Firefox and Thunderbird and Apple Mac Java plug in and Sun Java Runtime
all had critical vulnerabilities reported this week.
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Other Microsoft Products 1
Third Party Windows Apps 8 (#5)
Linux 2
Mac OS X 1 (#2)
Solaris 2
Cross Platform 12 (#1, #3)
Web Application - Cross Site Scripting 15
Web Application - SQL Injection 44
Web Application 43
Network Device 3 (#4)
Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Mozilla Products Multiple Vulnerabilities
(2) CRITICAL: Apple Mac OS X Java Plugin Multiple Vulnerabilities
(3) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities
(4) HIGH: Cisco IOS Multiple Vulnerabilities
(5) HIGH: FLEXnet Connect ActiveX Control Buffer Overflow
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Other Microsoft Products
08.39.1 - Microsoft Internet Explorer Malformed PNG File Remote Denial of Service
-- Third Party Windows Apps
08.39.2 - Kantan WEB Server Unspecified Directory Traversal
08.39.3 - Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
08.39.4 - Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
08.39.5 - InstallShield Update Service Agent ActiveX Control Buffer Overflow
08.39.6 - ISC BIND Windows UDP Client Handler Denial of Service
08.39.7 - DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
08.39.8 - Foxmail Email Client "mailto" Buffer Overflow
08.39.9 - Chilkat XML ActiveX Control Multiple Vulnerabilities
-- Linux
08.39.10 - Openswan IPsec Livetest Insecure Temporary File Creation
08.39.11 - strongSwan "mpz_export()" Remote Denial of Service
-- Solaris
08.39.12 - Sun Solaris Text Editors Local Privilege Escalation
08.39.13 - Sun Solaris UFS Filesystem "acl(2)" Local Denial of Service
-- Cross Platform
08.39.14 - G DATA InternetSecurity/AntiVirus/TotalCare 2008 "GDTdiIcpt.sys" Memory Corruption
08.39.15 - Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow
08.39.16 - FAAD2 Frontend "decodeMP4file()" Heap-Based Buffer Overflow
08.39.17 - Mercurial hgweb "allowpull" Information Disclosure
08.39.18 - FFmpeg "lavf_demux" Animated GIF Processing Remote Denial of Service
08.39.19 - Emacspeak "extract-table.pl" Insecure Temporary File Creation
08.39.20 - fhttpd Basic Authorization Remote Denial of Service
08.39.21 - ProFTPD Long Command Handling Security
08.39.22 - JBoss Enterprise Application Platform Class Files Information Disclosure
08.39.23 - Multiple Vendors IMAP Servers Denial of Service
08.39.24 - BitlBee Unspecified Security Bypass Variant
08.39.25 - Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
-- Web Application - Cross Site Scripting
08.39.26 - Sama Educational Management System "Error.asp" Cross-Site Scripting
08.39.27 - Kantan WEB Server Unspecified Cross-Site Scripting
08.39.28 - Quick.Cms.Lite "admin.php" Cross-Site Scripting
08.39.29 - Quick.Cart "admin.php" Cross-Site Scripting
08.39.30 - Parallels H-Sphere "login.php" Multiple Cross-Site Scripting Vulnerabilities
08.39.31 - LooYu Web IM Cross-Site Scripting
08.39.32 - eXtrovert software Thyme "add_calendars.php" Cross-Site Scripting
08.39.33 - fuzzylime (cms) "usercheck.php" Cross-Site Scripting
08.39.34 - BLUEPAGE CMS "index.php" Multiple Cross-Site Scripting Vulnerabilities
08.39.35 - xt:Commerce Session Fixation and Cross-Site Scripting Vulnerabilities
08.39.36 - DataSpade "index.asp" Multiple Cross-Site Scripting Vulnerabilities
08.39.37 - Achievo "dispatch.php" Cross-Site Scripting
08.39.38 - Achievo "atknodetype" Parameter Cross-Site Scripting
08.39.39 - phpMyAdmin Cross-Site Scripting
08.39.40 - Datalife Engine CMS "admin.php" Cross-Site Scripting
-- Web Application - SQL Injection
08.39.41 - SoftAcid Hotel Reservation System "city.asp" SQL Injection
08.39.42 - Cars & Vehicle "page.php" SQL Injection
08.39.43 - Add a link Security Bypass and SQL Injection Vulnerabilities
08.39.44 - Drupal Mailhandler Module Multiple SQL Injection Vulnerabilities
08.39.45 - ProArcadeScript "random" Parameter SQL Injection
08.39.46 - Diesel Joke Site "picture_category.php" SQL Injection
08.39.47 - TYPO3 Simple Random Objects Extension Unspecified SQL Injection
08.39.48 - TYPO3 auto BE User Registration "autobeuser" Component SQL Injection
08.39.49 - TYPO3 My Quiz and Poll Extension Unspecified SQL Injection
08.39.50 - TYPO3 Swigmore institute Extension Unspecified SQL Injection
08.39.51 - TYPO3 FE address edit for tt_address & direct mail Extension Unspecified SQL Injection
08.39.52 - TYPO3 Diocese of Portsmouth Church Search Extension Unspecified SQL Injection
08.39.53 - TYPO3 HBook Extension Unspecified SQL Injection
08.39.54 - PHP Pro Bid Multiple SQL Injection Vulnerabilities
08.39.55 - TYPO3 Random Prayer Version 2 Extension Unspecified SQL Injection
08.39.56 - TYPO3 Another Backend Login Extension Unspecified SQL Injection
08.39.57 - MyFWB Page Variable SQL Injection
08.39.58 - jPortal "humor.php" SQL Injection
08.39.59 - Plaincart "index.php" SQL Injection
08.39.60 - Diesel Pay "index.php" SQL Injection
08.39.61 - Oceandir "show_vote.php" SQL Injection
08.39.62 - Mevin Productions Basic PHP Events Lister "id" Parameter SQL Injection
08.39.63 - PHPKB Multiple SQL Injection Vulnerabilities
08.39.64 - NetArt Media Real Estate Portal "index.php" SQL Injection
08.39.65 - NetArt Media Jobs Portal Multiple SQL Injection Vulnerabilities
08.39.66 - 6rbScript "singerid" Parameter SQL Injection
08.39.67 - AvailScript Article Script "view.php" SQL Injection
08.39.68 - Diesel Job Site "job-info.php" SQL Injection
08.39.69 - e107 my_gallery Plugin "image_gallery.php" SQL Injection
08.39.70 - Invision Power Board "name" parameter SQL Injection
08.39.71 - rgb72 WCMS "index.php" SQL Injection
08.39.72 - WSN Links "comments.php" SQL Injection
08.39.73 - MapCal "id" Parameter SQL Injection
08.39.74 - WSN Links "vote.php" SQL Injection
08.39.75 - BuzzScripts BuzzyWall "search.php" SQL Injection
08.39.76 - E-Php Shopping Cart Script "search_results.php" SQL Injection
08.39.77 - Agares Media Arcadem Pro "articleblock.php" SQL Injection
08.39.78 - BlueCUBE CMS "tienda.php" SQL Injection
08.39.79 - University of Queensland Fez "list.php" SQL Injection
08.39.80 - 6rbScript "cat.php" SQL Injection
08.39.81 - CJ Ultra Plus "SID" Cookie Parameter SQL Injection
08.39.82 - iGaming CMS Multiple SQL Injection Vulnerabilities
08.39.83 - JETIK-WEB "sayfa.php" SQL Injection
08.39.84 - Greatclone Hotscripts Clone "showcategory.php" SQL Injection
-- Web Application
08.39.85 - Attachmax Multiple Security Vulnerabilities
08.39.86 - osCommerce 'create_account.php" Information Disclosure
08.39.87 - phpRealty "view.php" Remote File Include
08.39.88 - PHP-Crawler "footer.php" Remote File Include
08.39.89 - Technote "twindow_notice.php" Remote File Include
08.39.90 - Drupal Link to Us "Link page header" Field HTML Injection
08.39.91 - x10 Automatic MP3 Script "web_root" Parameter Multiple Remote File Include Vulnerabilities
08.39.92 - Gallery Prior to 2.2.6 Multiple Vulnerabilities
08.39.93 - Drupal Mailsave Module MIME Type HTML Injection
08.39.94 - Denora IRC Stats CTCP String Handling Remote Denial of Service
08.39.95 - Drupal Talk Module Multiple Remote Vulnerabilities
08.39.96 - Cyask "collect.php" Information Disclosure
08.39.97 - AssetMan "search_inv.php" Session Fixation
