NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> current

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 18

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Thu May 01 2008 - 19:13:54 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A breather this week - only Castle Rock Computing users have an
immediate security action to take. Novell has not yet confirmed the
critical vulnerability in its GroupWise product.
Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
May 1, 2008 Vol. 7. Week 18
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 12 (#1, #2, #3, #4, #5, #7, #9)
Linux 2
Novell 1
Cross Platform 15 (#6, #8)
Web Application - Cross Site Scripting 12
Web Application - SQL Injection 15
Web Application 19

********************** Sponsored By Rapid7 Inc. ************************

If developers could produce completely secure Web applications 100% of
the time, there would be no vulnerabilities in software. Unfortunately,
Web 2.0 and Web applications contain many vulnerabilities. Find out what
you need to secure Web 2.0 and Web applications.

http://www.sans.org/info/28453
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
      with many bonus sessions and a big exhibition of security products:
      http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21)
      http://www.sans.org/secureeurope08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Castle Rock Computing SNMPc Buffer Overflow
(2) CRITICAL: Novell GroupWise "mailto:" Handling Buffer Overflow
(3) HIGH: Trillian Crafted Name Buffer Overflow
(4) HIGH: HP HpeDiag ActiveX Control Multiple Vulnerabilities
(5) HIGH: Akamai Download Manager ActiveX Control Remote Code Execution
(6) HIGH: KDE KHTML PNG Handling Buffer Overflow
(7) HIGH: IBM Lotus Expeditor Arbitrary Command Execution
(8) MODERATE: Sun Java System Directory Server Authentication Bypass
(9) MODERATE: Apple QuickTime Undisclosed Remote Code Execution
Other
(10) CORRECTION

*************************** SANS Europe 2008 ************************
If you live in the US and missed all 4 chances to attend Ed Skoudis'
extraordinary new Penetration Testing and Ethical Hacking course,
(because they were all sold out in less than two weeks), we are running
it again at SANS Europe in Amsterdam June 16-21. It's a great excuse
to take your family to Europe this summer. And if you want to attend
Intrusion Detection, Hacker Exploits, Security Essentials, Firewalls and
Perimeter Protection, Auditing, Pen Testing Wireless, Securing Windows
or other popular SANS courses, they are spread out over Amsterdam,
Brussels and London 3 wonderful cities to visit wherever you live in
the world.
www.sans.org/SecureEurope08
************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
08.18.1 - National Rail Enquiries Live Departure Boards Gadget Remote Script Code Execution
08.18.2 - Realtek HD Audio Codec Drivers for Windows Vista Multiple Local Privilege Escalation Vulnerabilities
08.18.3 - Flip4Mac WMV File Handling Unspecified Security Issue
08.18.4 - Trillian Overly Long Nickname Remote Denial of Service
08.18.5 - HP HPeDiag ActiveX Control Multiple Information Disclosure and Remote Code Execution Vulnerabilities
08.18.6 - Kantaris SSA Subtitle File Remote Buffer Overflow
08.18.7 - Watchfire AppScan ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
08.18.8 - HP Software Update "Hpufunction.dll" ActiveX Control Insecure Method Vulnerabilities
08.18.9 - Lhaplus ZOO Archive Processing Remote Buffer Overflow
08.18.10 - BitDefender Antivirus 2008 Hooked SSDT Denial of Service
08.18.11 - Rising Antivirus SSDT "NtOpenProcess()" Hook Local Denial of Service
08.18.12 - VicFTPS "LIST" Command Remote Denial of Service
-- Linux
08.18.13 - util-linux-ng "login" Remote Log Injection Weakness
08.18.14 - Linux Terminal Server Project "ldm" Information Disclosure
-- Novell
08.18.15 - Novell GroupWise "mailto" URI Handler Buffer Overflow
-- Cross Platform
08.18.16 - Blender Unspecified Insecure Temporary File Creation
08.18.17 - Asterisk IAX2 Packet Amplification Remote Denial of Service
08.18.18 - VLC Media Player MP4 Demuxer Buffer Overflow
08.18.19 - VLC Media Player Cinepak Codec Buffer Overflow
08.18.20 - xine-lib NES Sound Format Demuxer "copyright" Buffer Overflow
08.18.21 - IBM Lotus Expeditor URI Handler Command Execution
08.18.22 - Computer Associates ARCserve Backup Discovery Service Remote Denial of Service
08.18.23 - Perl Unicode "Q...E" Quoting Construct Regular Expression Buffer Overflow
08.18.24 - PeerCast "getAuthUserPass" Multiple Buffer Overflow Vulnerabilities
08.18.25 - KDE "start_kdeinit" Multiple Local Privilege Escalation Vulnerabilities
08.18.26 - Sun Java System Directory Proxy Server Remote Unauthorized Access
08.18.27 - E-Post MailServer Remote Information Disclosure
08.18.28 - Sophos Anti-Virus SSDT Hooks Local Denial of Service
08.18.29 - Apple QuickTime Unspecified Remote Code Execution
08.18.30 - Acritum Femitter Server "RETR" Command Remote Denial of Service
-- Web Application - Cross Site Scripting
08.18.31 - Magnolia Enterprise Edition Sitedesigner module "query" Parameter Cross-Site Scripting
08.18.32 - Horde Webmail "addevent.php" Cross-Site Scripting
08.18.33 - F5 Networks FirePass 4100 SSL VPN "installControl.php3" Cross-Site Scripting
08.18.34 - Drupal Ubercart Module Multiple HTML Injection Vulnerabilities
08.18.35 - e107 CMS Multiple Cross-Site Scripting Vulnerabilities
08.18.36 - Digital Hive "base.php" Parameter Cross-Site Scripting
08.18.37 - Pixel Motion Blog "list_article.php" Cross-Site Scripting
08.18.38 - PHCDownload Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.18.39 - SiteXS CMS "adm/index.php" Cross-Site Scripting
08.18.40 - Siteman "module" Parameter Cross-Site Scripting and Local File Include
08.18.41 - miniBB "bb_admin.php" Cross-Site Scripting
08.18.42 - Multiple Bluemoon inc. Modules for XOOPS Unspecified Cross-Site Scripting Vulnerabilities
-- Web Application - SQL Injection
08.18.43 - PostNuke PostSchedule Component "eid" Parameter SQL Injection
08.18.44 - E RESERV "ID_loc" Parameter SQL Injection
08.18.45 - Joomla! and Mambo Filiale Component "idFiliale" Parameter SQL Injection
08.18.46 - Joomla! and Mambo Community Builder "com_profiler" Component SQL Injection
08.18.47 - Web Calendar Pro "one_day.php" SQL Injection
08.18.48 - Joomla! and Mambo Jpad Component "cid" Parameter SQL Injection
08.18.49 - PHP Forge "id" Parameter SQL Injection
08.18.50 - RunCMS MyArticles module "topic_id" Parameter SQL Injection
08.18.51 - ODFaq "index.php" SQL Injection
08.18.52 - Jokes Site Script "categorie" Parameter SQL Injection
08.18.53 - FluentCMS "view.php" SQL Injection
08.18.54 - Prozilla Hosting Index "directory.php" SQL Injection
08.18.55 - Softbiz Web Host Directory Script "search_result.php" SQL Injection
08.18.56 - Wordpress Download Monitor Plugin "id" Parameter SQL Injection
08.18.57 - Joovili "category" Parameter SQL Injection
-- Web Application
08.18.58 - WordPress Cookie Integrity Protection Unauthorized Access
08.18.59 - phpMyAdmin Shared Host Remote Information Disclosure
08.18.60 - RSA Authentication Agent for Web URI Redirection
08.18.61 - PHP-Nuke DownloadsPlus Module Arbitrary File Upload
08.18.62 - miniBB Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.18.63 - Imager Image-based Fill Heap Buffer Overflow
08.18.64 - SugarCRM Community Edition RSS Module Information Disclosure
08.18.65 - e107 CMS "submitnews.php" Multiple HTML Injection Vulnerabilities
08.18.66 - LokiCMS "admin.php" Arbitrary File Deletion
08.18.67 - KDE KHTML PNGLoader Heap Buffer Overflow
08.18.68 - Joomla Visites Component mosConfig_absolute_path Remote File Include
08.18.69 - Novell GroupWise HTML Injection and Denial of Service Vulnerabilities
08.18.70 - Angelo-Emlak Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.18.71 - PHPizabi "template.class.php" Remote Information Disclosure
08.18.72 - PHPG Upload "form_upload.php" Arbitrary File Upload
08.18.73 - Content Management System for Phprojekt "graphie.php" Local File Include
08.18.74 - MegaBBS Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.18.75 - ZoneMinder Multiple Unspecified Remote Code Execution Vulnerabilities
08.18.76 - PhpGedView Unspecified Remote Vulnerability

