Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
December 31, 2007                                         Vol. 6. Week 53
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Office                              2
Third Party Windows Apps                      7  (#1, #2, #4)
Novell                                        1
Cross Platform                                9  (#3)
Web Application - Cross Site Scripting        8
Web Application - SQL Injection              15
Web Application                              29
Network Device                                 1

************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - New Orleans (1/12-1/17): http://www.sans.org/security08/event.php
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table of Contents

Part I - Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) HIGH: AOL Picture Editor ActiveX Control Multiple Buffer Overflows
(2) HIGH: Persits Software XUpload ActiveX Control Buffer Overflow
(3) MODERATE: Video LAN Client Multiple Vulnerabilities
(4) MODERATE: Winace Uuencoding Buffer Overflow

***********************  SPONSORED LINK  ********************************
1) Insider threat research report shows CEO's in denial. Download the
report now from ArcSight.  http://www.sans.org/info/21463
*************************************************************************

Part II - Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Microsoft Office
07.53.1  - Microsoft Word Wordart Doc Denial of Service
07.53.2  - Microsoft Office Publisher Multiple Denial of Service Vulnerabilities
 -- Third Party Windows Apps
07.53.3  - WinUAE Buffer Overflow
07.53.4  - Zoom Player Malformed ZPL File Buffer Overflow
07.53.5  - Macrovision InstallShield Update Service "isusweb.dll" Remote Buffer
Overflow
07.53.6  - Winace UUE File Handling Buffer Overflow
07.53.7  - Total Player M3U File Denial of Service
07.53.8  - Persits Software XUpload ActiveX Control Remote Buffer Overflow
07.53.9  - AOL Picture Editor "YGPPicEdit.dll" ActiveX Control Multiple Buffer
Overflow Vulnerabilities
 -- Novell
07.53.10 - Novell Identity Manager Client "asampsp" Denial of Service
 -- Cross Platform
07.53.11 - Sun Java System Web Server and Web Proxy Server Multiple Cross-Site
Scripting Vulnerabilities
07.53.12 - Apache Tomcat JULI Logging Component Default Security Policy
07.53.13 - VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
07.53.14 - TCPreen "FD_SET()" Remote Buffer Overflow
07.53.15 - ImgSvr Error Message Remote Script Execution
07.53.16 - Bitflu StorageFarabDb Module ".torrent" File Handling Security Bypass
07.53.17 - Extended Module Player (xmp) "oxm.c" And "dtt_load.c" Multiple Local
Buffer Overflow Vulnerabilities
07.53.18 - Libnemesi Multiple Remote Buffer Overflow Vulnerabilities
07.53.19 - Feng Multiple Remote Buffer Overflow and Denial of Service
Vulnerabilities
 -- Web Application - Cross Site Scripting
07.53.20 - Dokeos "forum" and "origin" Multiple Cross-Site Scripting
Vulnerabilities
07.53.21 - TikiWiki "tiki-special_chars.php" Cross-Site Scripting
07.53.22 - SimpleForum "simpleforum.cgi" Cross-Site Scripting
07.53.23 - Limbo CMS "com_option" Parameter Cross-Site Scripting
07.53.24 - Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified
Cross-Site Scripting Vulnerabilities
07.53.25 - iPortalX Multiple Cross-Site Scripting Vulnerabilities
07.53.26 - Mambo Multiple Unspecified Cross-Site Scripting Vulnerabilities
07.53.27 - NetBizCity FaqMasterFlexPlus "faq.php" Cross-Site Scripting
 -- Web Application - SQL Injection
07.53.28 - Moodle "view_entry.php" SQL Injection
07.53.29 - nicLOR CMS sezione_news.php SQL Injection
07.53.30 - Wallpaper Complete Website "category.php" SQL Injection
07.53.31 - IP Reg Multiple SQL Injection Vulnerabilities
07.53.32 - zBlog "index.php" Multiple SQL Injection Vulnerabilities
07.53.33 - Brand039 MMSLamp "default.php" SQL Injection
07.53.34 - AdultScript "id" Parameter Multiple SQL Injection Vulnerabilities
07.53.35 - PHP ZLink "go.php" SQL Injection
07.53.36 - MeGaCheatZ "ItemID" Parameter Multiple SQL Injection Vulnerabilities
07.53.37 - eSyndiCat Link Directory "suggest-link.php" SQL Injection
07.53.38 - MailMachinePRO "showMsg.php" SQL Injection
07.53.39 - Web Sihirbazi "default.asp" Multiple SQL Injection Vulnerabilities
07.53.40 - Blakord Portal Multiple SQL Injection Vulnerabilities
07.53.41 - XZeroScripts XZero Community Classifieds SQL Injection
07.53.42 - NetBizCity FaqMasterFlexPlus "faq.php" SQL Injection
 -- Web Application
07.53.43 - NmnNewsletter "confirmUnsubscription.php" Remote File Include
07.53.44 - Arcadem LE "frontpage_right.php" Remote File Include
07.53.45 - MyBlog Games.PHP ID Remote File Include
07.53.46 - Shadowed Portal "control.php" Local File Include
07.53.47 - mBlog "index.php" Local File Include
07.53.48 - Social Engine "global_lang" Multiple Local File Include
Vulnerabilities
07.53.49 - PHCDownload Username HTML Injection
07.53.50 - Agares Media ThemeSiteScript "loadadminpage" Parameter Remote File
Include
07.53.51 - Jupiter Panel Module Privilege Escalation
07.53.52 - PDFlib Multiple Remote Buffer Overflow Vulnerabilities
07.53.53 - Logaholic Multiple Input Validation Vulnerabilities
07.53.54 - Tikiwiki CMS "tiki-listmovies.php" Directory Traversal
07.53.55 - CuteNews "search.php" Information Disclosure
07.53.56 - Joomla mosDirectory Component mosConfig_absolute_path Remote File
Include
07.53.57 - Jupiter "index.php" Local File Include
07.53.58 - RunCMS Multiple Input Validation Vulnerabilities
07.53.59 - TeamCal Pro Multiple Remote and Local File Include Vulnerabilities
07.53.60 - Agares Media phpAutoVideo Multiple Remote and Local File Include
Vulnerabilities
07.53.61 - PHP MySQL Open Source Help Desk "form.php" Code Injection
07.53.62 - Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities and
Unspecified Weakness
07.53.63 - auraCMS "admin_users.php" Access Validation
07.53.64 - PNphpBB2 "printview.php" Local File Include
07.53.65 - XZeroScripts XZero Community Classifieds "config.inc.php" Remote File
Include
07.53.66 - XZeroScripts XZero Community Classifieds Local File Include
07.53.67 - Mantis "view.php" HTML Injection
07.53.68 - PDNS-Admin Authentication Bypass
07.53.69 - xml2owl "showCode.php" Command Execution
07.53.70 - OpenBiblio Multiple Input Validation Vulnerabilities
07.53.71 - Joovili "picture" Parameter Multiple Local File Include
Vulnerabilities
 -- Network Device
07.53.72 - March Networks 3204 DVR Information Disclosure