08.39.98 - HyperStop WebHost Directory Database Disclosure
08.39.99 - phpShop Unspecified Session Fixation
08.39.100 - TYPO3 "kw_secdir" Extension Unspecified Remote Code Execution
08.39.101 - TYPO3 File List Extension Unspecified Information Disclosure
08.39.102 - Advanced Electron Forum BBCode "preg_replace" PHP Code Injection Vulnerabilities
08.39.103 - Explay CMS Cookie Authentication Bypass
08.39.104 - Explay CMS Multiple HTML Injection Vulnerabilities
08.39.105 - Epic Games Unreal Tournament 3 UT3 WebAdmin Directory Traversal
08.39.106 - Drupal Insecure Cookie Disclosure Weakness
08.39.107 - Rianxosencabos CMS Cookie Authentication Bypass
08.39.108 - ClanSphere Multiple Information Disclosure Vulnerabilities
08.39.109 - MyBB Prior to 1.4.2 Multiple Security Vulnerabilities
08.39.110 - Rianxosencabos CMS "useradmin.php" Access Validation
08.39.111 - AvailScript Job Portal Script Remote File Upload
08.39.112 - 6rbScript "section.php" Local File Include
08.39.113 - UNAK-CMS Cookie Authentication Bypass
08.39.114 - openElec "form.php" Local File Include
08.39.115 - MyBlog "add.php" Cookie Authentication Bypass
08.39.116 - rgb72 WCMS "change_password.asp" Account Creation Access Validation
08.39.117 - BLUEPAGE CMS "PHPSESSID" Session Fixation
08.39.118 - PHP iCalendar Cookie Authentication Bypass
08.39.119 - SquirrelMail Insecure Cookie Disclosure Weakness
08.39.120 - Vignette Content Management Unspecified Security Bypass
08.39.121 - BaseBuilder "main.inc.php" Remote File Include
08.39.122 - pfSense DHCPREQUEST Hostname HTML Injection
08.39.123 - Omnicom Content Platform "browser.asp" Parameter Directory Traversal
08.39.124 - OpenRat "insert.inc.php" Remote File Include
08.39.125 - Sofi WebGUI "modstart.php" Remote File Include
08.39.126 - Mantis Insecure Cookie Disclosure Weakness
08.39.127 - Ol' Bookmarks Multiple Input Validation Vulnerabilities
-- Network Device
08.39.128 - Cisco 871 Integrated Services Router Cross-Site Request Forgery
08.39.129 - Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code Execution
08.39.130 - Multiple Sagem F@st Routers DHCP Hostname HTML Injection
______________________________________________________________________
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Mozilla Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions 3.0.1 and prior
Mozilla Thunderbird versions 2.0.0.16 and prior
Mozilla SeaMonkey versions 1.1.11 and prior
Description: Several Mozilla products, including the popular Mozilla web
browser, contain multiple vulnerabilities in their handling of a variety
of inputs. Flaws in the handling of URLs, JavaScript, image files, and
other input can lead to vulnerabilities ranging in severity from remote
code execution to information disclosure and denials-of-service.
Technical details are available for some of these vulnerabilities, and
further technical details could be obtained via source code analysis.
Status: Vendor confirmed, updates available.
References:
Mozilla Security Advisories
http://www.mozilla.org/security/announce/2008/mfsa2008-45.html
http://www.mozilla.org/security/announce/2008/mfsa2008-44.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.mozilla.org/security/announce/2008/mfsa2008-42.html
http://www.mozilla.org/security/announce/2008/mfsa2008-41.html
http://www.mozilla.org/security/announce/2008/mfsa2008-40.html
http://www.mozilla.org/security/announce/2008/mfsa2008-39.html
http://www.mozilla.org/security/announce/2008/mfsa2008-38.html
http://www.mozilla.org/security/announce/2008/mfsa2008-37.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/31346
****************************************************
(2) CRITICAL: Apple Mac OS X Java Plugin Multiple Vulnerabilities
Affected:
Apple Mac OS X versions 10.5.5 and prior
Description: The Java Runtime Environment installed by default on Apple
Mac OS X contains multiple vulnerabilities. A flaw in the handling of
"file://" URLs by Java applets could allow an applet to execute
arbitrary commands with the privileges of the current user.
Additionally, a flaw in the handling of Hash-based Message
Authentication Codes (HMACs), used to validate applet origin, could lead
to a memory corruption vulnerability. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. It is believed that these
vulnerabilities are distinct from the vulnerabilities in the Sun Java
Runtime Environment discussed below.
Status: Vendor confirmed, updates available.
References:
Apple Security Advisoriy
http://support.apple.com/kb/HT3179
Apple Mac OS X Home Page
http://www.apple.com/macosx
SecurityFocus BIDs
http://www.securityfocus.com/bid/31380
http://www.securityfocus.com/bid/31379
****************************************************
(3) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities
Affected:
Sun Java Runtime Environment versions prior to Java 6 update 7
Description: The Sun Java Runtime Environment is the standard
implementation of the Java Platform Runtime Environment. It contains
multiple vulnerabilities in its handling of scripting in applets. A
specially crafted applet could exploit one of these vulnerabilities to
escalate its privileges. This would allow the applet to access the
vulnerable system with the privileges of the current user. Additional
vulnerabilities would allow one applet to interact with another,
potentially unrelated, applet. The Sun Java Runtime Environment is
installed by default on all Apple Mac OS X systems, Sun Solaris systems,
most Unix and Linux-based operating systems, and is commonly installed
on Microsoft Windows. Some technical details are publicly available for
these vulnerabilities. Note that applets are often executed immeditely
upon receipt, without first prompting the user.
Status: Vendor confirmed, updates available. Note that this update
includes fixes for other, previously-discussed vulnerabilities that were
addressed in earlier hotfixes.
References:
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
Sun Java Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/30144
****************************************************
(4) HIGH: Cisco IOS Multiple Vulnerabilities
Affected:
Cisco IOS, multiple versions and featuresets, on multiple types of systems
Description: Cisco Internetwork Operating System (IOS) is Cisco's
operating system for most of its routing and switching products. It
contains multiple vulnerabilities in its handling of a variety of
network protocols. A specially crafted request in any one of these
protocols could result in a denial-of-service condition. This condition
may affect a subsystem on the affected device, or the entire device. In
some cases, technical details are publicly available. Affected protocols
include Protocol Independent Multicast, Cisco IPC, Session Initiation
Protocol, Multiprotocol Label Switching, Layer 2 Tunneling Protocol,
Secure Sockets Layer, DNS, and other protocols. Additionally, the Cisco
uBR10012 Router contains a default configuration weakness; a default
Simple Network Management Protocol (SNMP) community configuration. This
vulnerability could be leveraged to take complete control of the
vulnerable device.
Status: Vendor confirmed, updates available. Users are advised to
disable unnecessary protocol processing if possible.
