Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Jan. 28, 2008                                              Vol. 7. Week 5
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                  1
Third Party Windows Apps                 12 (#2, #4, #5, #6)
Linux                                     1
Aix                                       7
Unix                                      1
Cross Platform                           23 (#1, #3)
Web Application - Cross Site Scripting    8
Web Application - SQL Injection          18
Web Application                          25
Network Device                            3

************************* SECURITY TRAINING UPDATE *********************
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - Las Vegas (3/17 - 3/18) Penetration Testing Summit:
  (an ultra cool program) http://www.sans.org/pentesting08_summit
- - San Jose (2/2 - 2/8): http://www.sans.org/siliconvalley08/event.php
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - SANS 2008 (4/18-4/25) In Orlando SANS' biggest program with myriad
bonus sessions: http://www.sans.org/sans2008
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Citadel SMTP Server Buffer Overflow
(2) CRITICAL: IBM Tivoli Provisioning Manager for OS Deployment HTTP Buffer
Overflow
(3) HIGH: Firebird Database Overlong Username Buffer Overflow
(4) HIGH: HP Virtual Rooms Install ActiveX Control Buffer Overflow
(5) HIGH: Comodo Antivirus ActiveX Control Arbitrary Command Execution
(6) HIGH: Lycos File Upload ActiveX Control Buffer Overflow

