NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SANS> current

RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 21

From: The SANS Institute (ConsensusSecurityVulnerabilityAlertsans.org)
Date: Fri May 23 2008 - 06:56:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Question 1: What do CA, Symantec and IBM all have in common? They are
all selling security and they each have a critical buffer overflow
problem (CA and IBM) or SQL Injection problem (Symantec) in commonly
used software: CA ArcServe, IBM Lotus Domino Webserver, and Symantec
Altiris Deployment.

Question 2: Which of the three companies has tested all or most of their
software developers on secure coding skills? If you think they should,
put that in your procurement specs. If you don't put programmer skill
testing and source/binary code security testing (with results delivered
to customers) in your procurements, you cannot really complain when they
deliver software that has security flaws.

Alan

*************************************************************************
RISK: The Consensus Security Vulnerability Alert
May 22, 2008 Vol. 7. Week 21
*************************************************************************
RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Third Party Windows Apps 8 (#2, #5)
Linux 3
HP-UX 1
Cross Platform 15 (#1, #3)
Web Application - Cross Site Scripting 11
Web Application - SQL Injection 25
Web Application 29
Network Device 2 (#4)

************************* Sponsored By SANS *****************************

Come hear how pen testing pioneers are pushing the envelope in
developing new tools and techniques to find flaws. Come hear what the
current trends are in malicious attacks and how pen testing processes
must adapt to them. Come hear real-world testing techniques. All at the
Penetration Testing and Ethical Hacking Summit June 2-3 in Las Vegas.
http://www.sans.org/info/29223
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, both
new Pen Testing courses, CISSP, and SANS' other top-rated courses plus
evening sessions with Internet Storm Center handlers.
- - SANSFIRE 2008 in Washington DC (7/22-7/31) SANS' biggest summer program
      with many bonus sessions and a big exhibition of security products:
      http://www.sans.org/info/26774
- - London (6/2-6/7) and Amsterdam (6/16-6/21) and Brussels (6/16-6/21)
      http://www.sans.org/secureeurope08
- - Denver (6/7-6/13) http://www.sans.org/rockymnt2008/
- - Singapore (6/30-7/5) http://www.sans.org/singapore08/
- - Boston (8/9-8/16) http://www.sans.org/boston08/
- - and in 100 other cites and on line any time: www.sans.org

*************************************************************************

Table of Contents

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities
(2) CRITICAL: Symantec Altiris Deployment SQL Injection Vulnerability
(3) CRITICAL: IBM Lotus Domino Webserver Buffer Overflow
(4) HIGH: Cisco IOS and Service Control Engine SSH DoS
(5) HIGH: Cisco Unified Communications Manager DoS

