Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Jan. 21, 2008                                              Vol. 7. Week 4
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Office                              1 (#1)
Other Microsoft Products                      1 (#10)
Third Party Windows Apps                     10 (#3, #6, #7, #8, #9)
Linux                                         4
Apple                                         2 (#2, #12)
Cisco                                         1 (#4)
BSD                                           3
Solaris                                       3
Cross Platform                               23 (#5, #11)
Web Application - Cross Site Scripting        8
Web Application - SQL Injection              22
Web Application                              17
Network Device                                3

******************** Sponsored By Rapid7 Inc. ************************

"In 2007, there were over 10,000 vulnerabilities, exploits cost US
companies $256 billion, and 58 million people had their personal and
financial information exposed to hackers.  Is your organization
vulnerable?  Find out today, Take the Rapid7 Vulnerability Challenge.
Try NeXpose free for 20 days.  You WILL find network, database and Web
application vulnerabilities!"

http://www.sans.org/info/22614

************************* SECURITY TRAINING UPDATE *********************
Where can you find Hacker Exploits, Secure Web Application Development,
Security Essentials, Forensics, Wireless, Auditing, CISSP Prep, Pen
Testing and SANS' other top-rated courses?
- - Orlando (SANS2008) (4/18-4/25) http://www.sans.org/sans2008(Our biggest
training program)
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - Washington DC (VA) (3/24-3/31) http://www.sans.org/tysonscorner08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Excel File Handling Remote Code Execution
(2) CRITICAL: Apple QuickTime Multiple Vulnerabilities
(3) CRITICAL: Citrix Presentation Server IMA Buffer Overflow
(4) CRITICAL: Cisco Unified Communications Manager CTLProvider Heap Overflow
(5) HIGH: TIBCO SmartSockets Multiple Vulnerabilities
(6) HIGH: Crystal Reports Report Viewer ActiveX Control Buffer Overflow
(7) HIGH: Macrovision FLEXNet Connect ActiveX Control Multiple Insecure Methods
(8) HIGH: AOL Nullsoft Winamp Multiple Vulnerabilities
(9) HIGH: Skype Cross-Site Scripting Vulnerability
(10) MODERATE: Microsoft Visual Basic DSR File Handling Buffer Overflow
(11) MODERATE: Multiple Oracle Products Multiple Unspecified Vulnerabilities
(CPU Jan 2008)
(12) LOW: Apple iPhone/iPod Touch Mobile Safari Multiple Vulnerabilities

***************************  SPONSORED LINK  ****************************
1) Discover the latest security management trends from Jon Oltsik's ESG
research in this HP-hosted webinar.
http://www.sans.org/info/22619
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Microsoft Office
08.4.1 - Microsoft Excel Header Parsing Remote Code Execution
 -- Other Microsoft Products
08.4.2 - Microsoft Visual Interdev SLN File Buffer Overflow
 -- Third Party Windows Apps
08.4.3 - DVRHOST PDVRATL.dll ActiveX Control Heap-Based Buffer Overflow
08.4.4 - QVOD Player QvodInsert.dll ActiveX Control Remote Buffer Overflow
08.4.5 - StreamAudio ProxyManager "InternalTuneIn()" ActiveX Control Buffer
Overflow
08.4.6 - Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary File
Download Vulnerabilities
08.4.7 - Cisco VPN Client for Windows Local Denial of Service
08.4.8 - RTS Sentry Digital Surveillance PTZCamPanel ActiveX Control Buffer
Overflow
08.4.9 - BitTorrent and uTorrent Peers Window Remote Denial of Service
08.4.10  - Crystal Reports EnterpriseControls.dll ActiveX Control Buffer
Overflow
08.4.11  - Digital Data Communications RtspVaPgCtrl ActiveX Control Buffer
Overflow
08.4.12  - CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer
Overflow Vulnerabilities
 -- Linux
08.4.13  - Linux Kernel VFS Unauthorized File Access
08.4.14  - paramiko Random Number Generator Weakness
08.4.15  - Boost Library Regular Expression Remote Denial of Service
Vulnerabilities
08.4.16  - apt-listchanges Unsafe Paths Library Import Local Shell Code
Execution
 -- BSD
08.4.17  - OpenBSD "rtlabel_id2name()" Local Denial of Service
08.4.18  - FreeBSD "inet_network()" Off-by-One Buffer Overflow
08.4.19  - FreeBSD pty Handling Multiple Local Information Disclosure
Vulnerabilities
 -- Solaris
08.4.20  - libxml2 "xmlCurrentChar()" UTF-8 Parsing Remote Denial of Service
08.4.21  - Sun Solaris "libdevinfo(3LIB)" Unauthorized File Access
08.4.22  - Sun Solaris "dotoprocs()" Local Denial of Service
 -- Cross Platform
08.4.23  - Mozilla Firefox Malformed GIF File Denial of Service
08.4.24  - MPlayer Multiple Unspecified Remote Denial of Service Vulnerabilities
08.4.25  - GStreamer Multiple Unspecified Remote Denial of Service
Vulnerabilities
08.4.26  - xine-lib Multiple Unspecified Remote Denial of Service
Vulnerabilities
08.4.27  - Apple Safari KHTML WebKit Remote Denial of Service
08.4.28  - Fortinet FortiGate CRLF Characters URL Filtering Bypass
08.4.29  - TIBCO SmartSockets Untrusted Pointer Multiple Remote Code Execution
Vulnerabilities
08.4.30  - SmartSockets RTServer Multiple Remote Unspecified Untrusted Loop
Bounds Vulnerabilities
08.4.31  - TIBCO SmartSockets Request Heap Buffer Overflow
08.4.32  - TIBCO SmartSockets Multiple Pointer Offset Remote Code Execution
Vulnerabilities
08.4.33  - Apple Safari for iPhone and iPod Touch "Foundation" Unspecified
Memory Corruption
08.4.34  - Apple iPhone Passcode Lock Security Bypass
08.4.35  - Apple QuickTime Sorenson 3 Video Files Remote Code Execution
08.4.36  - Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption
08.4.37  - Apple QuickTime Compressed PICT Remote Buffer Overflow
08.4.38  - Apple QuickTime "Macintosh Resource" Records Remote Memory Corruption
08.4.39  - OSC Radiator Radius Packet Remote Denial of Service
08.4.40  - Cisco Unified Communications Manager CTL Provider Heap Buffer
Overflow
08.4.41  - ngIRCd PART Command Parsing Denial of Service
08.4.42  - MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities
08.4.43  - IBM Informix Dynamic Server Multiple Unspecified File Creation
Vulnerabilities
08.4.44  - Citrix Presentation Server IMA Service Buffer Overflow
08.4.45  - X.Org X Server Multiple Local Privilege Escalation and Information
Disclosure Vulnerabilities
 -- Web Application - Cross Site Scripting
08.4.46  - F5 BIG-IP "SearchString" Multiple Cross-Site Scripting
Vulnerabilities
08.4.47  - PHP Running Management "index.php" Cross Site Scripting
08.4.48  - Dansie Search Engine "search.pl" Cross Site Scripting
08.4.49  - 2Wire Routers Cross-Site Request Forgery
08.4.50  - Moodle "install.php" Cross Site Scripting
08.4.51  - pMachine Pro Multiple Cross-Site Scripting Vulnerabilities
08.4.52  - cPanel "dohtaccess.html" Cross-Site Scripting
08.4.53  - IBM Lotus Sametime Client Chat Message Cross-Site Scripting
 -- Web Application - SQL Injection
08.4.54  - GForge Multiple Unspecified SQL Injection Vulnerabilities
08.4.55  - ImageAlbum "id" Parameter Multiple SQL Injection Vulnerabilities
08.4.56  - Ajchat "directory.php" SQL Injection
08.4.57  - TaskFreak! "index.php" SQL Injection
08.4.58  - Agares Media phpAutoVideo "articleblock.php" SQL Injection
08.4.59  - Matteo Binda ASP Photo Gallery Multiple SQL Injection Vulnerabilities
08.4.60  - TutorialCMS "activate.php" SQL Injection
08.4.61  - BinN S.Builder "full_text.php" SQL Injection
08.4.62  - X7 Chat Index.PHP SQL Injection
08.4.63  - Xforum "liretopic.php" SQL Injection
08.4.64  - RichStrong CMS "showproduct.asp" SQL Injection
08.4.65  - Article Dashboard "admin/login.php" Multiple SQL Injection
Vulnerabilities
08.4.66  - LulieBlog "id" Parameter Multiple SQL Injection Vulnerabilities
08.4.67  - Multiple FaScript Packages "show.php" SQL Injection
08.4.68  - FaName "page.php" SQL Injection
08.4.69  - Pixelpost "index.php" SQL Injection
08.4.70  - RichStrong CMS "showproduct.asp" SQL Injection
08.4.71  - aliTalk Multiple SQL Injection And Access Validation Vulnerabilties
08.4.72  - PHP-Residence "visualizza_tabelle.php" SQL Injection
08.4.73  - MyBB "moderation.php" Multiple SQL Injection Vulnerabilities
08.4.74  - PHPEcho CMS "index.php" SQL Injection
08.4.75  - Site2Nite Real Estate Web "default.asp" Multiple SQL Injection
Vulnerabilities
 -- Web Application
08.4.76  - FreeSeat Unspecified Security Bypass
08.4.77  - Member Area System "view_func.php" Remote File Include
08.4.78  - 0DayDB "delete.php' Authentication Bypass
08.4.79  - minimal Gallery Multiple Information Disclosure Vulnerabilities
08.4.80  - Garment Center "index.cgi" Local File Include
08.4.81  - BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
08.4.82  - PHP F1 Max's File Uploader "index.php" Arbitrary File Upload
08.4.83  - Micro News "admin.php" Authentication Bypass
08.4.84  - ARIA "effect.php" Local File Include
08.4.85  - MailBee WebMail Pro "download_view_attachment.aspx" Local File
Include
08.4.86  - BLOG:CMS Multiple Input Validation Vulnerabilities
08.4.87  - MyBB Multiple Remote PHP Code Execution Vulnerabilities
08.4.88  - Gradman "agregar_info.php" Local File Include
08.4.89  - Galaxyscripts Mini File Host "upload.php" Local File Include
08.4.90  - Clever Copy Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
08.4.91  - Skype Web Content Zone Remote Code Execution
08.4.92  - AuraCMS "stat.php" Remote Script Code Execution
 -- Network Device
08.4.93  - 8E6 R3000 Internet Filter URI Security Bypass
08.4.94  - Funkwerk X2300 DNS Request Denial of Service
08.4.95  - OKI C5510MFP Printer Unauthorized Access

