Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Jan. 7, 2008                                               Vol. 7. Week 2
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus

Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                     1
Third Party Windows Apps                     3 (#4, #6)
Linux                                        1
Cross Platform                              12 (#1, #2, #3, #5, #7)
Web Application - Cross Site Scripting       9
Web Application - SQL Injection              5
Web Application                              9

************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, and
SANS' other top-rated courses?
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - Washington DC (VA) (3/24-3/31) http://www.sans.org/tysonscorner08
- - Orlando (SANS2008) (4/18-4/25) http://www.sans.org/sans2008
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: yaSSL Multiple Vulnerabilities
(2) CRITICAL: Real Networks RealPlayer and Helix Server Undisclosed Remote Code
Execution
(3) HIGH: Multiple Products SWF File Cross Site Scripting Vulnerabilities
(4) HIGH: Georgia SoftWorks SSH2 Server Multiple Vulnerabilities
(5) MODERATE: Mozilla Firefox Basic Authentication Spoofing Vulnerability
Other Software
(6) HIGH: JustSystems Ichitaro Buffer Overflow Vulnerability
(7) MODERATE: Politecnico di Torino Libnemesi Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
08.2.1 - Microsoft January 2008 Advance Notification Multiple Vulnerabilities
 -- Third Party Windows Apps
08.2.2 - DivX Web Player "npUpload.dll" ActiveX Control Remote Denial of Service
08.2.3 - Georgia SoftWorks Secure Shell Server Multiple Remote Code Execution
Vulnerabilities
08.2.4 - RealPlayer 11 Unspecified Buffer Overflow
 -- Linux
08.2.5 - libcdio GNU Compact Disc Input and Control Library Buffer Overflow
Vulnerabilities
 -- Cross Platform
08.2.6 - InfoSoft FusionCharts SWF Flash File Remote Code Execution
08.2.7 - Asterisk BYE Message Remote Denial of Service
08.2.8 - Mozilla Firefox "Basic Realm" Basic Authentication Header Spoofing
08.2.9 - White_Dune Multiple Local Code Execution Vulnerabilities
08.2.10  - Dovecot Authentication Cache Security Bypass
08.2.11  - Trolltech Qt QSslSocket Class Certificate Verification Security
Bypass
08.2.12  - Jetty Double Slash URI Information Disclosure
08.2.13  - Real Networks Helix Server Unspecified Remote Heap Buffer Overflow
08.2.14  - MaraDNS Malformed Packet Remote Denial of Service
08.2.15  - OpenAFS Fileserver Denial of Service
08.2.16  - Mongrel "DirHandler" Class Directory Traversal Information Disclosure
08.2.17  - SeattleLab SLNet RF Telnet Server NULL-Pointer Dereference Denial of
Service
 -- Web Application - Cross Site Scripting
08.2.18  - Camtasia Studio "csPreloader" Cross-Site Scripting
08.2.19  - phpWebSite Search Module Cross-Site Scripting
08.2.20  - Atlassian JIRA "500page.jsp" Cross-Site Scripting
08.2.21  - W3-mSQL Error Page Cross-Site Scripting
08.2.22  - InstantSoftwares Dating Site "login_form.asp" Cross-Site Scripting
08.2.23  - WordPress Multiple Cross-Site Scripting Vulnerabilities
08.2.24  - AwesomeTemplateEngine Multiple Cross-Site Scripting Vulnerabilities
08.2.25  - PRO-Search Index.PHP Multiple Cross-Site Scripting Vulnerabilities
08.2.26  - ExpressionEngine HTTP Response Splitting and Cross-Site Scripting
Vulnerabilities
 -- Web Application - SQL Injection
08.2.27  - ClipShare "uprofile.php" SQL Injection
08.2.28  - WebPortal CMS "index.php" SQL Injection
08.2.29  - Pragmatic Utopia PU Arcade "fid" parameter SQL Injection
08.2.30  - Site@School "slideshow_full.php" SQL Injection
08.2.31  - Nucleus CMS "myid" Parameter SQL Injection Weakness
 -- Web Application
08.2.32  - MODx "AjaxSearch.php" Local File Include
08.2.33  - Plone "LiveSearch" Module HTML Injection
08.2.34  - phpBB "admin_group.php" HTML Injection
08.2.35  - AGENCY4NET WEBFTP "download2.php" Local File Include
08.2.36  - Atlassian JIRA Multiple Security Bypass Weaknesses
08.2.37  - MODx "htcmime.php" Source Code Information Disclosure
08.2.38  - MyPHP Forum "Search.php" and Multiple Unspecified SQL Injection
Vulnerabilities
08.2.39  - PHP-Nuke "CAPTCHA" Registration Automation Multiple Security Bypass
Weaknesses
08.2.40  - eTicket "newticket.php" Multiple Cross-Site Scripting Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: yaSSL Multiple Vulnerabilities
Affected:
yaSSL versions 1.7.5 and prior

