Latest Vulnerability Breakdown – 10/30/08

Posted on October 30, 2008. Filed under: Auditing, Penetration Testing | Tags: , , , , , , , , |

My apologies on the lack of posts this week.  Work has been a bear and teachning a CISSP class every week has started to catch up with me also.  All in all though it is a great time to be working with security.  Microsoft’s patch was a big one and there are several exploits attacking against it.  If you haven’t patched yet please do so.

On to the Vulnerabilities:

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
(2) HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
(3) HIGH: Opera Multiple Vulnerabilities
(4) HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
(5) MODERATE: Sun Java Web Start Remote Command Execution

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
08.44.1  - Multiple EMC NetWorker Products "nsrexecd.exe" RPC Request Denial of Service
08.44.2  - freeSSHd SFTP "rename" Remote Denial of Service
08.44.3  - SilverSHielD "opendir()" Remote Denial of Service
08.44.4  - DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple File Corruption Vulnerabilities
08.44.5  - TUGZip ZIP File Remote Buffer Overflow
08.44.6  - PumpKIN Mode Field Remote Denial of Service
 -- Linux
08.44.7  - Linux Kernel "do_splice_from()" Local Security Bypass
08.44.8  - Netpbm "pamperspective" Utility Buffer Overflow
08.44.9  - eCryptfs Password Information Disclosure
08.44.10 - Linux Kernel "proc_do_xprt()" Local Buffer Overflow
 -- Solaris
08.44.11 - Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
 -- Unix
08.44.12 - GNU Enscript "src/psgen.c" Stack Based Buffer Overflow
08.44.13 - "imlib2" Library Multiple Unspecified Vulnerabilities
 -- Novell
08.44.14 - Novell eDirectory NCP Unspecified Remote Memory Corruption
 -- Cross Platform
08.44.15 - NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
08.44.16 - IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
08.44.17 - fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File Creation Vulnerabilities
08.44.18 - Sun Java System LDAP JDK Search Feature Information Disclosure
08.44.19 - Trend Micro OfficeScan CGI Parsing Buffer Overflow
08.44.20 - HP OpenView Products Shared Trace Service RPC Request Handling Denial of Service
08.44.21 - Cisco PIX and ASA Appliance IPv6 Denial of Service
08.44.22 - Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
08.44.23 - Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service
08.44.24 - VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
08.44.25 - Opera Web Browser History Search Input Validation
08.44.26 - GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities
08.44.27 - "libspf2" DNS TXT Record Handling Remote Buffer Overflow
08.44.28 - WebSVN Multiple Remote Input Validation Vulnerabilities
08.44.29 - KVIrc URI Handler Remote Format String
08.44.30 - Sun Java Web Start Remote Command Execution
08.44.31 - Lynx ".mailcap" and ".mime.type" Files Local Code Execution
08.44.32 - Libpng Library "png_handle_tEXt()" Memory Leak Denial of Service
08.44.33 - jhead "DoCommand()" Arbitrary Command Execution
08.44.34 - Blender "BPY_interface.c" Remote Command Execution
08.44.35 - Perl File::Find::Object Module Format String
08.44.36 - Citrix Web Interface Security Bypass
08.44.37 - Questwork QuestCMS Multiple Remote Vulnerabilities
08.44.38 - Android Web Browser Unspecified Remote Code Execution
08.44.39 - MyKtools Database Disclosure
08.44.40 - Multiple Products Unspecified Library MP4 File Remote Denial of Service
08.44.41 - Microsoft Internet Explorer " " Address Bar URI Spoofing
08.44.42 - OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
 -- Web Application - Cross Site Scripting
08.44.43 - Multiple Vendor Web Browser FTP Client Cross-Site Scripting
08.44.44 - Jetbox CMS "liste" Parameter Cross-Site Scripting
08.44.45 - MiniPortail "search.php" Cross-Site Scripting and Local File Include Vulnerabilities
08.44.46 - ClipShare Pro "fullscreen.php" Cross-Site Scripting
08.44.47 - Kayako eSupport "html-tidy-logic.php" Cross-Site Scripting
08.44.48 - iPei Guestbook "pg" Parameter Cross-Site Scripting
08.44.49 - phpMyAdmin "pmd_pdf.php" Cross-Site Scripting
08.44.50 - MyBB "moderation.php" Cross-Site Scripting
08.44.51 - PHP-Nuke Nuke League Module "tid" Parameter Cross-Site Scripting
08.44.52 - KKE Info Media Kmita Catalogue "search.php" Cross-Site Scripting
08.44.53 - Extrakt Framework "index.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.44.54 - Dizi Portali "diziler.asp" SQL Injection
08.44.55 - phPhotoGallery "index.php" SQL Injection
08.44.56 - Bahar Download Script "aspkat.asp" SQL Injection
08.44.57 - ShopMaker "product.php" SQL Injection
08.44.58 - KBase Joomla! Component "id" Parameter SQL Injection
08.44.59 - Joomla! and Mambo Daily Message Component "id" Parameter SQL Injection
08.44.60 - Dorsa CMS "ShowPage.aspx" SQL Injection
08.44.61 - LoudBlog "ajax.php" SQL Injection
08.44.62 - CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
08.44.63 - UC Gateway Investment SiteEngine "announcements.php" SQL Injection
08.44.64 - MindDezign Photo Gallery "id" Parameter SQL Injection
08.44.65 - AJ RSS Reader "EditUrl.php" SQL Injection
08.44.66 - KasraCMS "index.php" Multiple SQL Injection Vulnerabilities
08.44.67 - SFS Ez Forum "forum.php" SQL Injection
08.44.68 - PozScripts Classified Ads "gotourl.php" SQL Injection
08.44.69 - Graphiks MyForum "lecture.php" SQL Injection
08.44.70 - Persia BME E-Catalogue "search.asp" SQL Injection
08.44.71 - Tandis CMS "index.php" Multiple SQL Injection Vulnerabilities
08.44.72 - e107 CMS "alternate_profiles" Plugin "newuser.php" SQL Injection
08.44.73 - bcoos "modules/banners/click.php" SQL Injection
08.44.74 - e107 CMS EasyShop Plugin "easyshop.php" SQL Injection
08.44.75 - All In One Control Panel "cp_polls_results.php" SQL Injection
08.44.76 - PersianBB "iranian_music.php" SQL Injection
08.44.77 - H&H Solutions WebSoccer "id" SQL Injection
08.44.78 - ElkaGroup Image Gallery "view.php" SQL Injection
 -- Web Application
08.44.79 - LightBlog Multiple Local File Include Vulnerabilities
08.44.80 - TikiWiki Multiple Unspecified Vulnerabilities
08.44.81 - Joomla! Archaic Binary Gallery "com_ab_gallery" Component Directory Traversal
08.44.82 - Smarty Template Engine "Smarty_Compiler.class.php"  Security Bypass
08.44.83 - Mantis "string_api.php" Issue Number Information Disclosure
08.44.84 - Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload
08.44.85 - phpcrs "frame.php" Local File Include
08.44.86 - Joomla! ionFiles Component "download.php" Directory Traversal
08.44.87 - Drupal Book Page Title HTML Injection
08.44.88 - Osprey "ListRecords.php" Multiple Remote File Include Vulnerabilities
08.44.89 - TXTshop "header.php" Local File Include
08.44.90 - Snoopy "_httpsrequest()" Arbitrary Command Execution
08.44.91 - UC Gateway Investment SiteEngine "api.php" URI Redirection
08.44.92 - Joomla! RWCards Component "captcha_image.php" Local File Include
08.44.93 - aflog Cookie Authentication Bypass
08.44.94 - MindDezign Photo Gallery "admin" Module Unauthorized Access
08.44.95 - Drupal "bootstrap.inc" Local File Include
08.44.96 - New Earth Programming Team Image Upload Script Arbitrary File Upload
08.44.97 - BuzzScripts BuzzyWall "download.php" Directory Traversal
08.44.98 - Php-Daily Multiple Input Validation Vulnerabilities
08.44.99 - tlNews Cookie Authentication Bypass
08.44.100 - Ads Pro "dhtml.pl" Remote Command Execution
08.44.101 - KTorrent PHP Code Injection and Security Bypass Vulnerabilities
08.44.102 - bcoos "include/common.php" Remote File Include
08.44.103 - Python "Imageop" Module Argument Validation Buffer Overflow
08.44.104 - Eaton Network Shutdown Module Authentication Bypass
08.44.105 - Graphiks MyForum "centre.php" Local File Include
08.44.106 - MyBB Message Attachment Predictable Filename Information Disclosure
08.44.107 - tlAds Cookie Authentication Bypass
08.44.108 - MyKtools "update.php" Local File Include
08.44.109 - WebGUI "Asset.pm" Perl Module Handling Code Execution
08.44.110 - libgadu Contact Description Remote Buffer Overflow
08.44.111 - Graphiks MyForum Cookie Authentication Bypass
08.44.112 - tlGuestBook Cookie Authentication Bypass
08.44.113 - Agares Media ThemeSiteScript "frontpage_right.php" Remote File Include
08.44.114 - H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
08.44.115 - Atlassian JIRA Cross-Site Scripting and HTML Injection Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: Last week, Microsoft issued an out-of-cycle patch for a
remote code execution vulnerability in various versions of Microsoft
Windows; the initial announcement was covered in that week's @RISK.
Further details are now available for this vulnerability. The flaw
originates from a flaw in the Microsoft Windows Server Service, which
exports a Remote Procedure Call (RPC) interface. A flaw in one of the
exported procedures could allow an attacker to execute arbitrary code
with the privileges of the vulnerable process (SYSTEM). The vulnerable
procedures do not require authentication on versions of Microsoft
Windows other than Windows Vista and Windows Server 2008. Microsoft
believes that this vulnerability is being actively exploited in the
wild. Proofs-of-Concept for this vulnerability are now publicly
available.