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

-- Third Party Windows Apps
08.21.1 - Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation
08.21.2 - Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access
08.21.3 - Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation
08.21.4 - Symantec Altiris Deployment Solution Domain Credential Unauthorized Access
08.21.5 - Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation
08.21.6 - BaoFeng Storm "sparser.dll" ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
08.21.7 - PhotoStockPlus Uploader Tool ActiveX Control Multiple Stack-Based Buffer Overflow Vulnerabilities
08.21.8 - Foxit Reader "util.printf()" Remote Buffer Overflow
-- Linux
08.21.9 - Linux Kernel "ipip6_rcv()" Remote Denial of Service
08.21.10 - Linux Kernel "hrtimer_forward()" Local Denial of Service
08.21.11 - libxslt XSL File Processing Buffer Overflow
-- HP-UX
08.21.12 - HP-UX "useradd" Security Bypass
-- Cross Platform
08.21.13 - Cisco Unified Presence Engine Service Malformed IP Packets Denial of Service
08.21.14 - Cisco Unified Presence Engine Denial of Service
08.21.15 - Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
08.21.16 - Cisco Unified Presence SIP Proxy Denial of Service
08.21.17 - Citrix Presentation Server Authentication Bypass
08.21.18 - Citrix Presentation Server ICA Protocol Weak Encryption
08.21.19 - WordPress "Blog" Module "Write Tab" Arbitrary File Upload
08.21.20 - Computer Associates ARCserve Backup "caloggerd" and "xdr" Functions Multiple Remote Vulnerabilities
08.21.21 - Stunnel Windows Unspecified Local Privilege Escalation
08.21.22 - FireFTP "MLSD" And "LIST" Commands Directory Traversal
08.21.23 - mtr "split.c" Remote Stack-Based Buffer Overflow
08.21.24 - GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
08.21.25 - Stunnel OCSP Certificate Validation Security Bypass
08.21.26 - IBM Lotus Domino Web Server "Accept Language" HTTP Header Buffer Overflow
08.21.27 - Borland InterBase Malformed Packet Remote Stack-Based Buffer Overflow
-- Web Application - Cross Site Scripting
08.21.28 - AN Guestbook "send_email.php" Cross-Site Scripting
08.21.29 - Horde Turba Multiple Cross-Site Scripting Vulnerabilities
08.21.30 - PicsEngine "index.php" Cross-Site Scripting
08.21.31 - Microsoft Internet Explorer "Print Table of Links" Cross Zone Script Injection
08.21.32 - Rgboard "bbs.lib.inc.php" Cross-Site Scripting
08.21.33 - phpVID "search_results.php" Cross-Site Scripting
08.21.34 - Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities
08.21.35 - dotCMS "search-results.dot" Cross-Site Scripting
08.21.36 - AppServ Open Project "appservlang" Parameter Cross-Site Scripting
08.21.37 - IBM Lotus Domino Web Server Unspecified Cross-Site Scripting
08.21.38 - Starsgames Control Panel "index.php" Cross-Site Scripting
-- Web Application - SQL Injection
08.21.39 - StanWeb CMS "default.asp" SQL Injection
08.21.40 - Archangel Management Weblog "index.php" SQL Injection
08.21.41 - PHP-Nuke "KuiraniKerim" Module "sid" Parameter SQL Injection
08.21.42 - Links Pile "link.php" SQL Injection
08.21.43 - Freelance Auction Script "browseproject.php" SQL Injection
08.21.44 - Feedback and Rating Script "detail.php" SQL Injection
08.21.45 - W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
08.21.46 - Symantec Altiris Deployment Solution Unspecified SQL Injection
08.21.47 - Kostenloses Linkmanagementscript "id" Parameter Multiple SQL Injection Vulnerabilities
08.21.48 - SunShop Shopping Cart "index.php" SQL Injection
08.21.49 - 68 Classifieds "category.php" SQL Injection
08.21.50 - IMGallery Multiple SQL Injection Vulnerabilities
08.21.51 - How2ASP.net Webboard "showQAnswer.asp" SQL Injection
08.21.52 - FicHive "category" Parameter SQL Injection
08.21.53 - CMS WebManager-Pro Multiple SQL Injection Vulnerabilities
08.21.54 - MX-System "index.php" SQL Injection
08.21.55 - MercuryBoard "login.php" SQL Injection
08.21.56 - AlkalinePHP "thread.php" SQL Injection
08.21.57 - EntertainmentScript "play.php" SQL Injection
08.21.58 - Php-Jokesite "jokes_category.php" SQL Injection
08.21.59 - vBulletin "faq.php" SQL Injection
08.21.60 - Web Slider "slide" Parameter SQL Injection
08.21.61 - Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
08.21.62 - DizaynPlus Nobetci Eczane Takip "ayrinti.asp" Parameter SQL Injection
08.21.63 - ComicShout "index.php" SQL Injection
-- Web Application
08.21.64 - Digital Hive "base_include.php" Local File Include
08.21.65 - Zomplog "install/newuser.php" Unauthorized Access
08.21.66 - GForge Insecure Temporary File Creation
08.21.67 - AustinSmoke GasTracker Cookie Parameter Authentication Bypass
08.21.68 - ActiveKB "auth" Cookie Parameter Authentication Bypass
08.21.69 - Internet Photoshow "login_admin" Parameter Unauthorized Access
08.21.70 - Kostenloses Linkmanagementscript Multiple Remote File Include Vulnerabilities
08.21.71 - Drupal Site Documentation Module Database Tables Information Disclosure
08.21.72 - Rantx "admin.php" Unauthorized Access
08.21.73 - Multi-Page Comment System 'CommentSystemAdmin' Cookie Parameter Authentication Bypass
08.21.74 - Web Slider "admin" Cookie Parameter Authentication Bypass
08.21.75 - News Manager Multiple Remote Vulnerabilities
08.21.76 - Pet Grooming Management System "useradded.php" Unauthorized Access
08.21.77 - ACGV News "glossaire.php" Multiple Input Validation Vulnerabilities
08.21.78 - WR-Meeting "index.php" Local File Include
08.21.79 - Smeego Cookie Parameter Local File Include
08.21.80 - AlkalinePHP "adduser.php" Security Bypass
08.21.81 - eCMS Cookie Multiple Security Vulnerabilities
08.21.82 - LulieBlog Multiple Remote Vulnerabilities
08.21.83 - eCMS Multiple Security Vulnerabilities
08.21.84 - EntertainmentScript "page.php" Local File Include
08.21.85 - GNU/Gallery "admin.php" Local File Include
08.21.86 - MeltingIce File System "admin/adduser.php" Security Bypass
08.21.87 - Mypicgallery "admin/addUser.php" Security Bypass
08.21.88 - testMaker Data Export Remote Information Disclosure
08.21.89 - bcoos "file" Parameter Local File Include
08.21.90 - cPanel "wwwact" Remote Privilege Escalation
08.21.91 - microSSys CMS "PAGES[$P]" Remote File Include
08.21.92 - Mantis Multiple Input Validation Vulnerabilities
-- Network Device
08.21.93 - Cisco Content Switching Module Layer 7 Load Balancing Denial of Service
08.21.94 - Aruba Mobility Controller Multiple Remote Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohit Dhamankar at
TippingPoint, a division of 3Com, as a by-product of that company's
continuous effort to ensure that its intrusion prevention products
effectively block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security managers
from twelve large organizations who confidentially share with SANS the
specific actions they have taken to protect their systems. A detailed
description of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: CA ARCserve Backup caloggerd and xdr Functions Vulnerabilities

Affected:
CA ARCServe Backup versions r11.5, r11.1, r11.0
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Serve
Standard/Premium Editions r2

Description: Computer Associates ARCserve Backup products provide backup
services for Windows, NetWare, Linux and UNIX. The products contain a
stack-based buffer overflow in the implementation of "xdr_rwsstring()"
function. The flaw can be triggered by a specially crafted request to
caloggerd/cacommd daemons, and exploited to execute arbitrary code with
root/SYSTEM privileges. A second vulnerability in the caloggerd daemon's
handling of logging messages allows attackers to append arbitrary data
to any system file via directory traversal modifiers. This can result
in a complete system compromise as well.

Status: CA has released patches for both vulnerabilities. A workaround
is to block requests to port 601/tcp and 6072/tcp from the Internet. CA
Backup products have been featured many times in the critical section
of the RISK newsletters since 2005. SANS recommends blocking all the
ports that are opened by the software at the network perimeter. A list
of the ports to block may be found at:
http://en.wikibooks.org/wiki/CA_Unicenter_NSM_Textbook/Unicenter_port_reference
http://supportconnectw.ca.com/public/ca_common_docs/brightstorwinxpsp2matrix.asp

References:
CA Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
Zero Day Initiative Advisories
http://www.zerodayinitiative.com/advisories/ZDI-08-026/
http://www.zerodayinitiative.com/advisories/ZDI-08-027/
SecurityFocus BID
http://www.securityfocus.com/bid/29283

*************************************************************************

(2) CRITICAL: Symantec Altiris Deployment SQL Injection Vulnerability
Affected:
Altiris Deployment Solution versions 6.8.x and 6.9.x prior to 6.9.176

Description: Symantec Altiris Deployment Solution software is designed
to automate the process of deploying OSs and software for desktops and
servers in an enterprise. The Altiris Server service (axengine.exe),
which runs on port 402/tcp by default, contains a SQL Injection
vulnerability. An unauthenticated attacker can exploit the SQL Injection
vulnerability to execute arbitrary commands with SYSTEM privileges. A
successful attack could lead to installing malware on all the systems
being managed by the Altiris Deployment server.