References:
Cisco Security Advisories
http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ipc.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080924-mfi.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0157a.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01556.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
Product Home Page
http://www.cisco.com/public/sw-center/sw-ios.shtml
SecurityFocus BIDs
http://www.securityfocus.com/bid/31355
http://www.securityfocus.com/bid/31359
http://www.securityfocus.com/bid/31354
http://www.securityfocus.com/bid/31364
http://www.securityfocus.com/bid/31365
http://www.securityfocus.com/bid/31358
http://www.securityfocus.com/bid/31360
http://www.securityfocus.com/bid/31361
http://www.securityfocus.com/bid/31363
http://www.securityfocus.com/bid/31356
****************************************************
(5) HIGH: FLEXnet Connect ActiveX Control Buffer Overflow
Affected:
FLEXnet Connect versions 6.x
Macromedia InstallShield 2008 Premier
Description: FLEXnet Connect is a component used by the Macromedia
InstallShield installation suite. It contains a buffer overflow in its
handling of certain input. A specially crafted web page that
instantiated this control could trigger this buffer overflow.
Successfully exploiting this buffer overflow would allow an attacker to
execute arbitrary code with the privileges of the current user. Some
technical details are publicly available for this vulnerability.
Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"E9880553-B8A7-4960-A668-95C68BED571E".
References:
Macromedia Security Advisory
http://kb.acresso.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=Q113020&sliceId=
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://consumer.installshield.com/about_us.asp
SecurityFocus BID
http://www.securityfocus.com/bid/31235
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 39, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________
08.39.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Malformed PNG File Remote Denial of
Service
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. Internet Explorer is exposed to a remote denial
of service issue when handling web pages containing a malformed PNG
file. The issue occurs in the "CDwnTaskExec::ThreadExec()" function of
the "msHhtml.dll" library when grabbing and running tasks
synchronously. Microsoft Internet Explorer 7 and 8 Beta 1 are
affected.
Ref: http://www.securityfocus.com/archive/1/496483
______________________________________________________________________
08.39.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Kantan WEB Server Unspecified Directory Traversal
Description: Kantan WEB Server is a web server application for
Microsoft Windows. The application is exposed to an unspecified
directory traversal issue because it fails to sufficiently sanitize
user-supplied input. Kantan WEB Server versions prior to 1.9 are
affected.
Ref: http://jvn.jp/en/jp/JVN79026329/index.html
______________________________________________________________________
08.39.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Acritum Femitter Server Information Disclosure and Denial of
Service Vulnerabilities
Description: Acritum Femitter Server is an FTP and HTTP server
application available for Microsoft Windows. Femitter Server is
exposed to multiple issues. Successfully exploiting these issues may
allow an attacker to disclose sensitive information or cause the
affected application to crash, denying service to legitimate users.
Femitter Server version 1.03 is affected.
Ref: http://www.securityfocus.com/bid/31226
______________________________________________________________________
08.39.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple
Insecure Method Vulnerabilities
Description: Data Dynamics ActiveReports is an addon for the Microsoft
Visual Studio development tool. Data Dynamics ActiveReports ActiveX
control is exposed to multiple insecure method issues. Data Dynamics
ActiveReports Professional Edition Build version 2.5.0.1314 is
affected.
Ref: http://vuln.sg/ddarviewer2501314-en.html
______________________________________________________________________
08.39.5 CVE: CVE-2008-2470
Platform: Third Party Windows Apps
Title: InstallShield Update Service Agent ActiveX Control Buffer
Overflow
Description: InstallShield Update Service ActiveX control is included
with some InstallShield Windows installers. The control is exposed to
a buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied input to the "ExecuteRemote()" method of
"isusweb.dll".
Ref: http://www.kb.cert.org/vuls/id/630017
______________________________________________________________________
08.39.6 CVE: CVE-2007-2241
Platform: Third Party Windows Apps
Title: ISC BIND Windows UDP Client Handler Denial of Service
Description: ISC BIND (Berkley Internet Domain Name) is an
implementation of DNS protocols. ISC BIND for Windows is exposed to a
denial of service issue because it fails to handle certain UDP
packets. BIND versions 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 for
the Windows platform are affected.
Ref: http://marc.info/?l=bind-announce&m=122180376630150&w=2
______________________________________________________________________
08.39.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: DESlock+ Local Buffer Overflow and Multiple Denial of Service
Vulnerabilities
Description: DESlock+ is a data protection software product available for
Windows platforms. The application is exposed to multiple local issues.
DESlock+ versions 3.2.7 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31273
______________________________________________________________________
08.39.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Foxmail Email Client "mailto" Buffer Overflow
Description: Foxmail Email Client is a mail client application
available for Microsoft Windows. Foxmail Email Client is exposed to a
buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. Foxmail Email Client version
6.5 is affected.
Ref: http://www.securityfocus.com/bid/31294
______________________________________________________________________
08.39.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat XML ActiveX Control Multiple Vulnerabilities
Description: The Chilkat XML ActiveX control is an XML parser
application. The Chilkat XML ActiveX control is exposed to multiple
issues. An attacker can exploit these issues by enticing an
unsuspecting user to view a malicious HTML page. The Chilkat XML
ActiveX control DLL "ChilkatUtil.dll" versions 3.0.3.0 and earlier are
affected.
Ref: http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS
______________________________________________________________________
08.39.10 CVE: Not Available
Platform: Linux
Title: Openswan IPsec Livetest Insecure Temporary File Creation
Description: Openswan is an implementation of IPsec for Linux. The
application creates temporary files in an insecure manner. The issue
occurs because the "/usr/libexec/ipsec/livetest" script creates files
in an insecure manner.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374
______________________________________________________________________
08.39.11 CVE: Not Available
Platform: Linux
Title: strongSwan "mpz_export()" Remote Denial of Service
Description: strongSwan is an open-source implementation of an IPSec
VPN for Linux. The application is exposed to a remote denial of
service issue. Specifically, the issue occurs due to a NULL-pointer
dereference in the "mpz_export()" function. strongSwan versions 4.2.6
and prior are affected.
Ref: http://labs.mudynamics.com/advisories/MU-200809-01.txt
______________________________________________________________________
08.39.12 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Text Editors Local Privilege Escalation
Description: Sun Solaris text editors are exposed to a local privilege
escalation issue. Specifically, the issue occurs in the Solaris text
editors like vi(1), ex(1), vedit(1), view(1), and edit(1) when
handling tags. Sun Solaris versions 8, 9 and 10 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237987-1
______________________________________________________________________
08.39.13 CVE: Not Available
Platform: Solaris
Title: Sun Solaris UFS Filesystem "acl(2)" Local Denial of Service
Description: Sun Solaris is a UNIX-based operating system. Sun Solaris
is exposed to a local denial of service issue due to unspecified
errors in the Access Control Lists implementation for UFS file
systems. Sun Solaris versions 8, 9, 10 and OpenSolaris for SPARC and
x86 platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242267-1
______________________________________________________________________
08.39.14 CVE: Not Available
Platform: Cross Platform
Title: G DATA InternetSecurity/AntiVirus/TotalCare 2008
"GDTdiIcpt.sys" Memory Corruption
Description: G DATA InternetSecurity/AntiVirus/TotalCare 2008 are
computer security applications. The applications are exposed to an
issue that allows local attackers to corrupt kernel memory. This issue
occurs because the software fails to sufficiently validate IOCTL
requests.
Ref: http://www.trapkit.de/advisories/TKADV2008-008.txt
______________________________________________________________________
08.39.15 CVE: CVE-2008-4116
Platform: Cross Platform
Title: Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a buffer overflow issue
because it fails to properly handle long strings in a file with a
recognized header but with a nonmatching filetype. QuickTime version
7.5.5 and iTunes version 8.0 are affected.
Ref: http://www.securityfocus.com/bid/31212
______________________________________________________________________
08.39.16 CVE: Not Available
Platform: Cross Platform
Title: FAAD2 Frontend "decodeMP4file()" Heap-Based Buffer Overflow
Description: FAAD2 (Freeware Advanced Audio Decoder) is an open source
MPEG-4 and MPEG-2 AAC decoder. FAAD2 is exposed to a heap-based buffer
overflow occurring in the "decodeMP4file()" function of the
"faad2/frontend/main.c" source file. The application's command-line
front end fails to adequately validate input from a buffer returned by
the decoder library. FAAD2 version 2.6 is affected.
