.16.63 - osCommerce Poll Booth Add-On "pollbooth.php" SQL Injection
08.16.64 - Mumbo Jumbo Media OP4 "id" Parameter SQL Injection
08.16.65 - Coppermine Photo Gallery "upload.php" SQL Injection
08.16.66 - Coppermine Photo Gallery "bridge/coppermine.inc.php" SQL Injection
08.16.67 - BosClassifieds "index.php" SQL Injection
08.16.68 - SmallBiz 4 Seasons "content.php" SQL Injection
08.16.69 - eShop CMS "index.php" SQL Injection
08.16.70 - Cezanne Software "FUNID" Parameter Multiple SQL Injection Vulnerabilities
08.16.71 - DevWorx BlogWorx "view.asp" SQL Injection
08.16.72 - BosDev BosNews "index.php" SQL Injection
08.16.73 - Koobi Pro "poll_id" Parameter SQL Injection
08.16.74 - Classifieds Caffe "cat_id" Parameter SQL Injection
08.16.75 - LASERnet CMS "new" Parameter SQL Injection
-- Web Application
08.16.76 - Avaya Communication Manager Web Interface Multiple Input Validation Vulnerabilities
08.16.77 - phpTournois Avatar Arbitrary File Upload
08.16.78 - ExBB "exbb[default_lang]" Parameter Local File Include Vulnerability
08.16.79 - Avaya SIP Enablement Services (SES) Server Multiple Input Validation Vulnerabilities
08.16.80 - Microsoft SharePoint Server Picture Source HTML Injection
08.16.81 - phpBB Fishing Cat Portal Addon "functions_portal.php" Remote File Include
08.16.82 - Drupal Menu System Security Bypass Vulnerabilities
08.16.83 - Python zlib Module Remote Buffer Overflow
08.16.84 - ARWScripts Gallery Script Lite "download.html" File Disclosure
08.16.85 - KSEMAIL "index.php" Multiple Local File Include Vulnerabilities
08.16.86 - Joomla! and Mambo joomlaXplorer Component Multiple Input Validation Vulnerabilities
08.16.87 - NewsOffice "news_show.php" Remote File Include
08.16.88 - CcMail Cookie Security Bypass
08.16.89 - cpCommerce Multiple Input Validation Vulnerabilities
08.16.90 - XT-News Multiple Administrative Scripts Authentication Bypass Vulnerabilities
08.16.91 - Joomla! and Mambo eXtplorer Component "dir" Parameter Directory Traversal
08.16.92 - Libpng Library Unknown Chunk Handler
08.16.93 - Dotclear "ecrire/images.php" Arbitrary File Upload
08.16.94 - KwsPHP Eskuel Module Arbitrary File Upload
08.16.95 - phpBB Memberlist Search and Private Message Attachment Multiple Security Bypass Vulnerabilities
08.16.96 - BosDev BosNews "/admin/index.php" Authentication Bypass
08.16.97 - Gallarific Cross-Site Scripting, HTML Injection and Backdoor Vulnerabilities
08.16.98 - W2B Online Banking "ilang" Parameter Remote File Include
08.16.99 - Istant-Replay "read.php" Remote File Include
08.16.100 - LightNEasy Multiple Input Validation Vulnerabilities
- - -- Network Device 08.16.101 - Cisco Unified Communication Manager
Multiple Vulnerabilities 08.16.102 - Wayport CyberCenter Express
Authentication Bypass
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple Safari Multiple Vulnerabilities
Affected:
Apple Safari versions prior to 3.1.1

Description: Safari is Apple's web browser for its Mac OS X and
Microsoft Windows operating systems. It contains multiple
vulnerabilities ranging in severity from remote code execution to cross
site scripting and address bar spoofing. Flaws in its handling of
regular expressions and downloaded files can lead to arbitrary code
execution with the privileges of the current user. Note that some of
these vulnerabilities are present in portions of Safari that are open
source, therefore full technical details may be obtained for these
vulnerabilities via source code analysis.

Status: Apple confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-022/
Apple Security Advisory
http://support.apple.com/kb/HT1467
Apple Safari Home Page
http://www.apple.com/safari/download/
SecurityFocus BID
http://www.securityfocus.com/bid/28815

*****************************************************

(2) CRITICAL: ClamAV Multiple Vulnerabilities
Affected:
ClamAV versions prior to 0.93

Description: ClamAV is a popular open source antivirus solution for
multiple platforms. Flaws in its handling of a variety of file formats
can lead to buffer overflows and memory corruption vulnerabilities. A
specially crafted file analyzed by the software could trigger one of
these vulnerabilities, allowing an attacker to execute arbitrary code
with the privileges of the vulnerable process. Note that, on systems
using ClamAV as an email analysis engine, it is sufficient for an email
message to transit the server to exploit one of these vulnerabilities;
no user interaction is necessary. Full technical details for these
vulnerabilities is available via source code analysis. Several
proofs-of-concept are publicly available.

Status: ClamAV confirmed, updates available.

References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
ClamAV Bug Reports
https://www.clamav.net/bugzilla/show_bug.cgi?id=877
https://www.clamav.net/bugzilla/show_bug.cgi?id=897
https://www.clamav.net/bugzilla/show_bug.cgi?id=876
https://www.clamav.net/bugzilla/show_bug.cgi?id=878
Secunia Security Advisory
http://secunia.com/secunia_research/2008-11/advisory/
ClamAV Home Page
http://www.clamav.net
SecurityFocus BID
Not yet available.

*****************************************************

(3) CRITICAL: EMC DiskXtender Multiple Vulnerabilities
Affected:
EMC DiskXtender versions 6.20.060 and prior

Description: EMC DiskXtender is an enterprise backup and data migration
application. It exposes several Remote Procedure Call (RPC) interfaces.
Several procedures exported by these interfaces contain buffer overflow
vulnerabilities. Exploiting these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process (often SYSTEM). Nominally, these interfaces require
authentication, however, several DiskXtender components have hardcoded
authentication credentials, allowing attackers to connect to these
interfaces. Attackers may also execute arbitrary application commands
without exploiting any buffer overflow vulnerabilities by simply
connecting to the vulnerable RPC interfaces using the hardcoded
credentials.

Status: EMC confirmed, updates available.