*************************************************************************

PART I - Critical Vulnerabilities

Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) HIGH: AOL Picture Editor ActiveX Control Multiple Buffer Overflows
Affected:
AOL Picture Editor

Description: The AOL Picture Editor is an image editing application by
AOL. Some of its functionality is provided by an ActiveX control, known
as "YGPPicEdit". This control contains several methods vulnerable to
buffer overflows. A specially crafted web page that instantiated this
control could exploit one of these vulnerabilities, allowing an attacker
to execute arbitrary code with the privileges of the current user. Full
technical details and a proof-of-concept for this vulnerability are
publicly available.

Status: AOL has not confirmed, no updates available. Users can mitigate
the impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism, using CLSID
"085891E5-ED86-425F-8522-C10290FA8309". Note that this may impact normal
functionality.

References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/27026.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/27026

********************************************************************

(2) HIGH: Persits Software XUpload ActiveX Control Buffer Overflow
Affected:
Persits Software XUpload ActiveX Control versions prior to 3.0.0.4

Description: The Persits Software XUpload ActiveX control is an ActiveX
control to simplify uploading of files to remote servers. It contains a
buffer overflow in its "AddFolder()" method. A specially crafted web
page that instantiates this control could trigger this buffer overflow,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Full technical details and a proof-of-concept for this
vulnerability are publicly available. This control is used in other
software, including HP's LoadRunner load testing suite.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism using CLSID
"E87F6C8E-16C0-11D3-BEF7-009027438003". Note that this may affect normal
application functionality.

References:
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/27025.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://xupload.aspupload.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27025

********************************************************************

(3) MODERATE: Video LAN Client Multiple Vulnerabilities
Affected:
Video LAN Client versions 0.8.6d and prior

Description: The Video LAN Client (also known as VLC or the VLC media
player) is an open source, cross-platform media player. It contains
multiple vulnerabilities in the parsing of subtitle information and a
flaw in its web interface. A specially crafted media file containing
subtitle information could exploit one of these vulnerabilities to
execute arbitrary code with the privileges of the current user. Note
that, depending upon configuration, malicious files may be opened
automatically by the application without first prompting the user.
Additionally, a flaw exists in VLC's web interface. By sending a
specially crafted request to the web interface, an attacker could
exploit this vulnerability to execute arbitrary code with the privileges
of the web interface process. Note that the web interface is disabled
by default. Full technical details and proofs-of-concept for these
vulnerabilities are publicly available.

Status: Vendor confirmed, updates available.

References:
Proofs-of-Concept (binary file link)
http://www.securityfocus.com/data/vulnerabilities/exploits/vlcboffs.zip
Posting by Michal Luczaj
http://mailman.videolan.org/pipermail/vlc-devel/2007-June/032672.html
Posting by Fenrir
http://mailman.videolan.org/pipermail/vlc-devel/2007-June/033394.html
Posting by Luigi Auriemma
http://aluigi.altervista.org/adv/vlcboffs-adv.txt
Video LAN Client Home Page
http://www.videolan.org
SecurityFocus BID
http://www.securityfocus.com/bid/27015

********************************************************************

(4) MODERATE: Winace Uuencoding Buffer Overflow
Affected:
Winace versions prior to 2.69

Description: Winace is a popular archiving solution for Microsoft
Windows. It contains a flaw in its handling of uuencoded files.
Uuencoding is a plain text encoding format used to send binary files
across media that may not support binary transmission (such as email).
A specially crafted uuencoded file could trigger a buffer overflow
vulnerability in Winace, allowing an attacker to execute arbitrary code
with the privileges of the current user. Note that, depending upon
configuration, uuencoded files may be opened by Winace automatically
without first prompting the user.