Ref: http://www.audiocoding.com/index.html
______________________________________________________________________
08.39.17 CVE: Not Available
Platform: Cross Platform
Title: Mercurial hgweb "allowpull" Information Disclosure
Description: Mercurial is a source control system available for
multiple operating platforms. Mercurial is exposed to an
information disclosure issue because it fails to honor specific
configuration options. This issue occurs in the "hgweb" component used
to provide CGI access to a source repositiory. This component fails to
honor the "allowpull" configuration option. Mercurial version 1.0.1 is
affected.
Ref:
http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b
______________________________________________________________________
08.39.18 CVE: CVE-2008-3230
Platform: Cross Platform
Title: FFmpeg "lavf_demux" Animated GIF Processing Remote Denial of
Service
Description: FFmpeg is a media player. "lavf_demuxer" is a library
used to decode image files. FFmpeg is exposed to a remote denial of
service issue that occurs when processing specially-crafted animated
GIF media files. This error occurs in the source file
"libavformat/gifdec.c". FFmpeg version 0.4.9-pre1 is affected.
Ref: http://www.securityfocus.com/bid/31234
______________________________________________________________________
08.39.19 CVE: Not Available
Platform: Cross Platform
Title: Emacspeak "extract-table.pl" Insecure Temporary File Creation
Description: Emacspeak is a desktop audio application. The application
creates temporary files in an insecure manner. The issue occurs
because the
"/usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl" script
creates files in an insecure manner.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=460435
______________________________________________________________________
08.39.20 CVE: Not Available
Platform: Cross Platform
Title: fhttpd Basic Authorization Remote Denial of Service
Description: fhttpd is a combination FTP and HTTP server. The server
is exposed to a remote denial of service issue because it fails to
properly handle malformed Basic authorization requests. fhttpd version
0.4.2 is affected.
Ref: http://www.securityfocus.com/bid/31265
______________________________________________________________________
08.39.21 CVE: Not Available
Platform: Cross Platform
Title: ProFTPD Long Command Handling Security
Description: ProFTPD is an FTP server implementation for UNIX and
Linux platforms. ProFTPD is exposed to a security issue that allows
attackers to perform cross-site request-forgery types of attacks. The
issues stem from an error in processing of long FTP commands. The
application truncates an overly long FTP command and interprets the
remaining string as a new FTP command. ProFTPD version 1.3.1 is
affected.
Ref: http://bugs.proftpd.org/show_bug.cgi?id=3115
______________________________________________________________________
08.39.22 CVE: Not Available
Platform: Cross Platform
Title: JBoss Enterprise Application Platform Class Files Information
Disclosure
Description: JBoss Enterprise Application Platform (EAP) is a tool for
developing Web 2.0 applications on a pure Java Platform. JBoss EAP is
exposed to a remote information disclosure issue that may allow remote
attackers to download class files.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458823
______________________________________________________________________
08.39.23 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendors IMAP Servers Denial of Service
Description: Multiple vendors' IMAP servers are exposed to a remote
denial of service issue caused by an unspecified error when handling
IMAP login requests. Specifically, multiple long "A0001 LOGIN" requests
can cause certain IMAP daemons to stop accepting connections.
Ref: http://www.washington.edu/imap/
______________________________________________________________________
08.39.24 CVE: CVE-2008-3969
Platform: Cross Platform
Title: BitlBee Unspecified Security Bypass Variant
Description: BitlBee is an application that enables users to use
Instant Messaging (IM) over Internet Relay Chat (IRC). BitlBee is
exposed to an unspecified security-bypass issue. BitlBee versions
prior to 1.2.3 are affected.
Ref: http://bitlbee.org/main.php/changelog.html
______________________________________________________________________
08.39.25 CVE: CVE-2008-3837, CVE-2008-4058, CVE-2008-4059,
CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063,
CVE-2008-4064, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067,
CVE-2008-4068, CVE-2008-4069, CVE-2008-3836, CVE-2008-3835,
CVE-2008-0016
Platform: Cross Platform
Title: Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote
Vulnerabilities
Description: The Mozilla Foundation has released multiple security
advisories specifying various vulnerabilities in Firefox versions
2.0.0.16 and prior, Firefox versions 3.0.1 and prior, Thunderbird
versions 2.0.0.16 and prior and SeaMonkey versions 1.1.11 and prior.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-39.html
______________________________________________________________________
08.39.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sama Educational Management System "Error.asp" Cross-Site
Scripting
Description: Sama Educational Management System is a web application.
The application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "Message"
parameter of the "Error.asp" script.
Ref: http://www.securityfocus.com/archive/1/496506
______________________________________________________________________
08.39.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kantan WEB Server Unspecified Cross-Site Scripting
Description: Kantan WEB Server is an HTTP server for Microsoft Windows
platforms. Kantan WEB Server is exposed to an unspecified cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Kantan WEB Server versions prior to 1.9 are affected.
Ref: http://jvn.jp/en/jp/JVN94163107/index.html
______________________________________________________________________
08.39.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Quick.Cms.Lite "admin.php" Cross-Site Scripting
Description: Quick.Cms.Lite is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input passed to the
"admin.php" script. Quick.Cms.Lite version 2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496435
______________________________________________________________________
08.39.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Quick.Cart "admin.php" Cross-Site Scripting
Description: Quick.Cart is a PHP-based shopping cart application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input passed to the
"admin.php" script. Quick.Cart version 3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496477
______________________________________________________________________
08.39.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Parallels H-Sphere "login.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: H-Sphere is an automation solution for multiserver
hosting; it is available for Linux, BSD, and Windows platforms. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input passed to the
"err", "errcode", and "login" parameters of the "login.php" script.
H-Sphere versions 3.0.0 Patch 9 and 3.1 Patch 1 are affected.
Ref: http://www.securityfocus.com/bid/31256
______________________________________________________________________
08.39.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LooYu Web IM Cross-Site Scripting
Description: LooYu Web IM is an instant message and chat application
for use within a web browser. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. LooYu Web IM Home Edition, LooYu Web IM
Enterprise, and LooYu Web Professional are affected.
Ref: http://www.securityfocus.com/archive/1/496531
______________________________________________________________________
08.39.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: eXtrovert software Thyme "add_calendars.php" Cross-Site
Scripting
Description: eXtrovert software Thyme is a web-based calendar
application. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input to
the "callback" of the "add_calendars.php" script. Thyme version 1.3 is
affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html
______________________________________________________________________
08.39.33 CVE: CVE-2008-3098
Platform: Web Application - Cross Site Scripting
Title: fuzzylime (cms) "usercheck.php" Cross-Site Scripting
Description: fuzzylime (cms) is a web-based content management system.
The application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "user"
parameter of the "usercheck.php" script. fuzzylime (cms) versions
prior to 3.03 are affected.
Ref: http://www.securityfocus.com/archive/1/496589
______________________________________________________________________
08.39.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BLUEPAGE CMS "index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: BLUEPAGE CMS is a PHP-based content management
application. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input. BLUEPAGE CMS version 2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/496582
______________________________________________________________________
08.39.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: xt:Commerce Session Fixation and Cross-Site Scripting
Vulnerabilities
Description: xt:Commerce is an ecommerce application. xt:Commerce is
exposed to multiple issues. The attacker can leverage the
session-fixation issue to hijack a session of an unsuspecting user.
xt:Commerce version 3.04 is affected.
Ref: http://www.securityfocus.com/archive/1/496583
______________________________________________________________________
08.39.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DataSpade "index.asp" Multiple Cross-Site Scripting
Vulnerabilities
Description: DataSpade is a front end database application that can
interface with Microsoft Access and SQL Server. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. DataSpade version 1.0 is
affected.
Ref: http://pridels-team.blogspot.com/2008/09/dataspade-xss-vuln.html
______________________________________________________________________
08.39.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Achievo "dispatch.php" Cross-Site Scripting
Description: Achievo is a web-based resource-management tool. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "atkaction"
parameter of the "dispatch.php" script. Achievo version 1.3.2 is
affected.