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Castle Rock Computing SNMPc Buffer Overflow
Affected:
Castle Rock Computing SNMPc versions 7.1 and prior

Description: SNMPc is a popular enterprise and workgroup monitoring and
management solution from Castle Rock Computing. It uses the Simple
Network Management Protocol (SNMP) for large portions of its
functionality. SNMP supports various authentication mechanisms,
including the concept of a "community" name. When used, this name is
included in all requests, and provides a simple authentication
mechanism. SNMPc contains a buffer overflow in its processing of certain
SNMP TRAP messages. A specially crafted TRAP message containing an
overlong community string could trigger this buffer overflow.
Successfully exploiting this vulnerability would allow an attacker to
execute arbitrary code with the privileges of the vulnerable process
(usually LocalSystem). Technical details for this vulnerability are
publicly available.

Status: Vendor confirmed, updates available.

References:
Next Generation Security Software Security Advisory
http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/
Product Home Page
http://www.castlerock.com/products/snmpc/default.php
Wikipedia Article on SNMP
http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/28990

********************************************************

(2) CRITICAL: Novell GroupWise "mailto:" Handling Buffer Overflow
Affected:
Novell GroupWise versions 7.0 and prior

Description: Novell GroupWise is a popular mail and groupware
application. It contains a flaw in its handling of "mailto:" URLs. These
URLs are usually embedded in web pages and other documents and allow
users to send email to specified addresses when the URL is accessed. If
Novell GroupWise is the user's default mail client, a specially crafted
mailto URL could trigger a buffer overflow in the application.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the current user. No user
interaction other than viewing a malicious web page is necessary for
exploitation. Full technical details and a proof-of-concept are publicly
available for this vulnerability.

Status: Novell has not confirmed, no updates available.

References:
Advisory from Juan Pablo Lopez Yacubian (contains proof-of-concept)
http://www.securityfocus.com/archive/1/491376
Product Home Page
http://www.novell.com/products/groupwise/
SecurityFocus BID
http://www.securityfocus.com/bid/28969

********************************************************

(3) HIGH: Trillian Crafted Name Buffer Overflow
Affected:
Trillian 3.1 and prior

Description: Trillian is a popular multi-protocol instant messaging
client from Cerulean Studios. It contains a flaw in its handling of
remote messages. A specially crafted message sent via the MSN instant
messaging network containing an overlong nickname field could trigger
this flaw, leading to a buffer overflow. It is believed, but not
confirmed, that successfully exploiting this overflow would allow an
attacker to execute arbitrary code with the privileges of the current
user. Full technical details and a simple proof-of-concept for this
vulnerability are publicly available.

Status: Cerulean Studios has not confirmed, no updates available.