Status: Vendor confirmed, updates available.

References:
Wikipedia Article on Uuencoding
http://en.wikipedia.org/wiki/Uuencoding
Winace Home Page
http://www.winace.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27017

********************************************************************************
**********

Part II - Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)
Week 53, 2007

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5694 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

07.53.1 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Word Wordart Doc Denial of Service
Description: Microsoft Word is a word processing application. The
application is exposed to a denial of service issue when handling
malformed ".doc" files with excessively large "wordart" content.
Microsoft Word 2003 is affected.
Ref: http://www.securityfocus.com/archive/1/485452
______________________________________________________________________

07.53.2 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Office Publisher Multiple Denial of Service
Vulnerabilities
Description: Microsoft Office Publisher is an application for
designing and publishing documents. The application is exposed to
multiple denial of service issues when handling malformed files. The
first issue occurs when handling a malformed file where the values of
00006B90 to 00006D90 are changed to "A". The second issue occurs when
handling a file with modified "wordart" content.
Ref: http://www.securityfocus.com/archive/1/485456
______________________________________________________________________

07.53.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinUAE Buffer Overflow
Description: WinUAE is an Amiga emulator for Windows. The application
is exposed to a local stack-based buffer overflow issue because it fails
to properly bounds check user-supplied data before copying it into an
insufficiently sized buffer. WinUAE versions prior to 1.4.5 are
affected.
Ref: http://www.securityfocus.com/archive/1/485446
______________________________________________________________________

07.53.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Zoom Player Malformed ZPL File Buffer Overflow
Description: Zoom Player is a media player for Microsoft Windows. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. This issue
occurs when handling Malformed ZPL files containing an http link
pointing to a file with a PLS extension. Specifically, this issue
occurs when a large amount of data is passed into an insufficiently
sized buffer. The buffer is then passed to the "wsprintf()" function,
which results in a buffer overflow. Zoom Player version 6.00 beta 2
and all releases contained in the Zoom Player version 5 branch are
affected.
Ref: http://www.securityfocus.com/archive/1/485499
______________________________________________________________________

07.53.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Macrovision InstallShield Update Service "isusweb.dll" Remote
Buffer Overflow
Description: The Macrovision InstallShield Update Service ActiveX
control is a web-based software updating component commonly installed
with Macrovision InstallShield and FLEXnet software. The application
is exposed to a remote buffer overflow issue because it fails to properly
sanitize user-supplied data. This issue presents itself when excessive
data is passed to the "DownloadAndExecute()" method through its second
argument. InstallShield Update Service version 5.1.100.47363 is
affected.
Ref: http://support.installshield.com/kb/view.asp?articleid=Q113020
______________________________________________________________________

07.53.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winace UUE File Handling Buffer Overflow
Description: Winace is a file compression/decompression tool for
Microsoft Windows platforms. It supports various formats such as UUE,
CAB, JAR, ZIP, RAR, TAR, GZ, TAR.GZ, LZA, LHA, etc. The application is
exposed to a heap buffer overflow issue when handling specially
crafted UUE files. This issue arises because Winace fails to perform
boundary checks on user-supplied data. Winace versions prior to 2.69
are affected.
Ref: http://www.securityfocus.com/bid/27017
______________________________________________________________________

07.53.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Total Player M3U File Denial of Service
Description: Total Player is an audio player. It is available for
Microsoft Windows platforms. The application is exposed to a denial of
service issue because it fails to properly handle certain "m3u" files.
The issue may be triggered by an overly long entry in an "m3u" play
list. Total Player version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/485513
______________________________________________________________________

07.53.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Persits Software XUpload ActiveX Control Remote Buffer Overflow
Description: The XUpload ActiveX control allows users to upload files
to a server. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. XUpload version 2.1.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.53.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: AOL Picture Editor "YGPPicEdit.dll" ActiveX Control Multiple
Buffer Overflow Vulnerabilities
Description: AOL Picture Editor is an ActiveX control shipped with AOL
instant messenger that allows users to edit pictures. The application
is exposed to multiple issues that attackers can exploit to run
arbitrary code. The issues stem from various buffer overflow
conditions. AOL Picture Editor "YGPPicEdit.dll" version 9.5.1.8 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

07.53.10 CVE: Not Available
Platform: Novell
Title: Novell Identity Manager Client "asampsp" Denial of Service
Description: Novell Identity Manager is an identity-management product
that provisions user/password management for the enterprise. The
client application is exposed to a denial of service issue because it
fails to properly handle certain syslog messages with unescaped format
characters. Specifically, this issue affects the "asampsp" process.
Novell Identity Manager version 3.5.1 is affected.
Ref:
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5007560.
html
______________________________________________________________________

