Latest Vulnerability Breakdown – 10/24/08
Ok the big news this week came at the end of the week when Microsoft announced an extra patch to address an RPC problem that affects virtually all of their OS’s. Virtually millions of millions of systems. Also there is a major patch for most Linux based mail applications. Specifically the libspf2 version prior to 1.2.8. There is also another major vulnerability noted that affects multiple products from F-Secure.
Summary of Updates and Vulnerabilities in this Consensus
Platform Number of Updates and Vulnerabilities
- ------------------------ -------------------------------------
Microsoft Windows 1 (#1)
Other Microsoft Products 1
Third Party Windows Apps 4 (#4, #5)
Linux 2
Unix 1
Cross Platform 19 (#2, #3)
Web Application - Cross Site Scripting 7
Web Application - SQL Injection 31
Web Application 18
Part I -- Critical Vulnerabilities from
TippingPoint
(www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer Overflow
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
(5) HIGH: Hummingbird Multiple Vulnerabilities
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
-- Other Microsoft Products
08.43.1 - Microsoft Outlook Web Access
for Exchange Server "redir.asp" URI Redirection
-- Third Party Windows Apps
08.43.2 - Hummingbird HostExplorer
ActiveX Control "PlainTextPassword()" Buffer Overflow
08.43.3 - Hummingbird Deployment Wizard
10 "DeployRun.dll" ActiveX Control Multiple Security Vulnerabilities
08.43.4 - Dart Communications PowerTCP
FTP for ActiveX "DartFtp.dll" Buffer Overflow
08.43.5 - Symantec Altiris Deployment Solution
Client User Interface Local Privilege Escalation
-- Linux
08.43.6 - Linux Kernel i915 Driver
"drivers/char/drm/i915_dma.c" Memory Corruption
08.43.7 - Linux Kernel SCTP Protocol
Violation Remote Denial of Service
-- Unix
08.43.8 - Symantec Veritas File System
"qioadmin" Local Information Disclosure
-- Cross Platform
08.43.9 - Adobe Flash CS3 Professional
SWF File Remote Code Execution
08.43.10 - jhead versions Prior to 2.84 Multiple Vulnerabilities
08.43.11 - Hewlett-Packard Systems Insight Manager Unspecified Unauthorized
Access
08.43.12 - Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service
08.43.13 - Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
08.43.14 - Apache HTTP Server OS Fingerprinting Unspecified Security
08.43.15 - Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access
08.43.16 - Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service
08.43.17 - VLC Media Player TY File Stack Based Buffer Overflow
08.43.18 - "nfs-utils" Package "hosts_ctl()" Security
Bypass
08.43.19 - MUSCLE "Message::AddToString()" Buffer Overflow
08.43.20 - FireGPG Insecure Temporary File Creation
08.43.21 - Symantec Veritas File System "qiomkfile" Local Information
Disclosure
08.43.22 - Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture
08.43.23 - RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code
Execution
08.43.24 - Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
08.43.25 - IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities
08.43.26 - F-Secure Multiple Products RPM File Integer Overflow
08.43.27 - Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure
-- Web Application - Cross Site
Scripting
08.43.28 - Elxis CMS "index.php" Multiple Cross-Site Scripting and
Session Fixation Vulnerabilities
08.43.29 - Habari "habari_username" Parameter Cross-Site Scripting
08.43.30 - WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities
08.43.31 - cpCommerce Multiple Cross-Site Scripting Vulnerabilities
08.43.32 - Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting
08.43.33 - MyNETS Unspecified Cross-Site Scripting
08.43.34 - Wysi Wiki Wyg "index.php" Cross-Site Scripting
-- Web Application - SQL Injection
08.43.35 - AstroSPACES "profile.php" SQL Injection
08.43.36 - PhpWebGallery "comments.php" SQL Injection and Code
Execution Vulnerabilities
08.43.37 - MyPHPDating "success_story.php" SQL Injection
08.43.38 - myStats Security Bypass and SQL Injection Vulnerabilities
08.43.39 - myEvent "viewevent.php" SQL Injection
08.43.40 - SweetCMS "index.php" SQL Injection
08.43.41 - WEB//NEWS Multiple SQL Injection Vulnerabilities
08.43.42 - Drupal Node Vote Module Cast Vote SQL Injection
08.43.43 - IP Reg "locationdel.php" SQL Injection
08.43.44 - Mosaic Commerce "category.php" SQL Injection
08.43.45 - CafeEngine "id" Parameter Multiple SQL Injection
Vulnerabilities
08.43.46 - CafeEngine Easy Cafe Engine "itemid" Parameter SQL
Injection
08.43.47 - ShiftThis Newsletter WordPress Plugin "stnl_iframe.php"
SQL Injection
08.43.48 - Zeeproperty "bannerclick.php" SQL Injection
08.43.49 - XOOPS GesGaleri Module "index.php" SQL Injection
08.43.50 - Meeting Room Booking System "month.php" SQL Injection
08.43.51 - myWebland miniBloggie "del.php" SQL Injection
08.43.52 - Nice Talk Joomla! Component "tagid" Parameter SQL
Injection
08.43.53 - DS-Syndicate Joomla! Component "feed_id" Parameter SQL