References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
Product Home Page
http://software.emc.com/products/product_family/diskxtender_family.htm
Wikipedia Article on Microsoft RPC
http://en.wikipedia.org/wiki/MSRPC
SecurityFocus BID
http://www.securityfocus.com/bid/28727

*****************************************************

(4) CRITICAL: Borland InterBase Buffer Overflow
Affected:
Borland InterBase 2007 Service Pack 2

Description: InterBase is a popular database server from Borland. It
contains a buffer overflow in its handling of certain user requests. A
specially crafted request from a user could trigger this buffer
overflow, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable process. Full technical details and a
proof-of-concept are publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by blocking access to TCP port
3050 at the network perimeter, if possible.

References:
Proof-of-Concept
http://www.securityfocus.com/archive/1/490752
Product Home Page
http://www.codegear.com/products/interbase
SecurityFocus BID
Not yet available.

*****************************************************

(5) HIGH: ICQ Message Handling Buffer Overflow
Affected:
ICQ versions 6.0 and prior

Description: ICQ is a popular instant messaging application. It contains
a flaw in its handling of remote "user status messages". These messages
are used to indicate the status of another user, such as "available" or
"away". These messages will be rendered by a remote client when querying
the user's status. There is a flaw in the handling of these messages. A
specially crafted message could trigger a buffer overflow when rendered
by a victim's client, allowing an attacker to execute arbitrary code
with the privileges of the current user. A user would have to be
monitoring the status of an attacker to be vulnerable to this issue.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.

Status: Vendor confirmed, updates available.

References:
INFIGO Security Advisory
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08
ICQ Home Page
http://www.icq.com/
SecurityFocus BID
Not yet available.

*****************************************************

(6) MODERATE: CUPS Multiple Image Handling Integer Overflows
Affected:
CUPS versions prior to current-2008-04-08

Description: CUPS is the Common Unix Printing System, and is the
standard printing system on a variety of Unix, Unix-like, and Linux
operating systems. It contains a flaw in its handling of Portable
Network Graphics (PNG) images. A specially crafted PNG image could
trigger one of several integer overflow vulnerabilities. It has been
confirmed that successfully exploiting one of these vulnerabilities
would allow an attacker to create a denial-of-service condition. It is
also believed, but not confirmed, that remote code execution is
possible. In most common configurations, attackers would either require
authentication or local network access to exploit these vulnerabilities.
Full technical details are publicly available on these vulnerabilities,
via source code analysis.

Status: Vendor confirmed, updates available.

References:
CUPS Bug Report
http://www.cups.org/str.php?L2790
Wikipedia Article on PNG
http://en.wikipedia.org/wiki/Portable_Network_Graphics
CUPS Home Page
http://www.cups.org
SecurityFocus BID
Not yet available.

*****************************************************

(7) MODERATE: Rsync Extended Attributes Integer Overflow
Affected:
Rsync versions 2.6.9 through 3.0.1

Description: Rsync is a popular open source file and directory
synchronization tool. On certain operating systems, it supports the
concept of "extended attributes". These are data associated with files
but distinct from the file's content. Rsync fails to properly handle
certain extended attribute operations. A specially crafted request
involving extended attributes could result in an integer overflow, and
potentially allow an attacker to execute arbitrary code with the
privileges of the vulnerable process. Note that the extended attribute
functionality is not supported on all platforms, and may be disabled
entirely via configuration.

Status: Rsync confirmed, updates available.

References:
Rsync Security Blog Entry
http://samba.anu.edu.au/rsync/security.html#s3_0_2
Rsync Home Page
http://samba.anu.edu.au/rsync/
Wikipedia Article on Extended Attributes
http://en.wikipedia.org/wiki/Extended_file_attributes
SecurityFocus BID
Not yet available.

*****************************************************

(8) LOW: Mozilla Web Browsers Garbage Collection Possible Remote Code Execution
Affected:
Mozilla Firefox versions prior to 2.0.0.14
Mozilla Thunderbird versions prior to 2.0.0.14
Mozilla SeaMonkey versions prior to 1.1.10

Description: Web browsers that are based on the Mozilla codebase,
including the popular Firefox web browser, contain a flaw in their
handling of certain JavaScript constructs. The JavaScript engine in
these browsers has a flaw in its implementation of garbage collection
(a method of automatic memory management). A specially crafted
JavaScript script embedded in a web page could exploit this
vulnerability and lead to a crash. It is not currently believed that
this crash could be leveraged to execute arbitrary code, but similar
bugs in the past have lead to remote code execution. Full technical
details are available for this vulnerability via source code analysis.

Status: Mozilla confirmed, updates available.

References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-20.html
Wikipedia Article on Garbage Collection
http://en.wikipedia.org/wiki/Garbage_collection_%28computer_science%29
Wikipedia Article on JavaScript
http://en.wikipedia.org/wiki/JavaScript
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/28818

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.16.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: IBiz E-Banking Integrator ActiveX Control "WriteOFXDataFile()"
Insecure Method
Description: IBiz E-Banking Integrator is an application used for
retrieving financial data from financial institutions. The application
is exposed to an issue that allows attackers to create or overwrite
arbitrary data with the privileges of the application using it
(typically Internet Explorer). IBiz E-Banking Integrator version 2.0
is affected.
Ref: http://www.securityfocus.com/bid/28703
______________________________________________________________________

08.16.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution AClient Password
Disclosure
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. The application's
AClient binary is exposed to a local password disclosure issue that
arises because of a design error. Altiris Deployment Solution versions
prior to 6.9.164 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.04.10.html
______________________________________________________________________

08.16.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinWebMail IMAP Login Data Handling Denial of Service
Description: WinWebMail is a web server for Windows that supports
multiple protocols. The application is exposed to a denial of service
issue because it fails to perform adequate boundary checks on
user-supplied input. WinWebMail version 3.7.3.2 is affected.
Ref: http://www.securityfocus.com/bid/28721
______________________________________________________________________

08.16.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Trillian DTD File XML Parser Buffer Overflow
Description: Cerulean Studios Trillian is an instant messaging
application. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. Trillian version 3.1.9.0 Basic is affected.
Ref: http://www.securityfocus.com/archive/1/490772
______________________________________________________________________

08.16.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nero MediaHome NMMediaServer.EXE Remote Denial of Service
Description: Nero MediaHome is an application that allows users to
stream videos, TV programs, and music. It is available for Microsoft
Windows. The application is exposed to a denial of service issue
because it fails to handle exceptional conditions. Nero MediaHome
version 3.3.3.0 is affected.
Ref: http://aluigi.altervista.org/adv/neromedia-adv.txt
______________________________________________________________________