07.53.11 CVE: Not Available
Platform: Cross Platform
Title: Sun Java System Web Server and Web Proxy Server Multiple
Cross-Site Scripting Vulnerabilities
Description:  Sun Java System Web Server and Sun Java System Web Proxy
Server are both developed by Sun Microsystems. These applications are
exposed to multiple cross-site scripting issues because they fail to
sanitize user-supplied input.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1&searchclause=
______________________________________________________________________

07.53.12 CVE: CVE-2007-5342
Platform: Cross Platform
Title: Apache Tomcat JULI Logging Component Default Security Policy
Description: Apache Tomcat is a Java-based webserver application for
multiple operating systems. The server includes the JULI logging
component that allows third-party web applications to specify their
own log configurations. The server is exposed to an issue that can
allow third-party web applications to write files to arbitrary
locations with the privileges of the user running the server. Tomcat
versions 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are affected.
Ref: http://www.securityfocus.com/archive/1/485481
______________________________________________________________________

07.53.13 CVE: Not Available
Platform: Cross Platform
Title: VideoLAN VLC Multiple Remote Code Execution Vulnerabilities
Description: VideoLAN VLC media player is a multimedia application for
playing audio and video files. The application is exposed to multiple
remote code execution issues. VLC version 0.8.6d is affected.
Ref: http://www.securityfocus.com/archive/1/485488
______________________________________________________________________

07.53.14 CVE: Not Available
Platform: Cross Platform
Title: TCPreen "FD_SET()" Remote Buffer Overflow
Description: TCPreen is an application that monitors communications
between clients and servers through streams such as TCP sessions. It
is available for multiple operating platforms. The application is
exposed to a remote buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer.TCPreen prior to 1.4.4 are vulnerable.
Ref: http://anonsvn.remlab.net/svn/tcpreen/tags/1.4.4/NEWS
______________________________________________________________________

07.53.15 CVE: Not Available
Platform: Cross Platform
Title: ImgSvr Error Message Remote Script Execution
Description: ImgSvr is a database for digital photos. The application
is exposed to a remote script execution issue because it fails to
adequately sanitize user-supplied input. ImgSvr version 0.6.21 is
affected.
Ref: http://www.securityfocus.com/bid/27033
______________________________________________________________________

07.53.16 CVE: Not Available
Platform: Cross Platform
Title: Bitflu StorageFarabDb Module ".torrent" File Handling Security
Bypass
Description: Bitflu is a BitTorrent client for Linux and BSD platforms.
Bitflu is exposed to a security bypass issue that affects the
"StorageFarabDb" module. The issue arises when the application handles
a malicious ".torrent" file. Bitflu versions prior to 0.42 are affected.
Ref: http://bitflu.workaround.ch/ChangeLog.txt
______________________________________________________________________

07.53.17 CVE: Not Available
Platform: Cross Platform
Title: Extended Module Player (xmp) "oxm.c" And "dtt_load.c" Multiple
Local Buffer Overflow Vulnerabilities
Description: Extended Module Player (xmp) is a command-line module
player used for handling module formats from Amiga, Atari, Acorn,
Apple IIgs, and PC platforms. The application is exposed to multiple
local buffer overflow issues because it fails to perform adequate
boundary checks prior to copying user-supplied input into an
insufficiently sized buffer. Extended Media Player version 2.5.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/485573
______________________________________________________________________

07.53.18 CVE: Not Available
Platform: Cross Platform
Title: Libnemesi Multiple Remote Buffer Overflow Vulnerabilities
Description: Libnemesi is an open-source client library used for
implementing RTSP/RTP streaming in applications. The application is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied input. Libnemesi version
0.6.4-rc1 is affected.
Ref: http://www.securityfocus.com/archive/1/485575
______________________________________________________________________

07.53.19 CVE: Not Available
Platform: Cross Platform
Title: Feng Multiple Remote Buffer Overflow and Denial of Service
Vulnerabilities
Description: Feng is a freely-available multimedia streaming server
that supports RTSP and RTP (Real-Time Streaming protocols). The
application is exposed to multiple remote buffer overflow and denial
of service issues. Feng version 0.1.15 is affected.
Ref: http://www.securityfocus.com/archive/1/485574
______________________________________________________________________

07.53.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dokeos "forum" and "origin" Multiple Cross-Site Scripting
Vulnerabilities
Description: Dokeos is a PHP-based application for online learning.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input. Dokeos versions
1.8.4 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/485458
______________________________________________________________________

07.53.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TikiWiki "tiki-special_chars.php" Cross-Site Scripting
Description: TikiWiki is a wiki application. The application is
exposed to cross-site scripting attacks because it fails to
sufficiently sanitize user-supplied input to the "area_name" parameter
of the "tiki-special_chars.php" script. TikiWiki version 1.9.8.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/485483
______________________________________________________________________