Injection
08.43.54 - Woltlab Burning Board rGallery Plugin "itemID" Parameter
SQL Injection
08.43.55 - e107 CMS
08.43.56 - Jetbox CMS Multiple SQL Injection Vulnerabilities
08.43.57 - PHP-Nuke Sarkilar Module "id" Parameter SQL Injection
08.43.58 - Makale XOOPS Module "makale.php" SQL Injection
08.43.59 - Limbo CMS "open.php" SQL Injection
08.43.60 - TYPO3 JobControl Extension Unspecified SQL Injection
08.43.61 - TYPO3 Econda Plugin Extension Unspecified SQL Injection
08.43.62 - TYPO3 Frontend Users View Extension Unspecified SQL Injection
08.43.63 - TYPO3 Mannschaftsliste Extension Unspecified SQL Injection
08.43.64 - TYPO3 M1 Intern Extension Unspecified SQL Injection
08.43.65 - TYPO3 Simple survey Extension Unspecified SQL Injection
-- Web Application
08.43.66 - myPHPNuke "displayCategory.php" Multiple Remote File
Include Vulnerabilities
08.43.67 - Drupal Node Clone Module Information Disclosure
08.43.68 - Kure Multiple Local File Include Vulnerabilities
08.43.69 - Mic_blog SQL Injection and Unauthorized Access Vulnerabilities
08.43.70 - Mantis "manage_proj_page.php" PHP Code Injection
08.43.71 - Calendars for the Web Security Bypass
08.43.72 - XOOPS "hisa_cart" Module Remote Information Disclosure
08.43.73 - Post Affiliate Pro "index.php" Local File Include
08.43.74 - Slaytanic Scripts Content Plus Version 2.1.1 Multiple Unspecified
Vulnerabilities
08.43.75 - FlashChat "connection.php" Role Filter Security Bypass
08.43.76 - phpFastNews Cookie Authentication Bypass
08.43.77 - FCKeditor "command.php" Arbitrary File Upload
08.43.78 - Vivvo Article Management "classified_path" Parameter
Remote File Include
08.43.79 - HP SiteScope SNMP Trap HTML Injection
08.43.80 - Fast Click SQL Lite "init.php" Remote File Include
08.43.81 - Midgard Components Framework Multiple Unspecified Vulnerabilities
08.43.82 - yappa-ng "album" Parameter Local File Include
08.43.83 - Opera Web Browser HTML Injection and Cross-Site Scripting
Vulnerabilities
************************ Sponsored
Link: ******************************
1) Learn about data leakage, PCI compliance, identity theft, botnets,
crimeware, security trends, and more. Register Today
http://www.sans.org/info/34518
*************************************************************************
PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort to
ensure that its intrusion prevention products effectively block exploits
using known vulnerabilities. TippingPoint's analysis is complemented by
input from a council of security managers from twelve large organizations
who confidentially share with SANS the specific actions they have taken
to protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process
*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft has provided advanced notification of a
vulnerability in a Remote Procedure Call (RPC) service. The
vulnerability was deemed severe enough to warrant an out-of-cycle
security update from Microsoft. The exact details of the vulnerability
have yet to be released, but are expected to be released sometime on
October 23rd, with a question-and-answer session via webcast. The
vulnerability allows for unauthenticated users to execute arbitrary code
on vulnerable systems. Microsoft
believes that the vulnerability could
be exploited in such a way as to provide creation of a worm.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Microsoft Webcast Information
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103239
3978&EventCategory=4&culture=en-US&CountryCode=US
Microsoft Security Bulletin Update
http://go.microsoft.com/fwlink/?LinkId=130719
Microsoft Advanced Notification
http://blogs.technet.com/sus/archive/2008/10/23/microsoft-security-
bulletin-advance-notification-for-october-2008.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/31874
***************************************************************
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
Affected:
libspf2 versions prior to 1.2.8
Description: SPF is the Sender Policy Framework (formerly "Sender
Permitted From"). SPF is a mechanism to help prevent unauthorized or
undesired email messages ("spam") by indicating from what servers a
domain can send email. Receiving mail servers can check SPF records
exported via DNS records to determine if a server sending email from a
domain is legitimately doing so. LibSPF2 is a popular implementation of
the SPF protocol and is used by a variety of mail and DNS products. It
contains a buffer overflow in its processing of SPF records exported from
DNS. A specially crafted SPF record could trigger this vulnerability. In
most common scenarios, an attacker could exploit this vulnerability by
simply sending an email message to a sever known to check SPF records.;
therefore no user interaction is required. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the vulnerable process, often a high-privilege account.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.