08.16.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ "Personal Status Manager" Remote Buffer Overflow
Description: ICQ is an instant-messaging client application for
Microsoft Windows. The application is exposed to a remote buffer
overflow issue because the application fails to perform boundary
checks prior to copying user-supplied data into sensitive process
buffers. ICQ version 6 build 6043 is affected.
Ref: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-04-08
______________________________________________________________________

08.16.7 CVE: CVE-2008-1687, CVE-2008-1688
Platform: Linux
Title: GNU m4 Format String and Filename Quoting Vulnerabilities
Description: GNU m4 is a freely available macro-processing utility.
The application is exposed to format string and filename quoting
issues. GNU m4 versions prior to 1.4.11 are affected.
Ref:
http://git.sv.gnu.org/gitweb/?p=m4.git;a=commitdiff;h=5345bb49077bfda9fabd048e563f9e7077fe335d;hp=edae0cd4696a9e6eb42eba98fbaae16f31268cba
______________________________________________________________________

08.16.8 CVE: CVE-2008-0892, CVE-2008-0893
Platform: Linux
Title: Red Hat "redhat-ds-admin" Shell Command Injection and Security
Bypass Vulnerabilities
Description: Red Hat Administration Server is an HTTP agent used for
remote management of the Red Hat Directory Server. The
"redhat-ds-admin" application is exposed to multiple issues.
"redhat-ds-admin" used with Red Hat Directory Server 8 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0201.html
______________________________________________________________________

08.16.9 CVE: Not Available
Platform: Solaris
Title: Sun N1 Grid Engine "Qmaster" Daemon Local Denial of Service
Description: Sun N1 Grid Engine is an application that provides policy
based workload management and dynamic provisioning of application
workloads. The application is exposed to a denial of service issue
that affects "Qmaster" daemon. Sun N1 Grid Engine version 6.1 is
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-234822-1
______________________________________________________________________

08.16.10 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Self Encapsulated IP Packets Remote Denial of
Service
Description: Sun Solaris is an enterprise grade UNIX distribution. The
application is exposed to a denial of service issue because it fails
to handle specially crafted network data. Specifically, the issue
arises when the kernel tries to process self encapsulated IP packets.
Solaris versions 8, 9 and 10 for SPARC and x86 platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235901-1
______________________________________________________________________

08.16.11 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Floating Point Context Switch Implementation
Unspecified Security
Description: Sun Solaris is an enterprise grade UNIX distribution. The
application is exposed to an unspecified issue that affects the
floating point context switch implementation. Solaris 9 and 10 for x86
platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233921-1
______________________________________________________________________

08.16.12 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Trusted Extensions Labeled Networking Security Bypass
Description: Sun Solaris is an enterprise grade UNIX distribution. The
application is exposed to a security bypass issue that affects the
Trusted Extensions labeled networking. Solaris 10 for SPARC and x86
platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235421-1
______________________________________________________________________

08.16.13 CVE: CVE-2008-1720
Platform: Unix
Title: Rsync "xattr" Support Integer Overflow
Description: The rsync utility is used to synchronize files and
directory structures across a network. It is commonly used to maintain
mirrors of FTP sites, often through anonymous access to the rsync
server. The application is exposed to a remote integer overflow issue
in "util.c" when extended attribute support ("xattr") is enabled. The
application fails to properly ensure that user-supplied input doesn't
overflow integer values. rsync versions between 2.6.9 and 3.0.1 that
have "xattr" support enabled are affected.
Ref: http://samba.anu.edu.au/rsync/security.html#s3_0_2
______________________________________________________________________

08.16.14 CVE: Not Available
Platform: Unix
Title: MirBSD Korn Shell Local Privilege Escalation
Description: MirBSD Korn Shell (mksh) is a freely available successor
to the pdksh Unix shell. The application is exposed to a local
privilege escalation issue due to a failure of the application to
properly ensure that the origin of terminal input is secure. mksh
versions prior to R33d are affected.
Ref: http://www.mirbsd.org/mksh.htm#clog
______________________________________________________________________

08.16.15 CVE: CVE-2008-1722
Platform: Unix
Title: CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. CUPS is exposed to
multiple integer overflow issues because it fails to perform adequate
boundary checks on user-supplied PNG image sizes before using them to
allocate memory buffers. CUPS version 1.3.7 is affected.
Ref: http://www.cups.org/str.php?L2790
______________________________________________________________________

08.16.16 CVE: Not Available
Platform: Cross Platform
Title: HP OpenView Network Node Manager "ovspmd" Buffer Overflow
Description: HP OpenView Network Node Manager is a fault management
application for IP networks. Network Node Manager is exposed to a
buffer overflow issue because it fails to properly bounds-check
user-supplied data. Network Node Manager version 7.53 running on
Microsoft Windows is affected.
Ref: http://www.securityfocus.com/bid/28689
______________________________________________________________________

08.16.17 CVE: Not Available
Platform: Cross Platform
Title: Nortel Networks Communication Server 1000 Multiple Security
Vulnerabilities
Description: Nortel Networks Communication Server 1000 is a PBX
appliance. The application is exposed to multiple security issues.
Communications Server 1000 with firmware version 4.5.x is affected.
Ref:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,14/_cursor,3/_total,44/tableid,1/
______________________________________________________________________

08.16.18 CVE: CVE-2008-1612
Platform: Cross Platform
Title: Squid Web Proxy Cache "arrayShrink()" Remote Denial of Service
Description: Squid is an open-source proxy server available for a
number of platforms. The application is exposed to a remote denial of
service issue due to a flaw when processing HTTP headers for cached
objects. Squid versions 2.6 prior to 2.6.STABLE18 are affected.
Ref: http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
______________________________________________________________________

08.16.19 CVE: CVE-2007-6019
Platform: Cross Platform
Title: Adobe Flash Player SWF File "DeclareFunction2" ActionScript Tag
Remote Code Execution
Description: Adobe Flash Player is an application used to play Flash
media files. Flash Player is exposed to a remote code execution issue
when processing certain embedded ActionScript objects. Adobe Flash
Player versions 9.0.115.0 and earlier are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
______________________________________________________________________