07.53.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SimpleForum "simpleforum.cgi" Cross-Site Scripting
Description: SimpleForum is a web-based forum application implemented
in Perl. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the "search" form
field parameter of the "simpleforum.cgi" script. SimpleForum version
4.6.2 is affected.
Ref: http://www.securityfocus.com/archive/1/485483
______________________________________________________________________

07.53.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Limbo CMS "com_option" Parameter Cross-Site Scripting
Description: Limbo CMS is a content management system. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "com_option" parameter of the
"admin.php" script. Limbo CMS version 1.0.4.2 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-limbo-cms.html
______________________________________________________________________

07.53.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Adobe Flash Player SWFs in Dreamweaver and Acrobat Unspecified
Cross-Site Scripting Vulnerabilities
Description: Adobe Dreamweaver and Acrobat Connect include
pre-generated Shock Wave Files (SWF), which are Flash media files
played via Adobe Flash Player. Some of the pre-generated SWF files
included are exposed to a cross-site scripting issue. SWF files included
with Dreamweaver CS3 and Acrobat Connect are affected.
Ref: http://www.adobe.com/support/security/advisories/apsa07-06.html
______________________________________________________________________

07.53.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: iPortalX Multiple Cross-Site Scripting Vulnerabilities
Description: iPortalX is an ASP-based web portal. The application is
exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. These issues affect the "KW" parameter
of the "search.asp" script, the "Date" parameter of the "blogs.asp"
script, and the "SF" parameter of the "members.asp" script. All
versions of iPortalX are affected.
Ref: http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1
______________________________________________________________________

07.53.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mambo Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description: Mambo is a PHP-based content manager. The application is
exposed to multiple remote issues. Mambo versions prior to 4.6.3 are
affected.
Ref: http://www.securityfocus.com/bid/27046
______________________________________________________________________

07.53.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: NetBizCity FaqMasterFlexPlus "faq.php" Cross-Site Scripting
Description: FaqMasterFlexPlus is a web-based FAQ management
application. The application is exposed to a cross-site scripting
issue because it fails to sanitize user-supplied input to the
"cat_name" parameter of the "faq.php" script. All versions of
FaqMasterFlexPlus are affected.
Ref: http://www.securityfocus.com/bid/27051
______________________________________________________________________

07.53.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Moodle "view_entry.php" SQL Injection
Description: Moodle is a content manager for online courseware. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"ing/blocks/mrbs/code/web/view_entry.php" script before using it in an
SQL query. Moodle version 1.8.3 is affected.
Ref: http://www.securityfocus.com/archive/1/485434
______________________________________________________________________

07.53.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: nicLOR CMS sezione_news.php SQL Injection
Description: nicLOR CMS is a web-based content management system
implemented in PHP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "sezione_news.php" script before using it in
an SQL query.
Ref: http://www.securityfocus.com/bid/26983
______________________________________________________________________

07.53.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wallpaper Complete Website "category.php" SQL Injection
Description: Wallpaper Complete Website is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "catid" parameter
of the "category.php" script before using it in an SQL query.
Wallpaper Complete Website version 1.0.09 is affected.
Ref: http://www.securityfocus.com/bid/26984
______________________________________________________________________

07.53.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IP Reg Multiple SQL Injection Vulnerabilities
Description: IP Reg is an IPAM tool to keep track of assets, nodes (IP
addresses, MAC addresses, DNS aliases) within different subnets, over
different locations or VLANs. The application is exposed to multiple
SQL injection issues because it fails to properly sanitize
user-supplied input before using it in SQL queries. IP Reg version 0.3
is affected.
Ref: http://sourceforge.net/project/showfiles.php?group_id=211757
______________________________________________________________________

07.53.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: zBlog "index.php" Multiple SQL Injection Vulnerabilities
Description: zBlog is a web-based blogging application. The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input before using it in SQL
queries. These issues affect the "categ" parameter of the "categ"
page, and the "article" parameter of the "articles" page, accessed
through "index.php". zBlog version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/26994
______________________________________________________________________

07.53.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Brand039 MMSLamp "default.php" SQL Injection
Description: MMSLamp is a web-based application for content
management. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"idpro" parameter of the "default.php" script before using it in an
SQL query. All versions of MMSLamp are affected.
Ref: http://www.securityfocus.com/bid/26995
______________________________________________________________________

07.53.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AdultScript "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: AdultScript is a script for managing adult videos. The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input before using it in SQL
queries. These issues affect the "id" parameter of the
"videolink_count.php" and "links.php" scripts. AdultScript versions
1.6.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/26996
______________________________________________________________________

07.53.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP ZLink "go.php" SQL Injection
Description: PHP ZLink is short URL redirection script. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"go.php" script before using it in an SQL query. PHP ZLink version 0.3
is affected.
Ref: http://www.securityfocus.com/bid/26997
______________________________________________________________________

07.53.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MeGaCheatZ "ItemID" Parameter Multiple SQL Injection
Vulnerabilities
Description: MeGaCheatZ is a game cheats script. The application is
exposed to multiple SQL injection issues because it fails to properly
sanitize user-supplied input before using it in SQL queries. These
issues affect the "ItemID" parameter of the "comments.php",
"view.php", and "ViewItem.php" scripts. MeGaCheatZ version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/26999
______________________________________________________________________