Status: Symantec has released version 6.9.176 to address the flaw.

References:
Symantec Advisory
http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-024
Product Homepage
http://www.altiris.com/Products/DeploymentSolution.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/29198

*************************************************************************
(3) CRITICAL: IBM Lotus Domino Webserver Buffer Overflow
Affected:
IBM Lotus Domino versions prior to 7.0.3 FP1
IBM Lotus Domino version 8.x before 8.0.1

Description: IBM Lotus Domino software offers a messaging and
collaboration environment for an enterprise. The Lotus Domino web
server, not enabled by default, contains a stack-based buffer overflow.
The overflow can be triggered by an overlong "Accept-Language" HTTP
header, and exploited to execute arbitrary code on the Domino server
with SYSTEM privileges. Exploit code has not been publicly posted yet.

Status: IBM has fixed the vulnerability in versions 7.0.3 FP1 and 8.0.1
versions.

References:
IBM Advisory
http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303057
MWR Infosecurity Advisory
http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-language-stack-overflow_2008-05-20.pdf
Product Documentation
http://www.ibm.com/developerworks/lotus/documentation/domino/
SecurityFocus BID
http://www.securityfocus.com/bid/29310

*************************************************************************

(4) HIGH: Cisco IOS and Service Control Engine SSH DoS
Affected:
Cisco devices running certain 12.4-based IOS releases with SSH service enabled
Service Control Engine (SCE) 1000 and 2000 series devices with SSH enabled.

Description: Cisco devices are usually managed remotely via SSH
protocol. The SSH server on certain Cisco IOS versions contains multiple
vulnerabilities. These vulnerabilities can be exploited by an
unauthenticated attacker to reload the Cisco devices. Repeated attacks
would lead to a denial-of-service to the affected Cisco devices. The
details about the vulnerabilities are not publicly posted. Cisco
Service Control Engine device used to manage network bandwidth is also
affected by multiple vulnerabilities in its SSH server. These
vulnerabilities can be exploited to reload the SCE devices.

Status: Cisco has released fixes for the vulnerable IOS and SCE
versions. A workaround is to block SSH access from the Internet to the
Cisco devices' management interface.

References:
Cisco Advisories
http://www.cisco.com/warp/public/707/cisco-sa-20080521-ssh.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080521-sce.shtml
SecurityFocus BIDs
http://www.securityfocus.com/bid/29314
http://www.securityfocus.com/bid/29316

*************************************************************************

(5) HIGH: Cisco Unified Communications Manager DoS
Affected:
Cisco Unified CallManager 4.1
Cisco Unified Communications Manager 4.2, 4.3, 5.x, 6.x

Description: Cisco Unified Communications Manager, which runs on Windows
platform, is the main server in a Cisco enterprise VoIP deployment. The
Unified Communications Manager is responsible for the call processing
and routing functions. It contains multiple denial-of-service
vulnerabilities that can be triggered by (a) Sending malformed TCP
packets to port 2444/tcp (b) Sending malformed SIP JOIN and INVITE
requests (c) Sending malformed UDP packets to port 61441/udp (d) Sending
specially crafted packets to port 3804/tcp. The Cisco advisory indicates
that the malformed packets can be generated by using the ISIC tool and
other protocol fuzzing tools. Note that causing a denial-of-service to
Call Manager may result in loss of phone service in an enterprise.

Status: Cisco has released the following versions to fix the
vulnerabilities: 4.1.3SR7, 4.2(3)SR4, 4.3(2), 5.1(3), 6.1(1)

References:
Cisco Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml
ISIC Tool
http://www.packetfactory.net/projects/ISIC/
Fuzzing Tools
http://www.mixro.com/?Fuzz_Testing_Tools_and_Techniques
SecurityFocus BID
http://www.securityfocus.com/bid/29221

*************************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 21, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5888 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

08.21.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Agent User Interface Local
Privilege Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. Symantec Altiris Deployment Solution is exposed to
a local privilege escalation issue in the Altiris Deployment
Solution Agent's user interface.
Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
______________________________________________________________________

08.21.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Registry Keys Local
Unauthorized Access
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local unauthorized
access issue. The problem occurs because the application creates
registry keys with insufficient access security.
Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
______________________________________________________________________

08.21.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Install Directory Local
Privilege Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local privilege
escalation issue.
Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
______________________________________________________________________

08.21.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Domain Credential
Unauthorized Access
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to an issue that allows
unauthorized users to gain access to the affected application. This
issue occurs because the application allows attackers to gain access
to domain credentials without proper authorization.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-025/
______________________________________________________________________

08.21.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Tooltip Local Privilege
Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local privilege
escalation issue in the tooltip graphical user interface (GUI)
element.
Ref: http://www.symantec.com/avcenter/security/Content/2008.05.14a.html
______________________________________________________________________

08.21.6 CVE: CVE-2007-4943
Platform: Third Party Windows Apps
Title: BaoFeng Storm "sparser.dll" ActiveX Control Multiple Remote
Buffer Overflow Vulnerabilities
Description: BaoFeng Storm is a multimedia player. The application is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data. BaoFeng Storm version
2.8 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.21.7 CVE: CVE-2008-0957
Platform: Third Party Windows Apps
Title: PhotoStockPlus Uploader Tool ActiveX Control Multiple Stack-Based
Buffer Overflow Vulnerabilities
Description: PhotoStockPlus is a digital photo marketplace with an image
uploader tool. An ActiveX control in the image uploader tool is exposed
to multiple stack-based buffer overflow issues because it fails to
perform adequate boundary checks on user-supplied data.