Description: YaSSL is an open source implementation of the Secure
Sockets Layer (SSL) and Transport Layer Security (TLS) standards, used
for adding authentication and encryption to network traffic. It contains
multiple vulnerabilities in its handling of SSL streams. A specially
crafted request from a client could exploit one of these
vulnerabilities, and allow an attacker to execute arbitrary code with
the privileges of the vulnerable process using the library. Full
technical details and proofs-of-concept are publicly available for these
vulnerabilities. Note that the popular MySQL database server uses yaSSL;
if SSL support is enabled on MySQL, it has been confirmed that it is
vulnerable to a pre-authentication code execution attack. A
proof-of-concept for the MySQL vulnerability is also publicly available.

Status: YaSSL has not confirmed, no updates available.

References:
Advisory by Luigi Auriemma (includes YaSSL proofs-of-concept)
http://aluigi.altervista.org/adv/yasslick-adv.txt
Posting by Luigi Auriemma (includes MySQL proof-of-concept)
http://www.securityfocus.com/archive/1/485811
Wikipedia Article on Transport Layer Security
http://en.wikipedia.org/wiki/Transport_Layer_Security
Vendor Home Page
http://yassl.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27140

********************************************

(2) CRITICAL: Real Networks RealPlayer and Helix Server Undisclosed Remote Code
Execution
Affected:
Versions 11 and prior

Description: Real Networks RealPlayer, a popular streaming media player,
and Helix Server, a popular streaming media server, contain an
undisclosed remote code execution vulnerability. A specially crafted
RealPlayer datastream or Real Time Streaming Protocol (RTSP) request
could trigger one of these vulnerabilities and allow an attacker to
execute arbitrary code with the privileges of the vulnerable process.
RealPlayer content is generally displayed by default, without first
prompting the user, and Helix Server generally accepts arbitrary
requests. No further technical details are publicly available for this
vulnerability, but a proof-of-concept is available for members of the
Immunity Security Partners' Program. It is believed that RealPlayer on
all supported platforms is vulnerable.

Status: Real Networks has not confirmed, no updates available.

References:
Videos Demonstrating Purported Proofs-of-Concept
http://gleg.net/realplayer11.html
http://gleg.net/realserver.html
Posting by Evgeny Legerov
http://lists.immunitysec.com/pipermail/dailydave/2008-January/004811.html
Proof-of-Concept (live link, will exploit vulnerable browsers)
http://c.uc8010.com/111.htm
Real Networks Home Page
http://www.real.com/
SecurityFocus BIDs
http://www.securityfocus.com/bid/27091
http://www.securityfocus.com/bid/27122

********************************************

(3) HIGH: Multiple Products SWF File Cross Site Scripting Vulnerabilities
Affected:
Adobe Flash Player versions released prior to December, 2007
InfoSoft Fusion Charts
Techsmith Camtasia

Description: SWF is the native file format for Adobe/Macromedia Flash
content. Several tools that automatically generate SWF files for web
content do so in an insecure manner, allowing arbitrary injection of
JavaScript code. Servers that host these files are vulnerable to a cross
site scripting (XSS) attack. Full technical details and multiple
proofs-of-concept for these vulnerabilities are publicly available. The
advisory indicates that numerous tools are vulnerable; however, only
those tools that have have been fixed are listed in the advisory.
Several of these vulnerabilities may have been addressed in earlier
editions of @RISK detailing updates to individual products.

Status: Vendors confirmed, updates available.