References:
Post by Juan Pablo Lopez Yucubian
http://www.securityfocus.com/archive/1/491281
Vendor Home Page
http://www.ceruleanstudios.com/
SecurityFocus BID
http://www.securityfocus.com/bid/28925

********************************************************

(4) HIGH: HP HpeDiag ActiveX Control Multiple Vulnerabilities
Affected:
HP HPeDiag ActiveX Controls

Description: The HP HPeDiag ActiveX control is installed as part of the
Microsoft Windows software suite for various HP LaserJet printers. This
control contains multiple vulnerabilities, including multiple insecure
methods and a buffer overflow. A malicious web page that instantiated
this control could exploit one of these vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current
user. Technical details for these vulnerabilities are publicly
available.

Status: HP confirmed, updates available. Users can mitigate the impact
of this vulnerability by disabling the affected controls via Microsoft's
"kill bit" mechanism. CLSIDs for the affected control are available in
HP's advisory, referenced below.

References:
Vuln.sg Advisory
http://vuln.sg/hpupdate302991-en.html
Secunia Advisory
http://secunia.com/advisories/29966/
HP Security Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01439758
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28929

********************************************************

(5) HIGH: Akamai Download Manager ActiveX Control Remote Code Execution
Affected:
Akamai Download Manager ActiveX control versions prior to 2.2.3.5

Description: The Akamai Download Manager is a popular application to
assist with downloads. Part of its functionality is provided by an
ActiveX control. This control contains a remote code execution
vulnerability. A specially crafted web page that instantiates this
control could trigger this vulnerability, allowing an attacker to
execute arbitrary code with the privileges of the current user.

Status: Akamai confirmed, updates available.

References:
Vendor Home Page
http://www.akamai.com/
SecurityFocus BID
http://www.securityfocus.com/bid/28993

********************************************************

(6) HIGH: KDE KHTML PNG Handling Buffer Overflow
Affected:
KDE versions 4.0.3 and prior

Description: KDE, the K Desktop Environment, is a popular cross-platform
desktop environment. Its HTML parsing and rendering engine, KHTML,
contains a flaw in its handling of Portable Network Graphics (PNG)
files. A specially crafted PNG file could trigger this flaw, leading to
a buffer overflow vulnerability. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. Full technical details for this
vulnerability are publicly available via source code analysis. KDE is
the default desktop environment for a number of Linux distributions.
Apple's Safari web browser uses a large amount of KHTML code, but it is
unknown if Safari is affected.

Status: KDE confirmed, updates available.

References:
KDE Security Advisory
http://www.kde.org/info/security/advisory-20080426-1.txt
KDE Home Page
http://www.kde.org
Wikipedia Article on PNG
http://en.wikipedia.org/wiki/Portable_Network_Graphics
SecurityFocus BID
http://www.securityfocus.com/bid/28937

********************************************************

(7) HIGH: IBM Lotus Expeditor Arbitrary Command Execution
Affected:
IBM Lotus Expeditor versions 6.1 and prior on Microsoft Windows

Description: IBM Lotus Expeditor is a popular enterprise desktop
integration framework. It contains a flaw in its handling of "cal:"
URLs. If Expeditor is configured to be the default handler for these
URLs, users can be exposed to this vulnerability. A specially crafted
web page containing a "cal:" URL could trigger this vulnerability,
allowing an attacker to execute arbitrary commands with the privileges
of the current user. Technical details and a proof-of-concept are
publicly available for this vulnerability.

Status: IBM confirmed, updates available.

References:
Posting by Thomas Pollet (includes proof-of-concept)
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061750.html
IBM Security Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21303813
Product Home Page
http://www-306.ibm.com/software/lotus/products/expeditor/
SecurityFocus BID
http://www.securityfocus.com/bid/28926

********************************************************

(8) MODERATE: Sun Java System Directory Server Authentication Bypass
Affected:
Sun Java System Directory Server versions 6.2 and prior

Description: Sun Java System Directory Server is an enterprise
Lightweight Directory Access Protocol (LDAP) server. It contains a flaw
in its handling of user authentication requests. A specially crafted
request could bypass authentication, allowing arbitrary users to log in
to the system with administrative privileges. The exact nature of the
vulnerability is currently unknown; few technical details are publicly
available.

Status: Sun confirmed, updates available.

References:
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-235381-1
Product Home Page
http://www.sun.com/software/products/directory_srvr_ee/dir_srvr/index.xml
Wikipedia Article on LDAP
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
SecurityFocus BID
http://www.securityfocus.com/bid/28941

********************************************************

(9) MODERATE: Apple QuickTime Undisclosed Remote Code Execution
Affected:
Apple QuickTime for Microsoft Windows

Description: QuickTime is Apple's streaming media framework for
Microsoft Windows and Apple Mac OS X. The Windows version is reported
to contain a flaw in its handling of user input; a specially crafted
data stream could trigger this flaw and allow an attacker to execute
arbitrary code with the privileges of the current user. A
proof-of-concept reportedly exists in the hands of the discoverer; it
is unknown if the proof-of-concept is more widely available. Very few
technical details are publicly available for this issue.

Status: Apple has not confirmed, no updates available.

References:
Gnucitizen Blog Post (includes a video demonstrating the proof-of-concept)
http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/
Product Home Page
http://www.apple.com/quicktime/
SecurityFocus BID
http://www.securityfocus.com/bid/28959

********************************************************

******
Other
******
(10) CORRECTION: In last week's edition of RISK, the entry discussing
a vulnerability in the Microsoft Windows driver for Intel Centrino
wireless network cards was inaccurate. This entry was to note that a
new, working, and publicly available exploit had been released for the
popular Metasploit framework for this vulnerability. The issue itself
had been addressed by Intel when it was originally discovered in 2007.
We regret the confusion.