Status: Vendor confirmed, updates available. Users are urged to patch
as quickly as possible.

References:
Previous @RISK Entry
https://www.sans.org/newsletters/risk/display.php?v=7&i=43#widely1
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Proofs-of-Concept
https://metasploit.com/ms08_067_netapi.rb
https://www.immunityinc.com/downloads/immpartners/ms08_067-3.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067-2.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067.tgz
http://www.securityfocus.com/data/vulnerabilities/exploits/31874.zip
SecurityFocus BID
http://www.securityfocus.com/bid/31874

**************************************

(2) HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
Affected:
OpenOffice.org versions prior to 2.4.2

Description: OpenOffice.org is a popular open source office suite. It
is installed by default on numerous Unix- and Linux-based operating
systems, and is commonly installed on Microsoft Windows and Apple Mac
OS X systems. It contains multiple flaws in its handling of Windows
Metafile (WMF) and Enhanced Metafile (EMF) image files. A specially
crafted WMF or EMF image could trigger one of several heap-based buffer
overflows in OpenOffice.org. Successfully exploiting one of these
vulnerabilities would allow an attacker to execute arbitrary code with
the privileges of the current user. Depending upon configuration,
malicious documents may be opened upon receipt without first prompting
the user. Details on these vulnerabilities is available via source code
analysis. The commercial fork of OpenOffice.org, StarOffice, is presumed
vulnerable as well.

Status: Vendor confirmed, updates available.

References:
OpenOffice.org Security Bulletins
http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
Wikipedia Article on the Windows Metafile and Enhanced Metafile File Formats
http://en.wikipedia.org/wiki/Enhanced_Metafile
Vendor Home Page
http://www.openoffice.org/
SecurityFocus BID
http://www.securityfocus.com/bid/31962

**************************************

(3) HIGH: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.62

Description: Opera is a popular cross-platform web browser. It contains
multiple vulnerabilities in its handling of JavaScript URLs and history
entries. Entries placed in the browser's history are not properly
sanitized, nor are JavaScript URLs. A specially crafted web page could
trigger this vulnerability to execute arbitrary JavaScript code in a
higher security context than would otherwise be allowed. Some technical
details for these vulnerabilities are publicly available.

Status: Vendor confirmed, updates available.

References:
Opera Security Advisories
http://www.opera.com/support/search/view/907/
http://www.opera.com/support/search/view/906/
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/31991

**************************************

(4) HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
Affected:
Adobe PageMaker versions 7.0.1 and prior

Description: Adobe PageMaker is a popular desktop publishing
application. It contains multiple buffer overflows in its handling of
PMD (PageMaker) files. A specially crafted PMD file could trigger one
of these buffer overflows, allowing an attacker to execute arbitrary
code with the privileges of the current user. Depending upon
configuration, malicious files may be opened upon receipt without first
prompting the user. Some technical details are publicly available for
these vulnerabilities.

Status: Vendor confirmed, updates available. A third vulnerability is
confirmed, but unpatched.

References:
Secunia Security Advisory
http://secunia.com/advisories/27200/
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-10.html
Product Home Page
http://www.adobe.com/products/pagemaker/
SecurityFocus BID
http://www.securityfocus.com/bid/31975

**************************************

(5) MODERATE: Sun Java Web Start Remote Command Execution
Affected:
Sun Java Web Start 

Description: Sun Java Web Start is part of Sun's Java Runtime
Environment, and allows Java applications to be launched from a web
browser. It contains an input validation error in its handling of Web
Start requests. A specially crafted web page could exploit this
vulnerability to exploit arbitrary commands with the privileges of the
current user. Technical details for this vulnerability are publicly
available, but are unconfirmed. The Sun Java Runtime Environment is
installed by default on numerous Unix- and Linux-based operating systems
as well as Apple Mac OS X. It is often installed on Microsoft Windows
systems.

Status: Vendor has not confirmed, no updates available.