08.16.20 CVE: CVE-2007-0071
Platform: Cross Platform
Title: Adobe Flash Player Multimedia File Remote Buffer Overflow
Description: Adobe Flash Player is an application used to play Flash
media files. Flash Player is exposed to a remote buffer overflow issue
when processing multimedia files with certain tags. The issue stems
from an integer overflow when calculating pointers and can be used by
an attacker to write to arbitrary memory locations. Adobe Flash Player
versions 9.0.115.0 and earlier are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
______________________________________________________________________

08.16.21 CVE: CVE-2008-1654
Platform: Cross Platform
Title: Adobe Flash Player Arbitrary Cross Domain HTTP Request Headers
Security
Description: Adobe Flash Player is an application used to play Flash
media files. The application is exposed to an issue that allows remote
attackers to send arbitrary request headers from flash player to
remote domains. The issue arises because the application does not
perform any cross-domain policy checks before allowing SWF files
downloaded from one domain to send headers to another domain. Adobe
Flash Player versions 9.0.115.0 and earlier are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
______________________________________________________________________

08.16.22 CVE: CVE-2008-1655
Platform: Cross Platform
Title: Adobe Flash Player Unspecified DNS Rebinding
Description: Adobe Flash Player is an application used to play Flash
media files. The application is exposed to an issue with an
unspecified impact which can be exploited by DNS rebinding. Adobe
Flash Player versions 9.0.115.0 and earlier are affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0221.html
______________________________________________________________________

08.16.23 CVE: CVE-2008-1656
Platform: Cross Platform
Title: Adobe ColdFusion CFC Method Access Level Security Bypass
Description: Adobe ColdFusion is an application server and software
development framework used for creating dynamic web-based content. The
application is exposed to a security bypass issue because it fails to
properly restrict access to CFC methods. ColdFusion versions 8 and
8.0.1 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-12.html
______________________________________________________________________

08.16.24 CVE: CVE-2007-6683
Platform: Cross Platform
Title: VLC Media Player Browser Plug-in Arbitrary File Overwrite
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to an issue that
allows attackers to overwrite arbitrary files because the application
fails to adequately sanitize certain arguments when handling
":demuxdump-file" filename options in a playlist or a "EXTVLCOPT"
statement in an MP3 file. VLC media player versions prior to 0.8.6d
are affected.
Ref: http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
______________________________________________________________________

08.16.25 CVE: CVE-2008-1703, CVE-2008-1704
Platform: Cross Platform
Title: TIBCO Multiple Products Buffer Overflow Vulnerabilities
Description: TIBCO Enterprise Message Service and TIBCO Rendezvous are
messaging solutions for enterprises. These applications are exposed to
multiple buffer overflow issues that occur because they fail to perform
adequate boundary checks on user-supplied data.
Ref:
http://www.tibco.com/resources/mk/ems_security_advisory_20080409.txt
______________________________________________________________________

08.16.26 CVE: Not Available
Platform: Cross Platform
Title: Drupal Simple Access Module Security Bypass
Description: Drupal is an open-source content manager that is
available for a number of platforms. Simple Access is a module that
allows administrators to make nodes private or editable by defined
user roles. The application is exposed to a security bypass issue
because it fails to properly maintain privacy information for a node
in certain conditions. Simple Access versions prior to 5.x-1.3 are
affected.
Ref: http://www.securityfocus.com/bid/28720/info
______________________________________________________________________

08.16.27 CVE: Not Available
Platform: Cross Platform
Title: Openfire Unspecified Remote Denial of Service
Description: Openfire is a freely available instant messaging server
available for many platforms. The application is exposed to a remote
denial of service issue.
Ref:
http://www.igniterealtime.org/issues/browse/JM-1289?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
______________________________________________________________________

08.16.28 CVE: CVE-2008-0961
Platform: Cross Platform
Title: EMC DiskXtender Default Credentials Privilege Escalation
Description: EMC DiskXtender is a suite of software components used
for data backup and migration; it is available for Unix, Linux, and
Windows operating systems. The application is exposed to a privilege
escalation issue because its main components (System Manager,
MediaStor and License Server) contain hard-coded authentication
credentials. DiskXtender version 6.20.060 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
______________________________________________________________________

08.16.29 CVE: CVE-2008-0962
Platform: Cross Platform
Title: EMC DiskXtender File System Manager Stack-Based Buffer Overflow
Description: EMC DiskXtender is a suite of software components used
for data backup and migration; it is available for Unix, Linux, and
Windows operating systems. The application is exposed to a stack-based
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. DiskXtender version 6.20.060 is
affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
______________________________________________________________________

08.16.30 CVE: CVE-2008-0963
Platform: Cross Platform
Title: EMC DiskXtender MediaStor RPC Interface Format String Vulnerability
Description: EMC DiskXtender is a suite of software components used
for data backup and migration; it is available for Unix, Linux, and
Windows operating systems. The application is exposed to a format
string issue because it fails to adequately sanitize user-supplied
input before passing it to a formatted printing function. DiskXtender
version 6.20.060 for Windows is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=685
______________________________________________________________________

08.16.31 CVE: Not Available
Platform: Cross Platform
Title: Borland InterBase IBServer.EXE Remote Buffer Overflow
Description: Borland InterBase is a scalable database application
available for multiple operating platforms. The application is exposed
to a remote stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Borland
InterBase version 2007 SP2 is affected.
Ref: http://www.securityfocus.com/archive/1/490752
______________________________________________________________________

08.16.32 CVE: CVE-2008-0068
Platform: Cross Platform
Title: HP OpenView Network Node Manager Directory Traversal and
Multiple Denial of Service Vulnerabilities
Description: HP OpenView Network Node Manager (NNM) is an automated
network topology application for network administration and analysis.
The application is exposed to multiple issues. HP OpenView Network
Node Manager version 7.53 is affected.
Ref: http://www.securityfocus.com/archive/1/490771
______________________________________________________________________

08.16.33 CVE: Not Available
Platform: Cross Platform
Title: Python "stringobject.c" Multiple Remote Buffer Overflow
Vulnerabilities
Description: Python is an interpreted dynamic object-oriented
programming language available for many operating systems. The
application is exposed to multiple remote issues because it fails to
sufficiently verify user-supplied data. Python version 2.5.2 is
affected.
Ref: http://bugs.python.org/issue2587
______________________________________________________________________