References:
Previous RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=7&i=17#widely1

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 18, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.18.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: National Rail Enquiries Live Departure Boards Gadget Remote
Script Code Execution
Description: National Rail Enquiries Live Departure Boards Gadget is a
railroad departure application for use on the Microsoft Windows Vista
"Windows Sidebar" application. The application is exposed to an issue
that lets remote attackers execute arbitrary script code because the
application fails to properly sanitize user-supplied input. National
Rail Enquiries Live Departure Boards Gadget versions prior to 1.1 are
affected.
Ref: http://www.mwrinfosecurity.com/news/1690.html
______________________________________________________________________

08.18.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Realtek HD Audio Codec Drivers for Windows Vista Multiple Local
Privilege Escalation Vulnerabilities
Description: Realtek HD Audio Codec Drivers for Windows Vista are
exposed to multiple local privilege escalation issues. Internal routines
allow user-mode applications to create or modify arbitrary registry keys
from a specially-crafted IOCTL request. Additionally, the drivers fail
to sufficiently validate user-mode buffers, which can allow memory
overwrites because of integer overflows. RTKVHDA.sys file versions prior
to 6.0.1.5605 (32-bit) and RTKVHDA64.sys file versions prior to
6.0.1.5605 (64-bit) are affected.
Ref: http://www.securityfocus.com/archive/1/491249
______________________________________________________________________

08.18.3 CVE: CVE-2007-6713
Platform: Third Party Windows Apps
Title: Flip4Mac WMV File Handling Unspecified Security Issue
Description: Flip4Mac WMV is a set of components for QuickTime that
add support for Windows Media files. The application is exposed to an
unspecified issue when processing specially-crafted WMV files.
Flip4Mac WMV versions prior to 2.2.0.49 are affected.
Ref: http://www.securityfocus.com/bid/28912
______________________________________________________________________

08.18.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Trillian Overly Long Nickname Remote Denial of Service
Description: Trillian is an instant messaging application. The
application is exposed to a remote denial of service issue because it
fails to sufficiently bounds check user-supplied data. Trillian
version 3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/491281
______________________________________________________________________

08.18.5 CVE: CVE-2008-0712
Platform: Third Party Windows Apps
Title: HP HPeDiag ActiveX Control Multiple Information Disclosure and
Remote Code Execution Vulnerabilities
Description: HPeDiag ActiveX is an ActiveX control used to aid in
web-based support. The application is exposed to multiple information
disclosure and remote code execution issues.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.18.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Kantaris SSA Subtitle File Remote Buffer Overflow
Description: Kantaris is a freely available media player available for
Microsoft Windows operating systems. The application is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input. The issue occurs when the application
handles SSA subtitle files that contain overly long subtitle
"Dialogue" data. Kantaris version 0.3.4 is affected.
Ref: http://www.securityfocus.com/bid/28939
______________________________________________________________________

08.18.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Watchfire AppScan ActiveX Control Multiple Arbitrary File
Overwrite Vulnerabilities
Description: Watchfire AppScan is web application security software.
The application is exposed to multiple issues that allow attackers
overwrite arbitrary files. Watchfire AppScan version 7.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.18.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP Software Update "Hpufunction.dll" ActiveX Control Insecure
Method Vulnerabilities
Description: HP Software Update application uses ActiveX controls to
update user computers. The application is exposed to multiple insecure
method issues which affect the ActiveX control "Hpufunction.dll".
Hpufunction.dll version 4.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.18.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Lhaplus ZOO Archive Processing Remote Buffer Overflow
Description: Lhaplus is a file compression utility for the Windows
platform. It handles most industry standard compression formats,
including b64(base64), bh, bz, cab, gz, lzh, tar, tbz, tgz, zip(jar),
uue, xxe, and exe. The application is exposed to an unspecified remote
buffer overflow issue because it fails to properly bounds check
user-supplied data before copying it to an insufficiently sized buffer
while processing ZOO archives. Lhaplus version 1.56 is affected.
Ref: http://www.securityfocus.com/bid/28953
______________________________________________________________________

08.18.10 CVE: CVE-2008-1735
Platform: Third Party Windows Apps
Title: BitDefender Antivirus 2008 Hooked SSDT Denial of Service
Description: BitDefender Antivirus 2008 is a security application for
Microsoft Windows operating platforms. The application is exposed to a
local denial of service issue because it fails to adequately bounds
check user-supplied data. BitDefender Antivirus 2008 Build version
11.0.11 is affected.
Ref: http://www.coresecurity.com/?action=item&id=2249
______________________________________________________________________

08.18.11 CVE: CVE-2008-1738
Platform: Third Party Windows Apps
Title: Rising Antivirus SSDT "NtOpenProcess()" Hook Local Denial of
Service
Description: Rising Antivirus is an antivirus application available
for multiple Microsoft Windows operating systems. The application is
exposed to a local denial of service issue. Rising Antivirus version
19.60.0.0 is affected.
Ref: http://www.coresecurity.com/?action=item&id=2249
______________________________________________________________________

08.18.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: VicFTPS "LIST" Command Remote Denial of Service
Description: VicFTPS is an FTP server available for Microsoft Windows.
The application is exposed to a remote denial of service issue due to
a NULL-pointer dereference. This issue occurs when handling specially
crafted "LIST" commands.
Ref: http://www.securityfocus.com/bid/28967
______________________________________________________________________

08.18.13 CVE: CVE-2008-1926
Platform: Linux
Title: util-linux-ng "login" Remote Log Injection Weakness
Description: The "util-linux-ng" package is a fork of the original
"util-linux" package. It contains a number of utilities for Linux
operating systems. The "login" utility in the "util-linux-ng" package
is exposed to a weakness that allows remote attackers to inject false
information into log files. This issue occurs because the utility
fails to properly sanitize user-supplied input. util-linux-ng versions
prior to 2.13.1.1 are affected.
Ref:
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commitdiff;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782
______________________________________________________________________

08.18.14 CVE: CVE-2008-1293
Platform: Linux
Title: Linux Terminal Server Project "ldm" Information Disclosure
Description: Linux Terminal Server Project (LTSP) adds thin-client
support to Linux servers; "ldm" is the LTSP X11 display manager. The
application is exposed to an information disclosure issue.
Ref: http://www.securityfocus.com/bid/28960
______________________________________________________________________