References:
Description by Rich Cannings (includes proof-of-concept)
http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw
Posting by Rich Cannings
http://www.securityfocus.com/archive/1/485722
Wikipedia Article on Cross Site Scripting
http://en.wikipedia.org/wiki/Cross-site_scripting
SecurityFocus BID
http://www.securityfocus.com/bid/27109

********************************************

(4) HIGH: Georgia SoftWorks SSH2 Server Multiple Vulnerabilities
Affected:
Georgia SoftWorks SSH2 Server versions 7 and prior

Description: Georgia SoftWorks SSH2 Server is a popular Secure Shell
server for Microsoft Windows. Secure Shell is an internet-standard
secure data transmission and session protocol. It is often used for
remote administration. Georgia SoftWorks SSH2 server contains multiple
vulnerabilities in the handling of user input, including two buffer
overflows in the handling of log messages and overlong passwords, and a
format string vulnerability in the handling of log messages.
Successfully exploiting these vulnerabilities would allow an attacker
to execute arbitrary code with the privileges of the vulnerable process,
or create a denial-of-service condition. Full technical details and a
proof-of-concept are publicly available for these vulnerabilities.

Status: Georgia SoftWorks has not confirmed, no updates available.

References:
Advisory by Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/gswsshit-adv.txt
Wikipedia Article on Secure Shell
http://en.wikipedia.org/wiki/Secure_Shell
Georgia SoftWorks Home Page
http://www.georgiasoftworks.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27103

********************************************

(5) MODERATE: Mozilla Firefox Basic Authentication Spoofing Vulnerability
Affected:
Mozilla Firefox versions 2.0.0.11 and prior

Description: "Basic Authentication" is an authentication mechanism
defined by the Hypertext Transfer Protocol (HTTP) specification and
supported by practically all web browsers. It allows web sites to
authenticate users via a username and a password. Most web browsers,
including Mozilla Firefox, display the prompt for the username and
password in a separate window. In Mozilla Firefox, this window also
displays the authentication "realm", which indicates the entity
requesting authentication information. Mozilla Firefox fails to properly
sanitize the server-provided realm information. A specially crafted web
page could exploit this vulnerability to arbitrarily rewrite the realm
as displayed to the user. This would allow an attacker to spoof the
source of an authentication request, possibly tricking the user into
disclosing personal authentication information. Full technical details
and a proof-of-concept are publicly available for this vulnerability.

Status: Mozilla has not confirmed, no updates available.

References:
Posting by Aviv Raff (includes proof-of-concept)
http://aviv.raffon.net/2008/01/02/
YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
Video Demonstration of the Attack
http://www.youtube.com/watch?v=NaCPw1s3GFw
Wikipedia Article on Basic Authentication
http://en.wikipedia.org/wiki/Basic_access_authentication
Mozilla Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/27111

********************************************

****************
Other Software
****************

(6) HIGH: JustSystems Ichitaro Buffer Overflow Vulnerability
Affected:
JustSystems Ichitaro versions 13 and prior
JustSystems Ichitaro versions 2007 and prior

Description: JustSystems Ichitaro is a popular Japanese-language word
processor. It contains a buffer overflow in its "JSFC.DLL" component. A
specially crafted Ichitaro document could exploit this vulnerability to
execute arbitrary code with the privileges of the current user. Note
that, depending upon configuration, Ichitaro documents may be opened
upon receipt, without first prompting the user. A similar vulnerability
in Ichitaro was exploited in 2007 to facilitate worm propagation; this
vulnerability was discussed in a previous edition of @RISK.

Status: JustSystems confirmed, updates available.

References:
JustSystems Security Advisory (Japanese)
http://www.justsystems.com/jp/info/pd8001.html
Fourteen Forty Security Advisory (Japanese)
http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20080107
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=6&i=51&rss=Y#other1
JustSystems Home Page (English)
http://na.justsystems.com/index.php
SecurityFocus BID
http://www.securityfocus.com/bid/27153

********************************************

(7) MODERATE: Politecnico di Torino Libnemesi Multiple Vulnerabilities
Affected:
Libnemesi versions prior to 0.6.4-rc2

Description: Libnemesi is a popular open source library used for
developing streaming media applications based on internet standards such
as the Real Time Streaming Protocol (RTSP). It is a product of the
Politecnico di Torino (Polytechnic University of Turin). This library
contains multiple vulnerabilities in its handling of streaming media
data. A specially crafted file or stream could trigger one of these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable application.  Applications that use this
library are presumably vulnerable to these issues. Full technical
details for these vulnerabilities are publicly available via source code
analysis. A proof-of-concept is also available.