***************************  SPONSORED LINK  ****************************
1) Discover the latest security management trends from Jon Oltsik's ESG
research in this HP-hosted webinar.
http://www.sans.org/info/22619
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
08.5.1 - Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer
Overflow Vulnerabilities
 -- Third Party Windows Apps
08.5.2 - SocksCap Hostname Resolution Remote Stack-Based Buffer Overflow
08.5.3 - Toshiba Surveillance Surveillix DVR "MeIpCamX.DLL" ActiveX Control
Buffer Overflow Vulnerabilities
08.5.4 - Winamp Ultravox Streaming Metadata Multiple Stack-Based Buffer Overflow
Vulnerabilities
08.5.5 - HP Virtual Rooms "hpvirtualrooms14.dll" ActiveX Control Multiple Buffer
Overflow Vulnerabilities
08.5.6 - IBM WebSphere Business Modeler Repository Arbitrary File Deletion
08.5.7 - GlobalLink "GLChat.ocx" ActiveX Control "ChatRoom()" Buffer Overflow
08.5.8 - Lycos File Upload Component "FileUploader.dll" ActiveX Control Buffer
Overflow
08.5.9 - HFS HTTP File Server Multiple Security Vulnerabilities
08.5.10  - Comodo AntiVirus "ExecuteStr()" ActiveX Control Arbitrary Command
Execution
08.5.11  - Move Networks Media Player "QMPUpgrade.dll" ActiveX Control Buffer
Overflow
08.5.12  - ImageShack Toolbar "ImageShackToolbar.dll" ActiveX Control Insecure
Method
08.5.13  - GE Fanuc CIMPLICITY "w32rtr.exe" Remote Buffer Overflow
 -- Linux
08.5.14  - MoinMoin MOIN_ID Cookie Remote Authentication Bypass
 -- Aix
08.5.15  - IBM AIX "pioout" Local Buffer Overflow
08.5.16  - IBM AIX "uspchrp" Local Buffer Overflow
08.5.17  - IBM AIX "utape" Local Buffer Overflow
08.5.18  - IBM AIX Logical Volume Manager Multiple Commands Local Buffer
Overflow Vulnerabilities
08.5.19  - IBM AIX "swap" Commands Local Buffer Overflow Vulnerabilities
08.5.20  - IBM AIX WebSM Remote Client For Linux Local Insecure File Permissions
08.5.21  - IBM AIX "ps" Local Information Disclosure
 -- Unix
08.5.22  - Axigen AXIMilter Filtering Module Remote Format String
 -- Cross Platform
08.5.23  - X.Org X Server X:1 -sp Command Information Disclosure
08.5.24  - BitDefender Products Update Server HTTP Daemon Directory Traversal
08.5.25  - Apache Tomcat SingleSignOn Remote Information Disclosure
08.5.26  - IBM WebSphere Application Server serveServletsByClassnameEnabled
Unspecified
08.5.27  - X.Org X Server "MIT-SHM" Local Privilege Escalation
08.5.28  - X.Org X Server "Xinput" Extension Local Privilege Escalation
08.5.29  - X.Org X Server PCF Font Parser Buffer Overflow
08.5.30  - X.Org X Server "EVI" Extension Local Privilege Escalation
08.5.31  - X.Org X Server "PassMessage" Request Local Privilege Escalation
08.5.32  - X.Org X Server "TOG-CUP" Extension Local Privilege Escalation
08.5.33  - Numara FootPrints "MRchat.pl" and "MRABLoad2.pl" Multiple Remote
Command Execution Vulnerabilities
08.5.34  - Citadel SMTP RCPT TO Remote Buffer Overflow
08.5.35  - IBM Tivoli Provisioning Manager for OS Deployment Denial of Service
08.5.36  - IBM Tivoli Business Service Manager Password Disclosure
08.5.37  - Fujitsu Interstage HTTP Server Multiple Unspecified Denial of Service
Vulnerabilities
08.5.38  - IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
08.5.39  - Mozilla Firefox chrome:// URI JavaScript File Request Information
Disclosure
08.5.40  - PHP cURL "safe mode" Security Bypass
08.5.41  - SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer
Overflow
08.5.42  - aconon Mail Template Parameter Directory Traversal
08.5.43  - SDL_image IFF ILBM File Remote Buffer Overflow
08.5.44  - Apple iPhone Mobile Safari Memory Exhaustion Remote Denial of Service
08.5.45  - PulseAudio Local Privilege Escalation
 -- Web Application - Cross Site Scripting
08.5.46  - MegaBBS "upload.asp" Cross-Site Scripting
08.5.47  - MediaWiki Search Bar Cross-Site Scripting
08.5.48  - Agares phpAutoVideo Cross-Site Scripting Vulnerability and Remote
File Include
08.5.49  - Mantis "Most Active Bugs" Summary Cross-Site Scripting
08.5.50  - PacerCMS "submit.php" Cross-Site Scripting
08.5.51  - Novemberborn sIFR "txt" Parameter Cross-Site Scripting
08.5.52  - ELOG Cross-Site Scripting Vulnerability and Denial of Service
08.5.53  - DeluxeBB "attachments_header.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.5.54  - Wordpress Plugin WP-Forum SQL Injection
08.5.55  - 360 Web Manager "form.php" SQL Injection
08.5.56  - boastMachine "mail.php" SQL Injection
08.5.57  - VP-ASP "paypalresult.asp" SQL Injection
08.5.58  - Coppermine Photo Gallery "thumbnails.php" SQL Injection
08.5.59  - Mooseguy Blog System "blog.php" SQL Injection
08.5.60  - MyBB "private.php" SQL Injection
08.5.61  - AlstraSoft Forum Pay Per Post Exchange "index.php" SQL Injection
08.5.62  - PacerCMS "id" Parameter Multiple SQL Injection Vulnerabilities
08.5.63  - EasySiteNetwork Recipe Website Script "list.php" SQL Injection
08.5.64  - PHP-Nuke Search Module "sid" Parameter SQL Injection
08.5.65  - Foojan WMS "index.php" SQL Injection
08.5.66  - LulieBlog "voircom.php" SQL Injection
08.5.67  - Tiger Php News System "catid" Parameter SQL Injection
08.5.68  - Flinx "category.php" SQL Injection
08.5.69  - Pre Hotel and Resorts "user_login.asp" Multiple SQL Injection
Vulnerabilies
08.5.70  - Pre Dynamic Institution "login.asp" Multiple SQL Injection
Vulnerabilies
08.5.71  - E-SMART CART "Members Login" Multiple SQL Injection Vulnerabilies
 -- Web Application
08.5.72  - Bloofox CMS Multiple Input Validation Vulnerabilities
08.5.73  - GalaxyScripts Mini File Host "upload.php" POST Parameter Local File
Include
08.5.74  - GradMan "info.php" Local File Include
08.5.75  - Small Axe Weblog "linkbar.php" Remote File Include
08.5.76  - Mahara HTML Arbitrary File Upload
08.5.77  - OZJournals "printpreview" Local File Disclosure
08.5.78  - IDMOS CMS "download.php" Local File Include
08.5.79  - Lama Software "MY_CONF[classRoot]" Multiple Remote File Include
Vulnerabilities
08.5.80  - Small Axe Weblog "ffile" Parameter Remote File Include
08.5.81  - Frimousse "explorerdir.php" File Disclosure
08.5.82  - aflog Multiple SQL Injection and Cross-Site Scripting Vulnerabilities
08.5.83  - Belong Software Site Builder Administration Pages Authentication
Bypass
08.5.84  - SetCMS "set" Parameter Local File Include
08.5.85  - Apache "mod_negotiation" HTML Injection and HTTP Response Splitting
08.5.86  - YaBB SE Cookie Security Bypass
08.5.87  - Multiple Web Wiz Products Remote Information Disclosure
08.5.88  - Web Wiz Rich Text Editor Arbitrary HTML File Creation
08.5.89  - Siteman "articles.php" File Disclosure
08.5.90  - Cisco Application Velocity System (AVS) Remote Default Account
Vulnerabilities
08.5.91  - Liquid-Silver CMS "update/index.php" Local File Include
08.5.92  - SLAED CMS "index.php" Local File Include
08.5.93  - Seagull PHP Framework "optimizer.php" Information Disclosure
08.5.94  - Drupal Workflow Module Multiple HTML Injection Vulnerabilities
08.5.95  - ManageEngine Applications Manager Multiple Cross Site Scripting and
Security Vulnerabilities
08.5.96  - GE Fanuc Proficy Portal Remote Script Code Execution
 -- Network Device
08.5.97  - Belkin Wireless G Plus MIMO Router Remote Authentication Bypass
08.5.98  - Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery
08.5.99  - Cisco PIX and ASA Appliance "TTL Decrement" Denial of Service
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Citadel SMTP Server Buffer Overflow
Affected:
Citadel SMTP Server versions prior to 7.24

