Two German university researchers have discovered a combination of techniques that could allow an attacker to compromise Wi-Fi Protected Access (WPA) encryption in less than 15 minutes.  The attack does not result in the encryption key being discovered.  Rather, the technique allows attackers “to decrypt packets and inject packets with custom content.”  Martin Beck and Eric Tews present their findings at the PacSec 2008 conference in Tokyo this week.  The attack targets the WPA’s Temporal Key Integrity Protocol (TKIP).
http://www.securityfocus.com/news/11537
http://www.heise-online.co.uk/security/Security-experts-reveal-details-of-WPA-hack–/news/111922
http://dl.aircrack-ng.org/breakingwepandwpa.pdf

[(Note from Johannes Ullrich): Although the attack rather limited, it highlights the fact that WPA and TKIP were meant to serve as a transitional fix for older hardware. WPA2 is the "real fix". And from Raul Siles at Internet Storm Center: This new research opens the door to new WPA/TKIP attacks and future attack enhancements, so it is time to start applying and planning the appropriate security countermeasures to remove or mitigate this and similar future threats:
Update to WPA2/AES as soon as you can! Because the vulnerability is in TKIP, both WPA and WPA2 can be affected. The attack affects WPA2 if configured with TKIP because WPA2 allows both, AES and TKIP (while WPA only allows TKIP).

This must be the week for free training opportunities.  First SANS and now Core Security along with Paul Asadoorian of PaulDotCom are offering up training.

WEBCAST 1

Internet Storm Center: Threat Update
WHEN: Wednesday, November 12, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Johannes Ullrich
https://www.sans.org/webcasts/show.php?webcastid=91441
Sponsored By: Core Security http://www2.corest.com/

This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.

WEBCAST 2

SANS Special Webcast: Understanding the WPA/WPA2 Break
WHEN: Monday, November 17, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Joshua Wright
https://www.sans.org/webcasts/show.php?webcastid=92188

Presented by wireless security expert Joshua Wright, this webcast will
examine this new attack in technical detail, help organizations
understand their exposure and provide guidance to end-users and vendors
on how they can defend against this attack.

WEBCAST 3

Real-Time Adaptive Security: Proactively Mitigating Risks
WHEN: Tuesday, November 18, 2008 1t 1:00 PM EST (1800 UTC/GMT)
FEATURING: Dave Shackleford
https://www.sans.org/webcasts/show.php?webcastid=91853
Sponsored By: Sourcefire http://www.sourcefire.com/

Adaptive security can watch a network for malicious traffic and
behavioral anomalies, ferret out end point vulnerabilities, identify
real-time changes to systems, automatically enforce end point
protections and access rules, block malicious traffic, follow a
compliance dashboard while providing audit data, and so much more.

WEBCAST 4

Internet Storm Center: Threat Update
WHEN: Wednesday, December 10, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Johannes Ullrich
https://www.sans.org/webcasts/show.php?webcastid=91446
Sponsored By: Sourcefire http://www.sourcefire.com/

This monthly webcast discusses recent threats observed by the Internet
Storm Center, and discusses new software vulnerabilities or system
exposures that were disclosed over the past month. The general format
is about 30 minutes of presentation by senior ISC staff, followed by a
question and answer period.

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                       11 (#2, #3)
Linux                                           1
Unix                                            1
Cross Platform                                  9 (#1)
Web Application - Cross Site Scripting         13
Web Application - SQL Injection                38
Web Application                                35
Network Device                                  1 (#4)

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Adobe Acrobat Multiple Vulnerabilities
(2) CRITICAL: IBM Tivoli Storage Manager Buffer Overflow
(3) MODERATE: NOS Microsystems getPlus Download Manager Buffer Overflow
(4) LOW: SonicWALL Universal Script Injection

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
08.45.1  - Aztec ActiveX "Aztec.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
08.45.2  - MW6 Technologies Barcode ActiveX "Barcode.dll" Multiple Arbitrary File Overwrite Vulnerabilities
08.45.3  - MW6 DataMatrix "DataMatrix.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
08.45.4  - MW6 PDF417 "MW6PDF417.dll" ActiveX Control Multiple Arbitrary File Overwrite Vulnerabilities
08.45.5  - Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite
08.45.6  - DjVu "DjVu_ActiveX_MSOffice.dll" ActiveX Component Heap Buffer Overflow
08.45.7  - Microsoft DebugDiag "CrashHangExt.dll" ActiveX Control Remote Denial of Service
08.45.8  - Adobe PageMaker "AldFs32.dll" Key Strings Stack-Based Buffer Overflow
08.45.9  - Chilkat Crypt ActiveX Control "ChilkatCrypt2.dll" Arbitrary File Overwrite
08.45.10 - Microsoft Windows Media Player Unspecified DAT File Parsing Denial of Service
08.45.11 - Network-Client FTP Now Heap Buffer Overflow
 -- Linux
08.45.12 - htop Hidden Process Name Input Filtering
 -- Unix
08.45.13 - Dovecot Invalid Message Address Parsing Denial of Service
 -- Cross Platform
08.45.14 - Quassel Core CTCP Ping Input Validation
08.45.15 - Adobe PageMaker Font Structure Multiple Buffer Overflow Vulnerabilities
08.45.16 - Python Imageop Module "imageop.crop()" Buffer Overflow
08.45.17 - IBM Tivoli Storage Manager Client Buffer Overflow
08.45.18 - Absolute Live Support .Net Cookie Authentication Bypass
08.45.19 - Opera Web Browser 9.62 History Search Input Validation
08.45.20 - Net-SNMP GETBULK Remote Denial of Service
08.45.21 - Dns2tcp "dns_decode.c" Remote Buffer Overflow
08.45.22 - University of Washington IMAP "tmail" and "dmail" Local Buffer Overflow Vulnerabilities
 -- Web Application - Cross-Site Scripting
08.45.23 - KKE Info Media Kmita Gallery Multiple Cross-Site Scripting Vulnerabilities
08.45.24 - Opera Web Browser History Search and Links Panel Cross-Site Scripting Vulnerabilities
08.45.25 - Dorsa CMS "Default_.aspx" Cross-Site Scripting
08.45.26 - SonicWALL Content Filtering Error Page Cross-Site Scripting
08.45.27 - CompactCMS "admin/index.php" Multiple Cross-Site Scripting Vulnerabilities
08.45.28 - cPanel Cross-Site Scripting Vulnerabilities and Local File Include
08.45.29 - Fortinet Fortigate Unspecified Cross-Site Scripting
08.45.30 - Camera Life Multiple Cross-Site Scripting Vulnerabilities
08.45.31 - Tribiq CMS "template_path" Parameter Cross-Site Scripting
08.45.32 - MyGallery "gallery.inc.php" Parameter Cross-Site Scripting
08.45.33 - SignMe "signme.inc.php" Cross-Site Scripting
08.45.34 - RateMe "rate" Parameter Cross-Site Scripting
08.45.35 - Matpo.de Link "view.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.45.36 - WebCards "admin.php" Login Page SQL Injection
08.45.37 - Harlandscripts Pro Traffic One "trg" Parameter SQL Injection
08.45.38 - Harlandscripts Pro Traffic One "id" Parameter SQL Injection
08.45.39 - MyPHP Forum "post.php" and "member.php" Multiple SQL Injection Vulnerabilities
08.45.40 - e107 Lyrics Plugin "lyrics_song.php" SQL Injection
08.45.41 - phpWebSite "links.php" SQL Injection
08.45.42 - SpitFire Photo Pro "pages.php" SQL Injection
08.45.43 - Interact "email_user_key" Parameter SQL Injection
08.45.44 - Multiple Scripts For Sites Products "directory.php" SQL Injection
08.45.45 - Logz podcast CMS "add_url.php" SQL Injection
08.45.46 - Article Publisher Pro "admin.php" SQL Injection
08.45.47 - Scripts For Sites EZ Hotscripts SQL Injection
08.45.48 - EZ Webring "category.php" SQL Injection
08.45.49 - EZ BIZ PRO "track.php" SQL Injection
08.45.50 - Scripts For Sites EZ Link Directory "links.php" SQL Injection
08.45.51 - Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection
08.45.52 - Scripts For Sites EZ Career "content.php" SQL Injection
08.45.53 - Scripts For Sites EZ Top Sites "topsite.php" SQL Injection
08.45.54 - Scripts For Sites EZ e-store "searchresults.php" SQL Injection
08.45.55 - Bloggie Lite Cookie SQL Injection
08.45.56 - 1st News "id" Parameter SQL Injection
08.45.57 - Maran Project Maran PHP Shop "prodshow.php" SQL Injection
08.45.58 - Maran Project Maran PHP Shop "prod.php" SQL Injection
08.45.59 - YourFreeWorld Shopping Cart Script "c" Parameter SQL Injection
08.45.60 - YourFreeWorld Downline Builder Script "id" Parameter SQL Injection
08.45.61 - YourFreeWorld Downline Builder Pro "id" Parameter SQL Injection
08.45.62 - deV!L'z Clanportal "users" Parameter SQL Injection
08.45.63 - AJ Article "index.php" SQL Injection
08.45.64 - YourFreeWorld Blog Blaster Script "id" Parameter SQL Injection
08.45.65 - YourFreeWorld Autoresponder Hosting Script "id" Parameter SQL Injection
08.45.66 - YourFreeWorld Scrolling Text Ads Script "id" Parameter SQL Injection
08.45.67 - YourFreeWorld Reminder Service Script "id" Parameter SQL Injection
08.45.68 - YourFreeWorld Classifieds Blaster Script "id" Parameter SQL Injection
08.45.69 - YourFreeWorld Classifieds Hosting Script "id" Parameter SQL Injection
08.45.70 - ASP Forum "iFor" Parameter SQL Injection
08.45.71 - BosClassifieds "cat_id" Parameter SQL Injection
08.45.72 - Matpro.de Link "view.php" SQL Injection
08.45.73 - Dragan Mitic Apoll "admin/index.php" SQL Injection
 -- Web Application
08.45.74 - Sepal SPBOARD "board.cgi" Remote Command Execution
08.45.75 - 7-Shop "imageupload.php" Arbitrary File Upload
08.45.76 - Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary File Upload
08.45.77 - Instinct WP e-Commerce "image_processing.php" Arbitrary File Upload
08.45.78 - IBM Lotus Connections Multiple Remote Vulnerabilities
08.45.79 - Venalsur Booking Centre SQL Injection and Cross-Site Scripting Vulnerabilities
08.45.80 - Typo SQL Injection and HTML Injection Vulnerabilities
08.45.81 - Agora "MysqlfinderAdmin.php" Remote File Include
08.45.82 - Tribiq CMS Cookie Authentication Bypass
08.45.83 - Absolute File Send .Net Cookie Authentication Bypass
08.45.84 - Absolute Podcast .NET Cookie Authentication Bypass
08.45.85 - Absolute Poll Manager XE Cookie Authentication Bypass
08.45.86 - Absolute Form Processor .Net Cookie Authentication Bypass
08.45.87 - ComingChina.com U-Mail "edit.php" Arbitrary File Upload
08.45.88 - Tribiq CMS "template_path" Parameter Local File Include
08.45.89 - Absolute Banner Manager .NET Cookie Authentication Bypass
08.45.90 - Absolute News Manager .Net Cookie Authentication Bypass
08.45.91 - Absolute Control Panel XE Cookie Authentication Bypass
08.45.92 - Absolute Content Rotator Cookie Authentication Bypass
08.45.93 - Absolute News Feed Cookie Authentication Bypass
08.45.94 - Absolute FAQ Manager .NET Cookie Authentication Bypass
08.45.95 - Absolute Newsletter Cookie Authentication Bypass
08.45.96 - Sharedlog CMS Remote File Include
08.45.97 - Joomla! Flash Tree Gallery Component Remote File Include
08.45.98 - Maran Project Maran PHP Shop Cookie Authentication Bypass
08.45.99 - NetRisk SQL Injection and Cross-Site Scripting Vulnerabilities
08.45.100 - Joovili Cookie Authentication Bypass
08.45.101 - Article Publisher PRO Cookie Authentication Bypass
08.45.102 - Micro CMS "microcms-admin-home.php" Security Bypass
08.45.103 - Apartment Search Script Arbitrary File Upload and Cross-Site Scripting Vulnerabilities
08.45.104 - GeSHi "geshi.php" Remote Code Execution
08.45.105 - Acc Scripts Acc PHP eMail Cookie Authentication Bypass
08.45.106 - Acc Scripts Real Estate and Statistics Cookie Authentication Bypass
08.45.107 - Acc Scripts Acc Autos Cookie Authentication Bypass
08.45.108 - Agavi "cmplang" Parameter Directory Traversal
 -- Network Device
08.45.109 - A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML Injection Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Adobe Acrobat Multiple Vulnerabilities
Affected:
Adobe Acrobat versions prior to 9

Description: Adobe Acrobat is the most popular viewer for the Portable
Document Format (PDF) on the internet. Flaws in the handling of
JavaScript and other data embedded in PDF files could trigger one of a
variety of flaws. Successfully exploiting one of these flaws would allow
an attacker to execute arbitrary code with the privileges of the current
user. Note that PDF documents are often opened by the vulnerable
application upon receipt, without first prompting the user. Some
technical details are publicly available for this vulnerability, and it
is believed that at least some of these vulnerabilities are similar to
vulnerabilities in other PDF processing products, expanding the area of
available information. Multiple proofs-of-concept are publicly available
for these vulnerabilities. It is believed that at least one of these
vulnerabilities is being actively exploited in the wild.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-074/
http://zerodayinitiative.com/advisories/ZDI-08-073/
http://zerodayinitiative.com/advisories/ZDI-08-072/
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-19.html
Proofs-of-Concept
http://www.securityfocus.com/data/vulnerabilities/exploits/30035.zip
http://www.securityfocus.com/data/vulnerabilities/exploits/30035.c
http://www.securityfocus.com/data/vulnerabilities/exploits/2008-HI2.pdf
Vendor Home Page
http://www.adobe.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/30035
http://www.securityfocus.com/bid/29420
http://www.securityfocus.com/bid/32100
http://www.securityfocus.com/bid/32105
http://www.securityfocus.com/bid/32103

***************************************************

(2) CRITICAL: IBM Tivoli Storage Manager Buffer Overflow
Affected:
IBM Tivoli Storage Manager Express for Microsoft SQL

Description: IBM Tivoli Storage Manager provides storage and backup
management for a variety of platforms. A buffer overflow exists in its
backup client for Microsoft SQL. A specially crafted request to this
service could trigger this buffer overflow, allowing an attacker to
execute arbitrary code with the privileges of the vulnerable process
(SYSTEM). Some technical details are publicly available for this
vulnerability. An additional, possibly related, vulnerability exists in
the client's scheduling code.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-071/
IBM Security Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21322623
SecurityFocus BID
http://www.securityfocus.com/bid/31988

***************************************************

(3) MODERATE: NOS Microsystems getPlus Download Manager Buffer Overflow
Affected:
NOS Microsytems getPlus Download Manager  ActiveX Control

Description: NOS Microsytems getPlus Download Manager is a popular
software update manager, used by vendors including Adobe for Adobe's
Acrobat product. The getPlus Download Manager contains a buffer overflow
in its handling of user input. A specially crafted web page that
instantiates the control could trigger this buffer overflow, allowing
an attacker to execute arbitrary code with the privileges of the current
user. Some technical details are publicly available for this
vulnerability. Note that the known exploit case requires that a
malicious file be sourced from a domain ending in "adobe.com". This may
significantly complicate exploitation, though at least one workaround
is publicly known. When the ActiveX control is distributed by vendors
other than Adobe, this restriction will likely not be present.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7". Note that this will affect
normal application functionality.