Status: Politecnico di Torino confirmed, updates available.

References:
Advisory from Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/libnemesibof-adv.txt
Project Home Page
http://live.polito.it/
Politecnico di Torino Home Page
http://www.polito.it/
SecurityFocus BID
http://www.securityfocus.com/bid/27048

********************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.2.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft January 2008 Advance Notification Multiple
Vulnerabilities
Description: Microsoft has provided advance notification that they will
be releasing two security bulletins on January 8, 2008. The highest
severity rating for these issues is "Critical".
Ref: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx
______________________________________________________________________

08.2.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: DivX Web Player "npUpload.dll" ActiveX Control Remote Denial of
Service
Description: DivX Web Player is a freely available ActiveX control for
watching DivX-encoded video content. It is included with software
provided by DivX Inc. The application is exposed to a denial of
service issue because the application fails to perform adequate
boundary checks on user-supplied data. DivX Web Player version 6.6 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.2.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Georgia SoftWorks Secure Shell Server Multiple Remote Code
Execution Vulnerabilities
Description: Georgia SoftWorks Secure Shell Server is a
commercially-available SSH server for Microsoft Windows based
computers. The application is exposed to multiple remote code
execution issues. Georgia Softworks Secure Shell Server version
7.01.0003 is affected.
Ref: http://www.securityfocus.com/archive/1/485725
______________________________________________________________________

08.2.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: RealPlayer 11 Unspecified Buffer Overflow
Description: RealPlayer allows users to stream various media files
through their browser. The application is exposed to an unspecified
buffer overflow issue because it fails to properly bounds check
user-supplied data before copying it to an insufficiently sized
buffer. RealPlayer version 11 is affected.
Ref: http://www.securityfocus.com/bid/27091
______________________________________________________________________

08.2.5 CVE: CVE-2007-6613
Platform: Linux
Title: libcdio GNU Compact Disc Input and Control Library Buffer
Overflow Vulnerabilities
Description: GNU Compact Disc Input and Control Library libcdio is a
library that provides CD-ROM and CD image access. The library is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data in the "cd-info" and
"iso-info" programs. libcdio version 0.79 is affected.
Ref: http://bugs.gentoo.org/show_bug.cgi?id=203777
______________________________________________________________________

08.2.6 CVE: Not Available
Platform: Cross Platform
Title: InfoSoft FusionCharts SWF Flash File Remote Code Execution
Description: InfoSoft FusionCharts is a Flash-based charting component
available for multiple operating platforms. The application is exposed
to a remote code execution issue because it fails to
properly sanitize user-supplied input. The issue affects the "dataURL"
parameter and can be leveraged to have arbitrary SWF (Adobe Flash)
files executed by the application.
Ref: http://www.securityfocus.com/archive/1/485722
______________________________________________________________________

08.2.7 CVE: Not Available
Platform: Cross Platform
Title: Asterisk BYE Message Remote Denial of Service
Description: Asterisk is a private branch exchange (PBX) application
available for Linux, BSD, and Mac OS X platforms. The application is
exposed to a remote denial of service issue when handling malformed
"BYE" messages. Specifically, a NULL-pointer exception occurs when the
"Also header" is set in a "BYE" message during a transfer attempt.
Ref: http://downloads.digium.com/pub/security/AST-2008-001.html
______________________________________________________________________

08.2.8 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox "Basic Realm" Basic Authentication Header
Spoofing
Description: Mozilla Firefox is a web browser available for multiple
operating platforms. The application is exposed to an HTTP basic
authentication domain spoofing issue because the application fails to
sanitize single quotation marks and spaces from the "Basic realm"
value of the "WWW-Authenticate" header when displaying the dialog box
for the HTTP basic authentication prompt. Firefox version 2.0.0.11 is
affected.
Ref:
http://aviv.raffon.net/2008/01/02/
YetAnotherDialogSpoofingFirefoxBasicAuthentication.aspx
______________________________________________________________________

08.2.9 CVE: Not Available
Platform: Cross Platform
Title: White_Dune Multiple Local Code Execution Vulnerabilities
Description: White_Dune is a 3D modeling tool for VRML97 files. VRML97
(Virtual Reality Modeling Language) is an ISO specification for
displaying 3D data via appropriate browser plugins. The application is
exposed to multiple code execution issues. White_Dune versions prior
to 0.29beta795 are affected.
Ref: http://www.securityfocus.com/archive/1/485724
______________________________________________________________________