References:
Posting by Varun Srivastava
http://www.securityfocus.com/archive/1/497799
Sun Java Web Start Home Page
http://java.sun.com/javase/technologies/desktop/javawebstart/index.jsp
SecurityFocus BID
http://www.securityfocus.com/bid/31916

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.44.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple EMC NetWorker Products "nsrexecd.exe" RPC Request
Denial of Service
Description: EMC NetWorker is a centralized data-protection system
available for multiple operating systems. Multiple EMC NetWorker
products are exposed to a denial of service issue because they fail to
adequately bounds check user-supplied data. This issue stems from a
failure to handle malicious Remote Procedure Call (RPC) requests.
Ref: http://www.securityfocus.com/archive/1/497666
______________________________________________________________________

08.44.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: freeSSHd SFTP "rename" Remote Denial of Service
Description: freeSSHd is an SSH server for Microsoft Windows. The
application is exposed to a denial of service issue because it fails
to handle excessively large arguments passed by a remote user.
Specifically, this issue presents itself when attackers send
excessively long arguments to a "rename" command via SFTP. freeSSHd
version 1.2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497746
______________________________________________________________________

08.44.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: SilverSHielD "opendir()" Remote Denial of Service
Description: SilverSHielD is an SSH/SFTP server for Microsoft Windows.
The application is exposed to a denial of service issue because it
fails to handle specially-crafted data passed to the "opendir()"
function. SilverSHielD version 1.0.2.34 is affected.
Ref: http://www.securityfocus.com/bid/31884
______________________________________________________________________

08.44.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple
File Corruption Vulnerabilities
Description: VImpX is an ActiveX control that imports data into
various databases. DB Software Laboratory "VImpX.ocx" ActiveX control
is exposed to multiple file corruption issues. VImpX version 4.8.8.0
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.44.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: TUGZip ZIP File Remote Buffer Overflow
Description: TUGZip is a file archiving application for Microsoft
Windows platforms. The application is exposed to a remote buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. TUGZip version 3.00 is affected.
Ref: http://www.securityfocus.com/bid/31913
______________________________________________________________________

08.44.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: PumpKIN Mode Field Remote Denial of Service
Description: PumpKIN is a TFTP server available for Microsoft Windows.
PumpKIN is exposed to a remote denial of service issue when processing
packets with overly long mode field values. PumpKIN version 2.7.2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31922
______________________________________________________________________

08.44.7 CVE: CVE-2008-4554
Platform: Linux
Title: Linux Kernel "do_splice_from()" Local Security Bypass
Description: The Linux kernel is exposed to a local security bypass
issue because the "do_splice_from()" function in "fs/splice.c" fails
to reject file descriptors that have the "O_APPEND" flag set. Linux
kernel versions prior to 2.6.27 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=466707
______________________________________________________________________

08.44.8 CVE: Not Available
Platform: Linux
Title: Netpbm "pamperspective" Utility Buffer Overflow
Description: Netpbm is a collection of utilities for manipulating
images. The "pamperspective" application is used to manipulate the
perspective of images. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. Netpbm versions prior to 10.35.48 stable are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1090
______________________________________________________________________

08.44.9 CVE: Not Available
Platform: Linux
Title: eCryptfs Password Information Disclosure
Description: eCryptfs is a Linux cryptographic file system. The
software is exposed to an information disclosure issue. Specifically,
this issue arises because the "ecryptfs-setup-private" program passes
the "login" and "mount" passwords directly to
"ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" in plain text
via the command line.
Ref:
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
______________________________________________________________________

08.44.10 CVE: CVE-2008-3911
Platform: Linux
Title: Linux Kernel "proc_do_xprt()" Local Buffer Overflow
Description: The Linux kernel is exposed to a local buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. This issue occurs in the "proc_do_xprt()" function
in the "net/sunrpc/sysctl.c" source file. Linux kernel versions
2.6.24-git13 through 2.6.26.4 are affected.
Ref: http://lkml.org/lkml/2008/8/30/140
______________________________________________________________________

08.44.11 CVE: Not Available
Platform: Solaris
Title: Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
Description: Sun Integrated Lights-Out Manager (ILOM) is a product for
managing and monitoring systems. ILOM is exposed to an authentication
bypass issue caused by an unspecified error. Attackers can exploit
this vulnerability to gain access to the service processor (SP)
through the web interface.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1
______________________________________________________________________

08.44.12 CVE: CVE-2008-3863
Platform: Unix
Title: GNU Enscript "src/psgen.c" Stack-Based Buffer Overflow
Description: GNU Enscript is a freely available, open-source program
for transforming ASCII files into PostScript documents. The utility is
used mainly on UNIX and Linux operating systems. GNU Enscript is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate checks on user-supplied input. GNU Enscript versions
1.6.1 and 1.6.4 (beta) are affected.
Ref: http://secunia.com/secunia_research/2008-41/
______________________________________________________________________

08.44.13 CVE: Not Available
Platform: Unix
Title: "imlib2" Library Multiple Unspecified Vulnerabilities
Description: The "imlib2" library is used to view and render various
types of images. It is available for UNIX, Linux, and other UNIX-like
operating systems. The application is exposed to multiple issues
caused by unspecified errors. "imlib2" versions prior to 1.4.2 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=2&release_id=634778
______________________________________________________________________

08.44.14 CVE: Not Available
Platform: Novell
Title: Novell eDirectory NCP Unspecified Remote Memory Corruption
Description: Novell eDirectory is a Lightweight Directory Access
Protocol (LDAP) server that also implements NCP (NetWare Core
Protocol). Novell eDirectory is exposed to an unspecified remote
memory corruption issue related to the NetWare Core Protocol (NCP).
eDirectory versions 8.7.3 SP10 prior to 8.7.3 SP10 FTF1 are affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
______________________________________________________________________

08.44.15 CVE: Not Available
Platform: Cross Platform
Title: NXP Semiconductors MIFARE Classic Smartcard Multiple Security
Weaknesses
Description: The MIFARE Classic smartcard is a contactless proximity
card based on the ISO/IEC 14443 RFID standard. The card has been
implemented for storing and tracking electronic fares in several major
transit systems. The issue occurs because the tag nonce directly
manipulates the internal state of the LFSR. If an attacker can access
a segment of the key stream, they can recover the current state of the
LFSR.
Ref: http://www.securityfocus.com/archive/1/497640
______________________________________________________________________

08.44.16 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple
Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms, including Linux, AIX, Solaris,
and Microsoft Windows. The application is exposed to multiple issues.
DB2 versions prior to 9.1 Fixpak 6 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013892
______________________________________________________________________

08.44.17 CVE: CVE-2008-4579
Platform: Cross Platform
Title: fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File
Creation Vulnerabilities
Description: The "fence" program is a component of the cluster2
Cluster Manager system. The application creates temporary files in an
insecure manner. Specifically, the following programs are affected:
"fence_apc" and "fence_apc_snmp". The "fence" component of cluster 2
2.03.08 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467386
______________________________________________________________________

08.44.18 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System LDAP JDK Search Feature Information Disclosure
Description: Sun Java System LDAP JDK is a directory SDK for Java. Sun
Java System LDAP JDK is exposed to an information disclosure issue
because it fails to restrict access to potentially sensitive
information.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242246-1
______________________________________________________________________