Ref: http://www.kb.cert.org/vuls/id/406937
______________________________________________________________________

08.21.8 CVE: CVE-2008-1104
Platform: Third Party Windows Apps
Title: Foxit Reader "util.printf()" Remote Buffer Overflow
Description: Foxit Reader is a freely available PDF viewer for
Microsoft Windows operating systems. The application is exposed to a
remote buffer overflow issue because it fails to properly bounds check
user-supplied data before copying it to an insufficiently sized
buffer. Foxit Reader version 2.3 build 2825 is affected.
Ref: http://secunia.com/secunia_research/2008-18/advisory/
______________________________________________________________________

08.21.9 CVE: CVE-2008-2136
Platform: Linux
Title: Linux Kernel "ipip6_rcv()" Remote Denial of Service
Description: The Linux Kernel is exposed to a remote denial of service
issue. The issue occurs due to a memory leak while parsing specially
crafted IPv6 packets. Specifically, the "ipip6_rcv()" function
included in the IPv6 over IPv4 tunneling driver fails to handle
certain specially-crafted network packets resulting in a denial of
service condition. Linux Kernel version 2.6.25.2 is affected.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3
______________________________________________________________________

08.21.10 CVE: CVE-2007-6712
Platform: Linux
Title: Linux Kernel "hrtimer_forward()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle certain large timer expiry
values. This issue occurs because of inadequate checks in the
"hrtimer_forward()" function of the "kernel/hrtimer.c" source file.
Linux kernel versions 2.6.21-rc4 and earlier running on
64-bit architectures are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0275.html
______________________________________________________________________

08.21.11 CVE: Not Available
Platform: Linux
Title: libxslt XSL File Processing Buffer Overflow
Description: The "libxslt" library allows conversion between XML files
and other textual formats. The library is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. libxslt versions 1.1.23 and earlier are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=446809
______________________________________________________________________

08.21.12 CVE: CVE-2008-1660
Platform: HP-UX
Title: HP-UX "useradd" Security Bypass
Description: HP-UX is a Unix-based operating system. The application
is exposed to a security bypass issue because it fails to
properly restrict access to certain functionality. HP-UX versions
B.11.11, B.11.23 and B.11.31 are affected.
Ref: http://www.securityfocus.com/bid/29286
______________________________________________________________________

08.21.13 CVE: CVE-2008-1158
Platform: Cross Platform
Title: Cisco Unified Presence Engine Service Malformed IP Packets
Denial of Service
Description: Cisco Unified Presence collects information about a
user's availability status and communications capabilities for use
with the Cisco Unified Communications system. The application is
exposed to a denial of service issue that occurs in the Presence
Engine service. This issue occurs when handling specially-crafted IP
packets.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml
______________________________________________________________________

08.21.14 CVE: CVE-2008-1740
Platform: Cross Platform
Title: Cisco Unified Presence Engine Denial of Service
Description: Cisco Unified Presence collects information about a
user's availability status and communications capabilities for use
with the Cisco Unified Communications system. The application is
exposed to a denial of service issue.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-cup.shtml
______________________________________________________________________

08.21.15 CVE: CVE-2008-1742, CVE-2008-1743, CVE-2008-1744,
CVE-2008-1745, CVE-2008-1746, CVE-2008-1747, CVE-2008-1748,
CVE-2008-1749
Platform: Cross Platform
Title: Cisco Unified Communications Manager Multiple Denial of Service
Vulnerabilities
Description: Cisco Unified Communications Manager (CUCM) is a
software-based call-processing component of the Cisco IP telephony
solution. The application was formerly named Unified CallManager. The
application is exposed to multiple denial of service issues.
Ref:
http://www.cisco.com/warp/public/707/cisco-sa-20080514-cucmdos.shtml
______________________________________________________________________

08.21.16 CVE: CVE-2008-1741
Platform: Cross Platform
Title: Cisco Unified Presence SIP Proxy Denial of Service
Description: Cisco Unified Presence collects information about user
availability and various communication capabilities on Cisco Unified
Communications systems. The application is exposed to a denial of
service issue. The issue occurs when the SIP Proxy service receives a
TCP port scan.
Ref: http://www.securityfocus.com/archive/1/492092
______________________________________________________________________

08.21.17 CVE: Not Available
Platform: Cross Platform
Title: Citrix Presentation Server Authentication Bypass
Description: Citrix Presentation Server is an access control
application for Citrix desktops. The application is exposed to an
unspecified authentication bypass issue. This issue is only exposed to
users with authenticated access to affected servers.
Ref: http://support.citrix.com/article/CTX116941
______________________________________________________________________

08.21.18 CVE: Not Available
Platform: Cross Platform
Title: Citrix Presentation Server ICA Protocol Weak Encryption
Description: Citrix Presentation Server is an access control
application for Citrix desktops. The application is exposed to an
issue that allows weak encryption to be used. This issue only occurs
when the application is configured to use SecureICA, or ICA Basic
encryption. SSL and TLS encryption methods are not affected.
Ref: http://support.citrix.com/article/CTX114893
______________________________________________________________________

08.21.19 CVE: Not Available
Platform: Cross Platform
Title: WordPress "Blog" Module "Write Tab" Arbitrary File Upload
Description: WordPress is a freely available application for personal
publishing. The application is exposed to an arbitrary file upload
issue that occurs in the "Blog" module. This issue occurs because the
application fails to sufficiently sanitize user-supplied data.
WordPress version 2.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/492230
______________________________________________________________________

08.21.20 CVE: CVE-2008-2241, CVE-2008-2242
Platform: Cross Platform
Title: Computer Associates ARCserve Backup "caloggerd" and "xdr"
Functions Multiple Remote Vulnerabilities
Description: Computer Associates ARCserve Backup is an automated
backup solution that runs on various platforms. The application is
exposed to multiple remote issues.
Ref: http://www.securityfocus.com/archive/1/492266
______________________________________________________________________

08.21.21 CVE: Not Available
Platform: Cross Platform
Title: Stunnel Windows Unspecified Local Privilege Escalation
Description: Stunnel is an application that lets users encapsulate
arbitrary TCP connections in SSL traffic. The application is exposed
to a local privilege escalation issue due to an unspecified error when
running as a Windows service. Stunnel versions prior to 4.23 are
affected.
Ref: http://www.stunnel.org/news/
______________________________________________________________________

08.21.22 CVE: Not Available
Platform: Cross Platform
Title: FireFTP "MLSD" And "LIST" Commands Directory Traversal
Description: FireFTP is an FTP client for Mozilla Firefox. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input data. FireFTP version
0.97.1 is affected.
Ref: http://vuln.sg/fireftp0971-en.html
______________________________________________________________________