08.2.10 CVE: Not Available
Platform: Cross Platform
Title: Dovecot Authentication Cache Security Bypass
Description: Dovecot is a mail-server application for Linux and
UNIX-like operating systems. It is exposed to a security bypass issue
due to an error in LDAP authentication with authentication cache
enabled. Dovecot versions higher than 1.0.rc11 and prior to 1.0.10 are
affected.
Ref: http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
______________________________________________________________________

08.2.11 CVE: CVE-2007-5965
Platform: Cross Platform
Title: Trolltech Qt QSslSocket Class Certificate Verification Security
Bypass
Description: Trolltech Qt is an application framework for developing
graphical user interfaces (GUIs) for the X Window System. It is
primarily used in KDE and supports windowing, multimedia, and other
functionality. The QSslSocket class provides a socket encrypted with
SSL. The application is exposed to a security bypass issue due to an
unspecified error in the certificate validation functionality. Qt
versions 4.3.0, 4.3.1 and 4.3.2 are affected.
Ref:
http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
______________________________________________________________________

08.2.12 CVE: Not Available
Platform: Cross Platform
Title: Jetty Double Slash URI Information Disclosure
Description: Jetty is a Java-based web server available for various
operating systems. The application is exposed to an issue that allows
attackers to access source code because it fails to properly sanitize
user-supplied input. The issue exists when handling URIs containing
double slashes (//). Jetty versions 6.1.5 and 6.1.6 are affected.
Ref: http://www.kb.cert.org/vuls/id/553235
______________________________________________________________________

08.2.13 CVE: Not Available
Platform: Cross Platform
Title: Real Networks Helix Server Unspecified Remote Heap Buffer
Overflow
Description: Real Networks Helix Server is a multi-format,
cross-platform streaming server. The application is exposed to a
remote heap-based buffer overflow issue. Helix Server version 11.1.6 is
affected. Other versions may also be affected.
Ref: http://www.securityfocus.com/bid/27122
______________________________________________________________________

08.2.14 CVE: CVE-2008-0061
Platform: Cross Platform
Title: MaraDNS Malformed Packet Remote Denial of Service
Description: MaraDNS is an open-source DNS server application. The
application is exposed to a remote denial of service issue when
handling malformed DNS packets. Please refer to the link below for
further information.
Ref:
http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html
______________________________________________________________________

08.2.15 CVE: CVE-2007-6599
Platform: Cross Platform
Title: OpenAFS Fileserver Denial of Service
Description: OpenAFS is an open-source implementation of the AFS
network filesystem protocol. It is available for many platforms
including Microsoft Windows, UNIX, Linux, and other UNIX-like
operating systems. The application is exposed to a denial of service
condition due to a race condition error when tracking client callbacks
on files. Specifically, the handler for the "GiveUpAllCallBacks" RPC
does not properly use the "host_glock" "pthread" lock to safely access
internally held linked lists with callback details. OpenAFS versions
1.3.50-1.4.5 and 1.5.0-1.5.27 are affected.
Ref: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
______________________________________________________________________

08.2.16 CVE: CVE-2007-6612
Platform: Cross Platform
Title: Mongrel "DirHandler" Class Directory Traversal Information
Disclosure
Description: Mongrel is an HTTP server implemented in ruby and available
for a variety of platforms. The application is exposed to an information
disclosure issue because it fails to sufficiently sanitize user-supplied
input. Specifically, the issue occurs in the "DirHandler" class in the
"lib/mongrel/handlers.rb" script and can be exploited by supplying the
"/.%252e" directory-traversal sequences in URIs. Mongrel version 1.0.4
and versions prior to 1.1.3 are affected.
Ref:
http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.html
______________________________________________________________________

08.2.17 CVE: Not Available
Platform: Cross Platform
Title: SeattleLab SLNet RF Telnet Server NULL-Pointer Dereference
Denial of Service
Description: SLNet RF is a telnet server for Windows servers. The
application is exposed to a denial of service issue because it fails
to adequately sanitize user-supplied input. SLNet RF version 4.1 is
affected.
Ref: http://aluigi.altervista.org/adv/slnetmsg-adv.txt
______________________________________________________________________