References:
iDefense Security Advisory
'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.nosltd.com/get.html
SecurityFocus BID
http://www.securityfocus.com/bid/32105

***************************************************

(4) LOW: SonicWALL Universal Script Injection
Affected:
SonicWALL Pro versions prior to 4.0.1.1

Description: SonicWALL Pro is a popular content security appliance. It
can be used to block access to web sites based on a variety of filtering
rules. It fails to properly sanitize some blocked URLs. A specially
crafted URL that leads to a blocked website could inject arbitrary
JavaScript into the error page returned by the appliance. This would
allow an attacker to execute arbitrary JavaScript code in what users may
think is a trusted web page. A proof-of-concept for this vulnerability
is publicly available.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-070/
SonicWALL Release Notes
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31998.html
Vendor Home Page
http://www.sonicwall.com
SecurityFocus BID
http://www.securityfocus.com/bid/31998

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 45, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.45.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aztec ActiveX "Aztec.dll" ActiveX Control Multiple Arbitrary
File Overwrite Vulnerabilities
Description: Aztec ActiveX is an ATL based control for handling Aztec
2D barcode. Aztec ActiveX is exposed to multiple issues that allow
attackers to overwrite files with arbitrary, attacker-supplied
content. Aztec ActiveX version 3.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 Technologies Barcode ActiveX "Barcode.dll" Multiple
Arbitrary File Overwrite Vulnerabilities
Description: Barcode ActiveX is an ATL based control for creating
device independent barcodes. Barcode ActiveX control is exposed to
multiple issues that allow attackers to overwrite files with
arbitrary, attacker-supplied content. Barcode ActiveX version 3.0.0.1
is affected.
Ref: http://www.securityfocus.com/bid/31979
______________________________________________________________________

08.45.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 DataMatrix "DataMatrix.dll" ActiveX Control Multiple
Arbitrary File Overwrite Vulnerabilities
Description: MW6 DataMatrix ActiveX control is an application for
handling barcode data. The application is exposed to multiple issues
that allow attackers to overwrite files with arbitrary,
attacker-supplied content. MW6 DataMatrix ActiveX control version
3.0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31979
______________________________________________________________________

08.45.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: MW6 PDF417 "MW6PDF417.dll" ActiveX Control Multiple Arbitrary
File Overwrite Vulnerabilities
Description: MW6 PDF417 ActiveX control is an application for handling
barcode data. The application is exposed to multiple issues that allow
attackers to overwrite files with arbitrary, attacker supplied
content. MW6 PDF417 ActiveX control version 3.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File
Overwrite
Description: Visagesoft eXPert PDF Viewer ActiveX control is an
application for viewing PDF documents. The application is exposed to
an issue that allows attackers to overwrite files with arbitrary,
attacker-supplied content. Visagesoft eXPert PDF Viewer ActiveX
control version 3.0.990.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.45.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: DjVu "DjVu_ActiveX_MSOffice.dll" ActiveX Component Heap Buffer
Overflow
Description: The DjVu ActiveX handles files in the DjVu digital
document format. The application is exposed to a heap based buffer
overflow issue because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized memory buffer. The
DjVu ActiveX control version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/31987
______________________________________________________________________

08.45.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft DebugDiag "CrashHangExt.dll" ActiveX Control Remote
Denial of Service
Description: Microsoft DebugDiag "CrashHangExt.dll" ActiveX control is
a tool to assist in troubleshooting Windows applications. The
application is exposed to a denial of service issue because of a
NULL pointer dereference error. Microsoft DebugDiag version 1.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/497943
______________________________________________________________________

08.45.8 CVE: CVE-2007-6432
Platform: Third Party Windows Apps
Title: Adobe PageMaker "AldFs32.dll" Key Strings Stack-Based Buffer
Overflow
Description: Adobe PageMaker is a desktop publishing application. The
application is exposed to a stack based buffer overflow issue because
it fails to bounds check user-supplied data before copying it into an
insufficiently sized buffer. This issue can occur when a specially
crafted .PMD file is opened with a vulnerable application.
Adobe PageMaker version 7.0.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497952
______________________________________________________________________

08.45.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat Crypt ActiveX Control "ChilkatCrypt2.dll" Arbitrary
File Overwrite
Description: Chikat Crypt ActiveX control is used to encrypt, hash and
sign data. Chilkat Crypt ActiveX control is exposed to an issue that
allows attackers to overwrite files with arbitrary, attacker-supplied
content. This issue occurs in the of the "WriteFile()" method of the
"hilkatCrypt2.dll" ActiveX control. Chikat Crypt ActiveX control
version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/32073
______________________________________________________________________

08.45.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Microsoft Windows Media Player Unspecified DAT File Parsing
Denial of Service
Description: Microsoft Windows Media Player is a multimedia
application available for the Microsoft Windows operating system. The
application is exposed to an unspecified denial of service issue when
processing a malformed DAT file.
Ref: http://www.securityfocus.com/bid/32077
______________________________________________________________________

08.45.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Network-Client FTP Now Heap Buffer Overflow
Description: Network-Client FTP Now is an FTP client application for
Microsoft  Windows. The application is exposed to a heap-based buffer
overflow issue because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized memory buffer.
Network-Client FTP Now version 2.6 is affected.
Ref: http://www.securityfocus.com/bid/32080
______________________________________________________________________

08.45.12 CVE: Not Available
Platform: Linux
Title: htop Hidden Process Name Input Filtering
Description: htop is a process viewer for Linux. htop is exposed to an
input-filtering issue that can result in hidden process names. The
application fails to filter non-printable characters. Certain
characters can be used to corrupt the application's display. htop
version 0.7 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504144
______________________________________________________________________

08.45.13 CVE: Not Available
Platform: Unix
Title: Dovecot Invalid Message Address Parsing Denial of Service
Description: Dovecot is a mail server application for Linux and
UNIX like operating systems. Dovecot is exposed to a remote denial of
service issue because it fails to handle certain specially crafted
email headers. Dovecot versions 1.1.4 and 1.1.5 are
affected.
Ref: http://www.dovecot.org/list/dovecot-news/2008-October/000089.html
______________________________________________________________________

08.45.14 CVE: Not Available
Platform: Cross Platform
Title: Quassel Core CTCP Ping Input Validation
Description: Quassel is a distributed IRC client available for
multiple platforms; Quassel Core is its central hub component. Quassel
Core is exposed to an input validation issue that lets attackers
hijack connections and execute arbitrary IRC commands as a user of the
vulnerable application. Quassel Core versions prior to 3.0.3 are
affected.
Ref: http://quassel-irc.org/node/89
______________________________________________________________________

08.45.15 CVE: CVE-2007-5394, CVE-2007-6021
Platform: Cross Platform
Title: Adobe PageMaker Font Structure Multiple Buffer Overflow
Vulnerabilities
Description: Adobe PageMaker is an application for desktop publishing.
The application is exposed to multiple buffer overflow issues because
it fails to perform adequate boundary checks on user-supplied input.
These issues occur when handling a malformed ".PMD" file with a
specially crafted font structure. Adobe PageMaker version 7.0.1 is
affected.
Ref: http://secunia.com/secunia_research/2007-80/
______________________________________________________________________

08.45.16 CVE: Not Available
Platform: Cross Platform
Title: Python Imageop Module "imageop.crop()" Buffer Overflow
Description: Python is an interpreted dynamic object oriented
programming language that is available for many operating systems.
Python's "imageop" module is exposed to a buffer overflow issue.
Specifically, the function "imageop.crop()" fails to properly
bounds check parameters. Python versions prior to 2.5.2 are affected.
Ref: http://svn.python.org/view?rev=66689&view=rev
______________________________________________________________________

08.45.17 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Storage Manager Client Buffer Overflow
Description: IBM Tivoli Storage Manager is a data backup manager for
enterprises. The IBM Tivoli Storage Manager Client is exposed to an
unspecified buffer overflow issue. This issue affects Client Acceptor
Daemon (CAD), and also the scheduler if using PROMPTED as
the value for the SCHEDMODE option.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-071/
______________________________________________________________________

08.45.18 CVE: Not Available
Platform: Cross Platform
Title: Absolute Live Support .Net Cookie Authentication Bypass
Description: Absolute Live Support .Net is a chat application for
customer support. It is implemented in ASP.Net. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie based
authentication. Absolute Live Chat .Net version 5.1 is affected.
Ref: http://www.securityfocus.com/bid/32010
______________________________________________________________________

08.45.19 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.62 History Search Input Validation
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to an input validation issue
because of the way it stores data used for the History Search feature.
Opera Web Browser version 9.62 is affected.
Ref: http://www.securityfocus.com/bid/32015
______________________________________________________________________

08.45.20 CVE: Not Available
Platform: Cross Platform
Title: Net-SNMP GETBULK Remote Denial of Service
Description: Net-SNMP is an SNMP (Simple Network Management Protocol)
package including multiple applications. Net-SNMP is exposed to an
unspecified remote denial of service issue related to the handling of
"GETBULK" SNMP requests.
Ref: http://sourceforge.net/forum/forum.php?forum_id=882903
______________________________________________________________________

08.45.21 CVE: Not Available
Platform: Cross Platform
Title: Dns2tcp "dns_decode.c" Remote Buffer Overflow
Description: Dns2tcp is a network tool designed to relay TCP
connections through DNS traffic. The application is exposed to a
buffer overflow issue because it fails to properly validate
user-supplied input. This issue affects the "dns_decode()" function of
the "server/dns_decode.c" source file. Dns2tcp versions prior to 0.4.2
are affected.
Ref: http://www.securityfocus.com/bid/32071
______________________________________________________________________

08.45.22 CVE: Not Available
Platform: Cross Platform
Title: University of Washington IMAP "tmail" and "dmail" Local Buffer
Overflow Vulnerabilities
Description: University of Washington "tmail" and "dmail" are mail
deliver agents. "tmail" and "dmail" are exposed to local buffer
overflow issues because they fail to perform adequate boundary checks
on user-supplied data.
Ref: http://www.washington.edu/imap/documentation/RELNOTES.html
______________________________________________________________________

08.45.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: KKE Info Media Kmita Gallery Multiple Cross-Site Scripting
Vulnerabilities
Description: Kmita Gallery is a web-based gallery implemented in PHP.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/31970
______________________________________________________________________

08.45.24 CVE: CVE-2008-4795, CVE-2008-4794
Platform: Web Application - Cross Site Scripting
Title: Opera Web Browser History Search and Links Panel Cross-Site
Scripting Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input. Opera Web Browser versions prior to 9.62 are affected.
Ref: http://www.opera.com/support/search/view/906/
______________________________________________________________________

08.45.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dorsa CMS "Default_.aspx" Cross-Site Scripting
Description: Dorsa CMS is a web-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "search" parameter of
the "Default_.aspx" script when the "Page_" parameter is set to
"search".
Ref: http://www.securityfocus.com/bid/31992
______________________________________________________________________

08.45.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SonicWALL Content Filtering Error Page Cross-Site Scripting
Description: SonicWALL Content Filtering is a network security
application. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input when
displaying URI address data in the default error page. SonicWALL
Content Filtering on SonicOS Enhanced versions prior to 4.0.1.1 are
affected.
Ref: http://www.securityfocus.com/archive/1/497948
______________________________________________________________________

08.45.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CompactCMS "admin/index.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: CompactCMS is a content-management system. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. CompactCMS version
1.1 is affected.
Ref: http://www.securityfocus.com/bid/32007
______________________________________________________________________

08.45.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: cPanel Cross-Site Scripting Vulnerabilities and Local File
Include
Description: cPanel is a web hosting control panel. The application is
exposed to multiple input validation issues because it fails to
sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/497964
______________________________________________________________________

08.45.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Fortinet Fortigate Unspecified Cross-Site Scripting
Description: Fortinet Fortigate is a series of antivirus firewall
devices. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input included
in unspecified pages. This issue occurs due to the display of
user-supplied URIs.
Ref: http://www.securityfocus.com/bid/32017
______________________________________________________________________

08.45.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Camera Life Multiple Cross-Site Scripting Vulnerabilities
Description: Camera Life is a web-based photo gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. Camera Life version
2.6.2b8 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-camera-life2.html
______________________________________________________________________

08.45.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tribiq CMS "template_path" Parameter Cross-Site Scripting
Description: Tribiq CMS is a PHP based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"template_path" parameter of the
"templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php"
script. Tribiq CMS version 5.0.10a is affected.
Ref: http://www.securityfocus.com/bid/32050
______________________________________________________________________

08.45.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyGallery "gallery.inc.php" Parameter Cross-Site Scripting
Description: MyGallery is a PHP based photo gallery. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "mghash" parameter of
the "gallery.inc.php" script. MyGallery version 1.7.2 is affected.
Ref: http://holisticinfosec.org/content/view/86/45/
______________________________________________________________________

08.45.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SignMe "signme.inc.php" Cross-Site Scripting
Description: SignMe is a PHP based photo gallery. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "hash" parameter of
the "signme.inc.php" script. SignMe version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32068
______________________________________________________________________

08.45.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RateMe "rate" Parameter Cross-Site Scripting
Description: RateMe is a web-based application. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "rate" parameter.
RateMe version 1.3.3 is affected.
Ref: http://www.securityfocus.com/bid/32069
______________________________________________________________________

08.45.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Matpo.de Link "view.php" Cross-Site Scripting
Description: Matpo.de Link is a link management application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "thema"
parameter of the "view.php" script. Matpo.de Link version 1.2b is
affected.
Ref: http://www.securityfocus.com/bid/32082
______________________________________________________________________

08.45.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebCards "admin.php" Login Page SQL Injection
Description: WebCards is a PHP based ecard application. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "password" field of the
"admin.php" script when logging in as an administrator.
Ref: http://www.securityfocus.com/bid/31977
______________________________________________________________________

08.45.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Harlandscripts Pro Traffic One "trg" Parameter SQL Injection
Description: Harlandscripts Pro Traffic One is a web traffic
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "trg" parameter of the "mypage.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/archive/1/497946
______________________________________________________________________

08.45.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Harlandscripts Pro Traffic One "id" Parameter SQL Injection
Description: Harlandscripts Pro Traffic One is an application for
managing web traffic. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "poll_results.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/31994
______________________________________________________________________

08.45.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHP Forum "post.php" and "member.php" Multiple SQL Injection
Vulnerabilities
Description: MyPHP Forum is a PHP based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. MyPHP Forum version
3.0 is affected.
Ref: http://www.securityfocus.com/bid/31995
______________________________________________________________________

08.45.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 Lyrics Plugin "lyrics_song.php" SQL Injection
Description: The "Lyrics" plugin is a module for the e107 CMS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "l_id"
parameter of the "lyrics_song.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32004
______________________________________________________________________

08.45.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpWebSite "links.php" SQL Injection
Description: phpWebSite is a freely available content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter of the
"links.php" script when the "op" parameter is set to "viewlink" before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/497960
______________________________________________________________________

08.45.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SpitFire Photo Pro "pages.php" SQL Injection
Description: SpitFire Photo Pro is PHP based photo album application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "pageId" parameter
of the "pages.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/497959
______________________________________________________________________

08.45.43 CVE: CVE-2008-3867
Platform: Web Application - SQL Injection
Title: Interact "email_user_key" Parameter SQL Injection
Description: Interact is a PHP based application for online learning.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "email_user_key"
parameter of the "spaces/emailuser.php" script before using it in an
SQL query. Interact version 2.4.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497967
______________________________________________________________________

08.45.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Scripts For Sites Products "directory.php" SQL
Injection
Description: EZ Adult Directory is a PHP based script that allows
users to view and rate various adult entertainment sites. EZ Gaming
Directory is a PHP based script that allows users to view and rate
various gambling sites. These applications are exposed to an
SQL injection issue because they fail to sufficiently sanitize
user-supplied data to the "id" parameter of the "directory.php" script before
using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32021
______________________________________________________________________

08.45.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Logz podcast CMS "add_url.php" SQL Injection
Description: Logz podcast CMS is a PHP based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "art" parameter of the
"add_url.php" script before using it in an SQL query. Logz podcast CMS
version 1.3.1 is affected.
Ref: http://www.securityfocus.com/bid/32022
______________________________________________________________________

08.45.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Article Publisher Pro "admin.php" SQL Injection
Description: Article Publisher Pro is a PHP based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the login name field of
the "admin/admin.php" script before using it in an SQL query. Article
Publisher Pro version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32030
______________________________________________________________________

08.45.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Hotscripts SQL Injection
Description: EZ Hotscripts is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cid" parameter of the
"showcategory.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32031
______________________________________________________________________

08.45.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EZ Webring "category.php" SQL Injection
Description: EZ Webring is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat" parameter of the
"webring/category.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32032
______________________________________________________________________

08.45.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EZ BIZ PRO "track.php" SQL Injection
Description: EZ BIZ PRO is a link database. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "track.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32033
______________________________________________________________________

08.45.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Link Directory "links.php" SQL Injection
Description: Scripts For Sites EZ Link Directory is a PHP based link
management script. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cat_id" parameter of the "links.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32034
______________________________________________________________________

08.45.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Auction "viewfaqs.php" SQL Injection
Description: Scripts For Sites EZ Auction is a PHP based auction
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "viewfaqs.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6918
______________________________________________________________________

08.45.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Career "content.php" SQL Injection
Description: Scripts For Sites EZ Career is a PHP based job script.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "topic" parameter
of the "content.php" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/6919
______________________________________________________________________

08.45.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ Top Sites "topsite.php" SQL Injection
Description: Scripts For Sites EZ Top Sites is a PHP based web site
search script. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ts" parameter of the "topsite.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6920
______________________________________________________________________

08.45.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Scripts For Sites EZ e-store "searchresults.php" SQL Injection
Description: Scripts For Sites EZ e-store is a PHP based shopping
script. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "where"
parameter of the "searchresults.php" script before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6922
______________________________________________________________________

08.45.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bloggie Lite Cookie SQL Injection
Description: Bloggie Lite is a PHP based blog script. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data from cookies before using it in an SQL
query.
Ref: http://www.milw0rm.com/exploits/6925
______________________________________________________________________

08.45.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 1st News "id" Parameter SQL Injection
Description: 1st News is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"products.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32042
______________________________________________________________________

08.45.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Maran Project Maran PHP Shop "prodshow.php" SQL Injection
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "prodshow.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32043
______________________________________________________________________

08.45.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Maran Project Maran PHP Shop "prod.php" SQL Injection
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "prod.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32044
______________________________________________________________________

08.45.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Shopping Cart Script "c" Parameter SQL Injection
Description: The Shopping Cart script is a web-based application. The
script is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "c" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32045
______________________________________________________________________

08.45.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Downline Builder Script "id" Parameter SQL
Injection
Description: The Downline Builder script is a web-based application.
The script is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32046
______________________________________________________________________

08.45.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Downline Builder Pro "id" Parameter SQL Injection
Description: Downline Builder Pro is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32047
______________________________________________________________________

08.45.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: deV!L'z Clanportal "users" Parameter SQL Injection
Description: deV!L'z Clanportal is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "users" parameter of
the "user/index.php" script before using it in an SQL query. deV!L'z
Clanportal versions up to and including 1.4.9.6 are affected.
Ref: http://www.securityfocus.com/bid/32049
______________________________________________________________________

08.45.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ Article "index.php" SQL Injection
Description: AJ Article is a knowledgebase system. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "username" field of the "index.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32054
______________________________________________________________________

08.45.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Blog Blaster Script "id" Parameter SQL Injection
Description: Blog Blaster Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32055
______________________________________________________________________

08.45.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Autoresponder Hosting Script "id" Parameter SQL
Injection
Description: Autoresponder Hosting Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32056
______________________________________________________________________

08.45.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Scrolling Text Ads Script "id" Parameter SQL
Injection
Description: Scrolling Text Ads Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32060
______________________________________________________________________

08.45.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Reminder Service Script "id" Parameter SQL
Injection
Description: Reminder Service Script is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32061
______________________________________________________________________

08.45.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Classifieds Blaster Script "id" Parameter SQL
Injection
Description: Classifieds Blaster Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "tr.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32062
______________________________________________________________________

08.45.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: YourFreeWorld Classifieds Hosting Script "id" Parameter SQL
Injection
Description: Classifieds Hosting Script is a web-based application
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "tr.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32064
______________________________________________________________________

08.45.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP Forum "iFor" Parameter SQL Injection
Description: ASP Forum is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "iFor" parameter of
the "forum.asp" script before using it in an SQL query. ASP Forum
version 1.0 is affected.
Ref: http://www.milw0rm.com/exploits/6930
______________________________________________________________________

08.45.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BosClassifieds "cat_id" Parameter SQL Injection
Description: BosClassifieds is a classified ad application.
BosClassifieds is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied input to the "cat_id" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32075
______________________________________________________________________