08.44.19 CVE: CVE-2008-3862
Platform: Cross Platform
Title: Trend Micro OfficeScan CGI Parsing Buffer Overflow
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. OfficeScan is exposed to a buffer overflow issue
because the application fails to properly bounds check user-supplied
data when parsing CGI requests before copying the data into an
insufficiently sized memory buffer. OfficeScan version 7.3 with Patch
4 build 1362 and OfficeScan version 8.0 SP1 Patch 1 is affected.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
______________________________________________________________________

08.44.20 CVE: CVE-2007-4349
Platform: Cross Platform
Title: HP OpenView Products Shared Trace Service RPC Request Handling
Denial of Service
Description: Multiple HP OpenView products are exposed to a denial of
service issue. This issue affects the OpenView Shared Trace Service
and is caused by an access violation when the software handles a
specially crafted sequence of RPC requests. HP OpenView Reporter
version 3.70 and HP Performance Agent version 4.70 is affected.
Ref: http://secunia.com/secunia_research/2007-83/
______________________________________________________________________

08.44.21 CVE: CVE-2008-3816
Platform: Cross Platform
Title: Cisco PIX and ASA Appliance IPv6 Denial of Service
Description: Cisco ASA and PIX are security appliances. Multiple Cisco
security appliances are prone to a denial of service issue when
configured for IPv6. An attacker can exploit this issue by sending
specially crafted IPv6 packets to cause the affected devices to
reload, denying service to legitimate users.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
______________________________________________________________________

08.44.22 CVE: CVE-2008-3815
Platform: Cross Platform
Title: Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
Description: Cisco PIX and ASA are security appliances. Cisco PIX and
ASA are exposed to an authentication bypass issue when configured to
use IPSec or SSL based remote access VPN with Microsoft Windows NT
Domain authentication.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml
______________________________________________________________________

08.44.23 CVE: CVE-2008-3817
Platform: Cross Platform
Title: Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of
Service
Description: Cisco ASA security appliances are exposed to a remote
denial of service issue. The hardware Crypto Accelerator included with
these appliances is exposed to a denial of service issue.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
______________________________________________________________________

08.44.24 CVE: CVE-2008-4686
Platform: Cross Platform
Title: VLC Media Player Multiple Remote Integer Overflow
Vulnerabilities
Description: VLC is a cross-platform media player. VLC media player is
exposed to multiple integer overflow issues because it fails to
perform adequate boundary checks on integer values. VLC media player
version 0.9.4 is affected.
Ref:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
______________________________________________________________________

08.44.25 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser History Search Input Validation
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to an input validation issue
because of the way it stores data used for the History Search feature.
Opera Web Browser versions prior to 9.61 are affected.
Ref: http://www.opera.com/support/search/view/903/
______________________________________________________________________

08.44.26 CVE: Not Available
Platform: Cross Platform
Title: GoodTech SSH Server SFTP Multiple Buffer Overflow
Vulnerabilities
Description: GoodTech SSH Server is a server that facilitates secure
connections from remote users. The application is exposed to multiple
buffer overflow issues because it fails to bounds check user-supplied
data before copying it into an insufficiently sized buffer. GoodTech
SSH Server version 6.4 is affected.
Ref: http://www.securityfocus.com/archive/1/497745
______________________________________________________________________

08.44.27 CVE: CVE-2008-2469
Platform: Cross Platform
Title: "libspf2" DNS TXT Record Handling Remote Buffer Overflow
Description: The "libspf2" library is used to implement the Sender
Policy Framework (SPF). The library is exposed to a remote buffer
overflow issue that arises due to a lack of bounds checking when
handling specially-crafted DNS TXT records. "libspf2" library versions
prior to 1.2.8 are affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
______________________________________________________________________

08.44.28 CVE: Not Available
Platform: Cross Platform
Title: WebSVN Multiple Remote Input Validation Vulnerabilities
Description: WebSVN is an online SVN repository viewer. The
application is exposed to multiple remote input validation issues. The
command execution vulnerability affects the WebSVN 1.0 branch; the
remaining issues affect WebSVN version 2.0.
Ref: http://www.gulftech.org/?node=research&article_id=00132-10202008
______________________________________________________________________

08.44.29 CVE: Not Available
Platform: Cross Platform
Title: KVIrc URI Handler Remote Format String
Description: KVIrc is an IRC client available for various operating
systems. KVIrc is exposed to a remote format string issue because it
fails to sufficiently sanitize user-supplied input before including it
in the format specifier argument of a formatted printing function.
KVIrc version 3.4.0 is affected.
Ref: http://www.securityfocus.com/bid/31912
______________________________________________________________________

08.44.30 CVE: Not Available
Platform: Cross Platform
Title: Sun Java Web Start Remote Command Execution
Description: Sun Java Web Start is a utility included in the Java
Runtime Environment. It enables Java applications to launch either
from a desktop or from a web page. Sun Java Web Start is exposed to a
remote command execution issue that occurs when a Java Web Start
application containing specially-crafted content is handled.
Ref: http://www.securityfocus.com/archive/1/497799
______________________________________________________________________

08.44.31 CVE: CVE-2006-7234
Platform: Cross Platform
Title: Lynx ".mailcap" and ".mime.type" Files Local Code Execution
Description: Lynx is an open-source, text based web client available
for multiple platforms. Lynx is exposed to a local code execution
issue because it insecurely reads ".mailcap" and ".mime.type" files
from the application's current working-directory. Lynx versions prior
to 2.8.6rel.4 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=214205
______________________________________________________________________

08.44.32 CVE: Not Available
Platform: Cross Platform
Title: Libpng Library "png_handle_tEXt()" Memory Leak Denial of
Service
Description: The "libpng" library is a PNG reference library. The
library is exposed to a remote denial of service issue because it
fails to handle malicious PNG files. Specifically, this vulnerability
resides in the "png_handle_tEXt()" function of the "pngrutil.c" file
and is caused by memory leak error. "libpng" version 1.2.32 is
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624
______________________________________________________________________

08.44.33 CVE: CVE-2008-4641
Platform: Cross Platform
Title: jhead "DoCommand()" Arbitrary Command Execution
Description: The "jhead" tool is used for manipulating Exif JPEG
headers. The "jhead" tool is exposed to an arbitrary command execution
issue. Specifically, the issue occurs in the "DoCommand()" function of
the "jhead.c" file when processing filenames that contain shell meta
characters. jhead versions 2.84 and earlier are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________

08.44.34 CVE: Not Available
Platform: Cross Platform
Title: Blender "BPY_interface.c" Remote Command Execution
Description: Blender is an open-source suite for creating 3D content;
it is available for various operating systems. Blender is exposed to a
remote command execution issue because it may include Python files
from an unsafe location. Blender version 2.48a is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
______________________________________________________________________

08.44.35 CVE: Not Available
Platform: Cross Platform
Title: Perl File::Find::Object Module Format String
Description: File::Find::Object is a Perl module used to search
directory trees for specific files. File::Find::Object is exposed to a
format string issue in its handling of certain loop conditions.
File::Find::Object versions prior to 0.1.1 are affected.
Ref: http://search.cpan.org/src/SHLOMIF/File-Find-Object-0.1.1/Changes
______________________________________________________________________