Status: Vendor confirmed, updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31881.pl
Documentation by Dan Kaminsky
http://www.doxpara.com/?page_id=1256
Wikipedia Article on Sender Policy Framework
http://en.wikipedia.org/wiki/Sender_Policy_Framework
Vendor Home Page
http://www.libspf2.org/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31881
***************************************************************
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer
Overflow
Affected:
Multiple F-Secure products; see vendor advisory
Description: The RPM Package Manager (formerly the Red Hat Package
Manager, commonly "RPM") is a package manager used by a number of
Linux-
and Unix-based operating systems. Its packages are distributed in files
referred to as "RPMs". A number of F-Secure malware scanning products
contain an integer overflow when processing RPM packages. A specially
crafted RPM package could trigger this overflow, leading to arbitrary
code execution with the privileges of the vulnerable process. In
situations where the vulnerable product is used to scan email messages,
it is sufficient to have an email message transiting the server to
trigger the vulnerability; no user interaction is necessary. Some
technical details are publicly available for this vulnerability.
Additionally, the RPM file format is open and well documented, making it
amenable to fuzzing.
Status: Vendor confirmed, updates available.
References:
Vendor Security Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml
Wikipedia Article on RPM
http://en.wikipedia.org/wiki/RPM_Package_Manager
RPM Home Page
http://www.rpm.org
Vendor Home Page
http://www.f-secure.com/
SecurityFocus BID
http://www.securityfocus.com/bid/31846
***************************************************************
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
Affected:
Trend Microsoft OfficeScan versions 8.0 SP1 and prior
Description: Trend Micro OfficeScan is a popular enterprise malware
scanning application. It provides administrative and other facilities via
a web interface, using the Common Gateway Interface (CGI). Some of the
web interface CGI programs contain buffer overflow vulnerabilities in
their handling of HTTP requests. A specially crafted request to the web
interface could trigger one of these buffer overflows, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Some technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-40/
Vendor Security Advisory
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_Critica
lPatch_B3110_readme.txt
Wikipedia Article on the Common Gateway Interface
http://en.wikipedia.org/wiki/Common_Gateway_Interface
Vendor Home Page
http://www.trendmicro.com
SecurityFocus BID
http://www.securityfocus.com/bid/31859
***************************************************************
(5) HIGH: Hummingbird Multiple Vulnerabilities
Affected:
Hummingbird Deployment Wizard 10 ActiveX Control
Hummingbird Host Explorer ActiveX Control versions 8.0 and prior
Description: Hummingbird Host Explorer is a popular terminal access
solution for remote systems, and the Hummingbird Deployment Wizard is a
product used to deploy other Hummingbird products. Both products provide
some of their functionality via ActiveX controls. These controls contain
various vulnerabilities, including buffer overflow and input validation
vulnerabilities. A specially crafted web page that instantiated one of
these controls could trigger one of these vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current
user. Technical details are publicly available for these vulnerabilities.
A proof-of-concept is also publicly available.