07.53.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eSyndiCat Link Directory "suggest-link.php" SQL Injection
Description: eSyndiCat Link Directory is a PHP-based application for
managing directories and links. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "suggest-link.php"
script before using it in an SQL query. All versions of eSyndiCat Link
Directory are affected.
Ref: http://www.securityfocus.com/bid/27029
______________________________________________________________________

07.53.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MailMachinePRO "showMsg.php" SQL Injection
Description: MailMachinePRO is a mailing list management application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "showMsg.php" script before using it in an SQL query.
MailMachinePRO version 2.2.4 is affected.
Ref: http://www.securityfocus.com/bid/27030
______________________________________________________________________

07.53.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Web Sihirbazi "default.asp" Multiple SQL Injection
Vulnerabilities
Description: Web Sihirbazi is a web-based application implemented in
ASP. The application is exposed to multiple SQL injection issues
because it fails to properly sanitize user-supplied input before using
it in SQL queries. These issues affect the "pageid" and the "id"
parameters of the "default.asp" script. Web Sihirbazi version 5.1.1 is
affected.
Ref: http://www.securityfocus.com/bid/27031
______________________________________________________________________

07.53.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Blakord Portal Multiple SQL Injection Vulnerabilities
Description: Blakord Portal is a web-based content management system.
It is implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to properly sanitize user-supplied
input before using it in SQL queries. These issues affect the "id"
parameter of multiple unspecified modules. Blakord Portal versions
1.3.a and earlier are affected.
Ref: http://www.securityfocus.com/bid/27038
______________________________________________________________________

07.53.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XZeroScripts XZero Community Classifieds SQL Injection
Description: XZero Community Classifieds is a web application for
classifieds. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"subcatid" parameter of the "index.php" script before using it in an
SQL query. XZero Community Classifieds versions 4.95.11 and earlier
are affected.
Ref: http://www.xzeroscripts.com/products/xzero_classifieds/
______________________________________________________________________

07.53.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetBizCity FaqMasterFlexPlus "faq.php" SQL Injection
Description: FaqMasterFlexPlus is a web-based FAQ management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"category_id" parameter of the "faq.php" script before using it in an
SQL query. All versions of FaqMasterFlexPlus are affected.
Ref: http://www.securityfocus.com/bid/27052
______________________________________________________________________

07.53.43 CVE: Not Available
Platform: Web Application
Title: NmnNewsletter "confirmUnsubscription.php" Remote File Include
Description: NmnNewsletter is a news letter management application.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the "output"
parameter of the "confirmUnsubscription.php" script. NmnNewsletter
version 1.0.7 is affected.
Ref: http://sourceforge.net/projects/nmnnewsletter/
______________________________________________________________________

07.53.44 CVE: Not Available
Platform: Web Application
Title: Arcadem LE "frontpage_right.php" Remote File Include
Description: Arcadem LE is a web-based arcade engine. The application is
exposed to a remote file include issue because it fails to
sufficiently sanitize user-supplied input to the "loadadminpage"
parameter of the "admin/frontpage_right.php" script. Arcadem LE
version 2.04 is affected.
Ref: http://www.securityfocus.com/bid/26986
______________________________________________________________________

07.53.45 CVE: Not Available
Platform: Web Application
Title: MyBlog Games.PHP ID Remote File Include
Description: MyBlog is a content manager. The application is exposed
to a remote file include issue because it fails to sufficiently
sanitize user-supplied input to the "id" parameter of the "games.php"
script.
Ref: http://www.securityfocus.com/archive/1/485457
______________________________________________________________________

07.53.46 CVE: Not Available
Platform: Web Application
Title: Shadowed Portal "control.php" Local File Include
Description: Shadowed Portal is a web-based portal application. The
application is exposed to a local file include issue because it fails
to sufficiently sanitize user-supplied input to the "usr" parameter of
the "control.php" script. Shadowed Portal version 5.7d3 is affected.
Ref: http://www.securityfocus.com/bid/26988
______________________________________________________________________

07.53.47 CVE: Not Available
Platform: Web Application
Title: mBlog "index.php" Local File Include
Description: mBlog is a web-based blogging application. The
application is exposed to a local file include issue because it fails
to sufficiently sanitize user-supplied input to the "page" parameter
of the "index.php" script. mBlog version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/26989
______________________________________________________________________

07.53.48 CVE: Not Available
Platform: Web Application
Title: Social Engine "global_lang" Multiple Local File Include
Vulnerabilities
Description: Social Engine is a social networking platform. The
application is exposed to multiple local file include issues because
it fails to sufficiently sanitize user-supplied input to the
"global_lang" parameter. Social Engine version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/26990
______________________________________________________________________

07.53.49 CVE: Not Available
Platform: Web Application
Title: PHCDownload Username HTML Injection
Description: PHCDownload is remote file-management application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input when registering a new user.
Specifically, the user name supplied during registration is not
sanitized before being displayed in the admin panel. PHCDownload
version 1.10 is affected.
Ref: http://www.securityfocus.com/bid/26991
______________________________________________________________________