08.21.23 CVE: Not Available
Platform: Cross Platform
Title: mtr "split.c" Remote Stack-Based Buffer Overflow
Description: mtr is a network diagnostic tool available for Unix,
Linux and other Unix-like operating systems. The application is exposed
to a remote stack-based buffer overflow issue when handling malicious
DNS replies because the application fails to perform adequate
boundary checks on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/492260
______________________________________________________________________

08.21.24 CVE: CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
Platform: Cross Platform
Title: GnuTLS Prior to 2.2.5 Multiple Remote Vulnerabilities
Description: GNU Transport Layer Security Library (GnuTLS) is a
library that implements the TLS 1.0 and SSL 3.0 protocols. It is
maintained by GNU and is available for UNIX and Linux variants. The
application is exposed to multiple remote issues. GnuTLS versions
prior to 2.2.5 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0489.html
______________________________________________________________________

08.21.25 CVE: Not Available
Platform: Cross Platform
Title: Stunnel OCSP Certificate Validation Security Bypass
Description: Stunnel is an application that lets users encapsulate
arbitrary TCP connections in SSL traffic. The application is exposed
to a security bypass issue because the OCSP (Online Certificate Status
Protocol) functionality fails to properly check revoked certificates.
Stunnel versions prior to 4.24 are affected.
Ref:
http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html
______________________________________________________________________

08.21.26 CVE: CVE-2008-2240
Platform: Cross Platform
Title: IBM Lotus Domino Web Server "Accept Language" HTTP Header
Buffer Overflow
Description: IBM Lotus Domino is a client/server product designed for
collaborative working environments. The application is exposed to a
remote stack-based buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. IBM Lotus Domino versions 6.0, 6.5, 7.0 and 8.0
are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303296
______________________________________________________________________

08.21.27 CVE: Not Available
Platform: Cross Platform
Title: Borland InterBase Malformed Packet Remote Stack-Based Buffer
Overflow
Description: Borland InterBase is a scalable database application
available for multiple operating platforms. The application is exposed
to a remote stack-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. Borland
InterBase 2007 SP2 is affected.
Ref: http://www.securityfocus.com/archive/1/492330
______________________________________________________________________

08.21.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AN Guestbook "send_email.php" Cross-Site Scripting
Description: AN Guestbook (ANG) is a web-based video-sharing
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the "postid"
parameter of the "send_email.php" script. ANG version 0.4 is affected.
Ref: http://www.securityfocus.com/bid/29254
______________________________________________________________________

08.21.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Horde Turba Multiple Cross-Site Scripting Vulnerabilities
Description: Horde Turba is a PHP-based contact management
application. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input to
the "object%5Bemail5D" and "object%5Btitle5D" advanced search
parameters of the "addobject.php" script. Turba Content Manager version
2.1.7 is affected.
Ref: http://www.securityfocus.com/bid/29213
______________________________________________________________________

08.21.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PicsEngine "index.php" Cross-Site Scripting
Description: PicsEngine is a photo gallery application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "l" parameter of the
"index.php" script. PicsEngine version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29214
______________________________________________________________________

08.21.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Microsoft Internet Explorer "Print Table of Links" Cross Zone
Script Injection
Description: Microsoft Internet Explorer is a web browser application
available for Windows operating platforms. The application is exposed
to a script injection issue because it fails to adequately sanitize
user-supplied input. Internet explorer versions 7.0 and 8.0b are
affected.
Ref:
http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx
______________________________________________________________________

08.21.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Rgboard "bbs.lib.inc.php" Cross-Site Scripting
Description: Rgboard is a web-based bulletin board application. The
application is exposed to multiple input validation issues, including
1) a remote file include issue affecting the "site_path" parameter of
the "bbs.lib.inc.php" script, and 2) a cross-site scripting issue
affecting the "bbs_id" parameter of the "rg_search.php" script. Rgboard
version 3.0.12 is affected.
Ref: http://www.securityfocus.com/bid/29230
______________________________________________________________________

08.21.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpVID "search_results.php" Cross-Site Scripting
Description: phpVID is a web-based video-sharing application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "query" parameter of the
"search_results.php" script. phpVID version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/29238
______________________________________________________________________

08.21.34 CVE: CVE-2008-0416
Platform: Web Application - Cross Site Scripting
Title: Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding
Cross-Site Scripting Vulnerabilities
Description: Mozilla Firefox, Thunderbird and SeaMonkey are prone to
multiple cross-site scripting issues because of a design error. The
HTML parser used by these applications fails to properly handle
certain character encodings.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
______________________________________________________________________

08.21.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: dotCMS "search-results.dot" Cross-Site Scripting
Description: dotCMS is a web-based content manager. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "search_query" parameter of the
"search-results.dot" script.
Ref: http://www.securityfocus.com/bid/29287
______________________________________________________________________

08.21.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AppServ Open Project "appservlang" Parameter Cross-Site
Scripting
Description: AppServ Open Project is an installation utility that
ships with an application suite made up of open source software
designed to facilitate the creation of web-based applications that
require dynamic content generation and an underlying database. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "appservlang" parameter
of the "index.php" script. AppServ Open Project version 2.5.10 is
affected.
Ref: http://www.securityfocus.com/archive/1/492271
______________________________________________________________________

08.21.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Domino Web Server Unspecified Cross-Site Scripting
Description: IBM Lotus Domino is a client/server product designed for
collaborative working environments. The application is exposed to an
unspecified cross-site scripting issue because it fails to sanitize
user-supplied input. The issue affects the servlet engine/Web
container. IBM Lotus Domino versions 6.0, 6.5, 7.0 and 8.0 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21303296
______________________________________________________________________

08.21.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Starsgames Control Panel "index.php" Cross-Site Scripting
Description: Starsgames Control Panel is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "st" parameter of the
"showtopic.php" script. Starsgames Control Panel version 4.6.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/492264
______________________________________________________________________

08.21.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: StanWeb CMS "default.asp" SQL Injection
Description: StanWeb CMS an ASP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "default.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/492196
______________________________________________________________________