08.44.36 CVE: Not Available
Platform: Cross Platform
Title: Citrix Web Interface Security Bypass
Description: Citrix Web Interface is an application deployment system
that provides users with access to Citrix Presentation Server
applications through a standard browser. A security bypass issue may
allow attackers to take over a previously terminated session. Citrix
Web Interface versions 5.0 and 5.0.1 are affected.
Ref: http://support.citrix.com/article/CTX118768
______________________________________________________________________

08.44.37 CVE: Not Available
Platform: Cross Platform
Title: Questwork QuestCMS Multiple Remote Vulnerabilities
Description: QuestCMS is a content management system. The application
is exposed to multiple issues. Exploiting these issues could allow an
attacker to view arbitrary local files within the context of the
web server, steal cookie-based authentication credentials, compromise
the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/31945
______________________________________________________________________

08.44.38 CVE: Not Available
Platform: Cross Platform
Title: Android Web Browser Unspecified Remote Code Execution
Description: Android is a software stack for mobile devices that
includes an operating system, middleware, and key applications.
Android Web Browser is exposed to an unspecified remote code execution
issue.
Ref:
http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?_r=1&oref=slogin
______________________________________________________________________

08.44.39 CVE: Not Available
Platform: Cross Platform
Title: MyKtools Database Disclosure
Description: MyKtools is a collection of database administration
tools. The application is exposed to an information disclosure issue.
Specifically, attackers may be able to download the application's
backed up databases through the "mykdownload.php" script. MyKtools
version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/31950
______________________________________________________________________

08.44.40 CVE: Not Available
Platform: Cross Platform
Title: Multiple Products Unspecified Library MP4 File Remote Denial of
Service
Description: Multiple Products are exposed to a denial of service
issue that occurs in an unspecified library when handling malformed
MP4 files. Successful exploits may allow remote attackers to cause
denial of service conditions on computers or affected device running
the affected library.
Ref: http://www.securityfocus.com/archive/1/497856
______________________________________________________________________

08.44.41 CVE: Not Available
Platform: Cross Platform
Title: Microsoft Internet Explorer " " Address Bar URI Spoofing
Description: Internet Explorer is a browser for the Windows operating
system. The application  is affected by a URI spoofing issue because
it fails to adequately handle specific combinations of the
Non-Breaking Space " " character. Internet Explorer 6 is affected
by this issue.
Ref: http://www.securityfocus.com/archive/1/497825
______________________________________________________________________

08.44.42 CVE: CVE-2008-2237, CVE-2008-2238
Platform: Cross Platform
Title: OpenOffice WMF and EMF File Handling Multiple Heap-Based Buffer
Overflow Vulnerabilities
Description: OpenOffice is a suite of office applications for multiple
operating platforms. OpenOffice is exposed to multiple issues. Remote
attackers can exploit these issues by enticing victims into opening
maliciously crafted files. OpenOffice 2 versions prior to 2.4.2 are
affected.
Ref: http://www.openoffice.org/security/bulletin.html
______________________________________________________________________

08.44.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Vendor Web Browser FTP Client Cross-Site Scripting
Description: Multiple vendors' web browsers are exposed a cross-site
scripting issue that arises because the software fails to handle
specially crafted files served using the FTP protocol. Specifically,
the issue arises because the affected browsers fail to properly verify
file types of files downloaded by built-in FTP clients and render the
files.
Ref: http://www.securityfocus.com/bid/31855
______________________________________________________________________

08.44.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jetbox CMS "liste" Parameter Cross-Site Scripting
Description: Jetbox CMS is a PHP based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "liste" parameter of the
"/admin/postlister/index.php" script. Jetbox CMS version 2.1 is
affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-jetbox2.html
______________________________________________________________________

08.44.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MiniPortail "search.php" Cross-Site Scripting and Local File
Include Vulnerabilities
Description: MiniPortail is a web portal application. MiniPortail is
exposed to multiple issues: a cross-site scripting issue affects the
"search.php" script and a local file include issue affects the "lng"
parameter of the "search.php" script. MiniPortail version 2.2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31895
______________________________________________________________________

08.44.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ClipShare Pro "fullscreen.php" Cross-Site Scripting
Description: ClipShare Pro is a PHP based script for sharing videos.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "title" parameter of the
"fullscreen.php" script. ClipShare Pro version 4.0.0 is affected.
Ref: http://www.securityfocus.com/bid/31898
______________________________________________________________________

08.44.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kayako eSupport "html-tidy-logic.php" Cross-Site Scripting
Description: Kayako eSupport is a PHP based helpdesk and support
system. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "jsMakeSrc"
parameter of the
"includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php" script.
Kayako eSupport version 3.20.02 is vulnerable; other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/31908
______________________________________________________________________

08.44.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: iPei Guestbook "pg" Parameter Cross-Site Scripting
Description: iPei Guestbook is a PHP based web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "pg"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/497783
______________________________________________________________________

08.44.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin "pmd_pdf.php" Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. phpMyAdmin is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data to the
"db" parameter of the "pmd_pdf.php" script.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1101
______________________________________________________________________

08.44.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyBB "moderation.php" Cross-Site Scripting
Description: MyBB is a PHP based bulletin board. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "url" parameter in the
"moderation.php" script. MyBB version 1.4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/497817
______________________________________________________________________

08.44.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP-Nuke Nuke League Module "tid" Parameter Cross-Site
Scripting
Description: PHP-Nuke Nuke League module is a plugin for PHP-nuke. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "tid" parameter
of the "League" module.
Ref: http://www.securityfocus.com/bid/31952
______________________________________________________________________

08.44.52 CVE: CVE-2008-4342
Platform: Web Application - Cross Site Scripting
Title: KKE Info Media Kmita Catalogue "search.php" Cross-Site
Scripting
Description: Kmita Catalogue is a web-application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "q" parameter of the "search.php" script.
Kmita Catalogue V2 is affected.
Ref: http://www.kkeim.com/products/kmita.html?code=kmitac
______________________________________________________________________

08.44.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Extrakt Framework "index.php" Cross-Site Scripting
Description: Extrakt Framework is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"plugins[file][id]" parameter of the "index.php" script. Extrakt
Framework version 0.7 is affected.
Ref: http://www.securityfocus.com/bid/31971
______________________________________________________________________

08.44.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dizi Portali "diziler.asp" SQL Injection
Description: Dizi Portali is an ASP based web portal. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter in "diziler.asp"
before using the data in an SQL query.
Ref: http://www.securityfocus.com/bid/31849
______________________________________________________________________

08.44.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phPhotoGallery "index.php" SQL Injection
Description: phPhotoGallery is a web-based gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "index.php" script before using it in an SQL query.
phPhotoGallery version 0.92 is affected.
Ref: http://www.securityfocus.com/bid/31850
______________________________________________________________________

08.44.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bahar Download Script "aspkat.asp" SQL Injection
Description: Bahar Download Script is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "kid" parameter of the "aspkat.asp" script before using it in an
SQL query. Bahar Download Script version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31852
______________________________________________________________________

08.44.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ShopMaker "product.php" SQL Injection
Description: ShopMaker is a web-based gallery. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "product.php"
script before using it in an SQL query. ShopMaker version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31854
______________________________________________________________________