08.18.15 CVE: Not Available
Platform: Novell
Title: Novell GroupWise "mailto" URI Handler Buffer Overflow
Description: Novell GroupWise is a cross platform collaborative
software product. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. GroupWise version 7.0 is affected.
Ref: http://www.securityfocus.com/archive/1/491376
______________________________________________________________________

08.18.16 CVE: CVE-2008-1103
Platform: Cross Platform
Title: Blender Unspecified Insecure Temporary File Creation
Description: Blender is an open source suite for creating 3D content.
Blender creates temporary files in an insecure manner. Successfully
mounting a symlink attack may allow an attacker to delete or corrupt
sensitive files, which may result in a denial of service.
Ref: http://www.securityfocus.com/bid/28936
______________________________________________________________________

08.18.17 CVE: CVE-2008-1897
Platform: Cross Platform
Title: Asterisk IAX2 Packet Amplification Remote Denial of Service
Description: Asterisk is a private branch exchange (PBX) application.
The application is exposed to a remote denial of service issue due to
a flaw in the UDP-based IAX2 protocol.
Ref: http://bugs.digium.com/view.php?id=10078
______________________________________________________________________

08.18.18 CVE: CVE-2008-1768
Platform: Cross Platform
Title: VLC Media Player MP4 Demuxer Buffer Overflow
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This issue stems from an integer overflow
vulnerability occurring in the MP4 demuxer. VLC media player versions
prior to 0.8.6f are affected.
Ref: http://www.videolan.org/security/sa0803.php
______________________________________________________________________

08.18.19 CVE: CVE-2008-1769
Platform: Cross Platform
Title: VLC Media Player Cinepak Codec Buffer Overflow
Description: VLC is a cross-platform media player that can be used to
serve streaming data. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. The issue stems from an integer overflow within
the Cinepak decoder. VLC media player version 0.8.6e is affected.
Ref: http://www.videolan.org/security/sa0803.php
______________________________________________________________________

08.18.20 CVE: Not Available
Platform: Cross Platform
Title: xine-lib NES Sound Format Demuxer "copyright" Buffer Overflow
Description: The "xine-lib" library allows various media players to
play various media formats. The library is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data when processing it with the NES Sound Format
demuxer. xine-lib versions 1.1.12 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/491274
______________________________________________________________________

08.18.21 CVE: Not Available
Platform: Cross Platform
Title: IBM Lotus Expeditor URI Handler Command Execution
Description: IBM Lotus Expeditor is a client, server, and toolkit
package designed to aid in creating and deploying client applications.
The application is exposed to a command execution issue because it
fails to properly sanitize input.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061750.html
______________________________________________________________________

08.18.22 CVE: Not Available
Platform: Cross Platform
Title: Computer Associates ARCserve Backup Discovery Service Remote
Denial of Service
Description: Computer Associates ARCserve Backup products provide backup
and restore protection. ARCserve Backup is affected by a denial of
service issue because the application mishandles malformed user-supplied
input. This issue occurs in the Discovery Service component of the
application, which is listening on TCP port 41523. ARCserve Backup
version 12.0.5454.0 is affected.
Ref: http://aluigi.altervista.org/adv/carcbackazz-adv.txt
______________________________________________________________________

08.18.23 CVE: CVE-2008-1927
Platform: Cross Platform
Title: Perl Unicode "Q...E" Quoting Construct Regular Expression
Buffer Overflow
Description: Perl is exposed to a buffer overflow issue because it
fails to sufficiently bounds check user-supplied input. This issue
presents itself when certain Unicode data is passed as part of a
regular expression. This issue will occur if the offending characters
are contained in a variable reference protected by the "Q...E" quoting
construct. Perl version 5.8.8 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792
______________________________________________________________________

08.18.24 CVE: Not Available
Platform: Cross Platform
Title: PeerCast "getAuthUserPass" Multiple Buffer Overflow
Vulnerabilities
Description: PeerCast is a peer-to-peer (P2P) radio streaming
application implemented in C++. The application is exposed to multiple
buffer overflow issues because it fails to perform adequate boundary
checks on user-supplied data. PeerCast version 0.1218 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=478573
______________________________________________________________________

08.18.25 CVE: CVE-2008-1671
Platform: Cross Platform
Title: KDE "start_kdeinit" Multiple Local Privilege Escalation
Vulnerabilities
Description: KDE includes a "start_kdeinit" utility that is installed
as setuid superuser by default. This utility is used to alter the
kernel's out of memory killer properties to attempt to ensure that it
does not kill a user's entire KDE session in out of memory conditions.
The "start_kdeinit" utility in KDE is exposed to multiple local
privilege escalation issues due to a lack of proper input sanitization.
Ref: http://www.kde.org/info/security/advisory-20080426-2.txt
______________________________________________________________________

08.18.26 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Directory Proxy Server Remote Unauthorized
Access
Description: Sun Java System Directory Server is an LDAP (Lightweight
Directory Access Protocol) protocol level gateway server distributed
with Sun Directory Server Enterprise Edition. The application is
exposed to a remote unauthorized access issue.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-235381-1
______________________________________________________________________

08.18.27 CVE: Not Available
Platform: Cross Platform
Title: E-Post MailServer Remote Information Disclosure
Description: E-Post MailServer is an email server for Microsoft
Windows. It supports SMTP, POP3, and IMAP. The application is exposed
to a remote information disclosure issue. E-Post Mail Server version
4.10 with EPSTPOP3S.EXE 4.22 is affected.
Ref: http://vuln.sg/epostmailserver410-en.html
______________________________________________________________________

08.18.28 CVE: CVE-2008-1737
Platform: Cross Platform
Title: Sophos Anti-Virus SSDT Hooks Local Denial of Service
Description: Sophos Anti-Virus is cross-platform security software
providing antivirus, antispyware, and firewalling capabilities for
both enterprise and endpoint-based systems. The application is exposed
to a local denial of service issue because it fails to adequately
bounds check user-supplied data. Sophos Anti-Virus version 7.0.5 is
affected.
Ref:
http://www.sophos.com/support/knowledgebase/article/37810.html?_log_from=rss
______________________________________________________________________