08.45.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Matpro.de Link "view.php" SQL Injection
Description: Matpro.de Link is a link management application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" field of the
"view.php" script before using it in an SQL query. Matpro.de Link
version 1.2b is affected.
Ref: http://www.securityfocus.com/bid/32076
______________________________________________________________________

08.45.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dragan Mitic Apoll "admin/index.php" SQL Injection
Description: Dragan Mitic Apoll is a PHP-based poll application for
web pages. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"user" parameter of the "admin/index.php" script before using it in an
SQL query. Dragan Mitic Apoll version 0.7 is affected.
Ref: http://www.securityfocus.com/bid/32079
______________________________________________________________________

08.45.74 CVE: Not Available
Platform: Web Application
Title: Sepal SPBOARD "board.cgi" Remote Command Execution
Description: Sepal SPBOARD is a web-based bulletin board implemented
in Perl. The application is exposed to an issue that attackers can
leverage to execute arbitrary commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input to the "file" parameter of the
"board.cgi" script.
Ref: http://www.securityfocus.com/bid/31972
______________________________________________________________________

08.45.75 CVE: Not Available
Platform: Web Application
Title: 7-Shop "imageupload.php" Arbitrary File Upload
Description: 7-Shop is an online shopping cart application. The
application is exposed to an issue that lets remote attackers upload
and execute arbitrary script code on an affected computer with the
privileges of the web server process. This issue occurs because the
application fails to sufficiently sanitize file extensions before
uploading files to the web server through the
"includes/imageupload.php" script. 7-Shop version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/31978
______________________________________________________________________

08.45.76 CVE: Not Available
Platform: Web Application
Title: Mambo and Joomla! SimpleBoard "image_upload.php" Arbitrary File
Upload
Description: SimpleBoard is a PHP-based message board for the Mambo
and Joomla! content managers. The application is exposed to an issue
that lets remote attackers upload and execute arbitrary script code on
an affected computer with the privileges of the web server process. The
issue occurs because the application fails to check file extensions
properly. SimpleBoard version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/31981
______________________________________________________________________

08.45.77 CVE: Not Available
Platform: Web Application
Title: Instinct WP e-Commerce "image_processing.php" Arbitrary File
Upload
Description: WP e-Commerce is a PHP-based shopping cart extension for
WordPress content manager. The application is exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an
affected computer with the privileges of the web server process. WP
e-Commerce version 3.4 is affected.
Ref: http://www.securityfocus.com/bid/31982
______________________________________________________________________

08.45.78 CVE: Not Available
Platform: Web Application
Title: IBM Lotus Connections Multiple Remote Vulnerabilities
Description: IBM Lotus Connections is a web-based application used for
information sharing between co-workers, partners and customers. The
application is exposed to multiple issues. IBM Lotus Connections
versions prior to 2.0.1 are affected.
Ref: http://www.securityfocus.com/bid/31989
______________________________________________________________________

08.45.79 CVE: Not Available
Platform: Web Application
Title: Venalsur Booking Centre SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Venalsur Booking Centre is an online booking system. The
application is exposed to an SQL injection issue and a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "OfertaID" parameter of the
"cadena_ofertas_ext.php" script.
Ref: http://www.securityfocus.com/bid/31990
______________________________________________________________________

08.45.80 CVE: Not Available
Platform: Web Application
Title: Typo SQL Injection and HTML Injection Vulnerabilities
Description: Typo is a weblog application implemented in PHP. The
application is exposed to multiple input validation issues. The
attacker may exploit the SQL injection issue to compromise the
application, access or modify data, or exploit latent vulnerabilities
in the underlying database. Typo version 5.1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/497970
______________________________________________________________________

08.45.81 CVE: Not Available
Platform: Web Application
Title: Agora "MysqlfinderAdmin.php" Remote File Include
Description: Agora is a PHP-based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "_SESSION["PATH_COMPOSANT"]"
parameter of the "modules/Mysqlfinder/MysqlfinderAdmin.php" script.
Agora version 1.4.2 is affected.
Ref: http://www.securityfocus.com/bid/32000
______________________________________________________________________

08.45.82 CVE: Not Available
Platform: Web Application
Title: Tribiq CMS Cookie Authentication Bypass
Description: Tribiq CMS is content management system. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Tribiq CMS version 5.0.9a (beta) is affected.
Ref: http://www.securityfocus.com/bid/32001/references
______________________________________________________________________

08.45.83 CVE: Not Available
Platform: Web Application
Title: Absolute File Send .Net Cookie Authentication Bypass
Description: Absolute File Send .Net is web-based script used for file
sharing. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie based authentication. Absolute File Send .Net
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32002
______________________________________________________________________

08.45.84 CVE: Not Available
Platform: Web Application
Title: Absolute Podcast .NET Cookie Authentication Bypass
Description: Absolute Podcast .NET is a web-based application used to
create an online audio podcast. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication.
Absolute Podcast .NET version 1.0 is affected.
Ref: http://www.xigla.com/apodcasting/index.htm
______________________________________________________________________

08.45.85 CVE: Not Available
Platform: Web Application
Title: Absolute Poll Manager XE Cookie Authentication Bypass
Description: Absolute Poll Manager XE is a web-based application used
to create surveys. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used for
cookie based authentication. Absolute Poll Manager XE version
4.1 is affected.
Ref: http://www.xigla.com/absolutepm/
______________________________________________________________________

08.45.86 CVE: Not Available
Platform: Web Application
Title: Absolute Form Processor .Net Cookie Authentication Bypass
Description: Absolute Form Processor .Net is web-based script used for
forms management. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used for
cookie based authentication. Absolute Form Processor .Net version
4.0 is affected.
Ref: http://www.securityfocus.com/bid/32009
______________________________________________________________________

08.45.87 CVE: Not Available
Platform: Web Application
Title: ComingChina.com U-Mail "edit.php" Arbitrary File Upload
Description: ComingChina.com U-Mail is a PHP-based email application.
The application is exposed to an issue that lets remote attackers
upload and execute arbitrary script code on an affected computer with
the privileges of the web server process. The issue occurs because the
software fails to properly sanitize user-supplied input in the
"/webmail/modules/filesystem/edit.php" script. U-Mail version 4.9.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/497961
______________________________________________________________________

08.45.88 CVE: CVE-2008-4309
Platform: Web Application
Title: Tribiq CMS "template_path" Parameter Local File Include
Description: Tribiq CMS is a PHP-based content management system.
Tribiq CMS is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "template_path"
parameter of the
"templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php"
script. Tribiq CMS version 5.0.10a is affected.
Ref: http://www.securityfocus.com/bid/32018
______________________________________________________________________

08.45.89 CVE: Not Available
Platform: Web Application
Title: Absolute Banner Manager .NET Cookie Authentication Bypass
Description: Absolute Banner Manager .NET is web-based script used for
advertisement management. The application is exposed to an authentication
bypass issue because it fails to adequately verify user-supplied input
used for cookie-based authentication. Absolute Banner Manager
.NET version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32023
______________________________________________________________________

08.45.90 CVE: Not Available
Platform: Web Application
Title: Absolute News Manager .Net Cookie Authentication Bypass
Description: Absolute News Manager .Net is a web log application.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for cookie-based
authentication. Absolute News Manager .Net version 5.1 is affected.
Ref: http://www.securityfocus.com/bid/32024
______________________________________________________________________

08.45.91 CVE: Not Available
Platform: Web Application
Title: Absolute Control Panel XE Cookie Authentication Bypass
Description: Absolute Control Panel XE is an ASP based application.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication. Absolute Control Panel XE version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/32025
______________________________________________________________________

08.45.92 CVE: Not Available
Platform: Web Application
Title: Absolute Content Rotator Cookie Authentication Bypass
Description: Absolute Content Rotator is web-based script used for
automated content rotation. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication.
Absolute Content Rotator version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/32026
______________________________________________________________________

08.45.93 CVE: Not Available
Platform: Web Application
Title: Absolute News Feed Cookie Authentication Bypass
Description: Absolute News Feed is an RSS syndication and news
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Absolute News Feed version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/32027
______________________________________________________________________

08.45.94 CVE: Not Available
Platform: Web Application
Title: Absolute FAQ Manager .NET Cookie Authentication Bypass
Description: Absolute FAQ Manager .NET is web-based script used for
FAQ management. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used for
cookie-based authentication. Absolute FAQ Manager .NET version 6.0
is affected.
Ref: http://www.securityfocus.com/bid/32028
______________________________________________________________________

08.45.95 CVE: Not Available
Platform: Web Application
Title: Absolute Newsletter Cookie Authentication Bypass
Description: Absolute Newsletter is web-based script used for
marketing. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Absolute Newsletter version 6.1 is
affected.
Ref: http://www.securityfocus.com/bid/32029
______________________________________________________________________

08.45.96 CVE: Not Available
Platform: Web Application
Title: Sharedlog CMS Remote File Include
Description: Sharedlog CMS is a PHP-based content management system.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the
"$GLOBALS['root_dir']" parameter of the
"slideshow_uploadvideo.content.php" script.
Ref: http://www.securityfocus.com/archive/1/497978
______________________________________________________________________

08.45.97 CVE: Not Available
Platform: Web Application
Title: Joomla! Flash Tree Gallery Component Remote File Include
Description: Flash Tree Gallery is an picture gallery component for
the Joomla! content manager. The application is exposed to a remote
file include issue because it fails to sufficiently sanitize
user-supplied input to the "mosConfig_live_site" parameter of the
component's "admin.treeg.php" script.
Ref: http://www.milw0rm.com/exploits/6928
______________________________________________________________________

08.45.98 CVE: Not Available
Platform: Web Application
Title: Maran Project Maran PHP Shop Cookie Authentication Bypass
Description: Maran PHP Shop is a PHP-based shopping cart application.
The application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication.
Ref: http://www.securityfocus.com/bid/32048
______________________________________________________________________

08.45.99 CVE: Not Available
Platform: Web Application
Title: NetRisk SQL Injection and Cross-Site Scripting Vulnerabilities
Description: NetRisk is a web-based application. The application is
exposed to multiple issues. An SQL injection issue affects the "id"
parameter of the "index.php" script. A cross-site scripting issue
affects the "error" parameter of the "index.php" script. NetRisk
versions up to and including 2.0 are affected.
Ref: http://www.securityfocus.com/bid/32051
______________________________________________________________________

08.45.100 CVE: Not Available
Platform: Web Application
Title: Joovili Cookie Authentication Bypass
Description: Joovili is a content management system. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. Joovili version 3.1.4 is affected.
Ref: http://www.securityfocus.com/bid/32058
______________________________________________________________________

08.45.101 CVE: Not Available
Platform: Web Application
Title: Article Publisher PRO Cookie Authentication Bypass
Description: Article Publisher PRO is a content management system. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Article Publisher PRO version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32059
______________________________________________________________________

08.45.102 CVE: Not Available
Platform: Web Application
Title: Micro CMS "microcms-admin-home.php" Security Bypass
Description: Micro CMS is a content management system. The application
is exposed to a security bypass issue because it fails to restrict
access to the "microcms-admin-home.php" script. Micro CMS versions up
to and including 0.3.5 are affected.
Ref: http://www.securityfocus.com/bid/32063
______________________________________________________________________

08.45.103 CVE: Not Available
Platform: Web Application
Title: Apartment Search Script Arbitrary File Upload and Cross-Site
Scripting Vulnerabilities
Description: Apartment Search Script is a web-based application. The
application is exposed to an issue that lets attackers upload and
execute arbitrary code. This  issue occurs because the application
fails to sufficiently sanitize user-supplied input when uploading
images while editing user profiles.
Ref: http://www.securityfocus.com/bid/32065
______________________________________________________________________

08.45.104 CVE: Not Available
Platform: Web Application
Title: GeSHi "geshi.php" Remote Code Execution
Description: GeSHi (Generic Syntax Highlighter) is a PHP-based
application that highlights source code in various colors. The
application is exposed to a remote code execution issue that occurs in
the "geshi.php" script. GeSHi versions prior to 1.0.8.1 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=637321
______________________________________________________________________

08.45.105 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Acc PHP eMail Cookie Authentication Bypass
Description: Acc Scripts Acc PHP eMail is a web-based script used for
email subscription management. The application is exposed to an
authentication bypass issue because it fails to adequately verify
user-supplied input used for cookie-based authentication. Acc Scripts
Acc PHP eMail version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32074
______________________________________________________________________

08.45.106 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Real Estate and Statistics Cookie Authentication
Bypass
Description: Acc Real Estate is a PHP-based real estate application.
Acc Statistics is a PHP-based website statistics application. The
application is exposed to an authentication bypass issue because
it fails to adequately verify user-supplied input used for
cookie-based authentication. Acc Statistics versions 1.1 and Acc Real
Estate 4.0 are affected.
Ref: http://www.securityfocus.com/bid/32078
______________________________________________________________________

08.45.107 CVE: Not Available
Platform: Web Application
Title: Acc Scripts Acc Autos Cookie Authentication Bypass
Description: Acc Scripts Acc Autos is a PHP-based automobile listing
application. The application is exposed to an authentication bypass
issue because it fails to adequately verify user-supplied input used
for cookie-based authentication. Acc Autos version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32083
______________________________________________________________________

08.45.108 CVE: Not Available
Platform: Web Application
Title: Agavi "cmplang" Parameter Directory Traversal
Description: Agavi is a PHP application framework. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "cmplang" parameter
of the "index.php" script. Agavi version 1.0.0 beta 5 is affected.
Ref: http://www.securityfocus.com/bid/32086
______________________________________________________________________

08.45.109 CVE: Not Available
Platform: Network Device
Title: A-Link WL54AP3 and WL54AP2 Cross-Site Request Forgery and HTML
Injection Vulnerabilities
Description: A-Link WL54AP3 and WL54AP2 are wireless routers. A-Link
WL54AP3 and WL54AP2 are exposed to multiple remote issues.
A cross-site request forgery vulnerability may allow attackers to
change DNS servers, enable the WAN web server, and change usernames and
passwords. An HTML injection vulnerability affects the
'Domain name'"textbox" included in the management interface.
Ref: http://www.louhinetworks.fi/advisory/alink_081028.txt
______________________________________________________________________

While out reviewing different material I stumbled across this and wanted to pass it on.  I found it quite interesting.

GOOGLING SECURITY: HOW MUCH DOES GOOGLE KNOW ABOUT YOU?
Greg Conti, Contributor

The following is an excerpt from the book Googling security: How much does Google know about you?. In this section of Chapter 7:
Advertising and Embedded Content (.pdf), author Greg Conti explains how attackers can exploit advertising networks to compromise end-user machines and much more.

Malicious ad-serving
Advertising networks are more than just information-disclosure risks.
They also serve as a malware attack vector. Advertising services pay web site owners for publishing advertisements on their web sites. A very common technique is the banner ad we’ve all seen at the top of web pages. Such ads usually take the form of animated GIF files, but they now include many image and video formats.

Individuals and organizations that want to advertise using such a service create a media file and pay an advertiser a fee, and the advertiser serves the image to thousands of visitors of sites that belong to its advertising network.
Read more:
http://go.techtarget.com/r/4952474/6175189
Listen to part 1 of this tip as an MP3:
http://go.techtarget.com/r/4952475/6175189
Listen to part 2:
http://go.techtarget.com/r/4952476/6175189

My apologies on the lack of posts this week.  Work has been a bear and teachning a CISSP class every week has started to catch up with me also.  All in all though it is a great time to be working with security.  Microsoft’s patch was a big one and there are several exploits attacking against it.  If you haven’t patched yet please do so.

On to the Vulnerabilities:

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
(2) HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
(3) HIGH: Opera Multiple Vulnerabilities
(4) HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
(5) MODERATE: Sun Java Web Start Remote Command Execution