08.44.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KBase Joomla! Component "id" Parameter SQL Injection
Description: KBase is a PHP based component for the Joomla! content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "index.php" script when the "option" parameter is set
to "com_kbase". KBase version 1.2 is affected.
Ref: http://www.jmds.eu/joomla-1.5-addons/view-category.html
______________________________________________________________________

08.44.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Daily Message Component "id" Parameter SQL
Injection
Description: Daily Message is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_dailymessage" component before using it in
an SQL query. Daily Message version 1.0.3 is affected.
Ref: http://www.securityfocus.com/bid/31870
______________________________________________________________________

08.44.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dorsa CMS "ShowPage.aspx" SQL Injection
Description: Dorsa CMS is a web-based content management system. It is
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "PageIDF" parameter when the "page_" parameter is set to "news"
before using it in an SQL query. The affected parameters are used in
the "ShowPage.aspx" script.
Ref: http://www.securityfocus.com/bid/31875
______________________________________________________________________

08.44.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LoudBlog "ajax.php" SQL Injection
Description: LoudBlog is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "colpick" parameter of the
"loudblog/ajax.php" script before using it in an SQL query. LoudBlog
versions 0.8.0a and earlier are affected.
Ref: http://www.securityfocus.com/bid/31878
______________________________________________________________________

08.44.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
Description: CS-Partner is a PHP based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the "pseudo" and
"passe" parameters of the "gestion.php" script. CS-Partner version 1.0
is affected.
Ref: http://www.securityfocus.com/bid/31886
______________________________________________________________________

08.44.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UC Gateway Investment SiteEngine "announcements.php" SQL
Injection
Description: SiteEngine is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"announcements.php" script before using it in an SQL query. SiteEngine
version 5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/497747
______________________________________________________________________

08.44.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MindDezign Photo Gallery "id" Parameter SQL Injection
Description: MindDezign Photo Gallery is a PHP based photo gallery
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script when the "module" parameter
is set to "gallery" before using it in an SQL query. MindDezign Photo
Gallery version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31893
______________________________________________________________________

08.44.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ RSS Reader "EditUrl.php" SQL Injection
Description: AJ RSS Reader is a PHP based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "url" parameter of the
"EditUrl.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31910
______________________________________________________________________

08.44.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KasraCMS "index.php" Multiple SQL Injection Vulnerabilities
Description: KasraCMS is a PHP based web application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input to the "shme" and "cont"
parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/31918
______________________________________________________________________

08.44.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SFS Ez Forum "forum.php" SQL Injection
Description: SFS Ez Forum is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "forum" parameter of the
"forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31924
______________________________________________________________________

08.44.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PozScripts Classified Ads "gotourl.php" SQL Injection
Description: PozScripts Classified Ads is a web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"gotourl.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31925
______________________________________________________________________

08.44.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Graphiks MyForum "lecture.php" SQL Injection
Description: Graphiks MyForum is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"lecture.php" script before using it in an SQL query. MyForum version
1.3 is affected.
Ref: http://www.securityfocus.com/bid/31926
______________________________________________________________________

08.44.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Persia BME E-Catalogue "search.asp" SQL Injection
Description: Persia BME E-Catalogue is an ASP based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "q" parameter of the
"qsearch/search.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31833
______________________________________________________________________

08.44.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tandis CMS "index.php" Multiple SQL Injection Vulnerabilities
Description: Tandis CMS is a PHP based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the "nid" and
"cpage" parameters of the "index.php" script. Tandis CMS version 2.5.0
is affected.
Ref: http://www.securityfocus.com/bid/31930
______________________________________________________________________

08.44.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 CMS "alternate_profiles" Plugin "newuser.php" SQL
Injection
Description: The "alternate_profiles" plugin is an application for the
e107 CMS content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the
"alternate_profiles/newuser.php" script before using it in an SQL
query.
Ref:
http://www.justfreespace.com/e107_plugins/alternate_profiles/readme.txt
______________________________________________________________________

08.44.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: bcoos "modules/banners/click.php" SQL Injection
Description: bcoos is a content manager based on the E-Xoops CMS. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "bid" parameter of the
"modules/banners/click.php" script before using it in an SQL query.
bcoos version 1.0.13 is affected.
Ref: http://www.securityfocus.com/bid/31941
______________________________________________________________________

08.44.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 CMS EasyShop Plugin "easyshop.php" SQL Injection
Description: The EasyShop plugin is a module for the e107 CMS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"category_id" parameter of the "easyshop.php" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/31948
______________________________________________________________________

08.44.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: All In One Control Panel "cp_polls_results.php" SQL Injection
Description: All In One Control Panel (AIOCP) is a content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "poll_id" parameter
of the "public/code/cp_polls_results.php" script before using it in an
SQL query. All In One Control Panel version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/31949
______________________________________________________________________

08.44.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PersianBB "iranian_music.php" SQL Injection
Description: PersianBB is a PHP based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"iranian_music.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31953
______________________________________________________________________

08.44.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: H&H Solutions WebSoccer "id" SQL Injection
Description: H&H Solutions WebSoccer is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"liga.php" script before using it in an SQL query. H&H Solutions
WebSoccer version 2.80 is affected.
Ref: http://www.securityfocus.com/bid/31963
______________________________________________________________________

08.44.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ElkaGroup Image Gallery "view.php" SQL Injection
Description: Elkagroup is a web-based photo album application.
Elkagroup is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input before using it in an SQL query.
Elkagroup version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31966
______________________________________________________________________

08.44.79 CVE: Not Available
Platform: Web Application
Title: LightBlog Multiple Local File Include Vulnerabilities
Description: LightBlog is a PHP based blog application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. LightBlog version
9.8 is affected.
Ref: http://www.securityfocus.com/bid/31851
______________________________________________________________________

08.44.80 CVE: Not Available
Platform: Web Application
Title: TikiWiki Multiple Unspecified Vulnerabilities
Description: TikiWiki is a PHP based content manager and wiki system.
The application is exposed to multiple remote issues caused by
unspecified errors. TikiWiki versions 2.x prior to 2.2 are affected.
Ref: http://info.tikiwiki.org/tiki-read_article.php?articleId=41
______________________________________________________________________

08.44.81 CVE: Not Available
Platform: Web Application
Title: Joomla! Archaic Binary Gallery "com_ab_gallery" Component
Directory Traversal
Description: Archaic Binary Gallery is a component for the Joomla!
content manager. The component is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input to
the "gallery" parameter of the "index.php" script when the "option"
parameter is set to "com_ab_gallery". Joomla! Archaic Binary Gallery
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31901
______________________________________________________________________

08.44.82 CVE: Not Available
Platform: Web Application
Title: Smarty Template Engine "Smarty_Compiler.class.php"  Security
Bypass
Description: Smarty Template Engine is a template based content
manager. Smarty Template Engine is exposed to a security bypass issue
that occurs when embedded variables are processed. Specifically, this
issue occurs in the "_expand_quoted_text()" function of the
"Smarty_Compiler.class.php" file. Smarty version 2.6.19 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467317
______________________________________________________________________