08.21.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Archangel Management Weblog "index.php" SQL Injection
Description: Archangel Management Weblog is a web-log application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "post_id" parameter of
the "index.php" script before using it in an SQL query. Archangel Management
Weblog version 0.90.02 is affected.
Ref: http://www.securityfocus.com/bid/29257
______________________________________________________________________

08.21.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke "KuiraniKerim" Module "sid" Parameter SQL Injection
Description: KuiraniKerim is a module for the PHP-Nuke content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "sid"
parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/492197
______________________________________________________________________

08.21.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Links Pile "link.php" SQL Injection
Description: Links Pile is a links exchange application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat_id" parameter of
the "link.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29223
______________________________________________________________________

08.21.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Freelance Auction Script "browseproject.php" SQL Injection
Description: Freelance Auction Script is a web-based auction
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"pid" parameter of the "browseproject.php" script before using it in
an SQL query. Freelance Auction Script version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29225
______________________________________________________________________

08.21.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Feedback and Rating Script "detail.php" SQL Injection
Description: Feedback and Rating Script is a product and site rating
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"listingid" parameter of the "detail.php" script before using it in an
SQL query. Feedback and Rating Script version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29228
______________________________________________________________________

08.21.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: W1L3D4 Philboard Multiple SQL Injection Vulnerabilities
Description: Philboard is a web-based forum implemented in ASP. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Philboard version
0.5 is affected.
Ref: http://www.securityfocus.com/bid/29229
______________________________________________________________________

08.21.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Symantec Altiris Deployment Solution Unspecified SQL Injection
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to an unspecified SQL
injection issue because it fails to sufficiently sanitize
user-supplied data. Symantec Altiris Deployment Solution versions
prior to 6.9.176 are affected.
Ref: http://www.securityfocus.com/archive/1/492229
______________________________________________________________________

08.21.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Kostenloses Linkmanagementscript "id" Parameter Multiple SQL
Injection Vulnerabilities
Description: Kostenloses Linkmanagementscript is a link manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "view.php" and "top_view.php" scripts before using it
in an SQL query.
Ref: http://www.securityfocus.com/archive/1/492111
______________________________________________________________________

08.21.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SunShop Shopping Cart "index.php" SQL Injection
Description: SunShop Shopping Cart is a web-based ecommerce
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script when the "action" attribute
is set to "item" before using it in an SQL query. SunShop Shopping
Cart version 3.5.1 is affected.
Ref: http://www.securityfocus.com/archive/1/492120
______________________________________________________________________

08.21.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 68 Classifieds "category.php" SQL Injection
Description: 68 Classifieds is a PHP classifieds script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter of the
"category.php" script before using it in an SQL query. 68 Classifieds
version 4.0 is affected.
Ref: http://www.68classifieds.com/forums/showthread.php?t=4894
______________________________________________________________________

08.21.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IMGallery Multiple SQL Injection Vulnerabilities
Description: IMGallery is a web-based image gallery. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. IMGallery version 2.5 is
affected.
Ref: http://www.securityfocus.com/bid/29250
______________________________________________________________________

08.21.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: How2ASP.net Webboard "showQAnswer.asp" SQL Injection
Description: How2ASP.net Webboard is a web-based bulletin board. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "qNo" parameter of the
"showQAnswer.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/29263
______________________________________________________________________

08.21.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FicHive "category" Parameter SQL Injection
Description: FicHive is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "category" parameter in the
"index.php" script before using it in an SQL query. FicHive version
1.0 is affected.
Ref: http://www.milw0rm.com/exploits/5639
______________________________________________________________________

08.21.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS WebManager-Pro Multiple SQL Injection Vulnerabilities
Description: CMS WebManager-Pro is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "lang_id" and
"menu_id" parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/29266
______________________________________________________________________

08.21.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MX-System "index.php" SQL Injection
Description: MX-System is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the "index.php"
script before using it in an SQL query. MX-System version 2.7.3 is
affected.
Ref: http://www.securityfocus.com/bid/29307
______________________________________________________________________

08.21.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MercuryBoard "login.php" SQL Injection
Description: MercuryBoard is a message board application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "login.php" script
before using it in an SQL query. MercuryBoard version 1.1.5 is
affected.
Ref: http://www.securityfocus.com/bid/29280
______________________________________________________________________

08.21.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AlkalinePHP "thread.php" SQL Injection
Description: AlkalinePHP is a site engine. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "thread.php" script
before using it in an SQL query. AlkalinePHP version 00.80.00 beta is
affected.
Ref: http://www.securityfocus.com/bid/29281
______________________________________________________________________

08.21.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EntertainmentScript "play.php" SQL Injection
Description: EntertainmentScript is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"play.php" script before using it in an SQL query. EntertainmentScript
version 1.4.0 is affected.
Ref: http://www.securityfocus.com/bid/29284
______________________________________________________________________

08.21.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Php-Jokesite "jokes_category.php" SQL Injection
Description: Php-Jokesite is web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat_id" parameter of the
"jokes_category.php" script before using it in an SQL query.
Php-Jokesite version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29308
______________________________________________________________________

08.21.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: vBulletin "faq.php" SQL Injection
Description: vBulletin is a commercially available web-based bulletin
board. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "q" parameter
of the "faq.php" script before using it in an SQL query. vBulletin
version 3.7.0 Gold is affected.
Ref: http://www.securityfocus.com/archive/1/492290
______________________________________________________________________

08.21.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Web Slider "slide" Parameter SQL Injection
Description: Web Slider is a PHP-based framework for hosting slides on
the Internet. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"slide" parameter, when the "action" parameter is set to "slides",
before using it in an SQL query. Web Slider version 0.6 is affected.
Ref: http://www.securityfocus.com/bid/29296
______________________________________________________________________

08.21.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities
Description: Site Tanitimlari Scripti is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/29299
______________________________________________________________________

08.21.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DizaynPlus Nobetci Eczane Takip "ayrinti.asp" Parameter SQL
Injection
Description: DizaynPlus Nobetci Eczane Takip is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"anahtar" parameter of the "ayrinti.asp" before using it in an SQL
query. DizaynPlus Nobetci Eczane Takip version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29300
______________________________________________________________________