08.18.29 CVE: Not Available
Platform: Cross Platform
Title: Apple QuickTime Unspecified Remote Code Execution
Description: Apple QuickTime is a media player that supports multiple
file formats. QuickTime is exposed to an unspecified remote code
execution issue. To exploit this issue, an attacker must trick a
victim into viewing a malicious file. QuickTime version 7.4 for
Microsoft Windows XP is affected.
Ref: http://www.securityfocus.com/bid/28959
______________________________________________________________________

08.18.30 CVE: Not Available
Platform: Cross Platform
Title: Acritum Femitter Server "RETR" Command Remote Denial of Service
Description: Acritum Femitter Server is an FTP and HTTP server
application available for Microsoft Windows. The application is
exposed to a remote denial of service issue because the application
fails to handle exceptional conditions. Acritum Femitter Server
version 1.03 is affected.
Ref: http://www.securityfocus.com/bid/28973
______________________________________________________________________

08.18.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Magnolia Enterprise Edition Sitedesigner module "query"
Parameter Cross-Site Scripting
Description: Sitedesigner is a module of Magnolia Enterprise Edition to
create HTML templates. The application is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input to the
"query" parameter of the "webapp/templates/jsp/samples/search.jsp"
script. Sitedesigner version 1.1.4 is affected.
Ref: http://www.securityfocus.com/bid/28897
______________________________________________________________________

08.18.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Horde Webmail "addevent.php" Cross-Site Scripting
Description: Horde Webmail is a web-based communication application
that allows users to send and receive emails and manage shared
calendars. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the "url"
parameter of the "addevent.php" script.
Ref: http://www.securityfocus.com/archive/1/491230
______________________________________________________________________

08.18.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 Networks FirePass 4100 SSL VPN "installControl.php3"
Cross-Site Scripting
Description: FirePass 4100 SSL VPN is a secure Virtual Private Network
device that uses SSL connections to encapsulate network traffic. The
devices are exposed to a cross-site scripting issue because they fail
to properly sanitize user-supplied input. This issue affects the
"installControl.php3" script.
Ref: http://www.securityfocus.com/bid/28902
______________________________________________________________________

08.18.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drupal Ubercart Module Multiple HTML Injection Vulnerabilities
Description: Drupal is an open source content manager that is
available for a number of platforms. The Ubercart module is an
e-commerce suite for Drupal. The Ubercart module for Drupal is exposed
to multiple HTML injection issues because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. Ubercart versions prior to 5.x-1.0-rc3 are affected.
Ref: http://drupal.org/node/250343
______________________________________________________________________

08.18.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: e107 CMS Multiple Cross-Site Scripting Vulnerabilities
Description: e107 CMS is a content manager. The application is exposed
to multiple cross-site scripting issues because it fails to sanitize
user-supplied input in the following scripts and parameters: "news.php
: day" and "search.php : q". e107 version 0.7.0 is affected.
Ref: http://www.securityfocus.com/bid/28917
______________________________________________________________________

08.18.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Digital Hive "base.php" Parameter Cross-Site Scripting
Description: Digital Hive is PHP-based forum application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "mt" parameter
of "base.php" when the "page" parameter is set to "membres.php".
Digital Hive version 2.0 RC2 is affected.
Ref: http://www.securityfocus.com/bid/28918
______________________________________________________________________

08.18.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pixel Motion Blog "list_article.php" Cross-Site Scripting
Description: Pixel Motion Blog is a weblog application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "jours" parameter of the
"list_article.php" script.
Ref: http://www.securityfocus.com/bid/28920
______________________________________________________________________

08.18.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHCDownload Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: PHCDownload is remote file management application. The
application is exposed to multiple input validation issues, including a
cross-site scripting issue and an SQL injection issue affecting the
"hash" parameter of the "upload/admin/index.php" script. PHCDownload
version 1.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28922
______________________________________________________________________

08.18.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SiteXS CMS "adm/index.php" Cross-Site Scripting
Description: SiteXS CMS is a content management application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "user" parameter of the
"admin/index.php" script.
Ref: http://www.securityfocus.com/archive/1/491426
______________________________________________________________________

08.18.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Siteman "module" Parameter Cross-Site Scripting and Local File
Include
Description: Siteman is a PHP-based content manager. The application
is exposed to a local file include issue and a cross-site scripting
issue. These issues are due to a failure of the application to
properly sanitize user-supplied input in the "module" parameter of the
"index.php" script. Siteman version 2.0.x2 is affected.
Ref: http://ircrash.com/english/index.php?topic=29.0
______________________________________________________________________

08.18.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: miniBB "bb_admin.php" Cross-Site Scripting
Description: miniBB is a bulletin board application. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "whatus" parameter of the
"bb_admin" script. miniBB version 2.2a is affected.
Ref: http://www.securityfocus.com/archive/1/491375
______________________________________________________________________

08.18.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Bluemoon inc. Modules for XOOPS Unspecified Cross-Site
Scripting Vulnerabilities
Description: XOOPS is a PHP-based content management application;
Bluemoon inc. provides modules for XOOPS. Multiple Bluemoon inc.
modules for XOOPS are exposed to unspecified cross-site scripting
issues because the applications fail to sufficiently sanitize
user-supplied data.
Ref: http://www.securityfocus.com/bid/28966
______________________________________________________________________

08.18.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PostNuke PostSchedule Component "eid" Parameter SQL Injection
Description: PostSchedule is a calendar application for the PostNuke
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"eid" parameter of the "PostSchedule" module before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28931
______________________________________________________________________