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Excel File Handling Remote Code Execution
Affected:
Microsoft Office 2000/2002/2003
Microsoft Office 2004 for Mac

Description: Microsoft Excel contains a flaw in its handling of certain
Excel files. A specially crafted Excel file could trigger an unspecified
vulnerability in Excel, allowing an attacker to execute arbitrary code
with the privileges of the current user. Note that, on recent versions
of Microsoft Office, content is not opened upon receipt without user
interaction. Further technical details are not publicly available for
this vulnerability, but this vulnerability is being actively exploited
in the wild.

Status: Microsoft confirmed, no updates available.

References:
Microsoft Security Advisory
http://www.microsoft.com/technet/security/advisory/947563.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/27305

**********************************************************

(2) CRITICAL: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.4

Description: QuickTime is Apple's streaming media framework for Apple
Mac OS X and Microsoft Windows. QuickTime contains multiple
vulnerabilities in the handling of various file formats. A specially
crafted QuickTime video, image file or stream could trigger one of these
vulnerabilities and execute arbitrary code with the privileges of the
current user. QuickTime content is generally displayed automatically
upon receipt, without further user intervention. Note that QuickTime is
installed by default on all Apple Mac OS X systems, and is also
installed as part of Apple's iTunes product on Microsoft Windows
systems. Some technical details are publicly available for these
vulnerabilities

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307301
TippingPoint DVLabs Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642
Apple QuickTime Home Page
http://www.apple.com/quicktime
SecurityFocus BIDs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=642
http://www.securityfocus.com/bid/27298
http://www.securityfocus.com/bid/27299
http://www.securityfocus.com/bid/27300
http://www.securityfocus.com/bid/27301

**********************************************************

(3) CRITICAL: Citrix Presentation Server IMA Buffer Overflow
Affected:
Citrix Presentation Server versions 4.5 and prior
Citrix Metaframe Presentation Server versions 3.0 and prior
Citrix Access Essentials versions 2.0 and prior
Citrix Desktop Server version 1.0

Description: The Citrix Presentation Server is an application sharing
system. It contains a flaw in its Independent Management Architecture
(IMA) component. A specially crafted user request could trigger a buffer
overflow during the request's processing. Successfully exploiting this
buffer overflow would allow an attacker to execute arbitrary code with
the privileges of the vulnerable process (usually SYSTEM). Some
technical details are publicly available for this vulnerability.

Status: Citrix confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP ports 2512 and
2513 at the network perimeter, if possible.

References:
Citrix Security Advisory
http://support.citrix.com/article/CTX114487
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-002.html
Product Home Page
http://citrix.com/English/ps2/products/product.asp?contentID=186
SecurityFocus BID
http://www.securityfocus.com/bid/27329

**********************************************************

(4) CRITICAL: Cisco Unified Communications Manager CTLProvider Heap Overflow
Affected:
Cisco Unified Communications Manager versions 4.1(3) and prior

Description: Cisco Unified Communications Manager (CUCM) is Cisco's
telephony management platform. It contains a flaw in its "CTLProvider"
component. This component manages cryptographic certificates. A
specially crafted request to this component could trigger a heap
overflow. Successfully exploiting this vulnerability would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process. No authentication is required to exploit this vulnerability.
Some technical details are publicly available for this vulnerability.
Note that successfully exploiting this vulnerability could lead to a
disruption in telephony service, including emergency services.

Status: Cisco confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP port 2444 at the
network perimeter, if possible.

References:
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl.shtml#@ID
TippingPoint DVLabs Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
Product Home Page
http://www.cisco.com/warp/public/cc/pd/nemnsw/callmn/index.shtml
SecurityFocus BID
http://www.securityfocus.com/bid/27313

**********************************************************

(5) HIGH: TIBCO SmartSockets Multiple Vulnerabilities
Affected:
TIBCO SmartSockets versions 6.x

Description: TIBCO SmartSockets is a suite of enterprise messaging and
communications applications and libraries. These applications, and
potentially applications that are built using these libraries, are
contain multiple vulnerabilities in their handling of various user
requests. A specially crafted request could trigger one of these
vulnerabilities, leading to a buffer overflow or memory corruption
condition. Successfully exploiting one of these vulnerabilities would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process (often SYSTEM). Some technical details are publicly
available for these vulnerabilities.

Status: TIBCO confirmed, updates available.