Ref: http://www.securityfocus.com/bid/31325
______________________________________________________________________
08.39.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Achievo "atknodetype" Parameter Cross-Site Scripting
Description: Achievo is a web-based resource-management tool. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the
"atknodetype" parameter of the "dispatch.php" script. Achievo version
1.3.2 is affected.
Ref: http://www.securityfocus.com/bid/31326
______________________________________________________________________
08.39.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied data.
The issues exists due to an error in the "PMA_escapeJsString()"
function in the "libraries/js_escape.lib.php" script and can be exploited to
bypass certain filters using NULL-byte characters. phpMyAdmin versions
prior to 2.11.9.2 are affected.
Ref: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
______________________________________________________________________
08.39.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Datalife Engine CMS "admin.php" Cross-Site Scripting
Description: Datalife Engine CMS is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "admin.php"
script. Datalife Engine CMS version 7.2 is affected.
Ref: http://www.securityfocus.com/archive/1/496605
______________________________________________________________________
08.39.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SoftAcid Hotel Reservation System "city.asp" SQL Injection
Description: SoftAcid Hotel Reservation System (HRS) is an ASP-based
reservation management application. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "city" parameter of the "city.asp" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31211
______________________________________________________________________
08.39.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Cars & Vehicle "page.php" SQL Injection
Description: The Cars & Vehicle script is a web-based script. The Cars
& Vehicle script is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "lnkid" parameter
of the "page.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31214
______________________________________________________________________
08.39.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Add a link Security Bypass and SQL Injection Vulnerabilities
Description: Add a link is a web-based application. The application is
exposed to multiple security issues. Exploiting the security bypass
issues may allow an attacker to bypass certain security restrictions and
perform unauthorized actions. Add a link version 4 and prior versions
are affected.
Ref: http://www.securityfocus.com/bid/31228
______________________________________________________________________
08.39.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Drupal Mailhandler Module Multiple SQL Injection
Vulnerabilities
Description: Mailhandler is a PHP-based component for Drupal. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to unspecified
scripts and parameters. Mailhandler versions prior to 5.x-1.4 and
prior to 6.x-1.4 are affected.
Ref: http://drupal.org/node/309769
______________________________________________________________________
08.39.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ProArcadeScript "random" Parameter SQL Injection
Description: ProArcadeScript is an online arcade portal.
ProArcadeScript is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "random" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31238
______________________________________________________________________
08.39.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Diesel Joke Site "picture_category.php" SQL Injection
Description: Diesel Joke Site is a web-based joke forum. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"picture_category.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31240
______________________________________________________________________
08.39.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Simple Random Objects Extension Unspecified SQL Injection
Description: TYPO3 Simple Random Objects is an extension for the TYPO3
content manager. Simple Random Objects is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. Simple Random Objects has the
extension key "mw_random_objects". Simple Random Objects version 1.0.3
is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 auto BE User Registration "autobeuser" Component SQL
Injection
Description: The auto BE User Registration extension (autobeuser) is
for registering users for the TYPO3 content manager. The "autobeuser"
extension is exposed to an unspecified SQL injection issue because it
fails to properly sanitize user-supplied input before using it in an
SQL query. auto BE User Registration version 0.0.2 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 My Quiz and Poll Extension Unspecified SQL Injection
Description: My Quiz and Poll is an extension for the TYPO3 content
manager. My Quiz and Poll is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data before using it
in an SQL query. My Quiz and Poll versions prior to 0.1.4 are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Swigmore institute Extension Unspecified SQL Injection
Description: TYPO3 Swigmore institute is an extension for the TYPO3
content manager. The Swigmore institute extension "cgswigmore" is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Swigmore
institute versions prior to 0.1.2 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 FE address edit for tt_address & direct mail Extension
Unspecified SQL Injection
Description: FE address edit for tt_address & direct mail
(dmaddredit) is an extension for the TYPO3 content manager. The
"dmaddredit" extension is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. "dmaddredit" version 0.4.0 is affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Diocese of Portsmouth Church Search Extension Unspecified
SQL Injection
Description: TYPO3 Diocese of Portsmouth Church Search is an extension
for the TYPO3 content manager. Diocese of Portsmouth Church Search is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query. Diocese
of Portsmouth Church Search versions prior to 0.1.1 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 HBook Extension Unspecified SQL Injection
Description: HBook (h_book) is an extension for the TYPO3 content
manager. The "h_book" extension is exposed to an unspecified SQL
injection issue because it fails to properly sanitize user-supplied
input before using it in an SQL query. HBook version 2.3.0 is
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Pro Bid Multiple SQL Injection Vulnerabilities
Description: PHP Pro Bid is a PHP-based auction application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied input to the "order_type"
parameter of the "categories.php" script. PHP Pro Bid version 6.04 is
affected.
Ref: http://www.securityfocus.com/archive/1/496533
______________________________________________________________________
08.39.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Random Prayer Version 2 Extension Unspecified SQL
Injection
Description: TYPO3 Random Prayer Version 2 (ste_prayer2) is an
extension for the TYPO3 content manager. The "ste_prayer2" extension
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query.
"ste_prayer2" versions prior to 0.0.3 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 Another Backend Login Extension Unspecified SQL Injection
Description: TYPO3 Another Backend Login (wrg_anotherbelogin) is an
extension for the TYPO3 content manager. The "wrg_anotherbelogin"
extension is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. "wrg_anotherbelogin" versions prior to 0.0.4 are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyFWB Page Variable SQL Injection
Description: MyFWB is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "page" variable before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/496553
______________________________________________________________________
08.39.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: jPortal "humor.php" SQL Injection
Description: jPortal is a web-based application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "id" parameter of the "humor.php"
script before using it in an SQL query. jPortal version 2 is affected.
Ref: http://www.securityfocus.com/bid/31274
______________________________________________________________________
08.39.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Plaincart "index.php" SQL Injection
Description: Plaincart is a web-based application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "p" parameter of the "index.php"
script before using it in an SQL query. Plaincart version 1.1.2 is
affected.
Ref: http://www.securityfocus.com/bid/31275
______________________________________________________________________
08.39.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Diesel Pay "index.php" SQL Injection
Description: Diesel Pay is a web-based script. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "area" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31276
______________________________________________________________________
08.39.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Oceandir "show_vote.php" SQL Injection
Description: Oceandir is a web-based application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "id" parameter of the
"show_vote.php" script before using it in an SQL query. Oceandir
versions prior to 2.9 are affected.
Ref: http://www.securityfocus.com/bid/31277
______________________________________________________________________
08.39.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mevin Productions Basic PHP Events Lister "id" Parameter SQL
Injection
Description: Basic PHP Events Lister is a web-based application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"event.php" script before using it in an SQL query. Basic PHP Events
Lister version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31278
______________________________________________________________________
08.39.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPKB Multiple SQL Injection Vulnerabilities
Description: PHPKB is a knowledgebase application. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input to the "ID" parameter of the
"email.php" and "question.php" scripts. PHPKB version 1.5 Professional
is affected.
Ref: http://www.securityfocus.com/bid/31279
______________________________________________________________________
08.39.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Real Estate Portal "index.php" SQL Injection
Description: Real Estate Portal is a web-based application. It is used
to publish real estate listings. The application is exposed to an SQL
injection issue because it fails to properly sanitize user-supplied
input to the "ad" parameter of the "index.php" script before using it
in an SQL query. Real Estate Portal version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31280
______________________________________________________________________
08.39.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Jobs Portal Multiple SQL Injection Vulnerabilities
Description: Jobs Portal is a web-based application implemented in
PHP. It is used to publish jobs listings. The application is exposed
to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied input to the "news_id" and "job" parameters of
the "index.php" script. Jobs Portal version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31281
______________________________________________________________________
08.39.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 6rbScript "singerid" Parameter SQL Injection
Description: 6rbScript is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "singerid" parameter of the
"section.php" script before using it in an SQL query. 6rbScript
version 3.3 is affected.