08.16.34 CVE: CVE-2008-1100
Platform: Cross Platform
Title: ClamAV "libclamav/pe.c" UPACK File Heap-Based Buffer Overflow
Description: ClamAV is a multi-platform antivirus toolkit used to scan
email messages for viruses. The application is exposed to a heap-based
buffer overflow issue because it fails to properly verify
user-supplied data. ClamAV versions 0.92 and 0.92.1 are affected.
Ref: http://secunia.com/secunia_research/2008-11/advisory/
______________________________________________________________________

08.16.35 CVE: CVE-2008-0927
Platform: Cross Platform
Title: Novell eDirectory HTTP "Connection" Header Denial Of Service
Description: Novell eDirectory is a directory service that is used to
centrally manage computer resources on a network. The application is
exposed to a denial of service issue when handling requests with
specially crafted HTTP "connection" headers. eDirectory versions prior
to 8.8.2 and prior to 8.7.3 sp10 for Windows 2000/2003 systems are affected.
Ref:
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
______________________________________________________________________

08.16.36 CVE: Not Available
Platform: Cross Platform
Title: XM Easy Personal FTP Server "PORT" and "XCWD" Multiple Remote
Denial of Service Vulnerabilities
Description: XM Easy Personal FTP Server is an FTP server for various
Microsoft Windows platforms. The application is exposed to a remote
denial of service issue that occurs in the "XCWD" and "PORT" commands.
XM Easy Personal FTP Server version 5.4.0 is affected.
Ref: http://www.securityfocus.com/bid/28759
______________________________________________________________________

08.16.37 CVE: CVE-2008-1387
Platform: Cross Platform
Title: ClamAV ARJ File Denial of Service
Description: ClamAV is a multi-platform toolkit used for scanning email
messages for viruses. The application is exposed to a denial of
service issue because it fails to handle exceptional conditions.
ClamAV versions prior to 0.93 are affected.
Ref: http://int21.de/cve/CVE-2008-1387-clamav.html
______________________________________________________________________

08.16.38 CVE: CVE-2008-0314
Platform: Cross Platform
Title: ClamAV 0.92.1 Multiple Vulnerabilities
Description: ClamAV is a multi-platform toolkit used for scanning email
messages for viruses. The application is exposed to multiple issues.
ClamAV versions prior to 0.93 are affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686
______________________________________________________________________

08.16.39 CVE: Not Available
Platform: Cross Platform
Title: BigAnt IM Server HTTP GET Request Remote Buffer Overflow
Description: BigAnt IM Server is the server application of BigAnt
Messenger, an enterprise IM system for Windows platforms. The server
is exposed to a remote buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. BigAnt IM
Server version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/28795
______________________________________________________________________

08.16.40 CVE: Not Available
Platform: Cross Platform
Title: DivX Player .SRT "subtitle" Remote Buffer Overflow
Description: DivX Player is a media player specifically designed to
handle DivX media files. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. The issue occurs when the application handles
.SRT files that contain overly long subtitle data. DivX Player version
6.7.0 is affected.
Ref: http://www.securityfocus.com/archive/1/490898
______________________________________________________________________

08.16.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SAP NetWeaver Filesystem Feedbacks Cross-Site Scripting
Description: SAP NetWeaver is a platform for enterprise applications.
The application is exposed to a cross-site scripting issue because the
software fails to sufficiently sanitize user-supplied data.
Specifically, this issue affects the web interface used to access
portal filesystems with "feedbacks" of files.
Ref: http://www.securityfocus.com/archive/1/490625
______________________________________________________________________

08.16.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WiKID wClient-PHP "sample.php" Cross-Site Scripting
Description: WiKID wClient-PHP is a client application for the WiKID
Strong Authentication server, a two-factor authentication system. The
application is exposed to a cross-site scripting issue because the
software fails to sufficiently sanitize user-supplied data.
Specifically, this issue affects the "PHP_SELF" parameter of the
"sample.php" script. WiKID wClient-PHP version prior to 3.0-3 is
affected.
Ref: http://www.securityfocus.com/archive/1/490768
______________________________________________________________________

08.16.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Business Objects Infoview "jsessionid" Parameter Cross-Site
Scripting
Description: Business Objects is a suite of applications and tools used
to administrate, monitor, and network business and project
information. Business Objects Infoview is a web portal application
used to remotely access Business Objects. The application is exposed
to a cross-site scripting issue because it fails to
properly sanitize user-supplied input. Java versions of Business
Objects XI R2 are affected.
Ref: http://www.securityfocus.com/archive/1/490822
______________________________________________________________________

08.16.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cezanne Software Multiple Cross-Site Scripting Vulnerabilities
Description: Cezanne Software is a suite of ASP-based human resources
and management applications. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input. Cezanne versions 6.5.1 and 7 are affected.
Ref: http://www.securityfocus.com/archive/1/490846
______________________________________________________________________

08.16.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Cezanne Software "CFLogon.asp" Cross-Site Scripting
Description: Cezanne Software is a suite of ASP-based human resources
and management applications. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "SleUserName" POST parameter of the
"/CFLogon/CFLogon.asp" script. Cezanne versions 6.5.1 and 7 are
affected.
Ref: http://www.securityfocus.com/archive/1/490842
______________________________________________________________________

08.16.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WORK system e-commerce "main.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: WORK system e-commerce is a PHP-based content manager.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input to the "day", "month"
and "year" parameters of the "module/main.php" script. WORK system
e-commerce version 4.0.9 is affected.
Ref: http://www.securityfocus.com/bid/28785/references
______________________________________________________________________

08.16.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: amfphp Multiple Cross-Site Scripting Vulnerabilities
Description: amfphp is a PHP implementation of the Action Messaging
format (AMF). The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input. amfphp version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/28789
______________________________________________________________________

08.16.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pligg "editlink.php" SQL Injection
Description: Pligg is a content management application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"editlink.php" script before using it in an SQL query. Pligg version
9.9.0 is affected.
Ref: http://www.securityfocus.com/bid/28681
______________________________________________________________________

08.16.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Avaya SIP Enablement Services and Communications Manager
Multiple SQL Injection Vulnerabilities
Description: Avaya SIP Enablement Services (SES) is a suite of tools
used to provide SIP (Session Initiation Protocol) services within the
enterprise. Communications Manager is the IP Telephony Platform that
SES runs on. The application's web interface is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data to unspecified parameters before using it in SQL
queries.
Ref:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,25/_cursor,10/_total,12/tableid,1/
______________________________________________________________________