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
08.44.1  - Multiple EMC NetWorker Products "nsrexecd.exe" RPC Request Denial of Service
08.44.2  - freeSSHd SFTP "rename" Remote Denial of Service
08.44.3  - SilverSHielD "opendir()" Remote Denial of Service
08.44.4  - DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple File Corruption Vulnerabilities
08.44.5  - TUGZip ZIP File Remote Buffer Overflow
08.44.6  - PumpKIN Mode Field Remote Denial of Service
 -- Linux
08.44.7  - Linux Kernel "do_splice_from()" Local Security Bypass
08.44.8  - Netpbm "pamperspective" Utility Buffer Overflow
08.44.9  - eCryptfs Password Information Disclosure
08.44.10 - Linux Kernel "proc_do_xprt()" Local Buffer Overflow
 -- Solaris
08.44.11 - Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
 -- Unix
08.44.12 - GNU Enscript "src/psgen.c" Stack Based Buffer Overflow
08.44.13 - "imlib2" Library Multiple Unspecified Vulnerabilities
 -- Novell
08.44.14 - Novell eDirectory NCP Unspecified Remote Memory Corruption
 -- Cross Platform
08.44.15 - NXP Semiconductors MIFARE Classic Smartcard Multiple Security Weaknesses
08.44.16 - IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
08.44.17 - fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File Creation Vulnerabilities
08.44.18 - Sun Java System LDAP JDK Search Feature Information Disclosure
08.44.19 - Trend Micro OfficeScan CGI Parsing Buffer Overflow
08.44.20 - HP OpenView Products Shared Trace Service RPC Request Handling Denial of Service
08.44.21 - Cisco PIX and ASA Appliance IPv6 Denial of Service
08.44.22 - Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
08.44.23 - Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of Service
08.44.24 - VLC Media Player Multiple Remote Integer Overflow Vulnerabilities
08.44.25 - Opera Web Browser History Search Input Validation
08.44.26 - GoodTech SSH Server SFTP Multiple Buffer Overflow Vulnerabilities
08.44.27 - "libspf2" DNS TXT Record Handling Remote Buffer Overflow
08.44.28 - WebSVN Multiple Remote Input Validation Vulnerabilities
08.44.29 - KVIrc URI Handler Remote Format String
08.44.30 - Sun Java Web Start Remote Command Execution
08.44.31 - Lynx ".mailcap" and ".mime.type" Files Local Code Execution
08.44.32 - Libpng Library "png_handle_tEXt()" Memory Leak Denial of Service
08.44.33 - jhead "DoCommand()" Arbitrary Command Execution
08.44.34 - Blender "BPY_interface.c" Remote Command Execution
08.44.35 - Perl File::Find::Object Module Format String
08.44.36 - Citrix Web Interface Security Bypass
08.44.37 - Questwork QuestCMS Multiple Remote Vulnerabilities
08.44.38 - Android Web Browser Unspecified Remote Code Execution
08.44.39 - MyKtools Database Disclosure
08.44.40 - Multiple Products Unspecified Library MP4 File Remote Denial of Service
08.44.41 - Microsoft Internet Explorer " " Address Bar URI Spoofing
08.44.42 - OpenOffice WMF and EMF File Handling Multiple Heap Based Buffer Overflow Vulnerabilities
 -- Web Application - Cross Site Scripting
08.44.43 - Multiple Vendor Web Browser FTP Client Cross-Site Scripting
08.44.44 - Jetbox CMS "liste" Parameter Cross-Site Scripting
08.44.45 - MiniPortail "search.php" Cross-Site Scripting and Local File Include Vulnerabilities
08.44.46 - ClipShare Pro "fullscreen.php" Cross-Site Scripting
08.44.47 - Kayako eSupport "html-tidy-logic.php" Cross-Site Scripting
08.44.48 - iPei Guestbook "pg" Parameter Cross-Site Scripting
08.44.49 - phpMyAdmin "pmd_pdf.php" Cross-Site Scripting
08.44.50 - MyBB "moderation.php" Cross-Site Scripting
08.44.51 - PHP-Nuke Nuke League Module "tid" Parameter Cross-Site Scripting
08.44.52 - KKE Info Media Kmita Catalogue "search.php" Cross-Site Scripting
08.44.53 - Extrakt Framework "index.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.44.54 - Dizi Portali "diziler.asp" SQL Injection
08.44.55 - phPhotoGallery "index.php" SQL Injection
08.44.56 - Bahar Download Script "aspkat.asp" SQL Injection
08.44.57 - ShopMaker "product.php" SQL Injection
08.44.58 - KBase Joomla! Component "id" Parameter SQL Injection
08.44.59 - Joomla! and Mambo Daily Message Component "id" Parameter SQL Injection
08.44.60 - Dorsa CMS "ShowPage.aspx" SQL Injection
08.44.61 - LoudBlog "ajax.php" SQL Injection
08.44.62 - CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
08.44.63 - UC Gateway Investment SiteEngine "announcements.php" SQL Injection
08.44.64 - MindDezign Photo Gallery "id" Parameter SQL Injection
08.44.65 - AJ RSS Reader "EditUrl.php" SQL Injection
08.44.66 - KasraCMS "index.php" Multiple SQL Injection Vulnerabilities
08.44.67 - SFS Ez Forum "forum.php" SQL Injection
08.44.68 - PozScripts Classified Ads "gotourl.php" SQL Injection
08.44.69 - Graphiks MyForum "lecture.php" SQL Injection
08.44.70 - Persia BME E-Catalogue "search.asp" SQL Injection
08.44.71 - Tandis CMS "index.php" Multiple SQL Injection Vulnerabilities
08.44.72 - e107 CMS "alternate_profiles" Plugin "newuser.php" SQL Injection
08.44.73 - bcoos "modules/banners/click.php" SQL Injection
08.44.74 - e107 CMS EasyShop Plugin "easyshop.php" SQL Injection
08.44.75 - All In One Control Panel "cp_polls_results.php" SQL Injection
08.44.76 - PersianBB "iranian_music.php" SQL Injection
08.44.77 - H&H Solutions WebSoccer "id" SQL Injection
08.44.78 - ElkaGroup Image Gallery "view.php" SQL Injection
 -- Web Application
08.44.79 - LightBlog Multiple Local File Include Vulnerabilities
08.44.80 - TikiWiki Multiple Unspecified Vulnerabilities
08.44.81 - Joomla! Archaic Binary Gallery "com_ab_gallery" Component Directory Traversal
08.44.82 - Smarty Template Engine "Smarty_Compiler.class.php"  Security Bypass
08.44.83 - Mantis "string_api.php" Issue Number Information Disclosure
08.44.84 - Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload
08.44.85 - phpcrs "frame.php" Local File Include
08.44.86 - Joomla! ionFiles Component "download.php" Directory Traversal
08.44.87 - Drupal Book Page Title HTML Injection
08.44.88 - Osprey "ListRecords.php" Multiple Remote File Include Vulnerabilities
08.44.89 - TXTshop "header.php" Local File Include
08.44.90 - Snoopy "_httpsrequest()" Arbitrary Command Execution
08.44.91 - UC Gateway Investment SiteEngine "api.php" URI Redirection
08.44.92 - Joomla! RWCards Component "captcha_image.php" Local File Include
08.44.93 - aflog Cookie Authentication Bypass
08.44.94 - MindDezign Photo Gallery "admin" Module Unauthorized Access
08.44.95 - Drupal "bootstrap.inc" Local File Include
08.44.96 - New Earth Programming Team Image Upload Script Arbitrary File Upload
08.44.97 - BuzzScripts BuzzyWall "download.php" Directory Traversal
08.44.98 - Php-Daily Multiple Input Validation Vulnerabilities
08.44.99 - tlNews Cookie Authentication Bypass
08.44.100 - Ads Pro "dhtml.pl" Remote Command Execution
08.44.101 - KTorrent PHP Code Injection and Security Bypass Vulnerabilities
08.44.102 - bcoos "include/common.php" Remote File Include
08.44.103 - Python "Imageop" Module Argument Validation Buffer Overflow
08.44.104 - Eaton Network Shutdown Module Authentication Bypass
08.44.105 - Graphiks MyForum "centre.php" Local File Include
08.44.106 - MyBB Message Attachment Predictable Filename Information Disclosure
08.44.107 - tlAds Cookie Authentication Bypass
08.44.108 - MyKtools "update.php" Local File Include
08.44.109 - WebGUI "Asset.pm" Perl Module Handling Code Execution
08.44.110 - libgadu Contact Description Remote Buffer Overflow
08.44.111 - Graphiks MyForum Cookie Authentication Bypass
08.44.112 - tlGuestBook Cookie Authentication Bypass
08.44.113 - Agares Media ThemeSiteScript "frontpage_right.php" Remote File Include
08.44.114 - H2O-CMS PHP Code Injection and Cookie Authentication Bypass Vulnerabilities
08.44.115 - Atlassian JIRA Cross-Site Scripting and HTML Injection Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) UPDATE: Microsoft Windows RPC Remote Code Execution Vulnerability (MS08-067)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: Last week, Microsoft issued an out-of-cycle patch for a
remote code execution vulnerability in various versions of Microsoft
Windows; the initial announcement was covered in that week's @RISK.
Further details are now available for this vulnerability. The flaw
originates from a flaw in the Microsoft Windows Server Service, which
exports a Remote Procedure Call (RPC) interface. A flaw in one of the
exported procedures could allow an attacker to execute arbitrary code
with the privileges of the vulnerable process (SYSTEM). The vulnerable
procedures do not require authentication on versions of Microsoft
Windows other than Windows Vista and Windows Server 2008. Microsoft
believes that this vulnerability is being actively exploited in the
wild. Proofs-of-Concept for this vulnerability are now publicly
available.

Status: Vendor confirmed, updates available. Users are urged to patch
as quickly as possible.

References:
Previous @RISK Entry
https://www.sans.org/newsletters/risk/display.php?v=7&i=43#widely1
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
Proofs-of-Concept
https://metasploit.com/ms08_067_netapi.rb
https://www.immunityinc.com/downloads/immpartners/ms08_067-3.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067-2.tgz
https://www.immunityinc.com/downloads/immpartners/ms08_067.tgz
http://www.securityfocus.com/data/vulnerabilities/exploits/31874.zip
SecurityFocus BID
http://www.securityfocus.com/bid/31874

**************************************

(2) HIGH: OpenOffice.org WMF and EMF File Handling Multiple Buffer Overflows
Affected:
OpenOffice.org versions prior to 2.4.2

Description: OpenOffice.org is a popular open source office suite. It
is installed by default on numerous Unix- and Linux-based operating
systems, and is commonly installed on Microsoft Windows and Apple Mac
OS X systems. It contains multiple flaws in its handling of Windows
Metafile (WMF) and Enhanced Metafile (EMF) image files. A specially
crafted WMF or EMF image could trigger one of several heap-based buffer
overflows in OpenOffice.org. Successfully exploiting one of these
vulnerabilities would allow an attacker to execute arbitrary code with
the privileges of the current user. Depending upon configuration,
malicious documents may be opened upon receipt without first prompting
the user. Details on these vulnerabilities is available via source code
analysis. The commercial fork of OpenOffice.org, StarOffice, is presumed
vulnerable as well.

Status: Vendor confirmed, updates available.

References:
OpenOffice.org Security Bulletins
http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
Wikipedia Article on the Windows Metafile and Enhanced Metafile File Formats
http://en.wikipedia.org/wiki/Enhanced_Metafile
Vendor Home Page
http://www.openoffice.org/
SecurityFocus BID
http://www.securityfocus.com/bid/31962

**************************************

(3) HIGH: Opera Multiple Vulnerabilities
Affected:
Opera versions prior to 9.62

Description: Opera is a popular cross-platform web browser. It contains
multiple vulnerabilities in its handling of JavaScript URLs and history
entries. Entries placed in the browser's history are not properly
sanitized, nor are JavaScript URLs. A specially crafted web page could
trigger this vulnerability to execute arbitrary JavaScript code in a
higher security context than would otherwise be allowed. Some technical
details for these vulnerabilities are publicly available.

Status: Vendor confirmed, updates available.

References:
Opera Security Advisories
http://www.opera.com/support/search/view/907/
http://www.opera.com/support/search/view/906/
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/31991

**************************************

(4) HIGH: Adobe PageMaker PMD File Handling Buffer Overflows
Affected:
Adobe PageMaker versions 7.0.1 and prior

Description: Adobe PageMaker is a popular desktop publishing
application. It contains multiple buffer overflows in its handling of
PMD (PageMaker) files. A specially crafted PMD file could trigger one
of these buffer overflows, allowing an attacker to execute arbitrary
code with the privileges of the current user. Depending upon
configuration, malicious files may be opened upon receipt without first
prompting the user. Some technical details are publicly available for
these vulnerabilities.

Status: Vendor confirmed, updates available. A third vulnerability is
confirmed, but unpatched.

References:
Secunia Security Advisory
http://secunia.com/advisories/27200/
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-10.html
Product Home Page
http://www.adobe.com/products/pagemaker/
SecurityFocus BID
http://www.securityfocus.com/bid/31975

**************************************

(5) MODERATE: Sun Java Web Start Remote Command Execution
Affected:
Sun Java Web Start 

Description: Sun Java Web Start is part of Sun's Java Runtime
Environment, and allows Java applications to be launched from a web
browser. It contains an input validation error in its handling of Web
Start requests. A specially crafted web page could exploit this
vulnerability to exploit arbitrary commands with the privileges of the
current user. Technical details for this vulnerability are publicly
available, but are unconfirmed. The Sun Java Runtime Environment is
installed by default on numerous Unix- and Linux-based operating systems
as well as Apple Mac OS X. It is often installed on Microsoft Windows
systems.

Status: Vendor has not confirmed, no updates available.

References:
Posting by Varun Srivastava
http://www.securityfocus.com/archive/1/497799
Sun Java Web Start Home Page
http://java.sun.com/javase/technologies/desktop/javawebstart/index.jsp
SecurityFocus BID
http://www.securityfocus.com/bid/31916

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 44, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.44.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Multiple EMC NetWorker Products "nsrexecd.exe" RPC Request
Denial of Service
Description: EMC NetWorker is a centralized data-protection system
available for multiple operating systems. Multiple EMC NetWorker
products are exposed to a denial of service issue because they fail to
adequately bounds check user-supplied data. This issue stems from a
failure to handle malicious Remote Procedure Call (RPC) requests.
Ref: http://www.securityfocus.com/archive/1/497666
______________________________________________________________________

08.44.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: freeSSHd SFTP "rename" Remote Denial of Service
Description: freeSSHd is an SSH server for Microsoft Windows. The
application is exposed to a denial of service issue because it fails
to handle excessively large arguments passed by a remote user.
Specifically, this issue presents itself when attackers send
excessively long arguments to a "rename" command via SFTP. freeSSHd
version 1.2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/497746
______________________________________________________________________

08.44.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: SilverSHielD "opendir()" Remote Denial of Service
Description: SilverSHielD is an SSH/SFTP server for Microsoft Windows.
The application is exposed to a denial of service issue because it
fails to handle specially-crafted data passed to the "opendir()"
function. SilverSHielD version 1.0.2.34 is affected.
Ref: http://www.securityfocus.com/bid/31884
______________________________________________________________________

08.44.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: DB Software Laboratory "VImpX.ocx" ActiveX Control Multiple
File Corruption Vulnerabilities
Description: VImpX is an ActiveX control that imports data into
various databases. DB Software Laboratory "VImpX.ocx" ActiveX control
is exposed to multiple file corruption issues. VImpX version 4.8.8.0
is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.44.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: TUGZip ZIP File Remote Buffer Overflow
Description: TUGZip is a file archiving application for Microsoft
Windows platforms. The application is exposed to a remote buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. TUGZip version 3.00 is affected.
Ref: http://www.securityfocus.com/bid/31913
______________________________________________________________________

08.44.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: PumpKIN Mode Field Remote Denial of Service
Description: PumpKIN is a TFTP server available for Microsoft Windows.
PumpKIN is exposed to a remote denial of service issue when processing
packets with overly long mode field values. PumpKIN version 2.7.2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31922
______________________________________________________________________

08.44.7 CVE: CVE-2008-4554
Platform: Linux
Title: Linux Kernel "do_splice_from()" Local Security Bypass
Description: The Linux kernel is exposed to a local security bypass
issue because the "do_splice_from()" function in "fs/splice.c" fails
to reject file descriptors that have the "O_APPEND" flag set. Linux
kernel versions prior to 2.6.27 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=466707
______________________________________________________________________

08.44.8 CVE: Not Available
Platform: Linux
Title: Netpbm "pamperspective" Utility Buffer Overflow
Description: Netpbm is a collection of utilities for manipulating
images. The "pamperspective" application is used to manipulate the
perspective of images. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. Netpbm versions prior to 10.35.48 stable are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1090
______________________________________________________________________

08.44.9 CVE: Not Available
Platform: Linux
Title: eCryptfs Password Information Disclosure
Description: eCryptfs is a Linux cryptographic file system. The
software is exposed to an information disclosure issue. Specifically,
this issue arises because the "ecryptfs-setup-private" program passes
the "login" and "mount" passwords directly to
"ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" in plain text
via the command line.
Ref:
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53
______________________________________________________________________

08.44.10 CVE: CVE-2008-3911
Platform: Linux
Title: Linux Kernel "proc_do_xprt()" Local Buffer Overflow
Description: The Linux kernel is exposed to a local buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. This issue occurs in the "proc_do_xprt()" function
in the "net/sunrpc/sysctl.c" source file. Linux kernel versions
2.6.24-git13 through 2.6.26.4 are affected.
Ref: http://lkml.org/lkml/2008/8/30/140
______________________________________________________________________

08.44.11 CVE: Not Available
Platform: Solaris
Title: Sun Integrated Lights-Out Manager (ILOM) Authentication Bypass
Description: Sun Integrated Lights-Out Manager (ILOM) is a product for
managing and monitoring systems. ILOM is exposed to an authentication
bypass issue caused by an unspecified error. Attackers can exploit
this vulnerability to gain access to the service processor (SP)
through the web interface.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243486-1
______________________________________________________________________

08.44.12 CVE: CVE-2008-3863
Platform: Unix
Title: GNU Enscript "src/psgen.c" Stack-Based Buffer Overflow
Description: GNU Enscript is a freely available, open-source program
for transforming ASCII files into PostScript documents. The utility is
used mainly on UNIX and Linux operating systems. GNU Enscript is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate checks on user-supplied input. GNU Enscript versions
1.6.1 and 1.6.4 (beta) are affected.
Ref: http://secunia.com/secunia_research/2008-41/
______________________________________________________________________

08.44.13 CVE: Not Available
Platform: Unix
Title: "imlib2" Library Multiple Unspecified Vulnerabilities
Description: The "imlib2" library is used to view and render various
types of images. It is available for UNIX, Linux, and other UNIX-like
operating systems. The application is exposed to multiple issues
caused by unspecified errors. "imlib2" versions prior to 1.4.2 are
affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=2&release_id=634778
______________________________________________________________________

08.44.14 CVE: Not Available
Platform: Novell
Title: Novell eDirectory NCP Unspecified Remote Memory Corruption
Description: Novell eDirectory is a Lightweight Directory Access
Protocol (LDAP) server that also implements NCP (NetWare Core
Protocol). Novell eDirectory is exposed to an unspecified remote
memory corruption issue related to the NetWare Core Protocol (NCP).
eDirectory versions 8.7.3 SP10 prior to 8.7.3 SP10 FTF1 are affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
______________________________________________________________________

08.44.15 CVE: Not Available
Platform: Cross Platform
Title: NXP Semiconductors MIFARE Classic Smartcard Multiple Security
Weaknesses
Description: The MIFARE Classic smartcard is a contactless proximity
card based on the ISO/IEC 14443 RFID standard. The card has been
implemented for storing and tracking electronic fares in several major
transit systems. The issue occurs because the tag nonce directly
manipulates the internal state of the LFSR. If an attacker can access
a segment of the key stream, they can recover the current state of the
LFSR.
Ref: http://www.securityfocus.com/archive/1/497640
______________________________________________________________________

08.44.16 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple
Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms, including Linux, AIX, Solaris,
and Microsoft Windows. The application is exposed to multiple issues.
DB2 versions prior to 9.1 Fixpak 6 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27013892
______________________________________________________________________

08.44.17 CVE: CVE-2008-4579
Platform: Cross Platform
Title: fence "fence_apc" and "fence_apc_snmp" Insecure Temporary File
Creation Vulnerabilities
Description: The "fence" program is a component of the cluster2
Cluster Manager system. The application creates temporary files in an
insecure manner. Specifically, the following programs are affected:
"fence_apc" and "fence_apc_snmp". The "fence" component of cluster 2
2.03.08 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467386
______________________________________________________________________