07.53.50 CVE: Not Available
Platform: Web Application
Title: Agares Media ThemeSiteScript "loadadminpage" Parameter Remote
File Include
Description: ThemeSiteScript facilitates creation and management of a
themes website. The application is exposed to a remote file include
issue because it fails to sufficiently sanitize user-supplied input to
the "loadadminpage" parameter of the "index.php" script. ThemeSiteScript
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/26998
______________________________________________________________________

07.53.51 CVE: Not Available
Platform: Web Application
Title: Jupiter Panel Module Privilege Escalation
Description: Jupiter is a PHP-based content manger. The application is
exposed to a privilege escalation issue because the application fails
to perform adequate access validation on input passed to the
"tmp[authorization]" parameter of the "panel" module. Jupiter version
1.1.5e is affected.
Ref: http://www.securityfocus.com/bid/27000
______________________________________________________________________

07.53.52 CVE: Not Available
Platform: Web Application
Title: PDFlib Multiple Remote Buffer Overflow Vulnerabilities
Description: PDFlib is a library of tools used for create and edit PDF
documents. PDFlib is designed to support web-based PDF creation. The
application is exposed to multiple buffer overflow issues because it
fails to perform adequate boundary checks on user-supplied input.
PDFlib version 7.02 is affected.
Ref: http://www.securityfocus.com/archive/1/485479
______________________________________________________________________

07.53.53 CVE: Not Available
Platform: Web Application
Title: Logaholic Multiple Input Validation Vulnerabilities
Description: Logaholic is a web-analytic and statistics application
for monitoring websites. The application is exposed to multiple input
validation issues.
Ref: http://www.securityfocus.com/archive/1/485480
______________________________________________________________________

07.53.54 CVE: Not Available
Platform: Web Application
Title: Tikiwiki CMS "tiki-listmovies.php" Directory Traversal
Description: Tikiwiki CMS is a wiki application. The application is
exposed to a directory traversal issue because it fails to
sufficiently sanitize user-supplied input to the "movie" parameter of
the "tiki-listmovies.php" script. Tikiwiki CMS versions prior to 1.9.9
are affected.
Ref: http://www.securityfocus.com/archive/1/485482
______________________________________________________________________

07.53.55 CVE: Not Available
Platform: Web Application
Title: CuteNews "search.php" Information Disclosure
Description: CuteNews is a web-based news application. The application
is exposed to an information disclosure issue. The application fails to
properly sanitize user-supplied input. This issue occurs in the
"files_arch[]" array parameter of the "search.php" script. CuteNews
versions 1.4.5 and 1.3.1 are affected.
Ref: http://www.securityfocus.com/archive/1/485485
______________________________________________________________________

07.53.56 CVE: Not Available
Platform: Web Application
Title: Joomla mosDirectory Component mosConfig_absolute_path Remote
File Include
Description: mosDirectory is an information directory component for
the Joomla! content manager. The application is exposed to a remote
file include issue because it fails to sufficiently sanitize
user-supplied input to the "mosConfig_absolute_path" parameter of the
"modules/mod_pxt_latest.php" script. mosDirectory version 2.3.2 is
affected.
Ref: http://www.securityfocus.com/bid/27014
______________________________________________________________________

07.53.57 CVE: Not Available
Platform: Web Application
Title: Jupiter "index.php" Local File Include
Description: Jupiter is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to sufficiently
sanitize user-supplied input to the "n" parameter of the "index.php"
script. Jupiter version 1.1.5e is affected.
Ref: http://www.securityfocus.com/archive/1/485486
______________________________________________________________________

07.53.58 CVE: Not Available
Platform: Web Application
Title: RunCMS Multiple Input Validation Vulnerabilities
Description: RunCMS is a web-based content management system. The
application is exposed to multiple input validation issues. RunCMS
version 1.6 is affected.
Ref: http://www.securityfocus.com/archive/1/485512
______________________________________________________________________

07.53.59 CVE: Not Available
Platform: Web Application
Title: TeamCal Pro Multiple Remote and Local File Include
Vulnerabilities
Description: TeamCal Pro is a web-based content manager. The
application is exposed to multiple remote and local file include
issues because it fails to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/27022
______________________________________________________________________

07.53.60 CVE: Not Available
Platform: Web Application
Title: Agares Media phpAutoVideo Multiple Remote and Local File
Include Vulnerabilities
Description: Agares Media phpAutoVideo is a web-based video site
application. The application is exposed to multiple remote and local
file include issues because it fails to properly sanitize
user-supplied input. phpAutoVideo version 2.21 is affected.
Ref: http://www.milw0rm.com/exploits/4782
______________________________________________________________________

07.53.61 CVE: Not Available
Platform: Web Application
Title: PHP MySQL Open Source Help Desk "form.php" Code Injection
Description: PHP MySQL Open Source Help Desk (PMOS) is a web-based
help desk application implemented in PHP. This application was
previously sold as InverseFlow Help Desk. The application is exposed
to an arbitrary PHP code injection issue because it fails to properly
sanitize user-supplied input to the "form.php" script. PMOS versions
2.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27032
______________________________________________________________________