08.44.83 CVE: CVE-2008-4688
Platform: Web Application
Title: Mantis "string_api.php" Issue Number Information Disclosure
Description: Mantis is a web-based bug tracker. It is written in PHP
and supported by a MySQL database. Mantis is exposed to an information
disclosure issue because it fails to protect private information.
Specifically, the vulnerability occurs if a user references an issue
via an issue number. Mantis versions prior to 1.1.3 are affected.
Ref: http://www.mantisbt.org/bugs/view.php?id=9321
______________________________________________________________________

08.44.84 CVE: Not Available
Platform: Web Application
Title: Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload
Description: Iamma Nuke Simple Gallery is photo gallery module for
PHP-Nuke. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code on an affected
computer with the privileges of the web server process. This issue
occurs because the application fails to sufficiently sanitize file
extensions before uploading files to the web server through the
"upload.php" script. Iamma Nuke Simple Gallery versions 1.0 and 2.0
are affected.
Ref: http://www.securityfocus.com/bid/31873
______________________________________________________________________

08.44.85 CVE: Not Available
Platform: Web Application
Title: phpcrs "frame.php" Local File Include
Description: phpcrs is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "importFunction" parameter before
using it in the "frame.php" script. phpcrs versions up to and
including 2.06 are affected.
Ref: http://www.securityfocus.com/archive/1/497742
______________________________________________________________________

08.44.86 CVE: Not Available
Platform: Web Application
Title: Joomla! ionFiles Component "download.php" Directory Traversal
Description: Joomla! ionFiles is a component for the Joomla content
manager. The component is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input to the
"file" parameter of the "download.php" script. Joomla! ionFiles
version 4.4.2 is affected.
Ref: http://www.securityfocus.com/bid/31877
______________________________________________________________________

08.44.87 CVE: Not Available
Platform: Web Application
Title: Drupal Book Page Title HTML Injection
Description: Drupal is a content management system. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the titles of book pages before using
the input in dynamically generated content. Users with "create book
content" privileges can exploit this issue. Drupal 5.x versions prior
to 5.12 and Drupal 6.x versions prior to 6.6 are affected.
Ref: http://drupal.org/node/324824
______________________________________________________________________

08.44.88 CVE: Not Available
Platform: Web Application
Title: Osprey "ListRecords.php" Multiple Remote File Include
Vulnerabilities
Description: Osprey is a peer-to-peer content distribution system. The
application is exposed to multiple remote file include issue because
it fails to sufficiently sanitize user-supplied input to the "lib_dir"
and "xml_dir" parameters of the "/web/lib/xml/oai/ListRecords.php"
script. Osprey version 1.0a4.1 is affected.
Ref: http://www.securityfocus.com/bid/31883
______________________________________________________________________

08.44.89 CVE: Not Available
Platform: Web Application
Title: TXTshop "header.php" Local File Include
Description: TXTshop is a PHP based shopping cart application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "language" parameter
before using it in the "header.php" script. TXTshop version 1.0b is
affected.
Ref: http://www.securityfocus.com/bid/31885
______________________________________________________________________

08.44.90 CVE: Not Available
Platform: Web Application
Title: Snoopy "_httpsrequest()" Arbitrary Command Execution
Description: Snoopy is a freely available, open-source PHP class that
implements a web client for use in automating HTTP requests in PHP
applications. Snoopy is exposed to an issue that lets attackers
execute arbitrary commands because the application fails to properly
sanitize user-supplied input. Snoopy versions prior to 1.2.4 is
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=635111
______________________________________________________________________

08.44.91 CVE: Not Available
Platform: Web Application
Title: UC Gateway Investment SiteEngine "api.php" URI Redirection
Description: SiteEngine is a PHP based content management system.
SiteEngine is exposed to a remote URI redirection issue because it
fails to properly sanitize user-supplied input to the "forward"
parameter of the "api.php" script, when called with the "action"
parameter set to "logout". SiteEngine version 5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/497747
______________________________________________________________________

08.44.92 CVE: Not Available
Platform: Web Application
Title: Joomla! RWCards Component "captcha_image.php" Local File
Include
Description: RWCards is a greeting card component for the Joomla!
content manager. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"img" parameter before using it in the "captcha_image.php" script.
RWCards version 3.0.11 is affected.
Ref: http://www.securityfocus.com/bid/31892
______________________________________________________________________

08.44.93 CVE: Not Available
Platform: Web Application
Title: aflog Cookie Authentication Bypass
Description: aflog is a PHP based web log application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. aflog version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/31894
______________________________________________________________________

08.44.94 CVE: Not Available
Platform: Web Application
Title: MindDezign Photo Gallery "admin" Module Unauthorized Access
Description: MindDezign Photo Gallery is a web-based application. The
application is exposed to an unauthorized access issue because it
fails to adequately limit access to administrative scripts used for
creating accounts. This issue affects the "admin" module. MindDezign
Photo Gallery version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31897
______________________________________________________________________

08.44.95 CVE: Not Available
Platform: Web Application
Title: Drupal "bootstrap.inc" Local File Include
Description: Drupal is a PHP based content management system. Drupal
is exposed to a local file include issue due to an error in the
"bootstrap.inc" script file. This issue occurs when Drupal is hosted
on a computer supporting multiple IP based virtual hosts. Drupal
versions prior to 5.12 and Drupal 6.6 are affected.
Ref: http://drupal.org/node/324824
______________________________________________________________________

08.44.96 CVE: Not Available
Platform: Web Application
Title: New Earth Programming Team Image Upload Script Arbitrary File
Upload
Description: New Earth Programming Team Image Upload Script is a
PHP based image uploader. The application is exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an
affected computer with the privileges of the web server process. This
issue occurs because the application fails to sufficiently sanitize
file extensions passed to the "upload.php" script before uploading
files to the web server.
Ref: http://www.securityfocus.com/bid/31909
______________________________________________________________________

08.44.97 CVE: Not Available
Platform: Web Application
Title: BuzzScripts BuzzyWall "download.php" Directory Traversal
Description: BuzzScripts BuzzyWall is a web-based application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input to the "id" parameter of
the "download.php" script. BuzzScripts BuzzyWall version 1.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/31914
______________________________________________________________________

08.44.98 CVE: Not Available
Platform: Web Application
Title: Php-Daily Multiple Input Validation Vulnerabilities
Description: Php-Daily is a PHP based time management application.
Since it fails to adequately sanitize user-supplied input, Php-Daily
is exposed to multiple input validation issues. Php-Daily version 1.2
is affected.
Ref: http://www.securityfocus.com/bid/31915
______________________________________________________________________

08.44.99 CVE: Not Available
Platform: Web Application
Title: tlNews Cookie Authentication Bypass
Description: tlNews is a PHP based web application. The application is
exposed to an authentication-bypass vulnerability because it fails to
adequately verify user-supplied input used for cookie based
authentication. Attackers can gain administrative access by setting
the "tlNews_login" cookie parameter to "admin", effectively bypassing
authentication. tlNews version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31919
______________________________________________________________________