08.16.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pragmatic Utopia PU Arcade "gid" Parameter SQL Injection
Description: PU Arcade is an arcade component for the Joomla! content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "gid"
parameter of the "puarcade.class.php" source code file. PU Arcade
version 2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/490626
______________________________________________________________________

08.16.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress "wp-comments-post.php" Multiple SQL Injection
Vulnerabilities
Description: WordPress is a freely available application for personal
publishing. The application is exposed to multiple SQL injection
issues because the application fails to sufficiently sanitize
user-supplied input before using it in an SQL query. These issues
affect the "author" and "url" parameters of the "wp-comments-post.php"
script. WordPress version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/28703
______________________________________________________________________

08.16.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SuperNET Shop Multiple SQL Injection Vulnerabilities
Description: SuperNET Shop is an ASP-based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. SuperNET Shop
version 1 is affected.
Ref: http://www.securityfocus.com/bid/28709
______________________________________________________________________

08.16.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Koobi Pro "galid" Parameter Multiple SQL Injection
Vulnerabilities
Description: Koobi Pro is a web-based message board implemented in
PHP. The application is exposed to two SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "galid"
parameter in two gallery modules before using it in SQL queries. Koobi
Pro version 6.25 is affected.
Ref: http://www.securityfocus.com/bid/28710
______________________________________________________________________

08.16.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Koobi "img_id" Parameter SQL Injection
Description: Koobi is a web-based message board. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "img_id" parameter of the
"index.php" script when the "p" parameter is set to "gallery". Koobi
versions 4.4 and 5.4 are affected.
Ref: http://www.securityfocus.com/bid/28711
______________________________________________________________________

08.16.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyKnowledgeQuest KnowledgeQuest Multiple SQL Injection
Vulnerabilities
Description: MyKnowledgeQuest KnowledgeQuest is a web-based knowledge
management application. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied input to the following parameters and scripts before
using it in an SQL query: the "kqid" parameter of the
"articletext.php" script and the "username" and "password" POST
parameters of the "logincheck.php" script. KnowledgeQuest version 2.6
is affected.
Ref: http://www.securityfocus.com/bid/28713
______________________________________________________________________

08.16.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyKnowledgeQuest KnowledgeQuest "articletextonly.php" Script
SQL Injection
Description: MyKnowledgeQuest KnowledgeQuest is a web-based knowledge
management application implemented in PHP. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "kqid" parameter of the
"articletextonly.php" script before using it in an SQL query.
KnowledgeQuest version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/28716
______________________________________________________________________

08.16.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LiveCart "id" Parameter SQL Injection
Description: LiveCart is a PHP-based shopping application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"category" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28723
______________________________________________________________________

08.16.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RS MAXSOFT "popup_img.php" SQL Injection
Description: RS MAXSOFT is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "fotoID" parameter of the
"modules/fotogalerie/popup_img.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28735
______________________________________________________________________

08.16.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: W2B phpHotResources "cat.php" SQL Injection
Description: W2B phpHotResources is a PHP based directory for web
programming resources. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "kind" parameter of the "cat.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/490746
______________________________________________________________________

08.16.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KwsPHP ConcoursPhoto Module "C_ID" Parameter SQL Injection
Description: KwsPHP is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "C_ID" parameter of the
"ConcoursPhoto" module before using it in an SQL query. ConcoursPhoto
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/28738
______________________________________________________________________

08.16.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPKB "comment.php" SQL Injection
Description: PHPKB is a knowledgebase application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "ID" parameter of the "comment.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28739
______________________________________________________________________

08.16.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpAddressBook "view.php" SQL Injection
Description: phpAddressBook is an address book application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"view.php" script. phpAddressBook version 2.11 is affected.
Ref: http://www.securityfocus.com/bid/28750
______________________________________________________________________

08.16.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: osCommerce Poll Booth Add-On "pollbooth.php" SQL Injection
Description: Poll Booth is an add-on to osCommerce that adds a polling
booth box. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"pollID" parameter of the "pollbooth.php" script. Poll Booth v2.0 is
affected.
Ref: http://www.securityfocus.com/bid/28752
______________________________________________________________________

08.16.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mumbo Jumbo Media OP4 "id" Parameter SQL Injection
Description: Mumbo Jumbo Media OP4 is a content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28763
______________________________________________________________________

08.16.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Coppermine Photo Gallery "upload.php" SQL Injection
Description: Coppermine Photo Gallery is a web-based photo gallery
application. The application is exposed to an SQL injection issue
affecting MIME media types from remote HTTP servers when uploading
URIs through the "upload.php" script. Coppermine Photo Gallery
versions prior to 1.4.17 are affected.
Ref: http://forum.coppermine-gallery.net/index.php/topic,51787,0.html
______________________________________________________________________

08.16.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Coppermine Photo Gallery "bridge/coppermine.inc.php" SQL
Injection
Description: Coppermine Photo Gallery is a web-based photo gallery
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to an
unspecified cookie parameter of the "bridge/coppermine.inc.php"
script. Coppermine Photo Gallery versions prior to 1.4.18 are
affected.
Ref: http://forum.coppermine-gallery.net/index.php/topic,51882.0.html
______________________________________________________________________

08.16.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BosClassifieds "index.php" SQL Injection
Description: BosClassifieds is a classified ad application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "cat" parameter of
the "index.php" script before using it in an SQL query. BosClassifieds
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/28760
______________________________________________________________________

08.16.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SmallBiz 4 Seasons "content.php" SQL Injection
Description: SmallBiz 4 Seasons is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"content.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28769
______________________________________________________________________

08.16.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eShop CMS "index.php" SQL Injection
Description: eShop CMS is a content management system. The application
is exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28771
______________________________________________________________________

08.16.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Cezanne Software "FUNID" Parameter Multiple SQL Injection
Vulnerabilities
Description: Cezanne Software is a suite of ASP-based human resources
and management applications. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data to the "FUNID" parameter of the "CFLookup.asp" and
"/CznCommon/CznCustomContainer.asp" scripts before using it in an SQL
query. Cezanne version 7 is affected.
Ref: http://www.securityfocus.com/archive/1/490843
______________________________________________________________________