References:
TIBCO Security Advisories
http://www.tibco.com/resources/mk/ems_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/sspfm_security_advisory_20080115.txt
http://www.tibco.com/resources/mk/smartsockets_security_advisory_20080115.txt
http://www.tibco.com/mk/smartsockets-sspfm-ems_advisory_20080115.jsp
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=641
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=640
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=639
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=638
Product Home Page
http://www.tibco.com/software/messaging/smartsockets/
SecurityFocus BIDs
http://www.securityfocus.com/bid/27295
http://www.securityfocus.com/bid/27292
http://www.securityfocus.com/bid/27294
http://www.securityfocus.com/bid/27293

**********************************************************

(6) HIGH: Crystal Reports Report Viewer ActiveX Control Buffer Overflow
Affected:
Crystal Reports Report Viewer ActiveX Control

Description: Crystal Reports is a popular enterprise report generation
application. It provides remote users the capability of viewing
generated reports via a web browser. This functionality is provided by
an ActiveX control. This control contains a buffer overflow in its
"SelectedSession" method. A specially crafted web page that instantiates
this control could trigger this buffer overflow. Successfully exploiting
this buffer overflow would allow an attacker to execute arbitrary code
with the privileges of the current user. Complete technical details and
a proof-of-concept are publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"3D58C9F3-7CA5-4C44-9D62-C5B63E059050"

References:
Security Advisory by shinnai (includes proof-of-concept)
http://shinnai.altervista.org/exploits/txt/TXT_BQrFU4TjcXBPTnIO8WIA.html
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.businessobjects.com/products/reporting/crystalreports/default.asp
SecurityFocus BID
http://www.securityfocus.com/bid/27333

**********************************************************

(7) HIGH: Macrovision FLEXNet Connect ActiveX Control Multiple Insecure Methods
Affected:
Macrovision FLEXNet ActiveX Control

Description: Macrovision FLEXNet Connect allows software distributors
and vendors the ability to automatically deliver software and notify
users of updates. Part of its functionality is provided by an ActiveX
control. This control contains multiple insecure methods. A malicious
webpage that instantiated this control could use its "AddFile" or
"DownloadAndExecute" methods to automatically download and execute
arbitrary files to a victim's system. This could be leveraged to
overwrite sensitive files or execute arbitrary code with the privileges
of the current user. Multiple proofs-of-concept and full technical
details are publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism for CLSIDs
"1DF951B1-8D40-4894-A04C-66AD824A0EEF" and
"FCED4482-7CCB-4E6F-86C9-DCB22B52843C".

References:
Proofs-of-Concept
http://milw0rm.com/exploits/4913
http://milw0rm.com/exploits/4909
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.macrovision.com/products/licensing/flexnet_connect.htm
SecurityFocus BID
http://www.securityfocus.com/bid/27279

**********************************************************

(8) HIGH: AOL Nullsoft Winamp Multiple Vulnerabilities
Affected:
AOL Nullsoft Winamp versions prior to 5.52

Description: AOL Nullsoft Winamp is a popular media player for Microsoft
Windows. It contains multiple vulnerabilities in its handling of
Ultravox media streams. A specially crafted stream could trigger one of
these vulnerabilities, leading to a buffer overflow. Successfully
exploiting one of these buffer overflows would allow an attacker to
execute arbitrary code with the privileges of the current user. Note
that Ultravox streams may open without user intervention upon receipt,
depending on system configuration. Some technical details are publicly
available for this vulnerability.

Status: AOL confirmed, updates available.

References:
Secunia Security Advisories
http://secunia.com/advisories/27865/
http://secunia.com/secunia_research/2008-2/advisory/
Winamp Change Log
http://www.winamp.com/player/version-history
SecurityFocus BID
http://www.securityfocus.com/bid/27344

**********************************************************

(9) HIGH: Skype Cross-Site Scripting Vulnerability
Affected:
Skype versions 3.5.x and 3.6.x

Description: Skype is a popular cross platform voice and video
conferencing system. It allows users the ability to add video and other
web content to chat sessions. The web content added to these sessions
runs with full Microsoft Internet Explorer "local zone" privileges on
Microsoft Windows. This allows attackers to execute arbitrary scripts
with the privileges of the current user. This can be leveraged to full
arbitrary command and code execution. A proof-of-concept and video
demonstration of this vulnerability is publicly available. Note that
this vulnerability depends on the presence of cross site scripting
vulnerabilities in associated web sites.

Status: Skype has released a temporary fix for this vulnerability.

References:
Skype Security Bulletin
http://skype.com/security/skype-sb-2008-001.html
Posting by Miroslav Lucinskij
http://seclists.org/fulldisclosure/2008/Jan/0328.htmlPosting by Aviv
Raff (includes video demonstration)
http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx
Skype Home Page http://www.skype.comSecurityFocus BID
http://www.securityfocus.com/bid/27338

**********************************************************

(10) MODERATE: Microsoft Visual Basic DSR File Handling Buffer Overflow
Affected:
Microsoft Visual Basic Enterprise Edition versions 6 and prior

Description: Microsoft Visual Basic contains a flaw in its handling of
DSR files. DSR files are used to define form data and other information
In Visual Basic applications. A specially crafted DSR file could trigger
a buffer overflow in Visual Basic, allowing an attacker to execute
arbitrary code with the privileges of the current user. Note that DSR
files may be opened without user interaction upon receipt, depending
upon configuration. A proof-of-concept for this vulnerability is
publicly available.

Status: Microsoft has not confirmed, no updates available.

References:
Proof-of-Concept
http://www.securityfocus.com/data/vulnerabilities/exploits/27349.py
Microsoft Visual Basic 6.0 Product Information
http://msdn2.microsoft.com/en-us/library/ms950408.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/27349

**********************************************************

(11) MODERATE: Multiple Oracle Products Multiple Unspecified
Vulnerabilities (CPU Jan 2008)
Affected:
Oracle Database
Oracle Application Server
Oracle Collaboration Suite
Oracle E-Business Suite
Oracle PeopleSoft Enterprise PeopleTools

Description: Oracle has released its Critical Patch Update (CPU) for
January of 2008. This update addresses several flaws in various Oracle
products. The various vulnerabilities are of unspecified severity and
impact, though it is believed that at least some of them can lead to
remote code execution with the privileges of the vulnerable process. No
further details are publicly available for these issues. Some vendors
who ship products based on Oracle products have also issued advisories.

Status: Oracle confirmed, updates available.

References:
Oracle Critical Patch Update Advisory
http://www.oracle.com/technology/deploy/security/critical-patch-updates/
cpujan2008.html
HP Oracle for OpenView Security Advisory
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=c00727143
SecurityFocus BID
http://www.securityfocus.com/bid/27229

**********************************************************

(12) LOW: Apple iPhone/iPod Touch Mobile Safari Multiple Vulnerabilities
Affected:
Apple iPhone versions prior to 1.1.3
Apple iPod Touch versions prior to 1.1.3

Description: The Apple iPhone contains multiple vulnerabilities in its
embedded web browser based on Safari, known as Mobile Safari. A
specially crafted URL passed to the application could trigger a memory
corruption vulnerability and allow an attacker to execute arbitrary code
on the iPhone. Additionally, Mobile Safari fails to properly handle
cross-domain scripting issues, exposing users to a Cross-Site Scripting
attack. No other technical details are believed to be publicly available
for these vulnerabilities.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307302
Product Home Page
http://www.apple.com/iphone
SecurityFocus BIDs
http://www.securityfocus.com/bid/27297
http://www.securityfocus.com/bid/27296

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 4, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.4.1 CVE: CVE-2008-0081
Platform: Microsoft Office
Title: Microsoft Excel Header Parsing Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue due to an unspecified error. Please refer to the
link below for further details.
Ref: http://www.microsoft.com/technet/security/advisory/947563.mspx
______________________________________________________________________