Description: Citadel is a popular open source groupware and messaging
platform. Its Simple Mail Transport Protocol (SMTP) server component,
used to send and receive email messages, contains a buffer overflow in
its handling of recipient email addresses. An overlong email address
passed to the recipient command could trigger this buffer overflow,
allowing an attacker to execute arbitrary code with the privileges of
the vulnerable process. Note that, by default, no authentication is
necessary to exploit this vulnerability. A proof-of-concept and full
technical details are publicly available for this vulnerability.

Status: Citadel confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/advisories/28590/
Proof-of-Concept (binary file link)
http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz
Wikipedia Article on SMTP
http://en.wikipedia.org/wiki/SMTP
Product Home Page
http://www.citadel.org/doku.php
SecurityFocus BID
http://www.securityfocus.com/bid/27376

*******************************************************

(2) CRITICAL: IBM Tivoli Provisioning Manager for OS Deployment HTTP Buffer
Overflow
Affected:
IBM Tivoli Provisioning Manager for OS Deployment versions prior to 5.1.0 with
Interim Fix 3

Description: IBM Tivoli Provisioning Manager for OS Deployment is an
enterprise operating system deployment suite, used to install operating
systems on other machines. It contains a flaw in its handling of HTTP
requests to its internal web server. A specially crafted request could
exploit a buffer overflow within the affected component, allowing an
attacker to execute arbitrary code with the privileges of the vulnerable
process (usually SYSTEM). Some technical details are publicly available
for this vulnerability.

Status: IBM confirmed, updates available.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=647
Product Home Page
http://www-306.ibm.com/software/tivoli/products/prov-mgr-os-deploy/
SecurityFocus BID
http://www.securityfocus.com/bid/27387

*******************************************************

(3) HIGH: Firebird Database Overlong Username Buffer Overflow
Affected:
Firebird Database versions prior to 2.0.4 and 2.1.0 RC1

Description: The Firebird database server is a popular relational
database system. It contains a buffer overflow in its handling of
usernames passed in login requests. An overlong username could trigger
this buffer overflow. Successfully exploiting this vulnerability would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process. Full technical details are publicly available for
this vulnerability via source code analysis.

Status: Firebird confirmed, updates available.