Status: No confirmed updates available. Users can disable the affected
controls via Microsoft's "kill bit' mechanism. Note that this will affect
normal application functionality.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6776
Vendor Home Page
http://connectivity.hummingbird.com/home/connectivity.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/31799
http://www.securityfocus.com/bid/31783
*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
08.43.1 CVE: CVE-2008-1547
Platform: Other Microsoft Products
Title: Microsoft Outlook Web Access for Exchange Server "redir.asp"
URI Redirection
Description: Outlook Web Access (OWA) is a web mail component of
Microsoft Exchange Server. Outlook Web Access is exposed to a remote
URI redirection issue because it fails to properly sanitize
user-supplied input in the "URL" parameter of the
"redir.asp" script.
Outlook Web Access version 6.5 SP 2 is affected.
Ref: http://www.securityfocus.com/archive/1/497374
______________________________________________________________________
08.43.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird HostExplorer ActiveX Control "PlainTextPassword()"
Buffer Overflow
Description: Hummingbird HostExplorer is terminal emulation software.
HostExplorer includes an ActiveX control for Microsoft Windows
clients. The application is exposed to a buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________
08.43.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX
Control Multiple Security Vulnerabilities
Description: Hummingbird Deployment Wizard 10 ActiveX control is an
application used by Hummingbird products to aid in software
installation and configuration. The ActiveX control provided by the
"DeployRun.dll" file is exposed to multiple issues that attackers can
exploit to run arbitrary code. Hummingbird Deployment Wizard version
10 10.0.0.44 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
08.43.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll"
Buffer Overflow
Description: PowerTCP FTP for ActiveX is an ActiveX control that
utilizes an FTP client. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. PowerTCP FTP for ActiveX version 2.0.2.0
is affected.
Ref: http://www.securityfocus.com/bid/31814
______________________________________________________________________
08.43.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Client User Interface
Local Privilege Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local privilege
escalation issue. The problem occurs in the client graphical user
interface (GUI).
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
______________________________________________________________________
08.43.6 CVE: CVE-2008-3831
Platform: Linux
Title: Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory
Corruption
Description: The Linux kernel is exposed to a memory corruption issue
because of insufficient boundary checks in the i915 driver. This
issue affects the "drivers/char/drm/i915_dma.c" source file and can
be
exploited with specially-crafted "DRM_I915_HWS_ADDR" IOCTL calls.
Linux kernel versions 2.6.24.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31792
______________________________________________________________________
08.43.7 CVE: CVE-2008-4618
Platform: Linux
Title: Linux Kernel SCTP Protocol Violation Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to handle SCTP protocol violations. This issue
occurs when handling certain SCTP protocol violations resulting from
invalid parameter lengths. Linux kernel versions prior to 2.6.27 are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1079
______________________________________________________________________
08.43.8 CVE: Not Available
Platform: Unix
Title: Symantec Veritas File System "qioadmin" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to a local information disclosure issue that is
present in the "qioadmin" utility for the Quick I/O for Database
feature.
Ref: http://seer.entsupport.symantec.com/docs/310872.htm
______________________________________________________________________
08.43.9 CVE: CVE-2008-4473
Platform: Cross Platform
Title: Adobe Flash CS3 Professional SWF File Remote Code Execution
Description: Adobe Flash CS3 Professional is an application for
creating Flash media files. Flash CS3 Professional is exposed to a
remote code execution issue when processing specially crafted SWF
files. Flash CS3 Professional for Microsoft Windows is affected.
Ref: http://www.securityfocus.com/archive/1/497397
______________________________________________________________________
08.43.10 CVE: CVE-2008-4575
Platform: Cross Platform
Title: jhead versions Prior to 2.84 Multiple Vulnerabilities
Description: jhead is an exif jpeg header manipulation tool. jhead is
exposed to multiple remote issues. Attackers can exploit these issues
to execute arbitrary code within the context of the affected
application, crash the affected application, perform symbolic link
attacks and overwrite arbitrary files on the affected computer. jhead
versions prior to 2.84 are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________
08.43.11 CVE: CVE-2008-4412
Platform: Cross Platform
Title: Hewlett-Packard Systems Insight Manager Unspecified
Unauthorized Access
Description: Hewlett Packard Systems Insight Manager (SIM) is a tool
for managing HP servers. SIM is exposed to an unspecified unauthorized
access issue. A remote attacker may exploit this issue to gain
unauthorized access to data. SIM versions prior to 5.2 SP2 are
affected.