08.44.18 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System LDAP JDK Search Feature Information Disclosure
Description: Sun Java System LDAP JDK is a directory SDK for Java. Sun
Java System LDAP JDK is exposed to an information disclosure issue
because it fails to restrict access to potentially sensitive
information.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-242246-1
______________________________________________________________________

08.44.19 CVE: CVE-2008-3862
Platform: Cross Platform
Title: Trend Micro OfficeScan CGI Parsing Buffer Overflow
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. OfficeScan is exposed to a buffer overflow issue
because the application fails to properly bounds check user-supplied
data when parsing CGI requests before copying the data into an
insufficiently sized memory buffer. OfficeScan version 7.3 with Patch
4 build 1362 and OfficeScan version 8.0 SP1 Patch 1 is affected.
Ref:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
______________________________________________________________________

08.44.20 CVE: CVE-2007-4349
Platform: Cross Platform
Title: HP OpenView Products Shared Trace Service RPC Request Handling
Denial of Service
Description: Multiple HP OpenView products are exposed to a denial of
service issue. This issue affects the OpenView Shared Trace Service
and is caused by an access violation when the software handles a
specially crafted sequence of RPC requests. HP OpenView Reporter
version 3.70 and HP Performance Agent version 4.70 is affected.
Ref: http://secunia.com/secunia_research/2007-83/
______________________________________________________________________

08.44.21 CVE: CVE-2008-3816
Platform: Cross Platform
Title: Cisco PIX and ASA Appliance IPv6 Denial of Service
Description: Cisco ASA and PIX are security appliances. Multiple Cisco
security appliances are prone to a denial of service issue when
configured for IPv6. An attacker can exploit this issue by sending
specially crafted IPv6 packets to cause the affected devices to
reload, denying service to legitimate users.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
______________________________________________________________________

08.44.22 CVE: CVE-2008-3815
Platform: Cross Platform
Title: Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass
Description: Cisco PIX and ASA are security appliances. Cisco PIX and
ASA are exposed to an authentication bypass issue when configured to
use IPSec or SSL based remote access VPN with Microsoft Windows NT
Domain authentication.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml
______________________________________________________________________

08.44.23 CVE: CVE-2008-3817
Platform: Cross Platform
Title: Cisco ASA Appliance Crypto Accelerator Memory Leak Denial of
Service
Description: Cisco ASA security appliances are exposed to a remote
denial of service issue. The hardware Crypto Accelerator included with
these appliances is exposed to a denial of service issue.
Ref:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080a183ba.shtml#@ID
______________________________________________________________________

08.44.24 CVE: CVE-2008-4686
Platform: Cross Platform
Title: VLC Media Player Multiple Remote Integer Overflow
Vulnerabilities
Description: VLC is a cross-platform media player. VLC media player is
exposed to multiple integer overflow issues because it fails to
perform adequate boundary checks on integer values. VLC media player
version 0.9.4 is affected.
Ref:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3
______________________________________________________________________

08.44.25 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser History Search Input Validation
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The browser is exposed to an input validation issue
because of the way it stores data used for the History Search feature.
Opera Web Browser versions prior to 9.61 are affected.
Ref: http://www.opera.com/support/search/view/903/
______________________________________________________________________

08.44.26 CVE: Not Available
Platform: Cross Platform
Title: GoodTech SSH Server SFTP Multiple Buffer Overflow
Vulnerabilities
Description: GoodTech SSH Server is a server that facilitates secure
connections from remote users. The application is exposed to multiple
buffer overflow issues because it fails to bounds check user-supplied
data before copying it into an insufficiently sized buffer. GoodTech
SSH Server version 6.4 is affected.
Ref: http://www.securityfocus.com/archive/1/497745
______________________________________________________________________

08.44.27 CVE: CVE-2008-2469
Platform: Cross Platform
Title: "libspf2" DNS TXT Record Handling Remote Buffer Overflow
Description: The "libspf2" library is used to implement the Sender
Policy Framework (SPF). The library is exposed to a remote buffer
overflow issue that arises due to a lack of bounds checking when
handling specially-crafted DNS TXT records. "libspf2" library versions
prior to 1.2.8 are affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
______________________________________________________________________

08.44.28 CVE: Not Available
Platform: Cross Platform
Title: WebSVN Multiple Remote Input Validation Vulnerabilities
Description: WebSVN is an online SVN repository viewer. The
application is exposed to multiple remote input validation issues. The
command execution vulnerability affects the WebSVN 1.0 branch; the
remaining issues affect WebSVN version 2.0.
Ref: http://www.gulftech.org/?node=research&article_id=00132-10202008
______________________________________________________________________

08.44.29 CVE: Not Available
Platform: Cross Platform
Title: KVIrc URI Handler Remote Format String
Description: KVIrc is an IRC client available for various operating
systems. KVIrc is exposed to a remote format string issue because it
fails to sufficiently sanitize user-supplied input before including it
in the format specifier argument of a formatted printing function.
KVIrc version 3.4.0 is affected.
Ref: http://www.securityfocus.com/bid/31912
______________________________________________________________________

08.44.30 CVE: Not Available
Platform: Cross Platform
Title: Sun Java Web Start Remote Command Execution
Description: Sun Java Web Start is a utility included in the Java
Runtime Environment. It enables Java applications to launch either
from a desktop or from a web page. Sun Java Web Start is exposed to a
remote command execution issue that occurs when a Java Web Start
application containing specially-crafted content is handled.
Ref: http://www.securityfocus.com/archive/1/497799
______________________________________________________________________

08.44.31 CVE: CVE-2006-7234
Platform: Cross Platform
Title: Lynx ".mailcap" and ".mime.type" Files Local Code Execution
Description: Lynx is an open-source, text based web client available
for multiple platforms. Lynx is exposed to a local code execution
issue because it insecurely reads ".mailcap" and ".mime.type" files
from the application's current working-directory. Lynx versions prior
to 2.8.6rel.4 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=214205
______________________________________________________________________

08.44.32 CVE: Not Available
Platform: Cross Platform
Title: Libpng Library "png_handle_tEXt()" Memory Leak Denial of
Service
Description: The "libpng" library is a PNG reference library. The
library is exposed to a remote denial of service issue because it
fails to handle malicious PNG files. Specifically, this vulnerability
resides in the "png_handle_tEXt()" function of the "pngrutil.c" file
and is caused by memory leak error. "libpng" version 1.2.32 is
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=635463&group_id=5624
______________________________________________________________________

08.44.33 CVE: CVE-2008-4641
Platform: Cross Platform
Title: jhead "DoCommand()" Arbitrary Command Execution
Description: The "jhead" tool is used for manipulating Exif JPEG
headers. The "jhead" tool is exposed to an arbitrary command execution
issue. Specifically, the issue occurs in the "DoCommand()" function of
the "jhead.c" file when processing filenames that contain shell meta
characters. jhead versions 2.84 and earlier are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________

08.44.34 CVE: Not Available
Platform: Cross Platform
Title: Blender "BPY_interface.c" Remote Command Execution
Description: Blender is an open-source suite for creating 3D content;
it is available for various operating systems. Blender is exposed to a
remote command execution issue because it may include Python files
from an unsafe location. Blender version 2.48a is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
______________________________________________________________________

08.44.35 CVE: Not Available
Platform: Cross Platform
Title: Perl File::Find::Object Module Format String
Description: File::Find::Object is a Perl module used to search
directory trees for specific files. File::Find::Object is exposed to a
format string issue in its handling of certain loop conditions.
File::Find::Object versions prior to 0.1.1 are affected.
Ref: http://search.cpan.org/src/SHLOMIF/File-Find-Object-0.1.1/Changes
______________________________________________________________________

08.44.36 CVE: Not Available
Platform: Cross Platform
Title: Citrix Web Interface Security Bypass
Description: Citrix Web Interface is an application deployment system
that provides users with access to Citrix Presentation Server
applications through a standard browser. A security bypass issue may
allow attackers to take over a previously terminated session. Citrix
Web Interface versions 5.0 and 5.0.1 are affected.
Ref: http://support.citrix.com/article/CTX118768
______________________________________________________________________

08.44.37 CVE: Not Available
Platform: Cross Platform
Title: Questwork QuestCMS Multiple Remote Vulnerabilities
Description: QuestCMS is a content management system. The application
is exposed to multiple issues. Exploiting these issues could allow an
attacker to view arbitrary local files within the context of the
web server, steal cookie-based authentication credentials, compromise
the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/31945
______________________________________________________________________

08.44.38 CVE: Not Available
Platform: Cross Platform
Title: Android Web Browser Unspecified Remote Code Execution
Description: Android is a software stack for mobile devices that
includes an operating system, middleware, and key applications.
Android Web Browser is exposed to an unspecified remote code execution
issue.
Ref:
http://www.nytimes.com/2008/10/25/technology/internet/25phone.html?_r=1&oref=slogin
______________________________________________________________________

08.44.39 CVE: Not Available
Platform: Cross Platform
Title: MyKtools Database Disclosure
Description: MyKtools is a collection of database administration
tools. The application is exposed to an information disclosure issue.
Specifically, attackers may be able to download the application's
backed up databases through the "mykdownload.php" script. MyKtools
version 2.4 is affected.
Ref: http://www.securityfocus.com/bid/31950
______________________________________________________________________

08.44.40 CVE: Not Available
Platform: Cross Platform
Title: Multiple Products Unspecified Library MP4 File Remote Denial of
Service
Description: Multiple Products are exposed to a denial of service
issue that occurs in an unspecified library when handling malformed
MP4 files. Successful exploits may allow remote attackers to cause
denial of service conditions on computers or affected device running
the affected library.
Ref: http://www.securityfocus.com/archive/1/497856
______________________________________________________________________

08.44.41 CVE: Not Available
Platform: Cross Platform
Title: Microsoft Internet Explorer " " Address Bar URI Spoofing
Description: Internet Explorer is a browser for the Windows operating
system. The application  is affected by a URI spoofing issue because
it fails to adequately handle specific combinations of the
Non-Breaking Space " " character. Internet Explorer 6 is affected
by this issue.
Ref: http://www.securityfocus.com/archive/1/497825
______________________________________________________________________

08.44.42 CVE: CVE-2008-2237, CVE-2008-2238
Platform: Cross Platform
Title: OpenOffice WMF and EMF File Handling Multiple Heap-Based Buffer
Overflow Vulnerabilities
Description: OpenOffice is a suite of office applications for multiple
operating platforms. OpenOffice is exposed to multiple issues. Remote
attackers can exploit these issues by enticing victims into opening
maliciously crafted files. OpenOffice 2 versions prior to 2.4.2 are
affected.
Ref: http://www.openoffice.org/security/bulletin.html
______________________________________________________________________

08.44.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Multiple Vendor Web Browser FTP Client Cross-Site Scripting
Description: Multiple vendors' web browsers are exposed a cross-site
scripting issue that arises because the software fails to handle
specially crafted files served using the FTP protocol. Specifically,
the issue arises because the affected browsers fail to properly verify
file types of files downloaded by built-in FTP clients and render the
files.
Ref: http://www.securityfocus.com/bid/31855
______________________________________________________________________

08.44.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jetbox CMS "liste" Parameter Cross-Site Scripting
Description: Jetbox CMS is a PHP based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "liste" parameter of the
"/admin/postlister/index.php" script. Jetbox CMS version 2.1 is
affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-jetbox2.html
______________________________________________________________________

08.44.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MiniPortail "search.php" Cross-Site Scripting and Local File
Include Vulnerabilities
Description: MiniPortail is a web portal application. MiniPortail is
exposed to multiple issues: a cross-site scripting issue affects the
"search.php" script and a local file include issue affects the "lng"
parameter of the "search.php" script. MiniPortail version 2.2.0 is
affected.
Ref: http://www.securityfocus.com/bid/31895
______________________________________________________________________

08.44.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ClipShare Pro "fullscreen.php" Cross-Site Scripting
Description: ClipShare Pro is a PHP based script for sharing videos.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "title" parameter of the
"fullscreen.php" script. ClipShare Pro version 4.0.0 is affected.
Ref: http://www.securityfocus.com/bid/31898
______________________________________________________________________

08.44.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kayako eSupport "html-tidy-logic.php" Cross-Site Scripting
Description: Kayako eSupport is a PHP based helpdesk and support
system. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "jsMakeSrc"
parameter of the
"includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php" script.
Kayako eSupport version 3.20.02 is vulnerable; other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/31908
______________________________________________________________________

08.44.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: iPei Guestbook "pg" Parameter Cross-Site Scripting
Description: iPei Guestbook is a PHP based web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "pg"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/497783
______________________________________________________________________

08.44.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpMyAdmin "pmd_pdf.php" Cross-Site Scripting
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. phpMyAdmin is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data to the
"db" parameter of the "pmd_pdf.php" script.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1101
______________________________________________________________________

08.44.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyBB "moderation.php" Cross-Site Scripting
Description: MyBB is a PHP based bulletin board. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "url" parameter in the
"moderation.php" script. MyBB version 1.4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/497817
______________________________________________________________________

08.44.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP-Nuke Nuke League Module "tid" Parameter Cross-Site
Scripting
Description: PHP-Nuke Nuke League module is a plugin for PHP-nuke. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "tid" parameter
of the "League" module.
Ref: http://www.securityfocus.com/bid/31952
______________________________________________________________________

08.44.52 CVE: CVE-2008-4342
Platform: Web Application - Cross Site Scripting
Title: KKE Info Media Kmita Catalogue "search.php" Cross-Site
Scripting
Description: Kmita Catalogue is a web-application. The application is
exposed to a cross-site scripting issue because it fails to sanitize
user-supplied input to the "q" parameter of the "search.php" script.
Kmita Catalogue V2 is affected.
Ref: http://www.kkeim.com/products/kmita.html?code=kmitac
______________________________________________________________________

08.44.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Extrakt Framework "index.php" Cross-Site Scripting
Description: Extrakt Framework is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the
"plugins[file][id]" parameter of the "index.php" script. Extrakt
Framework version 0.7 is affected.
Ref: http://www.securityfocus.com/bid/31971
______________________________________________________________________

08.44.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dizi Portali "diziler.asp" SQL Injection
Description: Dizi Portali is an ASP based web portal. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter in "diziler.asp"
before using the data in an SQL query.
Ref: http://www.securityfocus.com/bid/31849
______________________________________________________________________

08.44.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phPhotoGallery "index.php" SQL Injection
Description: phPhotoGallery is a web-based gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "index.php" script before using it in an SQL query.
phPhotoGallery version 0.92 is affected.
Ref: http://www.securityfocus.com/bid/31850
______________________________________________________________________

08.44.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bahar Download Script "aspkat.asp" SQL Injection
Description: Bahar Download Script is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "kid" parameter of the "aspkat.asp" script before using it in an
SQL query. Bahar Download Script version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/31852
______________________________________________________________________

08.44.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ShopMaker "product.php" SQL Injection
Description: ShopMaker is a web-based gallery. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "product.php"
script before using it in an SQL query. ShopMaker version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31854
______________________________________________________________________

08.44.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KBase Joomla! Component "id" Parameter SQL Injection
Description: KBase is a PHP based component for the Joomla! content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "index.php" script when the "option" parameter is set
to "com_kbase". KBase version 1.2 is affected.
Ref: http://www.jmds.eu/joomla-1.5-addons/view-category.html
______________________________________________________________________

08.44.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Daily Message Component "id" Parameter SQL
Injection
Description: Daily Message is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_dailymessage" component before using it in
an SQL query. Daily Message version 1.0.3 is affected.
Ref: http://www.securityfocus.com/bid/31870
______________________________________________________________________

08.44.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Dorsa CMS "ShowPage.aspx" SQL Injection
Description: Dorsa CMS is a web-based content management system. It is
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "PageIDF" parameter when the "page_" parameter is set to "news"
before using it in an SQL query. The affected parameters are used in
the "ShowPage.aspx" script.
Ref: http://www.securityfocus.com/bid/31875
______________________________________________________________________

08.44.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LoudBlog "ajax.php" SQL Injection
Description: LoudBlog is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "colpick" parameter of the
"loudblog/ajax.php" script before using it in an SQL query. LoudBlog
versions 0.8.0a and earlier are affected.
Ref: http://www.securityfocus.com/bid/31878
______________________________________________________________________

08.44.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CS-Partner "gestion.php" Multiple SQL Injection Vulnerabilities
Description: CS-Partner is a PHP based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the "pseudo" and
"passe" parameters of the "gestion.php" script. CS-Partner version 1.0
is affected.
Ref: http://www.securityfocus.com/bid/31886
______________________________________________________________________

08.44.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: UC Gateway Investment SiteEngine "announcements.php" SQL
Injection
Description: SiteEngine is a web-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"announcements.php" script before using it in an SQL query. SiteEngine
version 5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/497747
______________________________________________________________________

08.44.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MindDezign Photo Gallery "id" Parameter SQL Injection
Description: MindDezign Photo Gallery is a PHP based photo gallery
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "index.php" script when the "module" parameter
is set to "gallery" before using it in an SQL query. MindDezign Photo
Gallery version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31893
______________________________________________________________________

08.44.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AJ RSS Reader "EditUrl.php" SQL Injection
Description: AJ RSS Reader is a PHP based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "url" parameter of the
"EditUrl.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31910
______________________________________________________________________

08.44.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KasraCMS "index.php" Multiple SQL Injection Vulnerabilities
Description: KasraCMS is a PHP based web application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied input to the "shme" and "cont"
parameters of the "index.php" script.
Ref: http://www.securityfocus.com/bid/31918
______________________________________________________________________

08.44.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SFS Ez Forum "forum.php" SQL Injection
Description: SFS Ez Forum is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "forum" parameter of the
"forum.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31924
______________________________________________________________________

08.44.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PozScripts Classified Ads "gotourl.php" SQL Injection
Description: PozScripts Classified Ads is a web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"gotourl.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31925
______________________________________________________________________

08.44.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Graphiks MyForum "lecture.php" SQL Injection
Description: Graphiks MyForum is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"lecture.php" script before using it in an SQL query. MyForum version
1.3 is affected.
Ref: http://www.securityfocus.com/bid/31926
______________________________________________________________________

08.44.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Persia BME E-Catalogue "search.asp" SQL Injection
Description: Persia BME E-Catalogue is an ASP based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "q" parameter of the
"qsearch/search.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31833
______________________________________________________________________