08.4.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Visual Interdev SLN File Buffer Overflow
Description: Microsoft Visual Interdev is an integrated development
environment (IDE) for Microsoft Visual Studios. The application is
exposed to a buffer overflow issue because the application fails to
perform adequate boundary checks on user-supplied data. The issue
occurs when handling malformed solution (".sln") files. Microsoft
Visual InterDev version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/27250
______________________________________________________________________

08.4.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: DVRHOST PDVRATL.dll ActiveX Control Heap-Based Buffer Overflow
Description: DVRHOST is a hosted content management service for
storing DVR (Digital Video Recorder) files. The application utilizes
ActiveX controls for user interaction. The "PdvrAtl.PdvrOcx.1" 
ActiveX control is exposed to a heap-based buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. PDVRATL.DLL version 1.0.1.25 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=568160
______________________________________________________________________

08.4.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: QVOD Player QvodInsert.dll ActiveX Control Remote Buffer
Overflow
Description: QVOD Player "QvodInsert.dll" ActiveX control is exposed
to a buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. This issue affects the "URL"
property of the control. QVOD Player versions prior to 2.1.5 build
0053 are affected.
Ref: http://www.securityfocus.com/bid/27269
______________________________________________________________________

08.4.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: StreamAudio ProxyManager "InternalTuneIn()" ActiveX Control
Buffer Overflow
Description: StreamAudio is a radio broadcast application for
streaming media. The StreamAudio ProxyManager ActiveX control is
exposed to a buffer overflow issue because the application fails to
perform adequate boundary checks on user-supplied data. StreamAudio
ccpm_0237.dll is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.4.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Macrovision FLEXnet Connect ActiveX Control Multiple Arbitrary
File Download Vulnerabilities
Description: Macrovision FLEXnet Connect allows users to deliver
applications, patches, updates, and messages to computers. The
application is exposed to multiple file access issues.
Ref: http://www.securityfocus.com/bid/27277
______________________________________________________________________

08.4.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Cisco VPN Client for Windows Local Denial of Service
Description: Cisco VPN Client is a freely-available IPsec client
application that is used to connect to Cisco VPN servers. It is
available for multiple platforms including Microsoft Windows, Apple
Mac OS X, Unix, and Linux. The application is exposed to a local
denial of service issue due to a failure of the software's IPsec
driver to handle certain IOCTLs. Cisco VPN Client version 5.0.02.0090
of the "cvpndrva.sys" driver is affected.
Ref: http://www.securityfocus.com/bid/27289
______________________________________________________________________

08.4.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: RTS Sentry Digital Surveillance PTZCamPanel ActiveX Control
Buffer Overflow
Description: RTS Sentry Digital Surveillance is a DVR (Digital Video
Recorder) system. The application uses ActiveX controls for user
interaction. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. CamPanel.dll version 2.1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/27303
______________________________________________________________________

08.4.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: BitTorrent and uTorrent Peers Window Remote Denial of Service
Description: BitTorrent and uTorrent are Torrent applications available
for Microsoft Windows. The applications are exposed to a remote denial
of service issue because they fail to properly bounds
check user-supplied input before copying it to an insufficiently sized
memory buffer. The issue occurs when the version number of another
user's client is displayed in the "Peers" window. BitTorrent versions
prior to 6.0, and uTorrent versions prior to 1.7.5 and 1.8-alpha-7834 are
affected.
Ref: http://www.securityfocus.com/archive/1/486426
______________________________________________________________________

08.4.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Crystal Reports EnterpriseControls.dll ActiveX Control Buffer
Overflow
Description: Crystal Reports is a commercially available
data-reporting application. The "EnterpriseControls.dll" ActiveX
control allows a browser to display reports created by Crystal
Reports. The application is exposed to a buffer overflow issue because
the application fails to perform adequate boundary checks on
user-supplied data. EnterpriseControls.dll version 11.5.0.313, which
is contained in Crystal Reports XI Release 2, is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.4.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Digital Data Communications RtspVaPgCtrl ActiveX Control Buffer
Overflow
Description: Digital Data Communications "RtspVaPgCtrl" ActiveX control
is used for interacting with Level1 IP camera devices via Internet
Explorer. The "RtspVaPgCtrl" ActiveX control is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data.  This issue affects the "MP4Prefix" attribute of
the control. RtspVapgDecoder.dll version 1.1.0.29 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.4.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: CORE FORCE Firewall and Registry Modules Multiple Local Kernel
Buffer Overflow Vulnerabilities
Description: CORE FORCE is a security framework for the Microsoft
Windows 2000 and XP platforms. The application is exposed to multiple
local kernel buffer overflow issues because the application fails to
adequately verify user-supplied input. CORE FORCE versions up to and
including 0.95.167 are affected.
Ref: http://www.securityfocus.com/archive/1/486513
______________________________________________________________________

08.4.13 CVE: CVE-2008-0001
Platform: Linux
Title: Linux Kernel VFS Unauthorized File Access
Description: The Linux kernel is exposed to an unauthorized file
access issue affecting the VFS (Virtual Filesystem) module. This issue
occurs because of changes to the codebase that resulted in using
incorrect flags to track open files within Virtual filesystems.
Specifically, the open flag "flag" was used instead of the "acc_mode"
flag.
Ref: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.23.14
______________________________________________________________________

08.4.14 CVE: Not Available
Platform: Linux
Title: paramiko Random Number Generator Weakness
Description: paramiko is a python module that implements the SSH2
protocol. The application is exposed to a random number generator
weakness due to an insecure use of the PyCrypto's RandomPool class.
Specifically, the issue arises because the module uses a single instance
of the RandomPool class to generate random numbers and it does not
implement any mechanisms to ensure that numbers generated by different
processes or threads are independent.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706
______________________________________________________________________

08.4.15 CVE: CVE-2008-0171, CVE-2008-0172
Platform: Linux
Title: Boost Library Regular Expression Remote Denial of Service
Vulnerabilities
Description: The Boost library is a collection of peer-reviewed C++
libraries. The library is exposed to a remote denial of service issue
because it fails to adequately verify user-supplied input on regular
expressions. boost versions 1.33.1 and 1.34.1 are affected.
Ref: http://www.securityfocus.com/bid/27325
______________________________________________________________________

08.4.16 CVE: CVE-2008-0302
Platform: Linux
Title: apt-listchanges Unsafe Paths Library Import Local Shell Code
Execution
Description: The "apt-listchanges" tool is used to notify users about
changes in a software package's history. The tool is exposed to an
issue that allows arbitrary shell code to run. This issue occurs
because the tool uses unsafe paths when importing its Python
libraries. apt-listchanges versions prior to 2.82 are affected.
Ref: http://www.securityfocus.com/bid/27331
______________________________________________________________________

08.4.17 CVE: Not Available
Platform: BSD
Title: OpenBSD "rtlabel_id2name()" Local Denial of Service
Description: OpenBSD is exposed to a local denial of service issue
when the kernel handles a specially-crafted IOCTL request.
Specifically, when attackers issue specially-crafted IOCTL requests to
the SIOCGIFRTLABEL command, a NULL-pointer may be dereferenced in the
kernel. This is due to a failure of the kernel to properly handle NULL
return values from the "rtlabel_id2name()" function. OpenBSD versions
4.2 onwards are affected.
Ref: http://marc.info/?l=openbsd-security-announce&m=120007327504064&w=2
______________________________________________________________________

08.4.18 CVE: CVE-2008-0122
Platform: BSD
Title: FreeBSD "inet_network()" Off-by-One Buffer Overflow
Description: FreeBSD is exposed to an off-by-one buffer overflow issue
because the "inet_network()" libc library function fails to properly
bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.
Ref: http://www.securityfocus.com/bid/27283
______________________________________________________________________