Ref: http://www.securityfocus.com/bid/31282
______________________________________________________________________
08.39.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AvailScript Article Script "view.php" SQL Injection
Description: AvailScript Article Script is a PHP-based script for
managing articles. The application is exposed to an SQL injection
issue because it fails to properly sanitize user-supplied input to the
"v" parameter of the "view.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/31283
______________________________________________________________________
08.39.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Diesel Job Site "job-info.php" SQL Injection
Description: Diesel Job Site is a web-based application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "job_id" parameter of the
"job-info.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31284
______________________________________________________________________
08.39.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 my_gallery Plugin "image_gallery.php" SQL Injection
Description: e107 my_gallery plugin is an image gallery plugin for the
e107 content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "image" parameter of the "image_gallery.php" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/31286
______________________________________________________________________
08.39.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Invision Power Board "name" parameter SQL Injection
Description: Invision Power Board is a web-based forum application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "name" parameter
before using it in an SQL query. Invision Power Board versions 2.3.5
and earlier are affected.
Ref: http://www.securityfocus.com/bid/31288
______________________________________________________________________
08.39.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: rgb72 WCMS "index.php" SQL Injection
Description: rgb72 WCMS is an ASP-based content manager. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"news_detail.asp" script before using it in an SQL query. rgb72 WCMS
version 1.0b is affected.
Ref: http://www.securityfocus.com/bid/31298
______________________________________________________________________
08.39.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WSN Links "comments.php" SQL Injection
Description: WSN Links is a web-based directory application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"comments.php" script before using it in an SQL query. WSN Links
version 4.0.34P is affected.
Ref: http://www.securityfocus.com/bid/31302
______________________________________________________________________
08.39.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MapCal "id" Parameter SQL Injection
Description: MapCal is an event calendar that displays events on an
online map. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script file before using it in an
SQL query. MapCal version 0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/496576
______________________________________________________________________
08.39.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WSN Links "vote.php" SQL Injection
Description: WSN Links is a web-based directory application. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "id" parameter of the
"vote.php" script before using it in an SQL query. WSN Links version
2.23 is affected.
Ref: http://www.securityfocus.com/bid/31305
______________________________________________________________________
08.39.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BuzzScripts BuzzyWall "search.php" SQL Injection
Description: BuzzyWall is a web-based wallpaper gallery. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "search" parameter of the
"search.php" script before using it in an SQL query. BuzzyWall version
1.3.1 is affected.
Ref: http://www.securityfocus.com/bid/31308
______________________________________________________________________
08.39.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-Php Shopping Cart Script "search_results.php" SQL Injection
Description: E-Php Shopping Cart Script is a web-based shopping cart.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "search_results.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31319
______________________________________________________________________
08.39.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Agares Media Arcadem Pro "articleblock.php" SQL Injection
Description: Arcadem Pro is an arcade script. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "articlecat" parameter of the
"articleblock.php" script before using it in an SQL query.
Ref: https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032
______________________________________________________________________
08.39.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BlueCUBE CMS "tienda.php" SQL Injection
Description: BlueCUBE CMS is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "tienda.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31323
______________________________________________________________________
08.39.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: University of Queensland Fez "list.php" SQL Injection
Description: Fez is a web-based application. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "parent_id" parameter of the
"list.php" script before using it in an SQL query. Fez versions 1.3
and 2.0 RC1 are affected.
Ref: http://www.securityfocus.com/bid/31324
______________________________________________________________________
08.39.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 6rbScript "cat.php" SQL Injection
Description: 6rbScript is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "CatID" parameter of the "cat.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31329
______________________________________________________________________
08.39.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CJ Ultra Plus "SID" Cookie Parameter SQL Injection
Description: CJ Ultra Plus is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "SID" cookie
parameter. CJ Ultra Plus versions 1.0.4 and earlier are affected.
Ref: http://www.milw0rm.com/exploits/6536
______________________________________________________________________
08.39.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iGaming CMS Multiple SQL Injection Vulnerabilities
Description: iGaming CMS is a PHP-based content manager for gaming
web sites. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied input. iGaming
CMS version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/31340
______________________________________________________________________
08.39.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: JETIK-WEB "sayfa.php" SQL Injection
Description: JETIK-WEB is a content manager implemented in PHP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "kat" parameter of the
"sayfa.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31343
______________________________________________________________________
08.39.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Greatclone Hotscripts Clone "showcategory.php" SQL Injection
Description: Hotscripts Clone is a web-based application implemented
in PHP. It is used to create a script hosting site similar to
Hotscripts. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cid" parameter of the "showcategory.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/31345
______________________________________________________________________
08.39.85 CVE: Not Available
Platform: Web Application
Title: Attachmax Multiple Security Vulnerabilities
Description: Attachmax is a PHP-based application for sharing videos.
Attachmax is exposed to multiple issues. An attacker may exploit these
issues to obtain sensitive information that will aid in further
attacks. Attachmax version 2.1 (Dolphin) is affected.
Ref: http://www.securityfocus.com/archive/1/496427
______________________________________________________________________
08.39.86 CVE: Not Available
Platform: Web Application
Title: osCommerce "create_account.php" Information Disclosure
Description: osCommerce is a web-based shopping cart application. The
application is exposed to an information disclosure issue because it
fails to sanitize user-supplied input. An attacker can exploit this
issue by submitting malicious requests to the "DOB" POST parameter via
the "create_account.php" script. osCommerce version 2.2RC 2a is
affected.
Ref: http://www.securityfocus.com/archive/1/496417
______________________________________________________________________
08.39.87 CVE: Not Available
Platform: Web Application
Title: phpRealty "view.php" Remote File Include
Description: phpRealty is a PHP-based application for managing
real-estate listings. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "INC" parameter of the "manager/static/view.php" script.
phpRealty versions 0.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31213
______________________________________________________________________
08.39.88 CVE: Not Available
Platform: Web Application
Title: PHP-Crawler "footer.php" Remote File Include
Description: PHP-Crawler is a PHP-based search engine application. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "footer_file"
parameter of the "footer.php" script. PHP-Crawler version 0.8 is
affected.
Ref: http://www.securityfocus.com/bid/31217
______________________________________________________________________
08.39.89 CVE: Not Available
Platform: Web Application
Title: Technote "twindow_notice.php" Remote File Include
Description: Technote is a PHP-based web application. The application
is exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "shop_this_skin_path"
parameter of the
"technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php"
script. Technote version 7 is affected.
Ref: http://www.securityfocus.com/bid/31222
______________________________________________________________________
08.39.90 CVE: Not Available
Platform: Web Application
Title: Drupal Link to Us "Link page header" Field HTML Injection
Description: The Link to Us module is a PHP-based component for Drupal
that allows users to link directly to the content contained in a
Drupal site. The application is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input to the "Link
page header" field of the "Link to us" page before using it in
dynamically generated content. Link to Us versions prior to 5.x-1.1
are affected.
Ref: http://drupal.org/node/309861
______________________________________________________________________
08.39.91 CVE: Not Available
Platform: Web Application
Title: x10 Automatic MP3 Script "web_root" Parameter Multiple Remote
File Include Vulnerabilities
Description: x10 Automatic MP3 Script is a PHP-based search engine.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input to the
"web_root" parameter of the "includes/function_core.php" and
"templates/layout_lyrics.php" scripts. x10 Automatic MP3 Script
version 1.5.5 is affected.
Ref: http://www.securityfocus.com/bid/31225
______________________________________________________________________
08.39.92 CVE: CVE-2008-3662
Platform: Web Application
Title: Gallery Prior to 2.2.6 Multiple Vulnerabilities
Description: Gallery is a web-based application to organize photo
albums. The application is exposed to multiple issues. An attacker may
leverage these issues to obtain potentially sensitive information or
execute arbitrary script code in the browser of an unsuspecting user
in the context of the affected site. Gallery versions prior to 2.2.6
and 1.5.9 are affected.