08.18.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E RESERV "ID_loc" Parameter SQL Injection
Description: E RESERV is a web-based reservation management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ID_loc" parameter of the "index.php" script before using it in an SQL
query. E RESERV version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/28899
______________________________________________________________________

08.18.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Filiale Component "idFiliale" Parameter SQL
Injection
Description: Filiale is a plugin for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"idFiliale" parameter of the "com_filiale" component before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/28900
______________________________________________________________________

08.18.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Community Builder "com_profiler" Component
SQL Injection
Description: Community Builder "com_profiler" is a plugin for the
Joomla! and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "user" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/28911
______________________________________________________________________

08.18.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Web Calendar Pro "one_day.php" SQL Injection
Description: Web Calendar Pro is a web-based calendar application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user_id" parameter of
the "one_day.php" script. Web Calendar Pro version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/28921
______________________________________________________________________

08.18.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Jpad Component "cid" Parameter SQL Injection
Description: Jpad is a note pad application for the Joomla! and Mambo
content managers. It is also known as BrightCode Notepad. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"com_jpad" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28923
______________________________________________________________________

08.18.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Forge "id" Parameter SQL Injection
Description: PHP Forge is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "admin.php"
script before using it in an SQL query. PHP Forge versions 3 beta 2 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/28950
______________________________________________________________________

08.18.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS MyArticles module "topic_id" Parameter SQL Injection
Description: MyArticles is a module for RunCMS. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "topic_id" parameter of the
"modules/myarticles/topics.php" script before using it in an SQL
query. MyArticles module version 0.6 Beta-1 is affected.
Ref: https://sourceforge.net/project/showfiles.php?group_id=155086
______________________________________________________________________

08.18.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ODFaq "index.php" SQL Injection
Description: ODFaq is a PHP script for managing frequently asked
questions (FAQs). The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cat" parameter of the "index.php" script before using it in an SQL
query. ODFaq version 2.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28962
______________________________________________________________________

08.18.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jokes Site Script "categorie" Parameter SQL Injection
Description: Jokes Site Script is a web-based script. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "categorie" parameter of the
"jokes.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28963
______________________________________________________________________

08.18.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FluentCMS "view.php" SQL Injection
Description: FluentCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "sid" parameter of the "view.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28965
______________________________________________________________________

08.18.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Hosting Index "directory.php" SQL Injection
Description: Prozilla Hosting Index is a web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "directory.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28970
______________________________________________________________________

08.18.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Web Host Directory Script "search_result.php" SQL
Injection
Description: Web Host Directory script from Softbiz is a web-based
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "host_id"
parameter of the "search_result.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/491396
______________________________________________________________________

08.18.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wordpress Download Monitor Plugin "id" Parameter SQL Injection
Description: Wordpress Download Monitor is a plugin for the WordPress
web-based publishing application. The plugin is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the
"wp-download_monitor/download.php" script before using it in an SQL
query. Wordpress Download Monitor version 2.0.6 is affected.
Ref: http://www.securityfocus.com/bid/28975
______________________________________________________________________

08.18.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joovili "category" Parameter SQL Injection
Description: Joovili is a web-based application for social networking.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "category"
parameter of the "browse.videos.php" script before using it in an SQL
query. Joovili version 3.1.0 is affected.
Ref: http://www.securityfocus.com/bid/28979
______________________________________________________________________

08.18.58 CVE: CVE-2008-1930
Platform: Web Application
Title: WordPress Cookie Integrity Protection Unauthorized Access
Description: WordPress is a blogging application. The application is
exposed to an issue that allows unauthorized users to gain access to
the affected application. This issue occurs because the "USERNAME" and
"EXPIRY_TIME" parameters contained in the authentication cookie are
not appended with the MAC calculation. WordPress versions prior to
2.5.1 are affected.
Ref: http://trac.wordpress.org/ticket/5367
______________________________________________________________________

08.18.59 CVE: CVE-2008-1924
Platform: Web Application
Title: phpMyAdmin Shared Host Remote Information Disclosure
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to a remote information
disclosure issue because it fails to properly sanitize user-supplied
input. The issue occurs when handling specially crafted HTTP POST
requests. phpMyAdmin versions prior to 2.11.5.2 are affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
______________________________________________________________________

08.18.60 CVE: Not Available
Platform: Web Application
Title: RSA Authentication Agent for Web URI Redirection
Description: RSA Authentication Agent for Web for Internet Information
Services is a web application for providing authentication services.
The application is exposed to a remote URI redirection issue because
it fails to adequately sanitize user-supplied input. RSA
Authentication Agent for Web for Internet Information Services version
5.3.0.258 is affected.
Ref: http://www.rsa.com/node.aspx?id=2807
______________________________________________________________________

08.18.61 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke DownloadsPlus Module Arbitrary File Upload
Description: DownloadsPlus is a module for the PHP-Nuke content
manager. The DownloadsPlus module of PHP-Nuke is exposed to an issue
that lets remote attackers upload and execute arbitrary code because
it fails to properly sanitize user-supplied input to the
"from=adddownload" action.
Ref: http://www.securityfocus.com/bid/28919
______________________________________________________________________

08.18.62 CVE: Not Available
Platform: Web Application
Title: miniBB Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: miniBB is a bulletin board application. The application
is exposed to multiple input validation issues. miniBB versions prior
to 2.2a are affected.
Ref: http://www.securityfocus.com/bid/28930
______________________________________________________________________

08.18.63 CVE: CVE-2008-1928
Platform: Web Application
Title: Imager Image-based Fill Heap Buffer Overflow
Description: Imager is a Perl extension library used for generating
24-bit images. The library is exposed to a remote buffer overflow
issue because it fails to perform adequate bounds checking on
user-supplied input while processing malicious image files. Imager
versions prior to 0.64 are affected.
Ref: http://imager.perl.org/i/release064/Imager_0_64
______________________________________________________________________