Ref: http://www.securityfocus.com/bid/31777
______________________________________________________________________
08.43.12 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service
Description: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client are
exposed to a denial of service issue that occurs when the applications
are configured to report JP1 events.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-019/index.html
______________________________________________________________________
08.43.13 CVE: Not Available
Platform: Cross Platform
Title: Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
Description: Hitachi XFIT/S/JCA and XFIT/S/ZGN are exposed to an
unspecified denial of service issue because they fail to properly
handle unexpected data.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-020/index.html
______________________________________________________________________
08.43.14 CVE: Not Available
Platform: Cross Platform
Title: Apache HTTP Server OS Fingerprinting Unspecified Security
Description: Apache is an HTTP server available for various operating
systems. The application is exposed to an unspecified security issue
related to OS fingerprinting at the application level. Apache version
2.2.9 is affected.
Ref: http://www.securityfocus.com/archive/1/497506
______________________________________________________________________
08.43.15 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise
FTP application. Hitachi JP1/File Transmission Server/FTP is exposed
to an issue that may allow attackers to modify file permissions.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-018/index.html
______________________________________________________________________
08.43.16 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service
Description: Hitachi JP1/File Transmission Server/FTP is exposed to an
unspecified denial of service issue because it fails to properly
handle unexpected data.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vu
s/HS08-017/index.html
______________________________________________________________________
08.43.17 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player TY File Stack-Based Buffer Overflow
Description: VLC is a cross-platform media player. VLC is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
checks on user-supplied input. This occurs when the application parses
specially-crafted TY files. VLC Media Player versions prior to 0.9.0
up to and including 0.9.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497587
______________________________________________________________________
08.43.18 CVE: CVE-2008-4552
Platform: Cross Platform
Title: "nfs-utils" Package "hosts_ctl()" Security Bypass
Description: The "nfs-utils" package provides a daemon for the kernel
NFS server and related tools. The application is exposed to a security
bypass issue because of an error in the implementation of TCP
wrappers. This issue is caused due to a wrong number of arguments
passed to the "hosts_ctl()" function, causing TCP Wrappers to ignore
netgroups. "nfs-utils" package version 1.0.9 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458676
______________________________________________________________________
08.43.19 CVE: Not Available
Platform: Cross Platform
Title: MUSCLE "Message::AddToString()" Buffer Overflow
Description: MUSCLE (Multi User Server Client Linkage Environment) is
a cross-platform client server messaging system. The library is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. MUSCLE version 4.30 is
affected.
Ref: https://public.msli.com/lcs/muscle/muscle/HISTORY.txt
______________________________________________________________________
08.43.20 CVE: Not Available
Platform: Cross Platform
Title: FireGPG Insecure Temporary File Creation
Description: FireGPG is an add on providing GNU Privacy Guard (GPG)
functionality for the Firefox web browser. FireGPG creates temporary
files in an insecure manner. Specifically, when decrypting email,
FireGPG creates temporary files with predictable names for the
encrypted content, the decrypted content, and the user passphrase.
FireGPG versions prior to 6.0 are affected.
Ref: http://www.securityfocus.com/archive/1/497547
______________________________________________________________________
08.43.21 CVE: CVE-2008-3248
Platform: Cross Platform
Title: Symantec Veritas File System "qiomkfile" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to an information disclosure issue which may
result in sensitive information being made available to local
attackers. Veritas File System versions prior to 5.0 MP3 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20.html
______________________________________________________________________
08.43.22 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture
Description: Keyboards from multiple vendors are exposed to an
information disclosure issue because the devices do not adequately
shield electromagnetic emanations. This issue affects USB, PS/2, and
laptop keyboards manufactured between 2001 and 2008.
Ref: http://www.securityfocus.com/bid/31831
______________________________________________________________________
08.43.23 CVE: Not Available
Platform: Cross Platform
Title: RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution
Description: RealVNC (Virtual Network Computing) allows users to
access remote computers for administration purposes. RealVNC Viewer is
exposed to a remote code execution issue because it fails to
adequately handle certain encoding types. RealVNC Free Edition
versions prior to 4.1.3 are affected.