08.44.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tandis CMS "index.php" Multiple SQL Injection Vulnerabilities
Description: Tandis CMS is a PHP based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied input to the "nid" and
"cpage" parameters of the "index.php" script. Tandis CMS version 2.5.0
is affected.
Ref: http://www.securityfocus.com/bid/31930
______________________________________________________________________

08.44.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 CMS "alternate_profiles" Plugin "newuser.php" SQL
Injection
Description: The "alternate_profiles" plugin is an application for the
e107 CMS content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the
"alternate_profiles/newuser.php" script before using it in an SQL
query.
Ref:
http://www.justfreespace.com/e107_plugins/alternate_profiles/readme.txt
______________________________________________________________________

08.44.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: bcoos "modules/banners/click.php" SQL Injection
Description: bcoos is a content manager based on the E-Xoops CMS. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "bid" parameter of the
"modules/banners/click.php" script before using it in an SQL query.
bcoos version 1.0.13 is affected.
Ref: http://www.securityfocus.com/bid/31941
______________________________________________________________________

08.44.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e107 CMS EasyShop Plugin "easyshop.php" SQL Injection
Description: The EasyShop plugin is a module for the e107 CMS content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"category_id" parameter of the "easyshop.php" script before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/31948
______________________________________________________________________

08.44.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: All In One Control Panel "cp_polls_results.php" SQL Injection
Description: All In One Control Panel (AIOCP) is a content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "poll_id" parameter
of the "public/code/cp_polls_results.php" script before using it in an
SQL query. All In One Control Panel version 1.4 is affected.
Ref: http://www.securityfocus.com/bid/31949
______________________________________________________________________

08.44.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PersianBB "iranian_music.php" SQL Injection
Description: PersianBB is a PHP based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"iranian_music.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31953
______________________________________________________________________

08.44.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: H&H Solutions WebSoccer "id" SQL Injection
Description: H&H Solutions WebSoccer is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"liga.php" script before using it in an SQL query. H&H Solutions
WebSoccer version 2.80 is affected.
Ref: http://www.securityfocus.com/bid/31963
______________________________________________________________________

08.44.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ElkaGroup Image Gallery "view.php" SQL Injection
Description: Elkagroup is a web-based photo album application.
Elkagroup is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input before using it in an SQL query.
Elkagroup version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31966
______________________________________________________________________

08.44.79 CVE: Not Available
Platform: Web Application
Title: LightBlog Multiple Local File Include Vulnerabilities
Description: LightBlog is a PHP based blog application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. LightBlog version
9.8 is affected.
Ref: http://www.securityfocus.com/bid/31851
______________________________________________________________________

08.44.80 CVE: Not Available
Platform: Web Application
Title: TikiWiki Multiple Unspecified Vulnerabilities
Description: TikiWiki is a PHP based content manager and wiki system.
The application is exposed to multiple remote issues caused by
unspecified errors. TikiWiki versions 2.x prior to 2.2 are affected.
Ref: http://info.tikiwiki.org/tiki-read_article.php?articleId=41
______________________________________________________________________

08.44.81 CVE: Not Available
Platform: Web Application
Title: Joomla! Archaic Binary Gallery "com_ab_gallery" Component
Directory Traversal
Description: Archaic Binary Gallery is a component for the Joomla!
content manager. The component is exposed to a directory traversal
issue because it fails to sufficiently sanitize user-supplied input to
the "gallery" parameter of the "index.php" script when the "option"
parameter is set to "com_ab_gallery". Joomla! Archaic Binary Gallery
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/31901
______________________________________________________________________

08.44.82 CVE: Not Available
Platform: Web Application
Title: Smarty Template Engine "Smarty_Compiler.class.php"  Security
Bypass
Description: Smarty Template Engine is a template based content
manager. Smarty Template Engine is exposed to a security bypass issue
that occurs when embedded variables are processed. Specifically, this
issue occurs in the "_expand_quoted_text()" function of the
"Smarty_Compiler.class.php" file. Smarty version 2.6.19 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=467317
______________________________________________________________________

08.44.83 CVE: CVE-2008-4688
Platform: Web Application
Title: Mantis "string_api.php" Issue Number Information Disclosure
Description: Mantis is a web-based bug tracker. It is written in PHP
and supported by a MySQL database. Mantis is exposed to an information
disclosure issue because it fails to protect private information.
Specifically, the vulnerability occurs if a user references an issue
via an issue number. Mantis versions prior to 1.1.3 are affected.
Ref: http://www.mantisbt.org/bugs/view.php?id=9321
______________________________________________________________________

08.44.84 CVE: Not Available
Platform: Web Application
Title: Iamma Nuke Simple Gallery "upload.php" Arbitrary File Upload
Description: Iamma Nuke Simple Gallery is photo gallery module for
PHP-Nuke. The application is exposed to an issue that lets remote
attackers upload and execute arbitrary script code on an affected
computer with the privileges of the web server process. This issue
occurs because the application fails to sufficiently sanitize file
extensions before uploading files to the web server through the
"upload.php" script. Iamma Nuke Simple Gallery versions 1.0 and 2.0
are affected.
Ref: http://www.securityfocus.com/bid/31873
______________________________________________________________________

08.44.85 CVE: Not Available
Platform: Web Application
Title: phpcrs "frame.php" Local File Include
Description: phpcrs is a web-based application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "importFunction" parameter before
using it in the "frame.php" script. phpcrs versions up to and
including 2.06 are affected.
Ref: http://www.securityfocus.com/archive/1/497742
______________________________________________________________________

08.44.86 CVE: Not Available
Platform: Web Application
Title: Joomla! ionFiles Component "download.php" Directory Traversal
Description: Joomla! ionFiles is a component for the Joomla content
manager. The component is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input to the
"file" parameter of the "download.php" script. Joomla! ionFiles
version 4.4.2 is affected.
Ref: http://www.securityfocus.com/bid/31877
______________________________________________________________________

08.44.87 CVE: Not Available
Platform: Web Application
Title: Drupal Book Page Title HTML Injection
Description: Drupal is a content management system. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to the titles of book pages before using
the input in dynamically generated content. Users with "create book
content" privileges can exploit this issue. Drupal 5.x versions prior
to 5.12 and Drupal 6.x versions prior to 6.6 are affected.
Ref: http://drupal.org/node/324824
______________________________________________________________________

08.44.88 CVE: Not Available
Platform: Web Application
Title: Osprey "ListRecords.php" Multiple Remote File Include
Vulnerabilities
Description: Osprey is a peer-to-peer content distribution system. The
application is exposed to multiple remote file include issue because
it fails to sufficiently sanitize user-supplied input to the "lib_dir"
and "xml_dir" parameters of the "/web/lib/xml/oai/ListRecords.php"
script. Osprey version 1.0a4.1 is affected.
Ref: http://www.securityfocus.com/bid/31883
______________________________________________________________________

08.44.89 CVE: Not Available
Platform: Web Application
Title: TXTshop "header.php" Local File Include
Description: TXTshop is a PHP based shopping cart application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "language" parameter
before using it in the "header.php" script. TXTshop version 1.0b is
affected.
Ref: http://www.securityfocus.com/bid/31885
______________________________________________________________________

08.44.90 CVE: Not Available
Platform: Web Application
Title: Snoopy "_httpsrequest()" Arbitrary Command Execution
Description: Snoopy is a freely available, open-source PHP class that
implements a web client for use in automating HTTP requests in PHP
applications. Snoopy is exposed to an issue that lets attackers
execute arbitrary commands because the application fails to properly
sanitize user-supplied input. Snoopy versions prior to 1.2.4 is
affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=635111
______________________________________________________________________

08.44.91 CVE: Not Available
Platform: Web Application
Title: UC Gateway Investment SiteEngine "api.php" URI Redirection
Description: SiteEngine is a PHP based content management system.
SiteEngine is exposed to a remote URI redirection issue because it
fails to properly sanitize user-supplied input to the "forward"
parameter of the "api.php" script, when called with the "action"
parameter set to "logout". SiteEngine version 5.0 is affected.
Ref: http://www.securityfocus.com/archive/1/497747
______________________________________________________________________

08.44.92 CVE: Not Available
Platform: Web Application
Title: Joomla! RWCards Component "captcha_image.php" Local File
Include
Description: RWCards is a greeting card component for the Joomla!
content manager. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"img" parameter before using it in the "captcha_image.php" script.
RWCards version 3.0.11 is affected.
Ref: http://www.securityfocus.com/bid/31892
______________________________________________________________________

08.44.93 CVE: Not Available
Platform: Web Application
Title: aflog Cookie Authentication Bypass
Description: aflog is a PHP based web log application. The application
is exposed to an authentication bypass issue because it fails to
adequately verify user-supplied input used for cookie-based
authentication. aflog version 1.01 is affected.
Ref: http://www.securityfocus.com/bid/31894
______________________________________________________________________

08.44.94 CVE: Not Available
Platform: Web Application
Title: MindDezign Photo Gallery "admin" Module Unauthorized Access
Description: MindDezign Photo Gallery is a web-based application. The
application is exposed to an unauthorized access issue because it
fails to adequately limit access to administrative scripts used for
creating accounts. This issue affects the "admin" module. MindDezign
Photo Gallery version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31897
______________________________________________________________________

08.44.95 CVE: Not Available
Platform: Web Application
Title: Drupal "bootstrap.inc" Local File Include
Description: Drupal is a PHP based content management system. Drupal
is exposed to a local file include issue due to an error in the
"bootstrap.inc" script file. This issue occurs when Drupal is hosted
on a computer supporting multiple IP based virtual hosts. Drupal
versions prior to 5.12 and Drupal 6.6 are affected.
Ref: http://drupal.org/node/324824
______________________________________________________________________

08.44.96 CVE: Not Available
Platform: Web Application
Title: New Earth Programming Team Image Upload Script Arbitrary File
Upload
Description: New Earth Programming Team Image Upload Script is a
PHP based image uploader. The application is exposed to an issue that
lets remote attackers upload and execute arbitrary script code on an
affected computer with the privileges of the web server process. This
issue occurs because the application fails to sufficiently sanitize
file extensions passed to the "upload.php" script before uploading
files to the web server.
Ref: http://www.securityfocus.com/bid/31909
______________________________________________________________________

08.44.97 CVE: Not Available
Platform: Web Application
Title: BuzzScripts BuzzyWall "download.php" Directory Traversal
Description: BuzzScripts BuzzyWall is a web-based application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input to the "id" parameter of
the "download.php" script. BuzzScripts BuzzyWall version 1.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/31914
______________________________________________________________________

08.44.98 CVE: Not Available
Platform: Web Application
Title: Php-Daily Multiple Input Validation Vulnerabilities
Description: Php-Daily is a PHP based time management application.
Since it fails to adequately sanitize user-supplied input, Php-Daily
is exposed to multiple input validation issues. Php-Daily version 1.2
is affected.
Ref: http://www.securityfocus.com/bid/31915
______________________________________________________________________

08.44.99 CVE: Not Available
Platform: Web Application
Title: tlNews Cookie Authentication Bypass
Description: tlNews is a PHP based web application. The application is
exposed to an authentication-bypass vulnerability because it fails to
adequately verify user-supplied input used for cookie based
authentication. Attackers can gain administrative access by setting
the "tlNews_login" cookie parameter to "admin", effectively bypassing
authentication. tlNews version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/31919
______________________________________________________________________

08.44.100 CVE: Not Available
Platform: Web Application
Title: Ads Pro "dhtml.pl" Remote Command Execution
Description: Ads Pro is a web-based application used to display ads on
a web site. The application is exposed to an issue that attackers can
leverage to execute arbitrary commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input to the "page" parameter of the
"dhtml.pl" script.
Ref: http://www.securityfocus.com/bid/31923
______________________________________________________________________

08.44.101 CVE: Not Available
Platform: Web Application
Title: KTorrent PHP Code Injection and Security Bypass Vulnerabilities
Description: KTorrent is exposed to multiple issues that affect its
web interface. Successful exploits may facilitate a compromise of the
application and the underlying system; other attacks may also be
possible. KTorrent version 3.1.3 is affected.
Ref: http://www.securityfocus.com/bid/31927
______________________________________________________________________

08.44.102 CVE: Not Available
Platform: Web Application
Title: bcoos "include/common.php" Remote File Include
Description: bcoos is a PHP based content manager. The application is
exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "XOOPS_ROOT_PATH" parameter of the
"include/common.php" script. bcoos version 1.0.13 is affected.
Ref: http://www.securityfocus.com/archive/1/497809
______________________________________________________________________

08.44.103 CVE: Not Available
Platform: Web Application
Title: Python "Imageop" Module Argument Validation Buffer Overflow
Description: Python is an interpreted, dynamic, object oriented
programming language that is available for many operating systems.
Python is exposed to a buffer overflow issue because it fails to
sufficiently sanitize user-supplied input. The vulnerability stems
from an integer overflow in the "imageop" module and may result in a
segmentation fault. Python versions prior to 2.5.2-r6 are affected.
Ref: http://svn.python.org/view?rev=66689&view=rev
______________________________________________________________________

08.44.104 CVE: Not Available
Platform: Web Application
Title: Eaton Network Shutdown Module Authentication Bypass
Description: Eaton Network Shutdown Module is a monitoring system for
UPS devices; it includes a PHP based administrative interface. Network
Shutdown Module is exposed to an authentication bypass issue caused by
an unspecified error. This issue occurs in the "pane_actionbutton.php"
and "exec_action.php" scripts. Network Shutdown Module versions prior
to 3.10 build 13 are affected.
Ref: http://www.securityfocus.com/archive/1/497824
______________________________________________________________________

08.44.105 CVE: Not Available
Platform: Web Application
Title: Graphiks MyForum "centre.php" Local File Include
Description: Graphiks MyForum is a web-based application. Graphiks
MyForum is exposed to a local file include issue because it fails to
properly sanitize user-supplied input to the "padmin" parameter of the
"admin/centre.php" script. Graphiks MyForum version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31934
______________________________________________________________________

08.44.106 CVE: Not Available
Platform: Web Application
Title: MyBB Message Attachment Predictable Filename Information
Disclosure
Description: MyBB is a PHP based bulletin board. The application is
exposed to an information disclosure issue because it saves message
attachments with predictable filenames. MyBB version 1.4.2 is
affected.
Ref: http://www.securityfocus.com/archive/1/497817
______________________________________________________________________

08.44.107 CVE: Not Available
Platform: Web Application
Title: tlAds Cookie Authentication Bypass
Description: tlAds is web-based advertisement application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie based
authentication. tlAds version 1 is affected.
Ref: http://www.securityfocus.com/bid/31939
______________________________________________________________________

08.44.108 CVE: Not Available
Platform: Web Application
Title: MyKtools "update.php" Local File Include
Description: MyKtools is a collection of database administration
tools. MyKtools is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "language"
parameter of the "update.php" script. MyKtools version 2.4 is
affected.
Ref: http://www.securityfocus.com/bid/31942
______________________________________________________________________

08.44.109 CVE: Not Available
Platform: Web Application
Title: WebGUI "Asset.pm" Perl Module Handling Code Execution
Description: WebGUI is a content manager and framework for web
applications. The application is exposed to an arbitrary Perl
code-execution issue that caused by a design error in the "loadModule"
function in "lib/WebGUI/Asset.pm" which fails to appropriately
restrict the type of module that can be loaded by this function.
WebGUI versions prior to 7.5.30 are affected.
Ref: http://www.webgui.org/bugs/tracker/8980
______________________________________________________________________

08.44.110 CVE: Not Available
Platform: Web Application
Title: libgadu Contact Description Remote Buffer Overflow
Description: libgadu is a library implementing the Gadu-Gadu instant
message protocol. It is available for multiple operating systems.
libgadu is exposed to a remote buffer overflow issue that arises when
the library handles malformed contact description data from a
malicious server. This issue occurs in the source code file
"events.c". libgadu versions prior to 1.8.2 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=468830
______________________________________________________________________

08.44.111 CVE: Not Available
Platform: Web Application
Title: Graphiks MyForum Cookie Authentication Bypass
Description: Graphiks MyForum is a web-based application implemented
in PHP. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie based authentication. Graphiks MyForum version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/31955
______________________________________________________________________

08.44.112 CVE: Not Available
Platform: Web Application
Title: tlGuestBook Cookie Authentication Bypass
Description: tlGuestBook is PHP based guestbook application. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie based
authentication. tlGuestBook version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/31958
______________________________________________________________________

08.44.113 CVE: Not Available
Platform: Web Application
Title: Agares Media ThemeSiteScript "frontpage_right.php" Remote File
Include
Description: ThemeSiteScript is a PHP based application that helps
users create and manage themes web sites. The application is exposed to
a remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "loadadminpage" parameter of the
"admin/frontpage_right.php" script. ThemeSiteScript version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/31959
______________________________________________________________________

08.44.114 CVE: Not Available
Platform: Web Application
Title: H2O-CMS PHP Code Injection and Cookie Authentication Bypass
Vulnerabilities
Description: H2O-CMS is a content-management system. The application
is exposed to a PHP code-injection issue and a cookie
authentication bypass issue. The PHP injection issue occurs because
the application fails to properly sanitize user-supplied input when
the "option" parameter is set to "SaveConfig" for the "index.php"
script. H2O-CMS versions up to and including 3.4 are affected.
Ref: http://www.securityfocus.com/bid/31961
______________________________________________________________________

08.44.115 CVE: Not Available
Platform: Web Application
Title: Atlassian JIRA Cross-Site Scripting and HTML Injection
Vulnerabilities
Description: Atlassian JIRA is a bug tracking, issue tracking, and
project management application. This application is exposed to an
HTML injection issue and a cross-site scripting issue. The
HTML injection issue is caused by a failure to sufficiently sanitize
user-supplied input to the "Full Name" parameter when editing a user
profile. Atlassian JIRA version 3.13 is affected.
Ref:
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-10-29
______________________________________________________________________

via FrSIRT – Fedora Security Update Fixes Drupal Security Bypass Vulnerabilities / Exploit (Security Advisories)

More Free Training Opportunities Provided by SANS

WEBCAST 1

The Intelligent Network: Protecting the Evolving Network and Securing Virtual Environments
WHEN: Tuesday, October 28, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Stephen Northcutt, President SANS Institute
https://www.sans.org/webcasts/show.php?webcastid=91616
Sponsored By: Core Security http://www.coresecurity.com/

Network components are evolving into intelligent convergence equipment, able to make smart decisions about network traffic. Instead of traditional “silos”, where each piece of equipment analyzes network traffic for its own purpose (ie: firewall, IPS, IDS, VPN, AV), new convergence equipment combines all of these technologies to deliver Unified Threat Management from a single device.