07.53.62 CVE: Not Available
Platform: Web Application
Title: Gallery Versions Prior to 2.2.4 Multiple Remote Vulnerabilities
and Unspecified Weakness
Description: Gallery is a PHP-based photo album application. The
application is exposed to multiple remote issues. Gallery versions
prior to 2.2.4 are affected.
Ref:
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00771.
html
______________________________________________________________________

07.53.63 CVE: Not Available
Platform: Web Application
Title: auraCMS "admin_users.php" Access Validation
Description: auraCMS is a content manager. The application is exposed
to an access validation issue that can be leveraged to create
unauthorized administrative user accounts. This issue affects the
"admin_users.php" script. auraCMS version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/27037
______________________________________________________________________

07.53.64 CVE: Not Available
Platform: Web Application
Title: PNphpBB2 "printview.php" Local File Include
Description: PNphpBB2 module is a PHPBB forum for the PostNuke content
manager. The application is exposed to a local file include issue
because it fails to sufficiently sanitize user-supplied input to the
"phpEx" parameter of the "printview.php" script. PNphpBB2 versions
1.2i and earlier are affected.
Ref: http://www.securityfocus.com/bid/27039
______________________________________________________________________

07.53.65 CVE: Not Available
Platform: Web Application
Title: XZeroScripts XZero Community Classifieds "config.inc.php"
Remote File Include
Description: XZero Community Classifieds is a web application for
classifieds. The application is exposed to a remote file include issue
because it fails to sufficiently sanitize user-supplied input to the
"path_escape" parameter of the "config.inc.php" script. XZero
Community Classifieds versions 4.95.11 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27040
______________________________________________________________________

07.53.66 CVE: Not Available
Platform: Web Application
Title: XZeroScripts XZero Community Classifieds Local File Include
Description: XZero Community Classifieds is a web application for
classifieds. The application is exposed to a local file include issue
because it fails to sufficiently sanitize user-supplied input to the
"pagename" parameter of the "index.php" script. XZero Community
Classifieds versions 4.95.11 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27041
______________________________________________________________________

07.53.67 CVE: Not Available
Platform: Web Application
Title: Mantis "view.php" HTML Injection
Description: Mantis is a web-based bug tracker. It is written in PHP
and supported by a MySQL database. The application is exposed to an
HTML injection issue because it fails to properly sanitize
user-supplied input when handling an uploaded file. This issue affects
the "view.php" script. Specifically, the name of a file to be uploaded
can be used to execute arbitrary HTML and script code in a user's
browser. Mantis versions prior to 1.1.0 are affected.
Ref: http://www.mantisbt.org/bugs/view.php?id=8679
______________________________________________________________________

07.53.68 CVE: Not Available
Platform: Web Application
Title: PDNS-Admin Authentication Bypass
Description: PDNS-Admin, or PowerDNS Administrator, is a PHP-based tool
to administer domains created with PowerDNS. The application is
exposed to an authentication bypass issue because it fails to
adequately verify user credentials before allowing the creation of new
domains. PDNS-Admin version 1.1.2 is affected.
Ref: http://www.securityfocus.com/bid/27036
______________________________________________________________________

07.53.69 CVE: Not Available
Platform: Web Application
Title: xml2owl "showCode.php" Command Execution
Description: The "xml2owl" program is a PHP-based web application that
converts Extensible Markup Language (XML) files to WebOntology
Language (OWL) files. The application is exposed to an issue that
allows attackers to execute arbitrary PHP commands. It affects the
"path" parameter of the "showCode.php" script. The value of the "path"
parameter is directly supplied as an argument to a call to the PHP
"shell_exec()" function. xml2owl version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/27050
______________________________________________________________________

07.53.70 CVE: Not Available
Platform: Web Application
Title: OpenBiblio Multiple Input Validation Vulnerabilities
Description: OpenBiblio is a web-based library system. The application
is exposed to the following input validation issues: an SQL injection
issue that affects the "reset" variable of the "report_criteria.php"
script, multiple cross-site scripting issues and multiple HTML injection
issues. Openbiblio versions 0.5.2-pre4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27053
______________________________________________________________________

07.53.71 CVE: Not Available
Platform: Web Application
Title: Joovili "picture" Parameter Multiple Local File Include Vulnerabilities
Description: Joovili is a social networking platform implemented in PHP.
The application is exposed to multiple local file include issues because
it fails to sufficiently sanitize user-supplied input to the "picture"
parameter in the "images.inc.php" script (Joovili version 2.x) and the
"joovili.images.php" script (Joovili version 3.x). Joovili versions
3.0.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27056
______________________________________________________________________

07.53.72 CVE: Not Available
Platform: Network Device
Title: March Networks 3204 DVR Information Disclosure
Description: March Networks 3204 Digital Video Recorder (DVR) is a
video recording appliance. The application is exposed to an
information disclosure issue due to an access validation error.
Ref:
http://www.sybsecurity.com/advisors/SYBSEC-ADV14-
March_Networks_DVR_3204_Logfile_Information_Disclosure
______________________________________________________________________
[ terug ]