Ref: http://www.realvnc.com/products/free/4.1/release-notes.html
______________________________________________________________________
08.43.24 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX like operating systems. Wireshark is exposed to multiple denial
of service issues when handling certain types of packets and protocols
in varying conditions. Wireshark versions 0.10.3 up to and including
1.0.3 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-06.html
______________________________________________________________________
08.43.25 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities
Description: IBM WebSphere Application Server (WAS) is an application
infrastructure used for service oriented architecture. The application
is exposed to multiple issues. Successful exploits may allow attackers
to hang the server causing a denial of service condition or bypass
certain security restrictions. IBM WebSphere Application Server
versions prior to 6.0.2.31 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006876
______________________________________________________________________
08.43.26 CVE: Not Available
Platform: Cross Platform
Title: F-Secure Multiple Products RPM File Integer Overflow
Description: Multiple F-Secure products are exposed to an integer
overflow issue because the applications fail to properly handle
user-supplied input. Specifically, the issue occurs when an affected
application parses a specially-crafted malicious RPM archive file.
Ref: http://www.f-secure.com/security/fsc-2008-3.shtml
______________________________________________________________________
08.43.27 CVE: Not Available
Platform: Cross Platform
Title: Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, and notebooks. The
application is exposed to a local information disclosure issue because
it stores Application Identity Account passwords in clear text on the
affected computer. Symantec Altiris Deployment Solution versions prior
to 6.9.355 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20b.html
______________________________________________________________________
08.43.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Elxis CMS "index.php" Multiple Cross-Site Scripting and
Session
Fixation Vulnerabilities
Description: Elxis CMS is a content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. Elxis CMS version 2006.1 is
affected.
Ref: http://www.securityfocus.com/bid/31764
______________________________________________________________________
08.43.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Habari "habari_username" Parameter Cross-Site Scripting
Description: Habari is a PHP based content manager. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "habari_username"
parameter. Habari version 0.5.1 is affected.
Ref: http://www.securityfocus.com/bid/31794
______________________________________________________________________
08.43.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities
Description: WebGUI is a web-based content manager. The application is
exposed to multiple issues. WebGUI version 7.5.25 is affected.
Ref: http://www.webgui.org/getwebgui/advisories/webgui-7.5.26-stable-released
______________________________________________________________________
08.43.31 CVE: CVE-2008-4121
Platform: Web Application - Cross Site Scripting
Title: cpCommerce Multiple Cross-Site Scripting Vulnerabilities
Description: cpCommerce is a PHP based e-commerce application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. cpCommerce versions
prior to 1.2.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497545
______________________________________________________________________
08.43.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Prior to Version 4.22 Unspecified Cross-Site
Scripting
Description: Movable Type is a web-log application written in PERL.
Movable Type is exposed to an unspecified cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. This
issue affects the application management section of the application.
Movable Type versions prior to 4.22 are affected.
Ref: http://www.securityfocus.com/bid/31826
______________________________________________________________________
08.43.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNETS Unspecified Cross-Site Scripting
Description: MyNETS is a web-based application. MyNETS is exposed to
an unspecified cross-site scripting issue because it fails to properly
sanitize user-supplied input. An attacker may leverage this issue to
execute arbitrary script code in the browser of an unsuspecting user
in the context of the affected site.
Ref: http://www.securityfocus.com/bid/31835
______________________________________________________________________
08.43.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Wysi Wiki Wyg "index.php" Cross-Site Scripting
Description: Wysi Wiki Wyg is a PHP based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input passed to the "s"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/31836
______________________________________________________________________
08.43.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AstroSPACES "profile.php" SQL Injection
Description: AstroSPACES is a web-based social networking application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "profile.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31771
______________________________________________________________________
08.43.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpWebGallery "comments.php" SQL Injection and Code Execution
Vulnerabilities
Description: PhpWebGallery is a PHP based photo gallery. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sort_by" parameter
of
the "comments.php" script before using it in an SQL query.
PhpWebGallery versions up to and including 1.7.2 are affected.
Ref: http://www.securityfocus.com/bid/31762
______________________________________________________________________
08.43.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHPDating "success_story.php" SQL Injection
Description: MyPHPDating is a PHP based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"success_story.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31763
______________________________________________________________________
08.43.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myStats Security Bypass and SQL Injection Vulnerabilities
Description: myStats is a web-based application. The application is
exposed to multiple security issues.
Ref: http://www.securityfocus.com/bid/31772
______________________________________________________________________
08.43.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myEvent "viewevent.php" SQL Injection
Description: myEvent is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "eventdate" parameter of the
"viewevent.php" script before using it in an SQL query. myEvent
version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/31773
______________________________________________________________________
08.43.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SweetCMS "index.php" SQL Injection
Description: SweetCMS is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the
"index.php"
script before using it in an SQL query. SweetCMS version 1.5.2 is