References:
Firebird Change Log
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570816
Firebird Hoem Page
http://www.firebirdsql.org/
SecurityFocus BID
http://www.securityfocus.com/bid/27467

*******************************************************

(4) HIGH: HP Virtual Rooms Install ActiveX Control Buffer Overflow
Affected:
HP Virtual Rooms Install ActiveX Control

Description: HP Virtual Rooms is a conferencing and telepresence
solution from HP. Users can install the client via an ActiveX control.
This control contains a buffer overflow in its handling of several
properties. Setting one of these properties to an overlong value could
trigger this buffer overflow. A web page that instantiates this control
could exploit this buffer overflow and execute arbitrary code with the
privileges of the current user. Some technical details and a
proof-of-concept for this vulnerability are publicly available.

Status: HP has not confirmed, no updates available. Users can mitigate
the impact of this vulnerability by disabling the vulnerable control via
Microsoft's "kill bit" mechanism using CLSID
"00000014-9593-4264-8B29-930B3E4EDCCD". Note that this may impact normal
application functionality.

References:
Posting by Elazar
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059837.html
Proof-of-Concept
http://milw0rm.com/exploits/4959
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://h10076.www1.hp.com/education/hpvr/
SecurityFocus BID
http://www.securityfocus.com/bid/27384

*******************************************************

(5) HIGH: Comodo Antivirus ActiveX Control Arbitrary Command Execution
Affected:
Comodo Antivirus versions 2.0 and prior

Description: Comodo Antivirus is an antivirus solution for Microsoft
Windows. Part of its functionality is provided by an ActiveX control.
This control fails to validate the arguments to its ""ExecuteStr()"
method. A malicious web page that instantiated this control could call
this vulnerable method to execute arbitrary commands with the privileges
of the current user. A proof-of-concept and full technical details are
publicly available for this vulnerability.

Status: Comodo has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"309F674D-E4D3-46BD-B9E2-ED7DFD7FD176".

References: Proof-of-Concept http://milw0rm.com/exploits/4974Microsoft
Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797Product Home Page
http://antivirus.comodo.com/SecurityFocus BID
http://www.securityfocus.com/bid/27424

*******************************************************

(6) HIGH: Lycos File Upload ActiveX Control Buffer Overflow
Affected:
Lycos File Upload ActiveX Control

Description: The Lycos File Upload ActiveX  is provided by Lycos to ease
file uploads to Lycos services. This control contains a flaw in its
handling of its "HandwriterFilename" property. Setting this property to
an overlong value could trigger a buffer overflow vulnerability. A
specially crafted web page that instantiates this control could trigger
this buffer overflow, allowing an attacker to execute arbitrary code
with the privileges of the current user. Full technical details and a
proof-of-concept are publicly available for this vulnerability.

Status: Lycos has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"C36112BF-2FA3-4694-8603-3B510EA3B465". Note that this may affect normal
application functionality.

References:
Proof-of-Concept
http://milw0rm.com/exploits/4967
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Lycos Home Page
http://www.lycos.com
SecurityFocus BID
http://www.securityfocus.com/bid/27411

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 5, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.5.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Visual Basic Enterprise Edition 6 DSR File Handling
Buffer Overflow Vulnerabilities
Description: Microsoft Visual Basic is a development platform for
building applications for Microsoft Windows operating systems. The
application is exposed to two buffer overflow issues because it fails
to bounds check user-supplied data before copying it into insufficiently
sized buffers. Microsoft Visual Basic version 6 SP6 is affected.
Ref: http://www.securityfocus.com/bid/27349
______________________________________________________________________

08.5.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: SocksCap Hostname Resolution Remote Stack-Based Buffer Overflow
Description: SocksCap is an application wrapper that allows Windows
95/98/NT users to enable their Winsock applications to traverse a
SOCKS server. The application is exposed to a remote stack-based
buffer overflow issue because it fails to properly bounds check
user-supplied input before copying it to an insufficiently sized
memory buffer. SocksCap version 2.40-051231 is affected.
Ref: http://www.securityfocus.com/archive/1/486632
______________________________________________________________________

08.5.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Toshiba Surveillance Surveillix DVR "MeIpCamX.DLL" ActiveX
Control Buffer Overflow Vulnerabilities
Description: Toshiba Surveillance Surveillix is a DVR (Digital Video
Recorder) system. The application uses ActiveX controls for user
interaction. The application is exposed to multiple buffer overflow
issues because it fails to perform adequate boundary checks on
user-supplied data. MeIpCamX.DLL version 1.0.0.4 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.5.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Winamp Ultravox Streaming Metadata Multiple Stack-Based Buffer
Overflow Vulnerabilities
Description: Winamp is a multiformat media player application for the
Microsoft windows operating system. The application is exposed to
multiple stack-based buffer overflow issues because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. Winamp versions 5.51, 5.5 and 5.21 are affected.
Ref: http://secunia.com/secunia_research/2008-2/advisory/
______________________________________________________________________