08.4.19 CVE: CVE-2008-0216, CVE-2008-0217
Platform: BSD
Title: FreeBSD pty Handling Multiple Local Information Disclosure
Vulnerabilities
Description: FreeBSD is exposed to multiple issues due to errors in
the pty handling mechanisms. FreeBSD versions 5.0 and higher are
affected.
Ref: http://www.securityfocus.com/bid/27284
______________________________________________________________________

08.4.20 CVE: Not Available
Platform: Solaris
Title: libxml2 "xmlCurrentChar()" UTF-8 Parsing Remote Denial of
Service
Description: The libxml2 library is a freely-available package that is
used to parse and create XML content. The application is exposed to a
denial of service issue because of an infinite-loop flaw. libxml2
versions prior to 2.6.31 are affected.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1&searchclause=
______________________________________________________________________

08.4.21 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "libdevinfo(3LIB)" Unauthorized File Access
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to an unauthorized file access issue that
exists in the "libdevinfo(3LB)" library, which is being used by the
"login(1)" command.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103165-1&searchclause=
______________________________________________________________________

08.4.22 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "dotoprocs()" Local Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to a local denial of service issue that occurs
in the "dotprocs()" function. Sun Solaris 10.0 _x86 and Sun Solaris
10.0 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103188-1
______________________________________________________________________

08.4.23 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Malformed GIF File Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. This issue occurs because the application fails to handle
malformed GIF files. Please refer to the link below for further
details.
Ref: http://www.securityfocus.com/archive/1/486163
______________________________________________________________________

08.4.24 CVE: Not Available
Platform: Cross Platform
Title: MPlayer Multiple Unspecified Remote Denial of Service
Vulnerabilities
Description: MPlayer is a multi-media player available for multiple
operating platforms. The application is exposed to multiple
unspecified denial of service issues when handling certain malformed
media files. MPlayer version 1.0rc2 is affected.
Ref: http://www.securityfocus.com/archive/1/486163
______________________________________________________________________

08.4.25 CVE: Not Available
Platform: Cross Platform
Title: GStreamer Multiple Unspecified Remote Denial of Service
Vulnerabilities
Description: GStreamer is a library for use with multi-media
applications. The application is exposed to multiple unspecified
denial of service issues when handling certain malformed MPEG and
MPEG-2 media files. GStreamer version 0.10.15 is affected.
Ref: http://www.securityfocus.com/archive/1/486163
______________________________________________________________________

08.4.26 CVE: Not Available
Platform: Cross Platform
Title: xine-lib Multiple Unspecified Remote Denial of Service
Vulnerabilities
Description: The "xine-lib" library allows various media players to
play various media formats. It is available for UNIX, Linux, Mac OS X,
and other UNIX-like operating systems. The application is exposed to
multiple unspecified denial of service issues when handling certain
malformed media files.
Ref: http://www.securityfocus.com/archive/1/486163
______________________________________________________________________

08.4.27 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari KHTML WebKit Remote Denial of Service
Description: Apple Safari is a web browser available for multiple
operating systems. The application is exposed to a remote denial of
service issue that occurs in the KHTML Webkit when validating
malformed data. Apple Safari 2 running on Mac OS X is affected.
Ref: http://www.s21sec.com/avisos/s21sec-039-en.txt
______________________________________________________________________

08.4.28 CVE: Not Available
Platform: Cross Platform
Title: Fortinet FortiGate CRLF Characters URL Filtering Bypass
Description: Fortinet FortiGate is a series of antivirus firewall
devices. The application is exposed to an issue that can allow
attackers to bypass the device's URL filtering. This issue occurs when
an attacker submits an HTTP request with each line terminated by a CRLF
character, or if there is no hostname in the HTTP/1.0 request.
Ref:
http://lists.immunitysec.com/pipermail/dailydave/2008-January/004814.html
______________________________________________________________________

08.4.29 CVE: CVE-2007-5655
Platform: Cross Platform
Title: TIBCO SmartSockets Untrusted Pointer Multiple Remote Code
Execution Vulnerabilities
Description: SmartSockets is a message-passing framework used to
transport messages over disparate channels. The application is exposed
to multiple remote code execution issues because the application uses
attacker-supplied values from requests as pointers. The values are
used in certain memory operations and can potentially corrupt memory.
Ref: http://www.securityfocus.com/archive/1/486368
______________________________________________________________________

08.4.30 CVE: CVE-2007-5656
Platform: Cross Platform
Title: SmartSockets RTServer Multiple Remote Unspecified Untrusted
Loop Bounds Vulnerabilities
Description: SmartSockets is a message-passing framework used to
transport messages over disparate channels. RTServer is the server
component of the framework. The application is exposed to multiple
remote unspecified issues due to untrusted loop bounds. The server
processes requests with several loop iterations, with memory
operations occuring within the loops. The number of iterations is
determined from within the requests. SmartSockets version 6.8.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/486370
______________________________________________________________________

08.4.31 CVE: CVE-2007-5658
Platform: Cross Platform
Title: TIBCO SmartSockets Request Heap Buffer Overflow
Description: TIBCO SmartSockets is a message passing framework. The
application is exposed to a heap-based buffer overflow issue because
it fails to perform adequate boundary checks on
user-supplied data. The issue exists in the code that processes
requests. Specifically, the two values used to allocate memory can be
controlled by an attacker.
Ref: http://www.securityfocus.com/archive/1/486367
______________________________________________________________________

08.4.32 CVE: CVE-2007-5657
Platform: Cross Platform
Title: TIBCO SmartSockets Multiple Pointer Offset Remote Code
Execution Vulnerabilities
Description: TIBCO SmartSockets is a real-time communication system
designed for enterprises. The application is exposed to multiple
remote code execution issues when the application processes requests
and user-supplied input is used to offset valid pointers that are
later used for memory operations. SmartSockets version 6.8.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/486369
______________________________________________________________________

08.4.33 CVE: CVE-2008-0035
Platform: Cross Platform
Title: Apple Safari for iPhone and iPod Touch "Foundation" Unspecified
Memory Corruption
Description: Apple iPhone is a mobile phone that contains a
stripped-down version of the Apple Safari Browser called Mobile
Safari. iPhone runs on the ARM architecture. Apple iPod Touch is a
portable music player that also contains the Safari browser. The
"Foundation" component of the Safari browser is exposed to an
unspecified memory corruption issue. iPhone versions 1.0 to 1.1.2
and iPod Touch versions 1.1 to 1.1.2 are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307302
______________________________________________________________________

08.4.34 CVE: CVE-2008-0034
Platform: Cross Platform
Title: Apple iPhone Passcode Lock Security Bypass
Description: Apple iPhone is exposed to a security bypass issue that
can be leveraged to launch arbitrary iPhone applications. This issue
affects the Passcode Lock feature due to the way that it handles
emergency calls. iPhone versions prior to 1.1.3 are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307301
______________________________________________________________________

08.4.35 CVE: CVE-2008-0031
Platform: Cross Platform
Title: Apple QuickTime Sorenson 3 Video Files Remote Code Execution
Description: Apple QuickTime is a media player for Mac OS X and
Microsoft Windows. The application is exposed to a remote code
execution issue when handling specially-crafted Sorenson 3 video
files. QuickTime versions prior to 7.4 running on the following
operating systems are affected: Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac
OS
X 10.5 or later, Microsoft Windows XP and Microsoft Windows Vista.
Ref: http://docs.info.apple.com/article.html?artnum=307301
______________________________________________________________________

08.4.36 CVE: CVE-2008-0033
Platform: Cross Platform
Title: Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory
Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption issue.
Specifically, this issue occurs when parsing Image Descriptor (IDSC)
atoms in a malicious movie file. Apple QuickTime versions prior to 7.4
running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac
OS X are affected.
Ref: http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
______________________________________________________________________