08.44.100 CVE: Not Available
Platform: Web Application
Title: Ads Pro "dhtml.pl" Remote Command Execution
Description: Ads Pro is a web-based application used to display ads on
a web site. The application is exposed to an issue that attackers can
leverage to execute arbitrary commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input to the "page" parameter of the
"dhtml.pl" script.
Ref: http://www.securityfocus.com/bid/31923
______________________________________________________________________

08.44.101 CVE: Not Available
Platform: Web Application
Title: KTorrent PHP Code Injection and Security Bypass Vulnerabilities
Description: KTorrent is exposed to multiple issues that affect its
web interface. Successful exploits may facilitate a compromise of the
application and the underlying system; other attacks may also be
possible. KTorrent version 3.1.3 is affected.
Ref: http://www.securityfocus.com/bid/31927
______________________________________________________________________

08.44.102 CVE: Not Available
Platform: Web Application
Title: bcoos "include/common.php" Remote File Include
Description: bcoos is a PHP based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "XOOPS_ROOT_PATH" parameter of the
"include/common.php" script. bcoos version 1.0.13 is affected.
Ref: http://www.securityfocus.com/archive/1/497809
______________________________________________________________________

08.44.103 CVE: Not Available
Platform: Web Application
Title: Python "Imageop" Module Argument Validation Buffer Overflow
Description: Python is an interpreted, dynamic, object oriented
programming language that is available for many operating systems.
Python is exposed to a buffer overflow issue because it fails to
sufficiently sanitize user-supplied input. The vulnerability stems
from an integer overflow in the "imageop" module and may result in a
segmentation fault. Python versions prior to 2.5.2-r6 are affected.
Ref: http://svn.python.org/view?rev=66689&view=rev
______________________________________________________________________

08.44.104 CVE: Not Available
Platform: Web Application
Title: Eaton Network Shutdown Module Authentication Bypass
Description: Eaton Network Shutdown Module is a monitoring system for
UPS devices; it includes a PHP based administrative interface. Network
Shutdown Module is exposed to an authentication bypass issue caused by
an unspecified error. This issue occurs in the "pane_actionbutton.php"
and "exec_action.php" scripts. Network Shutdown Module versions prior
to 3.10 build 13 are affected.
Ref: http://www.securityfocus.com/archive/1/497824
______________________________________________________________________

08.44.105 CVE: Not Available
Platform: Web Application
Title: Graphiks MyForum "centre.php" Local File Include
Description: Graphiks MyForum is a web-based application. Graphiks
MyForum is exposed to a local file include issue because it fails to
properly sanitize user-supplied input to the "padmin" parameter of the
"admin/centre.php" script. Graphiks MyForum version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31934
______________________________________________________________________

08.44.106 CVE: Not Available
Platform: Web Application
Title: MyBB Message Attachment Predictable Filename Information
Disclosure
Description: MyBB is a PHP based bulletin board. The application is
exposed to an information disclosure issue because it saves message
attachments with predictable filenames. MyBB version 1.4.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/497817
______________________________________________________________________

08.44.107 CVE: Not Available
Platform: Web Application
Title: tlAds Cookie Authentication Bypass
Description: tlAds is web-based advertisement application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie based
authentication. tlAds version 1 is affected.
Ref: http://www.securityfocus.com/bid/31939
______________________________________________________________________

08.44.108 CVE: Not Available
Platform: Web Application
Title: MyKtools "update.php" Local File Include
Description: MyKtools is a collection of database administration
tools. MyKtools is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "language"
parameter of the "update.php" script. MyKtools version 2.4 is
affected.
Ref: http://www.securityfocus.com/bid/31942
______________________________________________________________________

08.44.109 CVE: Not Available
Platform: Web Application
Title: WebGUI "Asset.pm" Perl Module Handling Code Execution
Description: WebGUI is a content manager and framework for web
applications. The application is exposed to an arbitrary Perl
code-execution issue that caused by a design error in the "loadModule"
function in "lib/WebGUI/Asset.pm" which fails to appropriately
restrict the type of module that can be loaded by this function.
WebGUI versions prior to 7.5.30 are affected.
Ref: http://www.webgui.org/bugs/tracker/8980
______________________________________________________________________

08.44.110 CVE: Not Available
Platform: Web Application
Title: libgadu Contact Description Remote Buffer Overflow
Description: libgadu is a library implementing the Gadu-Gadu instant
message protocol. It is available for multiple operating systems.
libgadu is exposed to a remote buffer overflow issue that arises when
the library handles malformed contact description data from a
malicious server. This issue occurs in the source code file
"events.c". libgadu versions prior to 1.8.2 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=468830
______________________________________________________________________

08.44.111 CVE: Not Available
Platform: Web Application
Title: Graphiks MyForum Cookie Authentication Bypass
Description: Graphiks MyForum is a web-based application implemented
in PHP. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie based authentication. Graphiks MyForum version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31955
______________________________________________________________________

08.44.112 CVE: Not Available
Platform: Web Application
Title: tlGuestBook Cookie Authentication Bypass
Description: tlGuestBook is PHP based guestbook application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie based
authentication. tlGuestBook version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/31958
______________________________________________________________________

08.44.113 CVE: Not Available
Platform: Web Application
Title: Agares Media ThemeSiteScript "frontpage_right.php" Remote File
Include
Description: ThemeSiteScript is a PHP based application that helps
users create and manage themes web sites. The application is exposed to
a remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "loadadminpage" parameter of the
"admin/frontpage_right.php" script. ThemeSiteScript version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31959
______________________________________________________________________

08.44.114 CVE: Not Available
Platform: Web Application
Title: H2O-CMS PHP Code Injection and Cookie Authentication Bypass
Vulnerabilities
Description: H2O-CMS is a content-management system. The application
is exposed to a PHP code-injection issue and a cookie
authentication bypass issue. The PHP injection issue occurs because
the application fails to properly sanitize user-supplied input when
the "option" parameter is set to "SaveConfig" for the "index.php"
script. H2O-CMS versions up to and including 3.4 are affected.
Ref: http://www.securityfocus.com/bid/31961
______________________________________________________________________

08.44.115 CVE: Not Available
Platform: Web Application
Title: Atlassian JIRA Cross-Site Scripting and HTML Injection
Vulnerabilities
Description: Atlassian JIRA is a bug tracking, issue tracking, and
project management application. This application is exposed to an
HTML injection issue and a cross-site scripting issue. The
HTML injection issue is caused by a failure to sufficiently sanitize
user-supplied input to the "Full Name" parameter when editing a user
profile. Atlassian JIRA version 3.13 is affected.
Ref:
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29
______________________________________________________________________

Make a Comment

Make A Comment: ( None so far )

blockquote and a tags work here.

    About

    “The soft and the pliable will defeat the hard and strong.” Lao Tzu

    RSS

    Subscribe Via RSS

    • Subscribe with Bloglines
    • Add your feed to Newsburst from CNET News.com
    • Subscribe in Google Reader
    • Add to My Yahoo!
    • Subscribe in NewsGator Online
    • The latest comments to all posts in RSS
    • Subscribe in Rojo

    Meta

Liked it here?
Why not try sites on the blogroll...