08.21.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ComicShout "index.php" SQL Injection
Description: ComicShout is a PHP-based web comic application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "comic_id" parameter
of the "index.php" script before using it in an SQL query. ComicShout
version 2.5 is affected.
Ref: http://www.securityfocus.com/bid/29301
______________________________________________________________________

08.21.64 CVE: Not Available
Platform: Web Application
Title: Digital Hive "base_include.php" Local File Include
Description: Digital Hive is PHP-based forum application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "base_include.php" script. Digital Hive version 2.0 RC2 is
affected.
Ref: http://www.securityfocus.com/bid/29255
______________________________________________________________________

08.21.65 CVE: Not Available
Platform: Web Application
Title: Zomplog "install/newuser.php" Unauthorized Access
Description: Zomplog is a web-log application. The application is
exposed to an unauthorized access issue because it fails to adequately
limit access to administrative scripts. This issue affects the
"install/newuser.php" script. Zomplog version 3.8.2 is affected.
Ref: http://www.securityfocus.com/bid/29258
______________________________________________________________________

08.21.66 CVE: CVE-2008-0167
Platform: Web Application
Title: GForge Insecure Temporary File Creation
Description: GForge is a PHP-based application for managing source
code. The application runs unspecified scripts that create temporary
files in an insecure way.
Ref: http://www.securityfocus.com/bid/29215
______________________________________________________________________

08.21.67 CVE: Not Available
Platform: Web Application
Title: AustinSmoke GasTracker Cookie Parameter Authentication Bypass
Description: AustinSmoke GasTracker is a PHP-based fuel consumption
tracking application. The application is exposed to an authentication
bypass issue because it fails to adequately verify user-supplied input
used for cookie-based authentication.
Ref: http://www.securityfocus.com/bid/29224
______________________________________________________________________

08.21.68 CVE: Not Available
Platform: Web Application
Title: ActiveKB "auth" Cookie Parameter Authentication Bypass
Description: ActiveKB is a web-based knowledgebase application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. ActiveKB version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/29226
______________________________________________________________________

08.21.69 CVE: Not Available
Platform: Web Application
Title: Internet Photoshow "login_admin" Parameter Unauthorized Access
Description: Internet Photoshow is a PHP-based gallery application.
The application is exposed to an issue that can result in unauthorized
database access. This occurs because the application grants
administrative access to users that have a "login_admin" cookie
parameter set to "true". Internet Photoshow Special Edition is
affected.
Ref: http://www.securityfocus.com/bid/29227
______________________________________________________________________

08.21.70 CVE: Not Available
Platform: Web Application
Title: Kostenloses Linkmanagementscript Multiple Remote File Include
Vulnerabilities
Description: Kostenloses Linkmanagementscript is a link manager. The
application is exposed to multiple remote file include issues because
it fails to properly sanitize user-supplied input to the
"main_page_directory" and "page_to_include" parameters of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/29234
______________________________________________________________________

08.21.71 CVE: Not Available
Platform: Web Application
Title: Drupal Site Documentation Module Database Tables Information
Disclosure
Description: Drupal Site Documentation is a module for the Drupal
content management system. The application is exposed to an
information disclosure issue because the application allows users with
"access content" permission to list arbitrary tables contained in the
database.
Ref: http://drupal.org/node/258547
______________________________________________________________________

08.21.72 CVE: Not Available
Platform: Web Application
Title: Rantx "admin.php" Unauthorized Access
Description: Rantx is a PHP-based blogging application. The
application is exposed to an issue that can result in unauthorized
access. The issue occurs because the application fails to verify
passwords in a secure manner.
Ref: http://www.securityfocus.com/bid/29243
______________________________________________________________________

08.21.73 CVE: Not Available
Platform: Web Application
Title: Multi-Page Comment System "CommentSystemAdmin" Cookie Parameter
Authentication Bypass
Description: Multi-Page Comment System is a content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Multi-Page Comment System version 1.1.0 is affected.
Ref: http://www.securityfocus.com/bid/29244
______________________________________________________________________

08.21.74 CVE: Not Available
Platform: Web Application
Title: Web Slider "admin" Cookie Parameter Authentication Bypass
Description: Web Slider is a framework application for the creation
and publication of slide groups. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. Web Slider
version 0.6 is affected.
Ref: http://www.securityfocus.com/bid/29246
______________________________________________________________________

08.21.75 CVE: Not Available
Platform: Web Application
Title: News Manager Multiple Remote Vulnerabilities
Description: News Manager is a web-based RSS aggregator. The
application is exposed to multiple remote issues. News Manager version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/29251
______________________________________________________________________

08.21.76 CVE: Not Available
Platform: Web Application
Title: Pet Grooming Management System "useradded.php" Unauthorized
Access
Description: Pet Grooming Management System (PGMS) is a PHP-based
application for managing pet stores. PGMS is exposed to an issue that
can result in unauthorized access. The issue occurs because the
application allows unauthorized users to add administrative accounts
through the "useradded.php" script. PGMS version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/29252
______________________________________________________________________

08.21.77 CVE: Not Available
Platform: Web Application
Title: ACGV News "glossaire.php" Multiple Input Validation
Vulnerabilities
Description: ACGV News is a PHP-based content manager. Since it fails
to sufficiently sanitize user-supplied data, the application is
exposed to multiple input validation issues. An SQL injection
vulnerability as well as a cross-site scripting vulnerability affect
the "id" parameter of the "gloassaire.php" script. ACGV News version
0.9.1 is affected.
Ref: http://www.securityfocus.com/bid/29253
______________________________________________________________________

08.21.78 CVE: Not Available
Platform: Web Application
Title: WR-Meeting "index.php" Local File Include
Description: WR-Meeting is web-based meeting application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "msnum" parameter of
the "index.php" script. WR-Meeting version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29262
______________________________________________________________________

08.21.79 CVE: Not Available
Platform: Web Application
Title: Smeego Cookie Parameter Local File Include
Description: Smeego is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the Cookie "lang" parameter in the
"mainfile.php" script. Smeego version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29264
______________________________________________________________________