08.2.18 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Camtasia Studio "csPreloader" Cross-Site Scripting
Description: Camtasia Studio is a screen recorder application for use
on Microsoft Windows. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
data. The issue occurs in the "csPreloader" parameter, which allows
arbitrary SWF (Adobe Flash) files to be loaded to the application.
Ref: http://www.securityfocus.com/archive/1/485722
______________________________________________________________________

08.2.19 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: phpWebSite Search Module Cross-Site Scripting
Description: phpWebSite is a web-based content management system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "search" parameter of the
search module. phpWebSite version 1.4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/485704
______________________________________________________________________

08.2.20 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Atlassian JIRA "500page.jsp" Cross-Site Scripting
Description: Atlassian JIRA is a web-based issue tracking system. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "500page.jsp" script.
This affects all issue actions. JIRA versions 3.6.4, 3.6.5, 3.10.2,
3.11 and 3.12 are affected.
Ref: http://www.dovecot.org/list/dovecot-news/2007-December/000057.html
______________________________________________________________________

08.2.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: W3-mSQL Error Page Cross-Site Scripting
Description: W3-mSQL is an HTML scripting application implemented in
Perl. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input when displaying URI
address data in an error page.
Ref: http://www.securityfocus.com/archive/1/485736
______________________________________________________________________

08.2.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: InstantSoftwares Dating Site "login_form.asp" Cross-Site
Scripting
Description: InstantSoftwares Dating Site is a web-based dating
application implemented in ASP. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "msg" parameter of the "login_form.asp"
script.
Ref: http://www.securityfocus.com/bid/27121
______________________________________________________________________

08.2.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WordPress Multiple Cross-Site Scripting Vulnerabilities
Description: WordPress is a web-based publishing application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/484818
______________________________________________________________________

08.2.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AwesomeTemplateEngine Multiple Cross-Site Scripting
Vulnerabilities
Description: AwesomeTemplateEngine is a PHP-based content manager. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. AwesomeTemplateEngine
version 1 is affected.
Ref: http://www.securityfocus.com/archive/1/485786
______________________________________________________________________

08.2.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PRO-Search Index.PHP Multiple Cross-Site Scripting
Vulnerabilities
Description: PRO-Search is a search engine application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input of the "index.php" script.
PRO-Search version 0.17 is affected.
Ref: http://www.securityfocus.com/archive/1/484818
______________________________________________________________________

08.2.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ExpressionEngine HTTP Response Splitting and Cross-Site
Scripting Vulnerabilities
Description: ExpressionEngine is a content management system. The
application is exposed to an HTTP response splitting issue and a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input to the "URL" parameter of the "index.php" script.
ExpressionEngine version 1.2.1 is affected.
Ref: http://www.securityfocus.com/archive/1/485786
______________________________________________________________________

08.2.27 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ClipShare "uprofile.php" SQL Injection
Description: ClipShare is a PHP-based application that allows users to
develop video sharing websites. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "UID" parameter of the "uprofile.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27108
______________________________________________________________________

08.2.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebPortal CMS "index.php" SQL Injection
Description: WebPortal CMS is a web-based content management system.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "m" parameter of
the "index.php" script before using it in an SQL query. WebPortal CMS
version 0.6.0 is affected.
Ref: http://www.securityfocus.com/bid/27088
______________________________________________________________________

08.2.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pragmatic Utopia PU Arcade "fid" parameter SQL Injection
Description: PU Arcade is an Arcade component for the Joomla! content
management system. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "fid" parameter of the PU Arcade component. PU Arcade versions
2.0.3 and 2.1.3 Beta are affected.
Ref: http://www.securityfocus.com/bid/27089
______________________________________________________________________

08.2.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Site@School "slideshow_full.php" SQL Injection
Description: Site@School is a PHP-based content manager for primary
schools. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the
"album_name" parameter of the "/starnet/addons/slideshow_full.php"
script before using it in an SQL query. Site@School version 2.3.10 is
affected.
Ref: http://www.securityfocus.com/bid/27120
______________________________________________________________________