Ref: http://www.securityfocus.com/archive/1/496509
______________________________________________________________________
08.39.93 CVE: Not Available
Platform: Web Application
Title: Drupal Mailsave Module MIME Type HTML Injection
Description: Mailsave is a PHP-based component for Drupal. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input to the MIME media types in
email messages with attached files before using it in dynamically
generated content. Mailsave versions prior to 5.x-3.3 and prior to
6.x-1.3 are affected.
Ref: http://drupal.org/node/309802
______________________________________________________________________
08.39.94 CVE: Not Available
Platform: Web Application
Title: Denora IRC Stats CTCP String Handling Remote Denial of Service
Description: Denora IRC Stats is an Internet Relay Chat application.
Denora IRC Stats is exposed to a remote denial of service issue
because it fails to properly handle CTCP (Client-To-Client Protocol)
version replies. Denora IRC Stats versions prior to 1.4.1 are
affected.
Ref: http://www.securityfocus.com/bid/31233
______________________________________________________________________
08.39.95 CVE: Not Available
Platform: Web Application
Title: Drupal Talk Module Multiple Remote Vulnerabilities
Description: The Talk module is a PHP-based component for Drupal that
provides a secondary page for comments associated with a given node.
Talk is exposed to multiple remote issues. Talk versions prior to
5.x-1.3 and Talk 6.x-1.5 are affected.
Ref: http://drupal.org/node/309758
______________________________________________________________________
08.39.96 CVE: Not Available
Platform: Web Application
Title: Cyask "collect.php" Information Disclosure
Description: Cyask is a web application. Cyask is exposed to an
information disclosure issue because it fails to sanitize
user-supplied input to the "neturl" parameter of the "collect.php"
script. Cyask versions 3.1 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/496511
______________________________________________________________________
08.39.97 CVE: Not Available
Platform: Web Application
Title: AssetMan "search_inv.php" Session Fixation
Description: AssetMan is an asset management application. AssetMan is
exposed to a session fixation issue caused by a design error when
handling sessions. Specifically, an attacker can predefine a victim
user's session ID by setting the cookie value through the "order_by"
parameter of the "search_inv.php" script. AssetMan version 2.5b is
affected.
Ref: http://www.securityfocus.com/bid/31248
______________________________________________________________________
08.39.98 CVE: Not Available
Platform: Web Application
Title: HyperStop WebHost Directory Database Disclosure
Description: HyperStop WebHost Directory is a web-based application.
The application is exposed to an information disclosure issue.
Specifically, attackers may be able to download the application
database through the "admin/backup/db" script. HyperStop WebHost
Directory version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/31249
______________________________________________________________________
08.39.99 CVE: Not Available
Platform: Web Application
Title: phpShop Unspecified Session Fixation
Description: phpShop is a PHP-based shopping-cart application. phpShop
is exposed to a session fixation issue caused by a design error when
handling sessions. phpShop version 0.8.1 is affected.
Ref: http://www.securityfocus.com/bid/31251
______________________________________________________________________
08.39.100 CVE: Not Available
Platform: Web Application
Title: TYPO3 "kw_secdir" Extension Unspecified Remote Code Execution
Description: "kw_secdir" is a third-party extension for the TYPO3
content manager. The application is exposed to an unspecified remote
code execution issue. "kw_secdir" versions 1.0.1 and earlier are
affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.101 CVE: Not Available
Platform: Web Application
Title: TYPO3 File List Extension Unspecified Information Disclosure
Description: File List ("file_list") is an extension for the TYPO3
content manager. The "file_list" extension is exposed to an
unspecified information disclosure issue. "file_list" versions 0.2.1
and earlier are affected.
Ref:
http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/
______________________________________________________________________
08.39.102 CVE: Not Available
Platform: Web Application
Title: Advanced Electron Forum BBCode "preg_replace" PHP Code
Injection Vulnerabilities
Description: Advanced Electron Forum is a web-based forum. The
application is exposed to issues that let attackers inject arbitrary
PHP code. This is due to an input validation issue when the
"preg_replace" function is used.
Ref: http://www.securityfocus.com/archive/1/496552
______________________________________________________________________
08.39.103 CVE: Not Available
Platform: Web Application
Title: Explay CMS Cookie Authentication Bypass
Description: Explay CMS is a PHP-based content management system. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Explay CMS version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/31270
______________________________________________________________________
08.39.104 CVE: Not Available
Platform: Web Application
Title: Explay CMS Multiple HTML Injection Vulnerabilities
Description: Explay CMS is a PHP-based content management system. The
application is exposed to multiple HTML injection issues because it
fails to sufficiently sanitize user-supplied data. Explay CMS version
2.1 is affected.
Ref: http://www.securityfocus.com/bid/31271
______________________________________________________________________
08.39.105 CVE: Not Available
Platform: Web Application
Title: Epic Games Unreal Tournament 3 UT3 WebAdmin Directory Traversal
Description: UT3 WebAdmin is the official web administration tool for
the Unreal Tournament 3 multiplayer first-person shooter game. UT3
WebAdmin does not ship with Unreal Tournament 3 by default and it must
be downloaded separately. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input. UT3 WebAdmin versions 1.3 to 1.6 are affected.
Ref: http://www.securityfocus.com/archive/1/496581
______________________________________________________________________
08.39.106 CVE: CVE-2008-3661
Platform: Web Application
Title: Drupal Insecure Cookie Disclosure Weakness
Description: Drupal is a web-based content manager. The application is
exposed to a weakness that may allow the attacker to sniff the traffic
and obtain cookie data. Specifically, the issue arises when SSL is
used to encrypt data but the session cookie does not have the "secure"
flag enabled.
Ref: http://int21.de/cve/CVE-2008-3661-drupal.html
______________________________________________________________________
08.39.107 CVE: Not Available
Platform: Web Application
Title: Rianxosencabos CMS Cookie Authentication Bypass
Description: Rianxosencabos CMS is a PHP-based content manger. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Rianxosencabos CMS version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/31292
______________________________________________________________________
08.39.108 CVE: Not Available
Platform: Web Application
Title: ClanSphere Multiple Information Disclosure Vulnerabilities
Description: ClanSphere is a PHP-based content manager. ClanSphere is
exposed to multiple unspecified information disclosure issues. These
issues affect "getusers" and "listimg". ClanSphere versions prior to
2008.2.1 are affected.
Ref: http://www.clansphere.net/index/news/view/id/306
______________________________________________________________________
08.39.109 CVE: Not Available
Platform: Web Application
Title: MyBB Prior to 1.4.2 Multiple Security Vulnerabilities
Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board
application. The application is exposed to multiple security issues,
including a cross-site scripting issue and multiple unspecified
security issues. MyBB versions prior to 1.4.2 are affected.
Ref: http://community.mybboard.net/thread-37792.html
______________________________________________________________________
08.39.110 CVE: Not Available
Platform: Web Application
Title: Rianxosencabos CMS "useradmin.php" Access Validation
Description: Rianxosencabos CMS is a PHP-based content manager. The
application is exposed to an access validation issue that attackers
can leverage to create user accounts (including administrative
accounts) and delete arbitrary user accounts. This issue occurs
because authentication isn't required to access the "index.php" script
when the "s" parameter is set to "admin" and the "accion" parameter is set
to "lista". Rianxosencabos CMS version 0.9 is affected.
Ref: http://www.securityfocus.com/bid/31296
______________________________________________________________________
08.39.111 CVE: Not Available
Platform: Web Application
Title: AvailScript Job Portal Script Remote File Upload
Description: AvailScript Job Portal Script is a web-based application.
The application is exposed to an issue that allows an attacker to
upload arbitrary script code and execute it in the context of the
web server process.