08.21.80 CVE: Not Available
Platform: Web Application
Title: AlkalinePHP "adduser.php" Security Bypass
Description: AlkalinePHP is a site engine. The application is exposed
to a security bypass issue because it fails to properly validate user
credentials before allowing access to the "adduser.php" script.
AlkalinePHP versions 0.77.35 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29267
______________________________________________________________________

08.21.81 CVE: Not Available
Platform: Web Application
Title: eCMS Cookie Multiple Security Vulnerabilities
Description: eCMS is a web-based content manager. The application is
exposed to multiple security issues.
Ref: http://www.securityfocus.com/bid/29268
______________________________________________________________________

08.21.82 CVE: Not Available
Platform: Web Application
Title: LulieBlog Multiple Remote Vulnerabilities
Description: LulieBlog is a PHP-based web log application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter in the
"visumedia.php" script. LulieBlog version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/29269
______________________________________________________________________

08.21.83 CVE: Not Available
Platform: Web Application
Title: eCMS Multiple Security Vulnerabilities
Description: eCMS is a web-based content manager. eCMS is exposed to
multiple issues. eCMS version 0.4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/492279
______________________________________________________________________

08.21.84 CVE: Not Available
Platform: Web Application
Title: EntertainmentScript "page.php" Local File Include
Description: EntertainmentScript is a web-based application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "page" parameter of
the "page.php" script. EntertainmentScript version 1.4.0 is affected.
Ref: http://www.securityfocus.com/bid/29306
______________________________________________________________________

08.21.85 CVE: Not Available
Platform: Web Application
Title: GNU/Gallery "admin.php" Local File Include
Description: GNU/Gallery is a web-based gallery application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "show" parameter of
the "admin.php" script. GNU/Gallery versions 1.1.1.0 and earlier are
affected.
Ref: http://www.securityfocus.com/bid/29270
______________________________________________________________________

08.21.86 CVE: Not Available
Platform: Web Application
Title: MeltingIce File System "admin/adduser.php" Security Bypass
Description: MeltingIce File System is a web-based personal file
management application. The application is exposed to a security
bypass issue because it fails to properly validate user credentials
before allowing access to the "admin/adduser.php" script. MeltingIce
File System versions 1.0 and earlier are affected.
Ref: http://www.securityfocus.com/bid/29271
______________________________________________________________________

08.21.87 CVE: Not Available
Platform: Web Application
Title: Mypicgallery "admin/addUser.php" Security Bypass
Description: Mypicgallery is a web-based application. The application
is exposed to a security bypass issue because it fails to properly
validate user credentials before allowing access to the
"admin/addUser.php" script. Mypicgallery version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/29272
______________________________________________________________________

08.21.88 CVE: Not Available
Platform: Web Application
Title: testMaker Data Export Remote Information Disclosure
Description: testMaker is an application for designing and managing
web-based tests. The application is exposed to a remote information
disclosure issue due to an unspecified error in the data export
functionality. testMaker versions prior to 3.0p10 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729
______________________________________________________________________

08.21.89 CVE: Not Available
Platform: Web Application
Title: bcoos "file" Parameter Local File Include
Description: bcoos is a content manager based on the E-Xoops CMS. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "file" parameter of
the "class/debug/highlight.php" script. bcoos version 1.0.13 is
affected.
Ref:
http://lostmon.blogspot.com/2008/05/bcoos-highlightphp-traversal-file.html
______________________________________________________________________

08.21.90 CVE: Not Available
Platform: Web Application
Title: cPanel "wwwact" Remote Privilege Escalation
Description: cPanel is a web-hosting control panel. The application is
exposed to a remote privilege escalation issue that occurs because the
application allows attackers to gain access to the application's root
directory.
Ref: http://www.securityfocus.com/archive/1/492223
______________________________________________________________________

08.21.91 CVE: Not Available
Platform: Web Application
Title: microSSys CMS "PAGES[$P]" Remote File Include
Description: MicroSSys CMS is a PHP-based content management
application. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"PAGES[$P]" parameter of the "index.php" script. MicroSSys CMS version
1.5 is affected.
Ref: http://www.securityfocus.com/bid/29278
______________________________________________________________________

08.21.92 CVE: Not Available
Platform: Web Application
Title: Mantis Multiple Input Validation Vulnerabilities
Description: Mantis is bug tracking software. The application is
exposed to multiple input validation issues because it fails to
adequately sanitize user-supplied input. Mantis version 1.1.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/492306
______________________________________________________________________

08.21.93 CVE: CVE-2008-1749
Platform: Network Device
Title: Cisco Content Switching Module Layer 7 Load Balancing Denial of
Service
Description: Cisco Content Switching Module (CSM) and Cisco Content
Switching Module with SSL (CSM-S) are integrated server load balancing
(SLB) line card modules included in Cisco Catalyst 6500 and Cisco
Catalyst 7600. The application is exposed to denial of service issue
due to a memory leak.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080514-csm.shtml
______________________________________________________________________

08.21.94 CVE: Not Available
Platform: Network Device
Title: Aruba Mobility Controller Multiple Remote Vulnerabilities
Description: Aruba Mobility Controller is used to scale ArubaOS and
other software modules on enterprise networks. The application is
exposed to multiple remote issues. An attacker can exploit these
issues to execute arbitrary script code, steal cookie-based
authentication credentials and gain unauthorized access to the
affected device.
Ref: http://www.securityfocus.com/bid/29240
______________________________________________________________________

(c) 2008. All rights reserved. The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only. In some
cases, copyright for material in this newsletter may be held by a party
other than Qualys (as indicated herein) and permission to use such
material must be requested from the copyright owner.

Subscriptions: RISK is distributed free of charge by the SANS Institute
to people responsible for managing and securing information systems and
networks. You may forward this newsletter to others with such
responsibility inside or outside your organization.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkg1/5EACgkQ+LUG5KFpTkZdhwCfQsMFwCxcVtn81gxUEMgEYCL/
C1QAn3eEaJ55EeHCyPdUE5ggdu/c0bue
=knm5
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]