08.4.37 CVE: CVE-2008-0036
Platform: Cross Platform
Title: Apple QuickTime Compressed PICT Remote Buffer Overflow
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a buffer overflow issue.
Specifically, the issue occurs when parsing compressed PICT files.
Apple QuickTime versions prior to 7.4 running on Microsoft Windows
Vista, Microsoft Windows XP SP2, and Mac OS X are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307301
______________________________________________________________________

08.4.38 CVE: CVE-2008-0032
Platform: Cross Platform
Title: Apple QuickTime "Macintosh Resource" Records Remote Memory
Corruption
Description: Apple QuickTime is a media player that supports multiple
file formats. The application is exposed to a memory corruption issue.
Specifically, this issue occurs when the application is handling
Macintosh Resource records in a malicious movie file. Apple QuickTime
versions prior to 7.4 running on Microsoft Windows Vista, Microsoft
Windows XP SP2, and Mac OS X are affected.
Ref: http://www.securityfocus.com/archive/1/486396
______________________________________________________________________

08.4.39 CVE: Not Available
Platform: Cross Platform
Title: OSC Radiator Radius Packet Remote Denial of Service
Description: OSC Radiator is a Radius server available for various
platforms. The application is exposed to a remote denial of service
issue that presents itself when the server tries to process a
malicious Radius packet. OSC Radiator versions prior to 4.0 are
affected.
Ref: http://www.open.com.au/radiator/history.html
______________________________________________________________________

08.4.40 CVE: CVE-2008-0027
Platform: Cross Platform
Title: Cisco Unified Communications Manager CTL Provider Heap Buffer
Overflow
Description: Cisco Unified Communications Manager (formerly known as
CallManager) is the call-processing component of the Cisco Unified
Communications System. The Certificate Trust List (CTL) is used by IP
phone devices to verify the identity of CUCM servers. The CTL Provider
service is exposed to a heap-based buffer overflow issue. The service
is enabled during initial configuration of the CUCM server, or when
changes are made to the CTL. The service listens on TCP port 2444 by
default. Unified CallManager versions 4.0 and 4.1 prior to 4.1(3)SR5c,
and Unified Communications Manager versions 4.2 prior to 4.2(3)SR3 and
4.3 prior to 4.3(1)SR1 are affected.
Ref: http://www.securityfocus.com/archive/1/486415
______________________________________________________________________

08.4.41 CVE: CVE-2008-0285
Platform: Cross Platform
Title: ngIRCd PART Command Parsing Denial of Service
Description: ngIRCd is an IRC daemon available for various platforms
including Windows and UNIX. The application is exposed to a denial of
service issue because it fails to handle certain PART commands
properly. ngIRCd versions prior to 0.10.4 and 0.11.0-pre2 are
affected.
Ref: http://ngircd.barton.de/doc/ChangeLog
______________________________________________________________________

08.4.42 CVE: Not Available
Platform: Cross Platform
Title: MiniWeb Directory Traversal and Buffer Overflow Vulnerabilities
Description: MiniWeb is an HTTP server implemented in C. The
application is exposed to multiple remote issues. MiniWeb version
0.8.19 is affected.
Ref: http://www.securityfocus.com/bid/27319
______________________________________________________________________

08.4.43 CVE: Not Available
Platform: Cross Platform
Title: IBM Informix Dynamic Server Multiple Unspecified File Creation
Vulnerabilities
Description: IBM Informix Dynamic Server is an application server that
runs on various platforms. The application is exposed to multiple
unspecified issues caused by unspecified file creation errors that
affect "SQLIDEBUG" and "ONEDCU". Informix Dynamic Server version 10.0
is affected.
Ref: http://www.securityfocus.com/bid/27328
______________________________________________________________________

08.4.44 CVE: Not Available
Platform: Cross Platform
Title: Citrix Presentation Server IMA Service Buffer Overflow
Description: Citrix Presentation Server provides remote application
access using the ICA protocol. It uses the IMA (Independent Management
Architecture) service for inter-server and management communications.
The application is exposed to a buffer overflow issue because the
application fails to properly bounds check user-supplied input before
copying it to an insufficiently sized memory buffer. Citrix MetaFrame
and Presentation Server version 4.5 (and earlier), Citrix Access
Essentials version 2.0 (and earlier), and Citrix Desktop Server 1.0 (and
earlier) are affected.
Ref: http://support.citrix.com/article/CTX114487
______________________________________________________________________

08.4.45 CVE: CVE-2007-5760, CVE-2007-5758, CVE-2007-6427,
CVE-2007-6428, CVE-2007-6429, CVE-2008-0006
Platform: Cross Platform
Title: X.Org X Server Multiple Local Privilege Escalation and
Information Disclosure Vulnerabilities
Description: The X.Org X Server is an open-source X Window System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to multiple local privilege
escalation issues.
Ref: http://www.securityfocus.com/archive/1/486516
______________________________________________________________________

08.4.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 BIG-IP "SearchString" Multiple Cross-Site Scripting
Vulnerabilities
Description: F5 BIG-IP is a device that runs multiple software modules
used to serve applications, manage security and monitor network
traffic as well as other uses. The device's web interface is exposed
to multiple cross-site scripting issues because it fails to sanitize
user-supplied input. BIG-IP firmware version 9.4.5 is affected.
Ref: http://www.securityfocus.com/bid/27272
______________________________________________________________________

08.4.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Running Management "index.php" Cross-Site Scripting
Description: PHP Running Management is a PHP web-based application for
runners. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input to the
"message" parameter of the "index.php" script. PHP Running Management
versions prior to 1.0.3 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=568237&group_id=103505
______________________________________________________________________

08.4.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dansie Search Engine "search.pl" Cross-Site Scripting
Description: Dansie Search Engine is a Perl script that provides
search functionality. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied input to the "keywords" parameter of the "search.pl"
script. Dansie Search Engine version 2.7 is affected.
Ref: http://www.securityfocus.com/bid/27269
______________________________________________________________________

08.4.49 CVE: CVE-2007-4389
Platform: Web Application - Cross Site Scripting
Title: 2Wire Routers Cross-Site Request Forgery
Description: 2Wire routers are network devices designed for home and
small-office setups. The application is exposed to a cross-site
request forgery issue. An attacker can exploit this issue to perform
DNS poisoning attacks through the "NAME" and "ADDR" parameters.
Ref:
http://www.securityfocus.com/archive/1/archive/1/476595/100/0/threaded
______________________________________________________________________

08.4.50 CVE: CVE-2008-0123
Platform: Web Application - Cross Site Scripting
Title: Moodle "install.php" Cross-Site Scripting
Description: Moodle is an open-source course manager designed for
online courseware and e-learning. It is freely available under the GNU
Public license for Unix and variants and for Microsoft Windows. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "dbname"
parameter of the "install.php" script. Moodle versions prior to 1.8.4
are affected.
Ref: http://www.securityfocus.com/archive/1/486198
______________________________________________________________________

08.4.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: pMachine Pro Multiple Cross-Site Scripting Vulnerabilities
Description: pMachine Pro is a website management application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "L_PREF_GROUP[S100]",
"L_PREF_GROUP[S110]", "L_PREF_NAME[810]" and "L_PREF_NAME[850]"
parameters of the "pm/language/spanish/preferences.php" script.
pMachine Pro version 2.4.1 is affected.
Ref: http://www.securityfocus.com/bid/27282
______________________________________________________________________

08.4.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: cPanel "dohtaccess.html" Cross-Site Scripting
Description: cPanel is a web-hosting control panel. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to an unspecified parameter of the
"/cpanelpro/dohtaccess.html" script.
Ref: http://www.securityfocus.com/archive/1/486404
______________________________________________________________________