08.2.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nucleus CMS "myid" Parameter SQL Injection Weakness
Description: Nucleus CMS is a PHP-based content manager. The
application is exposed to an SQL injection weakness because it fails
to sufficiently sanitize user-supplied data via the "myid" parameter
used during the "addcoment" action (and possibly other actions) before
using it in an SQL query. Nucleus CMS version 3.01 is affected.
Ref: http://www.securityfocus.com/archive/1/485784
______________________________________________________________________

08.2.32 CVE: Not Available
Platform: Web Application
Title: MODx "AjaxSearch.php" Local File Include
Description: MODx is a PHP-based content management system framework.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "as_language"
parameter of the "/assets/snippets/AjaxSearch/AjaxSearch.php" script.
MODx version 0.9.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/485707
______________________________________________________________________

08.2.33 CVE: Not Available
Platform: Web Application
Title: Plone "LiveSearch" Module HTML Injection
Description: Plone is a content management system implemented in
Python. The application is exposed to an HTML injection issue because
it fails to sufficiently sanitize user-supplied input data. The
vulnerability exists in the "LiveSearch" module. Specifically the
application fails to sanitize user-supplied input to the "Description"
form field parameter when creating a new item. Plone versions 3.0.3
and earlier are affected.
Ref: http://dev.plone.org/plone/ticket/7439
______________________________________________________________________

08.2.34 CVE: Not Available
Platform: Web Application
Title: phpBB "admin_group.php" HTML Injection
Description: phpBB is a PHP-based bulletin board application. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input to the "Group description" form
field parameter of the "admin_groups.php" script. phpBB version 2.0.22
is affected.
Ref: http://www.securityfocus.com/bid/27104
______________________________________________________________________

08.2.35 CVE: Not Available
Platform: Web Application
Title: AGENCY4NET WEBFTP "download2.php" Local File Include
Description: AGENCY4NET WEBFTP is a web-based FTP client. The
application is exposed to a local file include issue because it fails
to sufficiently sanitize user-supplied input to the "file" parameter
of the "download2.php" script.
Ref: http://www.securityfocus.com/bid/27092
______________________________________________________________________

08.2.36 CVE: Not Available
Platform: Web Application
Title: Atlassian JIRA Multiple Security Bypass Weaknesses
Description: Atlassian JIRA is a web-based issue tracking system. The
application is exposed to multiple issues. A security bypass issue
exists because the first page of the Setup Wizard can be accessed by
unauthorized users to change the default language settings and a
security bypass weakness allows users to delete filters that are shared
but not owned by them. JIRA versions prior to 3.12.1 are affected.
Ref:
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
______________________________________________________________________

08.2.37 CVE: Not Available
Platform: Web Application
Title: MODx "htcmime.php" Source Code Information Disclosure
Description: MODx is a PHP-based content management system framework.
The application is exposed to an issue that allows attackers to access
source code because it fails to properly sanitize user-supplied input.
Specifically, this issue affects the "file" parameter of the
"/assets/js/htcmime.php" script. MODx version 0.9.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/485707
______________________________________________________________________

08.2.38 CVE: Not Available
Platform: Web Application
Title: MyPHP Forum "Search.php" and Multiple Unspecified SQL Injection
Vulnerabilities
Description: MyPHP Forum is a PHP-based web application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Specifically, the
"searchtext" parameter of the "Search.php" script is not sanitized
before being used in an SQL query. MyPHP Forum version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/27118
______________________________________________________________________

08.2.39 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke "CAPTCHA" Registration Automation Multiple Security
Bypass Weaknesses
Description: PHP-Nuke is a web-based content management system (CMS)
implemented in PHP. The application is exposed to multiple
security-bypass weaknesses because it fails to properly sanitize
user-supplied input. The weaknesses exist in the "CAPTCHA" process
when registering users. Specifically, the application allows users to
use the same "gfx_check" and "random_number" parameters or NULL
characters when creating new users. PHP-Nuke version 8.1 is affected.
Ref: http://www.securityfocus.com/archive/1/485784
______________________________________________________________________

08.2.40 CVE: Not Available
Platform: Web Application
Title: eTicket "newticket.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: eTicket is an electronic ticket system. The application
is exposed to multiple cross-site scripting issues because it fails to
properly sanitize user-supplied input to the "name" and "subject"
parameters of the "newticket.php" script. eTicket versions 1.5.6-RC3,
1.5.6-RC2 and 1.5.5.2 are affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-eticket.html
______________________________________________________________________
[ terug ]