08.16.71 CVE: Not Available Platform: Web Application - SQL Injection
Title: DevWorx BlogWorx "view.asp" SQL Injection Description: BlogWorx
is a weblog application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "view.asp" script before using it in an SQL
query. BlogWorx version 1.0 is affected. Ref:
http://www.securityfocus.com/bid/28776
______________________________________________________________________

08.16.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BosDev BosNews "index.php" SQL Injection
Description: BosNews is a web-news application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied input to the "cat" parameter of the "index.php"
script before using it in an SQL query. BosNews version 4.0 is
affected.
Ref: http://www.securityfocus.com/bid/28778
______________________________________________________________________

08.16.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Koobi Pro "poll_id" Parameter SQL Injection
Description: Koobi Pro is a web-based message board. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "poll_id" parameter of the
"index.php" script before using it in an SQL query. Koobi Pro version
6.25 is affected.
Ref: http://www.securityfocus.com/bid/28779
______________________________________________________________________

08.16.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Classifieds Caffe "cat_id" Parameter SQL Injection
Description: Classifieds Caffe is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "index.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/5450
______________________________________________________________________

08.16.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LASERnet CMS "new" Parameter SQL Injection
Description: LASERnet CMS is a content management application for web
sites and personal web pages. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "new" parameter of the "index.php" script
before using it in an SQL query. LASERnet CMS version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/28804
______________________________________________________________________

08.16.76 CVE: Not Available
Platform: Web Application
Title: Avaya Communication Manager Web Interface Multiple Input
Validation Vulnerabilities
Description: Avaya Communication Manager is a messaging application.
The application is exposed to multiple input validation issues
occurring in the web administration interface. These issues occur
because the application fails to sufficiently sanitize user-supplied
input. Avaya Communication Manager versions 3.1.x and 4.x are
affected.
Ref: http://support.avaya.com/elmodocs2/security/ASA-2008-148.htm
______________________________________________________________________

08.16.77 CVE: Not Available
Platform: Web Application
Title: phpTournois Avatar Arbitrary File Upload
Description: phpTournois is a web-based tournament management
application. The application is exposed to an issue that lets an attacker
upload and execute arbitrary code in the context of the affected
web server process. This issue occurs because the application fails to
sufficiently sanitize user-supplied data via the "avatar"
functionality. phpTournois version G4 is affected.
Ref: http://www.securityfocus.com/bid/28685/info
______________________________________________________________________

08.16.78 CVE: Not Available
Platform: Web Application
Title: ExBB "exbb[default_lang]" Parameter Local File Include
Vulnerability
Description: ExBB is a web-based bulletin board application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "exbb[default_lang]"
parameter of the "threadstop.php" script. ExBB version 0.22 is
affected.
Ref: http://www.securityfocus.com/bid/28686
______________________________________________________________________

08.16.79 CVE: Not Available
Platform: Web Application
Title: Avaya SIP Enablement Services (SES) Server Multiple Input
Validation Vulnerabilities
Description: Avaya SIP Enablement Services (SES) allows Avaya
Communication Manager to utilize the SIP protocol. SES is exposed to
multiple input validation issues.
Ref: http://www.voipshield.com/component/option,com_fabrik/Itemid,203/
task,viewTableRowDetails/fabrik,1/rowid,23/_cursor,8/_total,12/tableid,1/
______________________________________________________________________

08.16.80 CVE: Not Available
Platform: Web Application
Title: Microsoft SharePoint Server Picture Source HTML Injection
Description: Microsoft SharePoint Server is an integrated server
application providing content management and search capabilities. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Microsoft SharePoint Server version 2.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/490624
______________________________________________________________________

08.16.81 CVE: Not Available
Platform: Web Application
Title: phpBB Fishing Cat Portal Addon "functions_portal.php" Remote
File Include
Description: Fishing Cat Portal Addon is a plug-in module for phpBB.
The component is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the
"phpbb_root_path" parameter of the "/includes/functions_portal.php"
script.
Ref: http://www.securityfocus.com/bid/28708
______________________________________________________________________

08.16.82 CVE: Not Available
Platform: Web Application
Title: Drupal Menu System Security Bypass Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The application is exposed to
multiple security bypass issues because the application fails to
properly control access to some pages. Drupal 6 versions prior to 6.2
are affected.
Ref: http://drupal.org/node/244637
______________________________________________________________________

08.16.83 CVE: Not Available
Platform: Web Application
Title: Python zlib Module Remote Buffer Overflow
Description: Python zlib module is a library that provides support for
"zlib" compression. The library is exposed to a remote buffer overflow
issue due to an error in the "Modules/zlibmodule.c" file. Python
version 2.5.2 is affected.
Ref: http://www.securityfocus.com/archive/1/490690
______________________________________________________________________

08.16.84 CVE: Not Available
Platform: Web Application
Title: ARWScripts Gallery Script Lite "download.html" File Disclosure
Description: ARWScripts Gallery Script Lite is a free web-based photo
gallery. The application is exposed to a file disclosure issue because
it fails to properly sanitize user-supplied input to the "path"
parameter of the "download.html" script.
Ref: http://www.securityfocus.com/bid/28718
______________________________________________________________________

08.16.85 CVE: Not Available
Platform: Web Application
Title: KSEMAIL "index.php" Multiple Local File Include Vulnerabilities
Description: KSEMAIL is an email server for Windows and Unix-like
platforms. The application is exposed to multiple local file include
issues because it fails to properly sanitize user-supplied input to
the "lang" and "language" parameters of the
"prog/index.php" script.
Ref: http://www.securityfocus.com/bid/28724
______________________________________________________________________

08.16.86 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo joomlaXplorer Component Multiple Input
Validation Vulnerabilities
Description: joomlaXplorer is a file management component for the
Joomla! and Mambo content managers. The application is exposed to
multiple input validation issues because it fails to sufficiently
sanitize user-supplied input. joomlaXplorer version 1.6.0 is affected.
Ref: http://www.securityfocus.com/bid/28746
______________________________________________________________________

08.16.87 CVE: Not Available
Platform: Web Application
Title: NewsOffice "news_show.php" Remote File Include
Description: NewsOffice is an online news application. The application
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the
"newsoffice_directory" parameter of the "news_show.php" script.
NewsOffice version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28748
______________________________________________________________________