08.4.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Sametime Client Chat Message Cross-Site Scripting
Description: IBM Lotus Sametime Client is a commercially available
instant-messaging and web-conferencing application. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. Lotus Sametime Client application versions 7.5 and 7.5.1 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21292938
______________________________________________________________________

08.4.54 CVE: CVE-2008-0173
Platform: Web Application - SQL Injection
Title: GForge Multiple Unspecified SQL Injection Vulnerabilities
Description: Gforge is a web-based tool for collaborative development.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to unspecified 
parameters before using it in SQL queries.
Ref: http://www.securityfocus.com/bid/27266
______________________________________________________________________

08.4.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ImageAlbum "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: ImageAlbum is a web-based photo album application. The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input to the "id" parameter.
ImageAlbum version 2.00b2 is affected.
Ref: http://www.securityfocus.com/archive/1/486162
______________________________________________________________________

08.4.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ajchat "directory.php" SQL Injection
Description: Ajchat is an instant messaging application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "s" parameter of the
"directory.php" script before using it in an SQL query. Ajchat version
0.10 is affected.
Ref: http://www.securityfocus.com/bid/27241
______________________________________________________________________

08.4.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TaskFreak! "index.php" SQL Injection
Description: TaskFreak! is a web-based task manager application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sContext" parameter
of the "index.php" script before using it in an SQL query. TaskFreak!
version 0.81 is affected.
Ref: http://www.securityfocus.com/bid/27257
______________________________________________________________________

08.4.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Agares Media phpAutoVideo "articleblock.php" SQL Injection
Description: phpAutoVideo is a web-based video site application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "articlecat" parameter
of the "includes/articleblock.php" script before using it in an SQL
query. phpAutoVideo version 2.21 is affected.
Ref: http://www.securityfocus.com/bid/27258
______________________________________________________________________

08.4.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Matteo Binda ASP Photo Gallery Multiple SQL Injection
Vulnerabilities
Description: ASP Photo Gallery is a web-based photo gallery
application implemented in ASP. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data. ASP Photo Gallery version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/27262
______________________________________________________________________

08.4.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TutorialCMS "activate.php" SQL Injection
Description: TutorialCMS is a content management system. The
application is prone to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "userName" parameter
of the "activate.php" script before using it in an SQL query.
TutorialCMS version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/27263
______________________________________________________________________

08.4.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BinN S.Builder "full_text.php" SQL Injection
Description: BinN S.Builder is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "nid" parameter of the
"full_text.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27264
______________________________________________________________________

08.4.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: X7 Chat Index.PHP SQL Injection
Description: X7 Chat is a free, open-source, web-based chat
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"day" parameter of the "index.php" script before using it in an SQL
query. X7 Chat version 2.0.5 is affected.
Ref: http://www.securityfocus.com/bid/27277
______________________________________________________________________

08.4.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Xforum "liretopic.php" SQL Injection
Description: Xforum is a web-based forum application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "topic" parameter of the
"liretopic.php" script before using it in an SQL query. Xforum version
1.4 is affected.
Ref: http://www.securityfocus.com/bid/27278
______________________________________________________________________

08.4.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RichStrong CMS "showproduct.asp" SQL Injection
Description: RichStrong CMS is a content manager implemented in ASP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "showproduct.asp" script before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/4910
______________________________________________________________________

08.4.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Article Dashboard "admin/login.php" Multiple SQL Injection
Vulnerabilities
Description: Article Dashboard is an application that facilitates the
publication of articles on a web site; it is implemented in PHP with a
MySQL database. The application is exposed to multiple SQL injection
issues because it fails to properly sanitize user-supplied input to
the "user" or "pass" parameters of the "admin/login.php" script before
using it in SQL queries.
Ref: http://www.securityfocus.com/archive/1/486323
______________________________________________________________________

08.4.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LulieBlog "id" Parameter Multiple SQL Injection Vulnerabilities
Description: LulieBlog is a web-based blog application. The
application is exposed to multiple SQL injection issues because it
fails to properly sanitize user-supplied input to the "id" parameter
of the following scripts: "comment_accepter.php",
"comment_refuser.php" and "article_suppr.php". LulieBlog version 1.0.1
is affected.
Ref: http://www.securityfocus.com/bid/27290
______________________________________________________________________

08.4.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple FaScript Packages "show.php" SQL Injection
Description: FaScript is a set of PHP-based web applications. Multiple
FaScript packages are exposed to an SQL injection issue because they
fail to sufficiently sanitize user-supplied data to the "id" parameter
of the "show.php" script before using it in an SQL query. FaMp3
version 1, FaPersian Petition, and FaPersianHack version 1 are
affected.
Ref: http://www.securityfocus.com/bid/27302
______________________________________________________________________

08.4.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FaName "page.php" SQL Injection
Description: FaName is a PHP-based web application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "page.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27303
______________________________________________________________________

08.4.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pixelpost "index.php" SQL Injection
Description: Pixelpost is a PHP-based photoblog application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data in the "parent_id" parameter
of the "index.php" script before using it in an SQL query. Pixelpost
version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/27242
______________________________________________________________________

08.4.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RichStrong CMS "showproduct.asp" SQL Injection
Description: RichStrong CMS is a content management system implemented
in ASP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "showproduct.asp" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27310
______________________________________________________________________

08.4.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: aliTalk Multiple SQL Injection and Access Validation
Vulnerabilties
Description: aliTalk is a web-based instant messaging application. The
application is exposed to multiple input validation issues because it
fails to adequately sanitize user-supplied input. aliTalk version
1.9.1.1 is affected.
Ref: http://www.securityfocus.com/bid/27315
______________________________________________________________________

08.4.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Residence "visualizza_tabelle.php" SQL Injection
Description: PHP-Residence is a web-based application for tracking
house, apartment, and hotel-room rentals. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the search input parameter of the
"visualizza_tabelle.php" script before using it in an SQL query.
PHP-Residence version 0.7.2 is affected.
Ref: http://www.securityfocus.com/bid/27320
______________________________________________________________________

08.4.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyBB "moderation.php" Multiple SQL Injection Vulnerabilities
Description: MyBB is a PHP-based bulletin board application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to 
parameters of the "moderation.php" script before using it in an SQL
query. MyBB versions prior to 1.2.11 are affected.
Ref: http://www.securityfocus.com/archive/1/486433
______________________________________________________________________

08.4.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHPEcho CMS "index.php" SQL Injection
Description: PHPEcho CMS is an PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query. PHPEcho CMS
version 2.0-rc3 is affected.
Ref: http://www.securityfocus.com/bid/27326
______________________________________________________________________

08.4.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Site2Nite Real Estate Web "default.asp" Multiple SQL Injection
Vulnerabilities
Description: Site2Nite Real Estate Web is an ASP-based bulletin board
for real-estate listings. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "txtPassword" and "txtUserNam" parameters of
the "default.asp" script before using it in an SQL query.
Ref: http://support.citrix.com/article/CTX114487
______________________________________________________________________

08.4.76 CVE: Not Available
Platform: Web Application
Title: FreeSeat Unspecified Security Bypass
Description: FreeSeat is a web-based PHP application for managing
bookings. The application is exposed to a security bypass issue due to
an unspecified error in the "seat locking" functionality. FreeSeat
versions prior to 1.1.5d are affected.
Ref:
https://sourceforge.net/project/shownotes.php?release_id=568374&group_id=160239
______________________________________________________________________