Ref: http://www.securityfocus.com/bid/31297
______________________________________________________________________
08.39.112 CVE: Not Available
Platform: Web Application
Title: 6rbScript "section.php" Local File Include
Description: 6rbScript is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "name" parameter of the
"section.php" script. 6rbScript version 3.3 is affected.
Ref: http://www.securityfocus.com/bid/31299
______________________________________________________________________
08.39.113 CVE: Not Available
Platform: Web Application
Title: UNAK-CMS Cookie Authentication Bypass
Description: UNAK-CMS is a PHP-based content manager. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. This issue occurs in the "engine/unak_core.php"
script.
Ref: http://www.securityfocus.com/bid/31301
______________________________________________________________________
08.39.114 CVE: Not Available
Platform: Web Application
Title: openElec "form.php" Local File Include
Description: openElec is a PHP-based election management application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "obj" parameter
of the "scr/form.php" script. openElec version 3.01 is affected.
Ref: http://www.securityfocus.com/bid/31307
______________________________________________________________________
08.39.115 CVE: Not Available
Platform: Web Application
Title: MyBlog "add.php" Cookie Authentication Bypass
Description: MyBlog is PHP-based weblog application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. MyBlog version 0.9.8 is affected.
Ref: http://www.securityfocus.com/bid/31311
______________________________________________________________________
08.39.116 CVE: Not Available
Platform: Web Application
Title: rgb72 WCMS "change_password.asp" Account Creation Access
Validation
Description: rgb72 WCMS is a ASP-based content manager. The
application is exposed to an access validation issue that attackers
can leverage to create unauthorized administrative user accounts. This
issue occurs because the application fails to validate certain HTTP
POST requests sent to the "change_password.asp" scripts. rgb72 WCMS
version 1.0b is affected.
Ref: http://www.securityfocus.com/bid/31314
______________________________________________________________________
08.39.117 CVE: Not Available
Platform: Web Application
Title: BLUEPAGE CMS "PHPSESSID" Session Fixation
Description: BLUEPAGE CMS is a PHP-based content manager. BLUEPAGE CMS
is exposed to a session fixation issue caused by a design error when
handling sessions. Specifically, an attacker can predefine a victim
user's session ID by setting the "PHPSESSID" parameter of the
"index.php" script. BLUEPAGE CMS version 2.5 is affected.
Ref: http://www.securityfocus.com/archive/1/496582
______________________________________________________________________
08.39.118 CVE: Not Available
Platform: Web Application
Title: PHP iCalendar Cookie Authentication Bypass
Description: PHP iCalendar is a web-log application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. PHP iCalendar versions 2.24 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31320
______________________________________________________________________
08.39.119 CVE: CVE-2008-3663
Platform: Web Application
Title: SquirrelMail Insecure Cookie Disclosure Weakness
Description: SquirrelMail is a web-based email client. The application
is exposed to a weakness that may allow the attacker to sniff the
traffic and obtain cookie data. Specifically, the issue arises when
SSL is used to encrypt data but the session cookie doesn't have the
"secure" flag enabled. SquirrelMail version 1.4.15 is affected.
Ref: http://int21.de/cve/CVE-2008-3663-squirrelmail.html
______________________________________________________________________
08.39.120 CVE: Not Available
Platform: Web Application
Title: Vignette Content Management Unspecified Security Bypass
Description: Vignette Content Management is a web-based content
manager. The application is exposed to a security bypass issue due to
an unspecified error. Vignette Content Management versions 7.3.0.5,
7.3.1, 7.3.1.1, 7.4, 7.5 and all associated service packs are
affected.
Ref: http://dialog.vignette.com/hm?g=1.2jds7.bky8.rs.0.27gqh.htk8&h=1
______________________________________________________________________
08.39.121 CVE: Not Available
Platform: Web Application
Title: BaseBuilder "main.inc.php" Remote File Include
Description: BaseBuilder is a PHP-based web application. It
facilitates a database framework and allows for the creation of
databases. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"mj_config[src_path]" parameter of the "main.inc.php" script.
BaseBuilder versions 2.0.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31330
______________________________________________________________________
08.39.122 CVE: Not Available
Platform: Web Application
Title: pfSense DHCPREQUEST Hostname HTML Injection
Description: pfSense is an open-source customized distribution of
FreeBSD operating system. It is designed to be used as a firewall and
a router. pfSense is exposed to an HTML injection issue because its
administrative web interface fails to sufficiently sanitize
user-supplied input before using it in dynamically generated content.
pfSense version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31334
______________________________________________________________________
08.39.123 CVE: Not Available
Platform: Web Application
Title: Omnicom Content Platform "browser.asp" Parameter Directory
Traversal
Description: Omnicom Content Platform is a web-based application.
Omnicom Content Platform is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input to the
"root" parameter of the "browse.php" script. Omnicom Content Platform
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31338
______________________________________________________________________
08.39.124 CVE: Not Available
Platform: Web Application
Title: OpenRat "insert.inc.php" Remote File Include
Description: OpenRat is a PHP-based content manager. The application
is exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "tpl_dir" parameter of the
"themes/default/include/html/insert.inc.php" script. OpenRat version
0.8-beta4 is affected.
Ref: http://www.securityfocus.com/bid/31339
______________________________________________________________________
08.39.125 CVE: Not Available
Platform: Web Application
Title: Sofi WebGUI "modstart.php" Remote File Include
Description: Sofi WebGUI is a PHP-based web application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "mod_dir" parameter of
the "hu/modules/reg-new/modstart.php" script. Sofi WebGUI version
0.6.0.pre-release-3 is affected.
Ref: http://www.securityfocus.com/bid/31341
______________________________________________________________________
08.39.126 CVE: CVE-2008-3102
Platform: Web Application
Title: Mantis Insecure Cookie Disclosure Weakness
Description: Mantis is a web-based bug tracking system; it is
implemented in PHP. The application is exposed to a weakness that may
allow the attacker to sniff the traffic and obtain cookie data.
Ref: http://int21.de/cve/CVE-2008-3102-mantis.html
______________________________________________________________________
08.39.127 CVE: Not Available
Platform: Web Application
Title: Ol' Bookmarks Multiple Input Validation Vulnerabilities
Description: Ol' Bookmarks is PHP-based application to manage
bookmarks. The application is exposed to multiple issues because it
fails to sufficiently sanitize user-supplied data. Ol' Bookmarks
versions 0.7.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31348
______________________________________________________________________
08.39.128 CVE: Not Available
Platform: Network Device
Title: Cisco 871 Integrated Services Router Cross-Site Request Forgery
Description: The Cisco 871 Integrated Services Router is a network
device designed for small-office setups. The router is exposed to a
cross-site request forgery issue. Attackers can exploit this issue by
tricking a victim into visiting a malicious web page. The 871
Integrated Services Router under IOS version 12.4 is affected.
Ref: http://www.cisco.com/en/US/products/ps6200/
______________________________________________________________________
08.39.129 CVE: Not Available
Platform: Network Device
Title: Xerox WorkCentre/WorkCentre Pro Network Controller Remote Code
Execution
Description: Xerox WorkCentre/WorkCentre Pro are multifunction network
printers. Xerox WorkCentre/WorkCentre Pro are exposed to a remote code
execution issue because their ESS/Network Controllers fail to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. The issue occurs because of errors within the
Samba code that handles printer-sharing services for SMB (Server
Message Block) clients.
Ref: http://www.securityfocus.com/bid/31255
______________________________________________________________________
08.39.130 CVE: Not Available
Platform: Network Device
Title: Multiple Sagem F@st Routers DHCP Hostname HTML Injection
Description: Sagem F@st routers are network routers that ship with a
web-based administration interface. Multiple Sagem F@st routers are
exposed to an HTML injection issue because they fail to properly
sanitize user-supplied input before using it in dynamically generated
content. Sagem F@st routers versions 1200, 1240, 1400, 1400W, 1500,
1500-WG and 2404 are affected.
Ref: http://www.securityfocus.com/bid/31331
______________________________________________________________________