08.16.88 CVE: Not Available
Platform: Web Application
Title: CcMail Cookie Security Bypass
Description: CcMail is a web-based mailing list manager application.
The application is exposed to a security bypass issue because it fails
to properly validate user credentials before allowing access to the
admin area. CcMail versions 1.0.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/28751
______________________________________________________________________

08.16.89 CVE: Not Available
Platform: Web Application
Title: cpCommerce Multiple Input Validation Vulnerabilities
Description: cpCommerce is a web-based ecommerce application. The
application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied data. cpCommerce version 1.1.0 is
affected.
Ref: http://www.securityfocus.com/bid/28755
______________________________________________________________________

08.16.90 CVE: Not Available
Platform: Web Application
Title: XT-News Multiple Administrative Scripts Authentication Bypass
Vulnerabilities
Description: XT-News is a PHP-based news script. The application is
exposed to multiple authentication bypass issues because it fails to
perform adequate authentication checks. XT-News version 0.1 is
affected.
Ref: http://www.securityfocus.com/bid/28761
______________________________________________________________________

08.16.91 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo eXtplorer Component "dir" Parameter Directory
Traversal
Description: eXtplorer is a file management component for the Joomla!
and Mambo content managers. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the "dir" parameter of the "com_extplorer"
component. eXtplorer version 2.0.0 RC2 is affected.
Ref: http://www.securityfocus.com/bid/28764
______________________________________________________________________

08.16.92 CVE: CVE-2008-1382
Platform: Web Application
Title: Libpng Library Unknown Chunk Handler
Description: The "libpng" library is a PNG reference library. The
application is exposed to an issue due to its inability to properly
handle unexpected chunk data in PNG files. This issue occurs when the
library is compiled with the PNG_READ_UNKNOWN_CHUNKS_SUPPORTED or
PNG_READ_USER_CHUNKS_SUPPORTED options enabled. Libpng versions 1.0.6
through to 1.0.32, 1.2.0 through 1.2.26 and 1.4.0beta01 through
1.4.0beta19 are affected.
Ref: http://libpng.sourceforge.net/Advisory-1.2.26.txt
______________________________________________________________________

08.16.93 CVE: Not Available
Platform: Web Application
Title: Dotclear "ecrire/images.php" Arbitrary File Upload
Description: Dotclear is a blog application. The application is
exposed to an issue that lets an attacker upload and execute arbitrary
script code in the context of the affected web server process because
the application fails to sufficiently sanitize user-supplied input.
Dotclear version 1.2.7.1 is affected.
Ref: http://www.securityfocus.com/bid/28787
______________________________________________________________________

08.16.94 CVE: Not Available
Platform: Web Application
Title: KwsPHP Eskuel Module Arbitrary File Upload
Description: KwsPHP is a PHP-based content manager. The Eskuel module
of KwsPHP is exposed to an issue that lets remote attackers upload and
execute arbitrary code because it fails to properly sanitize
user-supplied input to the "action" parameter of the "eskuel/help.php"
script. KwsPHP version 1.3.456 is affected.
Ref: http://www.securityfocus.com/archive/1/490861
______________________________________________________________________

08.16.95 CVE: CVE-2008-1766
Platform: Web Application
Title: phpBB Memberlist Search and Private Message Attachment Multiple
Security Bypass Vulnerabilities
Description: phpBB is a PHP-based content manager and bulletin board
application. The application is exposed to two issues that can be
leveraged to bypass security restrictions. phpBB version 3.0.0 is
affected.
Ref: http://www.phpbb.com/community/viewtopic.php?f=14&t=879735
______________________________________________________________________

08.16.96 CVE: Not Available
Platform: Web Application
Title: BosDev BosNews "/admin/index.php" Authentication Bypass
Description: BosDev BosNews is a web-based news application. The
application is exposed to an authentication bypass issue because it
fails to restrict access to certain scripts. This issue affects the
"/admin/index.php" script when handling a certain argument passed via
the "action" parameter. BosNews version 4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/490862
______________________________________________________________________

08.16.97 CVE: Not Available
Platform: Web Application
Title: Gallarific Cross-Site Scripting, HTML Injection and Backdoor
Vulnerabilities
Description: Gallarific is a web-gallery application. The application
is exposed to multiple remote issues. Free versions of Gallarific are
affected.
Ref:
http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0398.html
______________________________________________________________________

08.16.98 CVE: Not Available
Platform: Web Application
Title: W2B Online Banking "ilang" Parameter Remote File Include
Description: W2B Online Banking is a web-based banking application.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the "ilang"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/490888
______________________________________________________________________

08.16.99 CVE: Not Available
Platform: Web Application
Title: Istant-Replay "read.php" Remote File Include
Description: Istant-Replay is a web-based application implemented in
PHP. The application is exposed to a remote file include issue because
it fails to sufficiently sanitize user-supplied input to the "data"
parameter of the "read.php" script.
Ref: http://www.securityfocus.com/archive/1/490901
______________________________________________________________________

08.16.100 CVE: Not Available
Platform: Web Application
Title: LightNEasy Multiple Input Validation Vulnerabilities
Description: LightNEasy is a web-based content manager application.
The application is exposed to multiple issues because it fails to
sufficiently sanitize user-supplied data. LightNEasy versions 1.2.2
and earlier are affected.
Ref: http://www.securityfocus.com/bid/28801
______________________________________________________________________

08.16.101 CVE: Not Available
Platform: Network Device
Title: Cisco Unified Communication Manager Multiple Vulnerabilities
Description: Cisco Unified Communications Manager (CUCM) is a software
based call processing component of the Cisco IP telephony solution.
The application was formerly named Unified CallManager. The
application is exposed to multiple issues.
Ref:
http://www.voipshield.com/component/option,com_fabrik/Itemid,203/task,viewTableRowDetails/fabrik,1/rowid,49/_cursor,36/_total,44/tableid,1/
______________________________________________________________________

08.16.102 CVE: Not Available
Platform: Network Device
Title: Wayport CyberCenter Express Authentication Bypass
Description: Wayport CyberCenter Express devices are public access
computers. They are designed to allow pay-per-use Internet access for
the public. The application is exposed to an authentication bypass
issue.
Ref: http://www.securityfocus.com/archive/1/490565
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkgH+jYACgkQ+LUG5KFpTkZxYwCfakPs20rJtBfckCAgqJ00BAtG
p4kAn03phYnv/CXTWAztbzrEa9i6xx8N
=EUrf
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]