08.18.64 CVE: Not Available
Platform: Web Application
Title: SugarCRM Community Edition RSS Module Information Disclosure
Description: SugarCRM is a customer relationship management suite that
is implemented in Java and PHP. The application is exposed to an
information disclosure issue because it fails to properly sanitize
user-supplied URI values passed to the RSS module. SugarCRM Community
Edition versions 4.5.1 and 5.0.0 are affected.
Ref: http://www.securityfocus.com/archive/1/491417
______________________________________________________________________

08.18.65 CVE: Not Available
Platform: Web Application
Title: e107 CMS "submitnews.php" Multiple HTML Injection
Vulnerabilities
Description: e107 CMS is a content manager. The application is exposed
to multiple HTML injection issues because it fails to sanitize
user-supplied input to the "author_name", "itemtitle", and "item"
parameters of the "submitnews.php" script. e107 CMS version 0.7.11 is
affected.
Ref: http://www.securityfocus.com/bid/28982
______________________________________________________________________

08.18.66 CVE: Not Available
Platform: Web Application
Title: LokiCMS "admin.php" Arbitrary File Deletion
Description: LokiCMS is a PHP-based content manager. The application
is exposed to an issue that allows attackers to delete arbitrary files
because it fails to properly sanitize user-supplied input to the
"delete" parameter of the "admin.php" script. LokiCMS version 0.3.3 is
affected.
Ref: http://www.securityfocus.com/bid/28985
______________________________________________________________________

08.18.67 CVE: CVE-2008-1670
Platform: Web Application
Title: KDE KHTML PNGLoader Heap Buffer Overflow
Description: KHTML is a freely available HTML rendering library
included with the KDE environment. The application is exposed to a
remote buffer overflow issue because it fails to perform adequate
bounds checking for user-supplied input while processing malicious PNG
files. KHTML versions included with KDE versions 4.0 to 4.0.3 are
affected.
Ref: http://www.kde.org/info/security/advisory-20080426-1.txt
______________________________________________________________________

08.18.68 CVE: Not Available
Platform: Web Application
Title: Joomla Visites Component mosConfig_absolute_path Remote File
Include
Description: Visites is a statistics component for the Joomla! content
manager. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"mosConfig_absolute_path" parameter of the component's
"core/include/myMailer.class.php" script. Visites version 1.1 RC2 is
affected.
Ref: http://www.securityfocus.com/bid/28942
______________________________________________________________________

08.18.69 CVE: Not Available
Platform: Web Application
Title: Novell GroupWise HTML Injection and Denial of Service
Vulnerabilities
Description: Novell GroupWise WebAccess is a secure, mobile option for
GroupWise collaboration software. The application is exposed to an
HTML injection issue and a denial of service issue. Novell GroupWise
version 7 is affected.
Ref: http://www.securityfocus.com/archive/1/491359
______________________________________________________________________

08.18.70 CVE: Not Available
Platform: Web Application
Title: Angelo-Emlak Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Angelo-Emlak is exposed to multiple input validation
issues. A cross-site scripting issue affects the "sayfa" parameter of
the "hpz/admin/Default.asp" script. A SQL injection issue affects the
"id" parameter of the "hpz/profil.asp" script. A SQL injection
issue affects the "id" parameter of the "hpz/prodetail.asp" script.
Angelo-Emlak version 1.0 is affected.
Ref: http://www.milw0rm.com/exploits/5503
______________________________________________________________________

08.18.71 CVE: Not Available
Platform: Web Application
Title: PHPizabi "template.class.php" Remote Information Disclosure
Description: PHPizabi is a web-based application for social
networking. The application is exposed to a remote information
disclosure issue because it fails to properly sanitize user-supplied
input. The issue occurs in "template.class.php" when handling comments
posted by users. PHPizabi version 0.848b C1 HFP3 is affected.
Ref: http://www.securityfocus.com/bid/28954
______________________________________________________________________

08.18.72 CVE: Not Available
Platform: Web Application
Title: PHPG Upload "form_upload.php" Arbitrary File Upload
Description: PHPG Upload is a file upload script. The application is
exposed to an issue that lets remote attackers upload and execute
arbitrary script code because it fails to properly sanitize
user-supplied input to the "form_upload.php" script.
Ref: http://www.securityfocus.com/bid/28955
______________________________________________________________________

08.18.73 CVE: Not Available
Platform: Web Application
Title: Content Management System for Phprojekt "graphie.php" Local
File Include
Description: Content Management System for Phprojekt is a content
manager for Phpprojekt. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "cm_imgpath" parameter of the "graphie.php" script.
Content Management System for Phprojekt version 0.6.1 is affected.
Ref: http://www.securityfocus.com/bid/28958
______________________________________________________________________

08.18.74 CVE: Not Available
Platform: Web Application
Title: MegaBBS Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: MegaBBS is an ASP based bulletin board. The application
is exposed to multiple input validation issues. MegaBBS version 2.2 is
affected.
Ref: http://bugreport.ir/index.php?/37
______________________________________________________________________

08.18.75 CVE: Not Available
Platform: Web Application
Title: ZoneMinder Multiple Unspecified Remote Code Execution
Vulnerabilities
Description: ZoneMinder is a freely available application designed to
control and record video from security cameras. It contains a
web-based administrative application. It is exposed to multiple
unspecified remote code execution issues. ZoneMinder versions prior to
1.23.3 are affected.
Ref:
http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3
______________________________________________________________________

08.18.76 CVE: Not Available
Platform: Web Application
Title: PhpGedView Unspecified Remote Vulnerability
Description: PhpGedView is a web-based application designed to view
and edit genealogy on a web site. The application is exposed to an
unspecified issue. PhpGedView versions prior to 4.1.5 are affected.
Ref: http://www.securityfocus.com/bid/28978
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkgaTggACgkQ+LUG5KFpTkbATACdGGY5Cmt2LhX/l9G3ka786yy0
kcwAoIFlwcuglnlq54b9o6jwdPaVm65a
=gBTB
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]