WEBCAST 2

Log Management in the Cloud: A Comparison of Do-it-yourself Versus Cloud Services
WHEN: Thursday, October 30, 2008 at 1:00 PM EDT (1700 UTC/GMT)
FEATURING: Jerry Shenk and Randy Rosenbaum
https://www.sans.org/webcasts/show.php?webcastid=92024
Sponsored By: Alert Logic http://www.alertlogic.com/

This Webcast and accompanying whitepaper explore the differences between traditional, do-it-yourself management using commercial and customized tools and log management as a service in the cloud.

WEBCAST 3

Tool Talk Webcast: Keeping Trusted Endpoints Honest: Using IDS/IPS for Post-Connect NAC
WHEN: Tuesday, November 4, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: John Curry
https://www.sans.org/webcasts/show.php?webcastid=91993
Sponsored By: StillSecure http://www.stillsecure.com/index_flash.php

Topics to be covered include: the basic IDS/IPS capabilities that make it ideal for post-connect sensing; the expanded policy enforcement options this approach enables; the greater return on investment realized by having your IDS/IPS do double duty; post-connect deployment on the network.

WEBCAST 4

Tool Talk Webcast: Reduce IT Costs by Unleashing Log Power
WHEN: Wednesday, November 5, 2008 at 2:00 PM EST (1900 UTC/GMT)
FEATURING: Speaker TBD
https://www.sans.org/webcasts/show.php?webcastid=91686
Sponsored By: LogLogic http://www.loglogic.com/

Companies are spending a lot of time and money on log management today.
20% of log access is associated with compliance and security. Preparing for audits involves time consuming manual labor, script writing, and hardware and software purchases. 80% of log access is associated with problem resolution and performance management.

WEBCAST 5

Internet Storm Center: Threat Update
WHEN: Wednesday, November 12, 2008 at 1:00 PM EST (1800 UTC/GMT)
FEATURING: Johannes Ullrich
https://www.sans.org/webcasts/show.php?webcastid=91441
Sponsored By: Core Security http://www2.corest.com/

This monthly webcast discusses recent threats observed by the Internet Storm Center, and discusses new software vulnerabilities or system exposures that were disclosed over the past month. The general format is about 30 minutes of presentation by senior ISC staff, followed by a question and answer period.

WEBCAST 6

Real-Time Adaptive Security: Proactively Mitigating Risks
WHEN: Tuesday, November 18, 2008 1t 1:00 PM EST (1800 UTC/GMT)
FEATURING: Dave Shackleford
https://www.sans.org/webcasts/show.php?webcastid=91853
Sponsored By: Sourcefire http://www.sourcefire.com/

Adaptive security can watch a network for malicious traffic and behavioral anomalies, ferret out end point vulnerabilities, identify real-time changes to systems, automatically enforce end point protections and access rules, block malicious traffic, follow a compliance dashboard while providing audit data, and so much more.

********************************************************************
Be sure to check out the following webcasts from our SANS Webcasts Archives https://www.sans.org/webcasts/archive.php

Tool Talk Webcast: Getting It Right! Best Practices in Selecting a Log Management Solution That’s Right for You
http://www.sans.org/info/31953
Sponsored By: ArcSight

Tool Talk Webcast: Enterprise Log Management for Incident Handlers
https://www.sans.org/webcasts/show.php?webcastid=91739
Sponsored By: Q1 Labs

Tool Talk Webcast: Firewall Migration & Policy-based Centralized Configuration
https://www.sans.org/webcasts/show.php?webcastid=92038
Sponsored By: Exaprotect

The Pen Testing Perfect Storm Series: With Skoudis, Wright and Johnson Combining Network Web App and Wireless in the Ultimate Penetration Test
http://www.sans.org/info/31948
Sponsored By: Core Security

Ok the big news this week came at the end of the week when Microsoft announced an extra patch to address an RPC problem that affects virtually all of their OS’s.  Virtually millions of millions of systems.  Also there is a major patch for most Linux based mail applications.  Specifically the libspf2 version prior to 1.2.8.  There is also another major vulnerability noted that affects multiple products from F-Secure.

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Windows                               1 (#1)
Other Microsoft Products                        1
Third Party Windows Apps                        4 (#4, #5)
Linux                                           2
Unix                                            1
Cross Platform                                 19 (#2, #3)
Web Application - Cross Site Scripting          7
Web Application - SQL Injection                31
Web Application                                18 


Part I -- Critical Vulnerabilities from
TippingPoint 

(www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer Overflow
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
(5) HIGH: Hummingbird Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
08.43.1  - Microsoft Outlook Web Access
for Exchange Server "redir.asp" URI Redirection
 -- Third Party Windows Apps
08.43.2  - Hummingbird HostExplorer
ActiveX Control "PlainTextPassword()" Buffer Overflow
08.43.3  - Hummingbird Deployment Wizard
10 "DeployRun.dll" ActiveX Control Multiple Security Vulnerabilities
08.43.4  - Dart Communications PowerTCP
FTP for ActiveX "DartFtp.dll" Buffer Overflow
08.43.5  - Symantec Altiris Deployment Solution
Client User Interface Local Privilege Escalation
 -- Linux
08.43.6  - Linux Kernel i915 Driver
"drivers/char/drm/i915_dma.c" Memory Corruption
08.43.7  - Linux Kernel SCTP Protocol
Violation Remote Denial of Service
 -- Unix
08.43.8  - Symantec Veritas File System
"qioadmin" Local Information Disclosure
 -- Cross Platform
08.43.9  - Adobe Flash CS3 Professional
SWF File Remote Code Execution
08.43.10 - jhead versions Prior to 2.84 Multiple Vulnerabilities
08.43.11 - Hewlett-Packard Systems Insight Manager Unspecified Unauthorized
Access
08.43.12 - Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service
08.43.13 - Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
08.43.14 - Apache HTTP Server OS Fingerprinting Unspecified Security
08.43.15 - Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access
08.43.16 - Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service
08.43.17 - VLC Media Player TY File Stack Based Buffer Overflow
08.43.18 - "nfs-utils" Package "hosts_ctl()" Security
Bypass
08.43.19 - MUSCLE "Message::AddToString()" Buffer Overflow
08.43.20 - FireGPG Insecure Temporary File Creation
08.43.21 - Symantec Veritas File System "qiomkfile" Local Information
Disclosure
08.43.22 - Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture
08.43.23 - RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code
Execution
08.43.24 - Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
08.43.25 - IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities
08.43.26 - F-Secure Multiple Products RPM File Integer Overflow
08.43.27 - Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure
 -- Web Application - Cross Site
Scripting
08.43.28 - Elxis CMS "index.php" Multiple Cross-Site Scripting and
Session Fixation Vulnerabilities
08.43.29 - Habari "habari_username" Parameter Cross-Site Scripting
08.43.30 - WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities
08.43.31 - cpCommerce Multiple Cross-Site Scripting Vulnerabilities
08.43.32 - Movable Type Prior to Version 4.22 Unspecified Cross-Site Scripting
08.43.33 - MyNETS Unspecified Cross-Site Scripting
08.43.34 - Wysi Wiki Wyg "index.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.43.35 - AstroSPACES "profile.php" SQL Injection
08.43.36 - PhpWebGallery "comments.php" SQL Injection and Code
Execution Vulnerabilities
08.43.37 - MyPHPDating "success_story.php" SQL Injection
08.43.38 - myStats Security Bypass and SQL Injection Vulnerabilities
08.43.39 - myEvent "viewevent.php" SQL Injection
08.43.40 - SweetCMS "index.php" SQL Injection
08.43.41 - WEB//NEWS Multiple SQL Injection Vulnerabilities
08.43.42 - Drupal Node Vote Module Cast Vote SQL Injection
08.43.43 - IP Reg "locationdel.php" SQL Injection
08.43.44 - Mosaic Commerce "category.php" SQL Injection
08.43.45 - CafeEngine "id" Parameter Multiple SQL Injection
Vulnerabilities
08.43.46 - CafeEngine Easy Cafe Engine "itemid" Parameter SQL
Injection
08.43.47 - ShiftThis Newsletter WordPress Plugin "stnl_iframe.php"
SQL Injection
08.43.48 - Zeeproperty "bannerclick.php" SQL Injection
08.43.49 - XOOPS GesGaleri Module "index.php" SQL Injection
08.43.50 - Meeting Room Booking System "month.php" SQL Injection
08.43.51 - myWebland miniBloggie "del.php" SQL Injection
08.43.52 - Nice Talk Joomla! Component "tagid" Parameter SQL
Injection
08.43.53 - DS-Syndicate Joomla! Component "feed_id" Parameter SQL
Injection
08.43.54 - Woltlab Burning Board rGallery Plugin "itemID" Parameter
SQL Injection
08.43.55 - e107 CMS
08.43.56 - Jetbox CMS Multiple SQL Injection Vulnerabilities
08.43.57 - PHP-Nuke Sarkilar Module "id" Parameter SQL Injection
08.43.58 - Makale XOOPS Module "makale.php" SQL Injection
08.43.59 - Limbo CMS "open.php" SQL Injection
08.43.60 - TYPO3 JobControl Extension Unspecified SQL Injection
08.43.61 - TYPO3 Econda Plugin Extension Unspecified SQL Injection
08.43.62 - TYPO3 Frontend Users View Extension Unspecified SQL Injection
08.43.63 - TYPO3 Mannschaftsliste Extension Unspecified SQL Injection
08.43.64 - TYPO3 M1 Intern Extension Unspecified SQL Injection
08.43.65 - TYPO3 Simple survey Extension Unspecified SQL Injection
 -- Web Application
08.43.66 - myPHPNuke "displayCategory.php" Multiple Remote File
Include Vulnerabilities
08.43.67 - Drupal Node Clone Module Information Disclosure
08.43.68 - Kure Multiple Local File Include Vulnerabilities
08.43.69 - Mic_blog SQL Injection and Unauthorized Access Vulnerabilities
08.43.70 - Mantis "manage_proj_page.php" PHP Code Injection
08.43.71 - Calendars for the Web Security Bypass
08.43.72 - XOOPS "hisa_cart" Module Remote Information Disclosure
08.43.73 - Post Affiliate Pro "index.php" Local File Include
08.43.74 - Slaytanic Scripts Content Plus Version 2.1.1 Multiple Unspecified
Vulnerabilities
08.43.75 - FlashChat "connection.php" Role Filter Security Bypass
08.43.76 - phpFastNews Cookie Authentication Bypass
08.43.77 - FCKeditor "command.php" Arbitrary File Upload
08.43.78 - Vivvo Article Management "classified_path" Parameter
Remote File Include
08.43.79 - HP SiteScope SNMP Trap HTML Injection
08.43.80 - Fast Click SQL Lite "init.php" Remote File Include
08.43.81 - Midgard Components Framework Multiple Unspecified Vulnerabilities
08.43.82 - yappa-ng "album" Parameter Local File Include
08.43.83 - Opera Web Browser HTML Injection and Cross-Site Scripting
Vulnerabilities
  
************************  Sponsored
Link:  ******************************
1) Learn about data leakage, PCI compliance, identity theft, botnets,
crimeware, security trends, and more. Register Today  
http://www.sans.org/info/34518
*************************************************************************

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort to
ensure that its intrusion prevention products effectively block exploits
using known vulnerabilities. TippingPoint's analysis is complemented by
input from a council of security managers from twelve large organizations
who confidentially share with SANS the specific actions they have taken
to protect their systems. A detailed description of the process may be
found at http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: Microsoft Windows RPC Remote Code Execution Vulnerability
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Description: Microsoft has provided advanced notification of a
vulnerability in a Remote Procedure Call (RPC) service. The
vulnerability was deemed severe enough to warrant an out-of-cycle
security update from Microsoft. The exact details of the vulnerability
have yet to be released, but are expected to be released sometime on
October 23rd, with a question-and-answer session via webcast. The
vulnerability allows for unauthenticated users to execute arbitrary code
on vulnerable systems.  Microsoft
believes that the vulnerability could
be exploited in such a way as to provide creation of a worm.
Status: Vendor confirmed, updates available.
References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx
Microsoft Webcast Information
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=103239
3978&EventCategory=4&culture=en-US&CountryCode=US
Microsoft Security Bulletin Update
http://go.microsoft.com/fwlink/?LinkId=130719
Microsoft Advanced Notification
http://blogs.technet.com/sus/archive/2008/10/23/microsoft-security-
bulletin-advance-notification-for-october-2008.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/31874

***************************************************************
(2) CRITICAL: LibSPF2 DNS TXT Record Handling Buffer Overflow
Affected:
libspf2 versions prior to 1.2.8
Description: SPF is the Sender Policy Framework (formerly "Sender
Permitted From"). SPF is a mechanism to help prevent unauthorized or
undesired email messages ("spam") by indicating from what servers a
domain can send email. Receiving mail servers can check SPF records
exported via DNS records to determine if a server sending email from a
domain is legitimately doing so. LibSPF2 is a popular implementation of
the SPF protocol and is used by a variety of mail and DNS products. It
contains a buffer overflow in its processing of SPF records exported from
DNS. A specially crafted SPF record could trigger this vulnerability. In
most common scenarios, an attacker could exploit this vulnerability by
simply sending an email message to a sever known to check SPF records.;
therefore no user interaction is required. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the vulnerable process, often a high-privilege account.
Full technical details and a proof-of-concept are publicly available for
this vulnerability.
Status: Vendor confirmed, updates available.
References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/31881.pl
Documentation by Dan Kaminsky
http://www.doxpara.com/?page_id=1256
Wikipedia Article on Sender Policy Framework
http://en.wikipedia.org/wiki/Sender_Policy_Framework
Vendor Home Page
http://www.libspf2.org/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/31881

***************************************************************
(3) CRITICAL: F-Secure Multiple Products RPM File Handling Integer
Overflow
Affected:
Multiple F-Secure products; see vendor advisory
Description: The RPM Package Manager (formerly the Red Hat Package
Manager, commonly "RPM") is a package manager used by a number of
Linux-
and Unix-based operating systems. Its packages are distributed in files
referred to as "RPMs". A number of F-Secure malware scanning products

contain an integer overflow when processing RPM packages. A specially
crafted RPM package could trigger this overflow, leading to arbitrary
code execution with the privileges of the vulnerable process. In
situations where the vulnerable product is used to scan email messages,
it is sufficient to have an email message transiting the server to
trigger the vulnerability; no user interaction is necessary. Some
technical details are publicly available for this vulnerability.
Additionally, the RPM file format is open and well documented, making it
amenable to fuzzing.
Status: Vendor confirmed, updates available.
References:
Vendor Security Advisory
http://www.f-secure.com/security/fsc-2008-3.shtml
Wikipedia Article on RPM
http://en.wikipedia.org/wiki/RPM_Package_Manager
RPM Home Page
http://www.rpm.org
Vendor Home Page
http://www.f-secure.com/
SecurityFocus BID
http://www.securityfocus.com/bid/31846

***************************************************************
(4) HIGH: Trend Micro OfficeScan CGI Handling Buffer Overflow
Affected:
Trend Microsoft OfficeScan versions 8.0 SP1 and prior
Description: Trend Micro OfficeScan is a popular enterprise malware
scanning application. It provides administrative and other facilities via
a web interface, using the Common Gateway Interface (CGI). Some of the
web interface CGI programs contain buffer overflow vulnerabilities in
their handling of HTTP requests. A specially crafted request to the web
interface could trigger one of these buffer overflows, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Some technical details are publicly available for these
vulnerabilities.
Status: Vendor confirmed, updates available.
References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-40/
Vendor Security Advisory
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_Critica
lPatch_B3110_readme.txt
Wikipedia Article on the Common Gateway Interface
http://en.wikipedia.org/wiki/Common_Gateway_Interface
Vendor Home Page
http://www.trendmicro.com
SecurityFocus BID
http://www.securityfocus.com/bid/31859

***************************************************************
(5) HIGH: Hummingbird Multiple Vulnerabilities
Affected:
Hummingbird Deployment Wizard 10 ActiveX Control
Hummingbird Host Explorer ActiveX Control versions 8.0 and prior
Description: Hummingbird Host Explorer is a popular terminal access
solution for remote systems, and the Hummingbird Deployment Wizard is a
product used to deploy other Hummingbird products. Both products provide
some of their functionality via ActiveX controls. These controls contain
various vulnerabilities, including buffer overflow and input validation
vulnerabilities. A specially crafted web page that instantiated one of
these controls could trigger one of these vulnerabilities, allowing an
attacker to execute arbitrary code with the privileges of the current
user. Technical details are publicly available for these vulnerabilities.
A proof-of-concept is also publicly available.
Status: No confirmed updates available. Users can disable the affected
controls via Microsoft's "kill bit' mechanism. Note that this will affect
normal application functionality.
References:
Proof-of-Concept
http://milw0rm.com/exploits/6776
Vendor Home Page
http://connectivity.hummingbird.com/home/connectivity.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/31799
http://www.securityfocus.com/bid/31783

*******************************************************
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 43, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

08.43.1 CVE: CVE-2008-1547
Platform: Other Microsoft Products
Title: Microsoft Outlook Web Access for Exchange Server "redir.asp"
URI Redirection
Description: Outlook Web Access (OWA) is a web mail component of
Microsoft Exchange Server. Outlook Web Access is exposed to a remote
URI redirection issue because it fails to properly sanitize
user-supplied input in the "URL" parameter of the
"redir.asp" script.
Outlook Web Access version 6.5 SP 2 is affected.
Ref: http://www.securityfocus.com/archive/1/497374
______________________________________________________________________
 
08.43.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird HostExplorer ActiveX Control "PlainTextPassword()"

Buffer Overflow
Description: Hummingbird HostExplorer is terminal emulation software.
HostExplorer includes an ActiveX control for Microsoft Windows
clients. The application is exposed to a buffer overflow issue because
it fails to perform adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/31781
______________________________________________________________________
 