08.4.77 CVE: Not Available
Platform: Web Application
Title: Member Area System "view_func.php" Remote File Include
Description: Member Area System is commercially available web-based
PHP application that is designed for adult webmasters. It is a
content management application. The application is exposed to a remote
file include issue because it fails to properly sanitize user-supplied
input to the "i" and "l" parameters of the "view_func.php" script.
Member Area System version 1.7 is affected.
Ref: http://www.securityfocus.com/archive/1/486172
______________________________________________________________________

08.4.78 CVE: Not Available
Platform: Web Application
Title: 0DayDB "delete.php' Authentication Bypass
Description: 0DayDB is a collection of tools for running a "warez" web
site. The application is exposed to an authentication bypass issue
because the application fails to validate user authentication
credentials before granting access to the "delete.php" script. 0DayDB
version 2.3 is affected.
Ref: http://www.securityfocus.com/bid/27255
______________________________________________________________________

08.4.79 CVE: Not Available
Platform: Web Application
Title: minimal Gallery Multiple Information Disclosure Vulnerabilities
Description: minimal Gallery is an image gallery. The application is
exposed to multiple issues. minimal Gallery version 0.8 is affected.
Ref: http://www.securityfocus.com/bid/27265
______________________________________________________________________

08.4.80 CVE: Not Available
Platform: Web Application
Title: Garment Center "index.cgi" Local File Include
Description: Garment Center is a web-based application implemented in
Perl. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "page"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/27273
______________________________________________________________________

08.4.81 CVE: Not Available
Platform: Web Application
Title: BugTracker.NET New Bug Report Multiple HTML Injection
Vulnerabilities
Description: Bugtracker.NET is a web-based bug tracker written in
ASP.NET and C# with a Microsoft SQL or MSDE database. The application
is exposed to multiple HTML injection issues because it fails to
sanitize user-supplied input to various unspecified form fields when
submitting a new bug report. BugTracker.NET versions prior to 2.7.2
are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=568160
______________________________________________________________________

08.4.82 CVE: Not Available
Platform: Web Application
Title: PHP F1 Max's File Uploader "index.php" Arbitrary File Upload
Description: Max's File Uploader is a PHP-based application that
allows users to upload files onto a web server. The application is
exposed to an arbitrary file upload issue because the application
fails to sufficiently sanitize user-supplied input. The issue exists
in the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/486335
______________________________________________________________________

08.4.83 CVE: Not Available
Platform: Web Application
Title: Micro News "admin.php" Authentication Bypass
Description: Micro News is a PHP-based application for posting news
items to web sites. The application is exposed to an authentication
bypass issue because it fails to perform authentication checks in the
"admin.php" script.
Ref: http://www.securityfocus.com/archive/1/486349
______________________________________________________________________

08.4.84 CVE: Not Available
Platform: Web Application
Title: ARIA "effect.php" Local File Include
Description: ARIA is a PHP-based ERP (Enterprise Resource Planning)
application. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"page" parameter of the "/arias/help/effect.php" script. ARIA version
0.99-6 is affected.
Ref: http://www.securityfocus.com/archive/1/486406
______________________________________________________________________

08.4.85 CVE: Not Available
Platform: Web Application
Title: MailBee WebMail Pro "download_view_attachment.aspx" Local File
Include
Description: MailBee WebMail Pro is a webmail client implemented in
ASP and PHP. The application is exposed to a local file include issue
because it fails to properly sanitize user-supplied input to the
"temp_filename" parameter of the "download_view_attachment.aspx"
script.
Ref: http://www.securityfocus.com/bid/27312
______________________________________________________________________

08.4.86 CVE: Not Available
Platform: Web Application
Title: BLOG:CMS Multiple Input Validation Vulnerabilities
Description: BLOG:CMS is a freely available PHP-based blog and
content management application. The application fails to properly
sanitize user-supplied input. BLOG:CMS version 4.2.1.b is affected.
Ref: http://www.securityfocus.com/archive/1/486400
______________________________________________________________________

08.4.87 CVE: Not Available
Platform: Web Application
Title: MyBB Multiple Remote PHP Code Execution Vulnerabilities
Description: MyBB is a bulletin board application written in PHP. The
application is exposed to multiple remote PHP code execution issues
due to the application using user-supplied input in an "eval()"
function call. Specifically, input to the "sortby" parameter of the
"search.php" and "forumdisplay.php" scripts is not properly sanitized.
MyBB version 1.2.10 is affected.
Ref: http://www.securityfocus.com/archive/1/486434
______________________________________________________________________

08.4.88 CVE: Not Available
Platform: Web Application
Title: Gradman "agregar_info.php" Local File Include
Description: Gradman a web-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "tabla" parameter of the
"agregar_info.php" script. Gradman version 0.1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/486444
______________________________________________________________________

08.4.89 CVE: Not Available
Platform: Web Application
Title: Galaxyscripts Mini File Host "upload.php" Local File Include
Description: Galaxyscripts Mini File Host is a file hosting script.
The application is exposed to a local file include issue because it
fails to sufficiently sanitize user-supplied input to the "language"
parameter of the "upload.php" script. Mini File Host versions 1.2 and
prior are affected.
Ref: http://www.securityfocus.com/bid/27327
______________________________________________________________________

08.4.90 CVE: Not Available
Platform: Web Application
Title: Clever Copy Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Clever Copy is a scalable website portal and news-posting
system. The application is exposed to multiple input validation issues
because it fails to sufficiently sanitize user-supplied data. Clever
Copy version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/486492
______________________________________________________________________

08.4.91 CVE: Not Available
Platform: Web Application
Title: Skype Web Content Zone Remote Code Execution
Description: Skype is an application that provides VoIP, instant
messaging, file transfer, video conferencing, and other utilities. The
application is exposed to an issue that allows arbitrary code to run.
Skype version 3.6.0.244 is affected.
Ref:
http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulnerability.aspx
______________________________________________________________________

08.4.92 CVE: Not Available
Platform: Web Application
Title: AuraCMS "stat.php" Remote Script Code Execution
Description: AuraCMS is a web-based content manager. The application
is exposed to a remote script code execution issue because it fails to
properly sanitize user-supplied input to the "X-Forwarded-For" HTTP
request header. Specifically the issue exists in the "stat.php" script
and can be used by remote attackers to include and execute arbitrary
script code in the context of the affected application. AuraCMS
version 1.62 is affected.
Ref: http://www.securityfocus.com/bid/27342
______________________________________________________________________

08.4.93 CVE: Not Available
Platform: Network Device
Title: 8E6 R3000 Internet Filter URI Security Bypass
Description: The 8e6 R3000 Internet Filter is an appliance for
filtering internet traffic. The appliance is exposed to an issue that
allows attackers to bypass URI filters. Specifically HTTP requests
that are split into multiple packets will not be adequately filtered.
R3000 Internet Filter version 2.0.05.33 is affected.
Ref: http://www.securityfocus.com/archive/1/486398
______________________________________________________________________

08.4.94 CVE: Not Available
Platform: Network Device
Title: Funkwerk X2300 DNS Request Denial of Service
Description: Funkwerk X2300 is a packet-routing device. The
application is exposed to a denial of service issue when processing
malicious DNS requests. Funkwerk X2300 firmware 7.4.1 prior to Patch 9
are affected.
Ref:
http://www.funkwerk-ec.com/portal/downloadcenter/dateien/x2300/r7401p09/
readme_741p9_en.pdf
______________________________________________________________________

08.4.95 CVE: Not Available
Platform: Network Device
Title: OKI C5510MFP Printer Unauthorized Access
Description: The OKI C5510MFP Printer is a multi-function networked
printing device. The printer is exposed to an unauthorized access
issue because it obtains configuration details and administrator
passwords in an insecure manner.
Ref: http://www.securityfocus.com/archive/1/486511
______________________________________________________________________
[ terug ]