08.43.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hummingbird Deployment Wizard 10 "DeployRun.dll" ActiveX
Control Multiple Security Vulnerabilities
Description: Hummingbird Deployment Wizard 10 ActiveX control is an
application used by Hummingbird products to aid in software
installation and configuration. The ActiveX control provided by the
"DeployRun.dll" file is exposed to multiple issues that attackers can

exploit to run arbitrary code. Hummingbird Deployment Wizard version
10 10.0.0.44 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________
 
08.43.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Dart Communications PowerTCP FTP for ActiveX "DartFtp.dll"
Buffer Overflow
Description: PowerTCP FTP for ActiveX is an ActiveX control that
utilizes an FTP client. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. PowerTCP FTP for ActiveX version 2.0.2.0
is affected.
Ref: http://www.securityfocus.com/bid/31814
______________________________________________________________________
 
08.43.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Solution Client User Interface
Local Privilege Escalation
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, notebooks, thin clients, and
handheld devices from a centralized location. It is available for
Microsoft Windows. The application is exposed to a local privilege
escalation issue. The problem occurs in the client graphical user
interface (GUI).
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20a.html
______________________________________________________________________
 
08.43.6 CVE: CVE-2008-3831
Platform: Linux
Title: Linux Kernel i915 Driver "drivers/char/drm/i915_dma.c" Memory
Corruption
Description: The Linux kernel is exposed to a memory corruption issue
because of insufficient boundary checks in the i915 driver.  This
issue affects the "drivers/char/drm/i915_dma.c" source file and can
be
exploited with specially-crafted "DRM_I915_HWS_ADDR" IOCTL calls.
Linux kernel versions 2.6.24.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/31792
______________________________________________________________________
 
08.43.7 CVE: CVE-2008-4618
Platform: Linux
Title: Linux Kernel SCTP Protocol Violation Remote Denial of Service
Description: The Linux kernel is exposed to a remote denial of service
issue because it fails to handle SCTP protocol violations. This issue
occurs when handling certain SCTP protocol violations resulting from
invalid parameter lengths. Linux kernel versions prior to 2.6.27 are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1079
______________________________________________________________________
 
08.43.8 CVE: Not Available
Platform: Unix
Title: Symantec Veritas File System "qioadmin" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to a local information disclosure issue that is
present in the "qioadmin" utility for the Quick I/O for Database
feature.
Ref: http://seer.entsupport.symantec.com/docs/310872.htm
______________________________________________________________________
 
08.43.9 CVE: CVE-2008-4473
Platform: Cross Platform
Title: Adobe Flash CS3 Professional SWF File Remote Code Execution
Description: Adobe Flash CS3 Professional is an application for
creating Flash media files. Flash CS3 Professional is exposed to a
remote code execution issue when processing specially crafted SWF
files. Flash CS3 Professional for Microsoft Windows is affected.
Ref: http://www.securityfocus.com/archive/1/497397
______________________________________________________________________
 
08.43.10 CVE: CVE-2008-4575
Platform: Cross Platform
Title: jhead versions Prior to 2.84 Multiple Vulnerabilities
Description: jhead is an exif jpeg header manipulation tool. jhead is
exposed to multiple remote issues. Attackers can exploit these issues
to execute arbitrary code within the context of the affected
application, crash the affected application, perform symbolic link
attacks and overwrite arbitrary files on the affected computer. jhead
versions prior to 2.84 are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________
 
08.43.11 CVE: CVE-2008-4412
Platform: Cross Platform
Title: Hewlett-Packard Systems Insight Manager Unspecified
Unauthorized Access
Description: Hewlett Packard Systems Insight Manager (SIM) is a tool
for managing HP servers. SIM is exposed to an unspecified unauthorized
access issue. A remote attacker may exploit this issue to gain
unauthorized access to data. SIM versions prior to 5.2 SP2 are
affected.
Ref: http://www.securityfocus.com/bid/31777
______________________________________________________________________
 
08.43.12 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client Denial of
Service
Description: Hitachi JP1/NETM/DM SubManager and JP1/NETM/DM Client are
exposed to a denial of service issue that occurs when the applications
are configured to report JP1 events.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-019/index.html

______________________________________________________________________
 
08.43.13 CVE: Not Available
Platform: Cross Platform
Title: Hitachi XFIT/S/JCA and XFIT/S/ZGN Unspecified Denial of Service
Description: Hitachi XFIT/S/JCA and XFIT/S/ZGN are exposed to an
unspecified denial of service issue because they fail to properly
handle unexpected data.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-020/index.html

______________________________________________________________________
 
08.43.14 CVE: Not Available
Platform: Cross Platform
Title: Apache HTTP Server OS Fingerprinting Unspecified Security
Description: Apache is an HTTP server available for various operating
systems. The application is exposed to an unspecified security issue
related to OS fingerprinting at the application level. Apache version
2.2.9 is affected.
Ref: http://www.securityfocus.com/archive/1/497506
______________________________________________________________________
 
08.43.15 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP File Modification
Unauthorized Access
Description: Hitachi JP1/File Transmission Server/FTP is an enterprise
FTP application. Hitachi JP1/File Transmission Server/FTP is exposed
to an issue that may allow attackers to modify file permissions.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-018/index.html

______________________________________________________________________
 
08.43.16 CVE: Not Available
Platform: Cross Platform
Title: Hitachi JP1/File Transmission Server/FTP Unspecified Denial of
Service
Description: Hitachi JP1/File Transmission Server/FTP is exposed to an
unspecified denial of service issue because it fails to properly
handle unexpected data.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vu
s/HS08-017/index.html
______________________________________________________________________
 
08.43.17 CVE: Not Available
Platform: Cross Platform
Title: VLC Media Player TY File Stack-Based Buffer Overflow
Description: VLC is a cross-platform media player. VLC is exposed to a
stack-based buffer overflow issue because it fails to perform adequate
checks on user-supplied input. This occurs when the application parses
specially-crafted TY files. VLC Media Player versions prior to 0.9.0
up to and including 0.9.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497587
______________________________________________________________________
 
08.43.18 CVE: CVE-2008-4552
Platform: Cross Platform
Title: "nfs-utils" Package "hosts_ctl()" Security Bypass
Description: The "nfs-utils" package provides a daemon for the kernel

NFS server and related tools. The application is exposed to a security
bypass issue because of an error in the implementation of TCP
wrappers. This issue is caused due to a wrong number of arguments
passed to the "hosts_ctl()" function, causing TCP Wrappers to ignore
netgroups. "nfs-utils" package version 1.0.9 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=458676
______________________________________________________________________
 
08.43.19 CVE: Not Available
Platform: Cross Platform
Title: MUSCLE "Message::AddToString()" Buffer Overflow
Description: MUSCLE (Multi User Server Client Linkage Environment) is
a cross-platform client server messaging system. The library is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. MUSCLE version 4.30 is
affected.
Ref: https://public.msli.com/lcs/muscle/muscle/HISTORY.txt
______________________________________________________________________
 
08.43.20 CVE: Not Available
Platform: Cross Platform
Title: FireGPG Insecure Temporary File Creation
Description: FireGPG is an add on providing GNU Privacy Guard (GPG)
functionality for the Firefox web browser. FireGPG creates temporary
files in an insecure manner. Specifically, when decrypting email,
FireGPG creates temporary files with predictable names for the
encrypted content, the decrypted content, and the user passphrase.
FireGPG versions prior to 6.0 are affected.
Ref: http://www.securityfocus.com/archive/1/497547
______________________________________________________________________
 
08.43.21 CVE: CVE-2008-3248
Platform: Cross Platform
Title: Symantec Veritas File System "qiomkfile" Local Information
Disclosure
Description: Symantec Veritas File System (VxFS) is a commercial
filesystem available for Unix and Unix like operating systems. The
application is exposed to an information disclosure issue which may
result in sensitive information being made available to local
attackers. Veritas File System versions prior to 5.0 MP3 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20.html
______________________________________________________________________
 
08.43.22 CVE: Not Available
Platform: Cross Platform
Title: Multiple Vendor USB, PS/2 and Laptop Keyboard Electromagnetic
Emanation Capture
Description: Keyboards from multiple vendors are exposed to an
information disclosure issue because the devices do not adequately
shield electromagnetic emanations. This issue affects USB, PS/2, and
laptop keyboards manufactured between 2001 and 2008.
Ref: http://www.securityfocus.com/bid/31831
______________________________________________________________________
 
08.43.23 CVE: Not Available
Platform: Cross Platform
Title: RealVNC 4.1.2 "CMsgReader::readRect()" Remote Code Execution
Description: RealVNC (Virtual Network Computing) allows users to
access remote computers for administration purposes. RealVNC Viewer is
exposed to a remote code execution issue because it fails to
adequately handle certain encoding types. RealVNC Free Edition
versions prior to 4.1.3 are affected.
Ref: http://www.realvnc.com/products/free/4.1/release-notes.html
______________________________________________________________________
 
08.43.24 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX like operating systems. Wireshark is exposed to multiple denial
of service issues when handling certain types of packets and protocols
in varying conditions. Wireshark versions 0.10.3 up to and including
1.0.3 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-06.html
______________________________________________________________________
 
08.43.25 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server Denial of Service And Security
Bypass Vulnerabilities
Description: IBM WebSphere Application Server (WAS) is an application
infrastructure used for service oriented architecture. The application
is exposed to multiple issues. Successful exploits may allow attackers
to hang the server causing a denial of service condition or bypass
certain security restrictions. IBM WebSphere Application Server
versions prior to 6.0.2.31 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27006876
______________________________________________________________________
 
08.43.26 CVE: Not Available
Platform: Cross Platform
Title: F-Secure Multiple Products RPM File Integer Overflow
Description: Multiple F-Secure products are exposed to an integer
overflow issue because the applications fail to properly handle
user-supplied input. Specifically, the issue occurs when an affected
application parses a specially-crafted malicious RPM archive file.
Ref: http://www.f-secure.com/security/fsc-2008-3.shtml
______________________________________________________________________
 
08.43.27 CVE: Not Available
Platform: Cross Platform
Title: Symantec Altiris Deployment Solution Clear Text Password Local
Information Disclosure
Description: Symantec Altiris Deployment Solution is software for
deploying and managing servers, desktops, and notebooks. The
application is exposed to a local information disclosure issue because
it stores Application Identity Account passwords in clear text on the
affected computer. Symantec Altiris Deployment Solution versions prior
to 6.9.355 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.10.20b.html
______________________________________________________________________
 
08.43.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Elxis CMS "index.php" Multiple Cross-Site Scripting and
Session
Fixation Vulnerabilities
Description: Elxis CMS is a content manager. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. Elxis CMS version 2006.1 is
affected.
Ref: http://www.securityfocus.com/bid/31764
______________________________________________________________________
 
08.43.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Habari "habari_username" Parameter Cross-Site Scripting
Description: Habari is a PHP based content manager. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "habari_username"
parameter. Habari version 0.5.1 is affected.
Ref: http://www.securityfocus.com/bid/31794
______________________________________________________________________
 
08.43.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WebGUI Security Bypass and Multiple Cross-Site Scripting
Vulnerabilities
Description: WebGUI is a web-based content manager. The application is
exposed to multiple issues. WebGUI version 7.5.25 is affected.
Ref: http://www.webgui.org/getwebgui/advisories/webgui-7.5.26-stable-released
______________________________________________________________________
 
08.43.31 CVE: CVE-2008-4121
Platform: Web Application - Cross Site Scripting
Title: cpCommerce Multiple Cross-Site Scripting Vulnerabilities
Description: cpCommerce is a PHP based e-commerce application. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. cpCommerce versions
prior to 1.2.4 are affected.
Ref: http://www.securityfocus.com/archive/1/497545
______________________________________________________________________
 
08.43.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Movable Type Prior to Version 4.22 Unspecified Cross-Site
Scripting
Description: Movable Type is a web-log application written in PERL.
Movable Type is exposed to an unspecified cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. This
issue affects the application management section of the application.
Movable Type versions prior to 4.22 are affected.
Ref: http://www.securityfocus.com/bid/31826
______________________________________________________________________
 
08.43.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNETS Unspecified Cross-Site Scripting
Description: MyNETS is a web-based application. MyNETS is exposed to
an unspecified cross-site scripting issue because it fails to properly
sanitize user-supplied input. An attacker may leverage this issue to
execute arbitrary script code in the browser of an unsuspecting user
in the context of the affected site.
Ref: http://www.securityfocus.com/bid/31835
______________________________________________________________________
 
08.43.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Wysi Wiki Wyg "index.php" Cross-Site Scripting
Description: Wysi Wiki Wyg is a PHP based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input passed to the "s"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/31836
______________________________________________________________________
 
08.43.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AstroSPACES "profile.php" SQL Injection
Description: AstroSPACES is a web-based social networking application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "profile.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31771
______________________________________________________________________
 
08.43.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpWebGallery "comments.php" SQL Injection and Code Execution
Vulnerabilities
Description: PhpWebGallery is a PHP based photo gallery. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sort_by" parameter
of
the "comments.php" script before using it in an SQL query.
PhpWebGallery versions up to and including 1.7.2 are affected.
Ref: http://www.securityfocus.com/bid/31762
______________________________________________________________________
 
08.43.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyPHPDating "success_story.php" SQL Injection
Description: MyPHPDating is a PHP based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"success_story.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/31763
______________________________________________________________________
 
08.43.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myStats Security Bypass and SQL Injection Vulnerabilities
Description: myStats is a web-based application. The application is
exposed to multiple security issues.
Ref: http://www.securityfocus.com/bid/31772
______________________________________________________________________
 
08.43.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: myEvent "viewevent.php" SQL Injection
Description: myEvent is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "eventdate" parameter of the
"viewevent.php" script before using it in an SQL query. myEvent
version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/31773
______________________________________________________________________
 
08.43.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SweetCMS "index.php" SQL Injection
Description: SweetCMS is a web-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "page" parameter of the
"index.php"
script before using it in an SQL query. SweetCMS version 1.5.2 is

Ok part 3 of the series of tools used for auditors is based around Hydra

Hydra was a software project developed by a German organization called “The Hacker’s Choice” (THC) that uses a dictionary attack to test for weak or simple passwords on one or many remote hosts running a variety of different services. It was designed as a proof-of-concept utility to demonstrate the ease of cracking poorly chosen passwords.

The project supports a wide range of services and protocols: TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP, PostgreSQL, Teamspeak, Cisco auth, Cisco enable, and Cisco AAA. It is licensed under version 2.0 of the GNU General Public License with the additional terms that the software may not be used for illegal purposes, and any commercial service or program that uses Hydra must give credit to THC.

The 5.0 release of Hydra, released in November 2005, marked the 10th anniversary of the hacking group. The current release is version 5.4, updated in March 2007.

THC-Hydra is a great login hacker: for Samba, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support and is part of Nessus. If you visit the project web site you will find support for Win32, Palm and ARM binaries. It is also included on the BackTrack ISO.

To start off with you need a standard dictionary file. I personally use one of about 2 to 3GB in size, but for this tutorial I’m only going to use a small password list. A side note on dictionaries is that you want to cater them to the market you are auditing. I once audited an Alaskan Health Care organization that a large portion of the employed base spoke a language called Yupik. I compiled a dictionary around that language to use with Hydra for the audit.

The best word list page I have seen is off of sourceforge’s site http://wordlist.sourceforge.net/ please let me know if you have other good locations.

First step, download hydra either from it’s homepage (http://freeworld.thc.org/thc-hydra), or from the tools section on my site (http://greyhat-security.com/tools.html). Make sure if you download it from its actual homepage that you choose the Windows version, as that’s what this tutorial is written for. Download the zip file, extract it, and make sure you see the files below:

If you do, that’s good. Go to Start > Run > cmd to open the command prompt. Then change to your hydra folder using the “cd” command. For example my hydra folder was on the desktop, so I did this:

Now that you’ve done this, it’s time to execute Hydra for the first time! Sorry Windows fans, but there is only a GUI for Hydra for Linux systems, you you’re going to have to do it the old fashioned way. Just type “hydra.exe” without quotes, and watch the result:

Next, we will do a quick scan to think of some IP’s to attack. I would advise Nmap. You can download it fromhttp://nmap.org – make sure to download the windows installer. I will be doing a tutorial at some point in thr future. Install it. Find out your IP address, so that you know a possible IP range. In the command prompt sessions, type “ipconfig” and watch the results:

In my case, the range is at least 10.1.1.1-4, but I’ll go from 1 to 10 just to be safe. Fire up Nmap and do a ping scan “nmap -sP 10.1.1.1-10” to see what hosts are alive, and wait for the results:

Pick a host to port scan – I picked 10.1.1.1 because it is a router, and for most people the password is generally pretty simple, if not default. Port scan it using something like “nmap -sS -sV -P 0 -T5 -O 10.1.1.1” and see if it’s running any services (click on the “Ports/Hosts” tab at the end for a simpler view of the services running and their ports):

As I’ve indicated by circling, I’ll be attacking the Telnet port because I know that it works, because I know you guys think Telnet is the be-all and end-all of hacking, and because the Windows version of THC-Hydra isn’t compiled with LIBSSH support (unless you did it yourself), and as such I can’t attack SSH – otherwise I’d be doing that instead. It’s so much better. Head back to your command session, and review the output from Hydra before; it tells you the services it can crack. After looking through it, and realizing that Telnet definitely is there, we can now proceed to attack it with the command “hydra -l admin -P passlist.txt 10.1.1.1 telnet” as is demonstrated here:

An explanation of the command: -l admin was used because I assumed that the router would have the login of “admin”. You can use username lists as well if you wish. -P passlist.txt specified a password dictionary named “passlist.txt” – make sure to have the -P include the capital P, otherwise you’ll be specifying a password to try. 10.1.1.1 is the routers IP address, and telnet is the protocol we want to attack. Now obviously we could tell it to attack that protocol on a different port, but we won’t bother with that right now unless anyone else wants to see how. My dictionary only included 4 words for the purpose of this tutorial. You can see the cracked password circled at the end (which by the way, isn’t my password for the router, for those of you who know how to get my IP and want to try and break in ). And that’s how to do a basic hydra service crack on Windows.

]]> http://secauditor.wordpress.com/2008/10/23/now-the-tools-pt3-hydra/feed/ 1 secauditor hydra1 hydra2 hydra3 hydra4 hydra5 hydra61 hydra7