08.5.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: HP Virtual Rooms "hpvirtualrooms14.dll" ActiveX Control
Multiple Buffer Overflow Vulnerabilities
Description: HP Virtual Rooms is a set of tools for online trainings,
meetings and support. The application is exposed to multiple buffer
overflow issues because it fails to perform adequate boundary checks
on user-supplied data. HP Virtual Rooms with "hpvirtualrooms14.dll"
ActiveX control 1.0.0.100 is affected.
Ref: http://seclists.org/fulldisclosure/2008/Jan/0452.html
______________________________________________________________________

08.5.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: IBM WebSphere Business Modeler Repository Arbitrary File
Deletion
Description: IBM WebSphere Business Modeler is a solution that
supports visualization and documenting of business processes. The
application is exposed to an issue that allows users to delete
arbitrary files from repositories. IBM WebSphere Business Modeler
versions Basic 6.0.2.1 and Advanced 6.0.2.1 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018061
______________________________________________________________________

08.5.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: GlobalLink "GLChat.ocx" ActiveX Control "ChatRoom()" Buffer
Overflow
Description: GlobalLink "GLChat.ocx" ActiveX control is a web-based
instant messaging/chat application. The control is exposed to a buffer
overflow issue because it fails to properly bounds check user-supplied
data before copying it into an insufficiently sized memory buffer.
GlobalLink "GLChat.ocx" ActiveX control version 2.5.1.33 is affected.
Ref:
http://hi.baidu.com/0x7ffa1571/blog/item/8e9b890907ecc7206a60fb7c.html
______________________________________________________________________

08.5.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Lycos File Upload Component "FileUploader.dll" ActiveX Control
Buffer Overflow
Description: Lycos File Upload Component is an ActiveX control that
lets users upload files to the server. The application is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. This issue affects the
"HandwriterFilename" property of the "FileUploader.dll" dynamic-link
library. FileUploader.dll version 2.0.0.2 is affected.
Ref: http://www.milw0rm.com/exploits/4967
______________________________________________________________________

08.5.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: HFS HTTP File Server Multiple Security Vulnerabilities
Description: HFS HTTP File Server is a file sharing application for
Microsoft Windows platforms. The application is exposed to multiple
security issues.
Ref: http://www.securityfocus.com/archive/1/486873
______________________________________________________________________

08.5.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Comodo AntiVirus "ExecuteStr()" ActiveX Control Arbitrary
Command Execution
Description: Comodo AntiVirus is a computer security application for
Microsoft Windows. A Comodo AntiVirus ActiveX control is exposed to an
issue that lets attackers execute arbitrary commands. This issue
occurs when handling data passed to the "ExecuteStr()" method. Comodo
AntiVirus version 2.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.5.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Move Networks Media Player "QMPUpgrade.dll" ActiveX Control
Buffer Overflow
Description: Move Networks Media Player is a media application used to
view streaming television media. The application is exposed to a
buffer overflow issue because it fails to perform adequate boundary
checks on user-supplied data. Move Networks Media Player version
1.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.5.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: ImageShack Toolbar "ImageShackToolbar.dll" ActiveX Control
Insecure Method
Description: ImageShack Toolbar is an ActiveX control integrated into
a web browser. It's used to upload images. The application is exposed
to an issue that allows attackers to create or overwrite arbitrary
data with the privileges of the application using the control
(typically Internet Explorer). FileUploader class of ImageShack
Toolbar version 4.5.7 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.5.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: GE Fanuc CIMPLICITY "w32rtr.exe" Remote Buffer Overflow
Description: GE Fanuc CIMPLICITY is an HMI/SCADA (Human-Machine
Interfacing/Supervisory Control And Data Acquisition) system. The
application is exposed to a remote buffer overflow issue because it
fails to properly bounds check user-supplied input before copying it
into an insufficiently sized buffer. CIMPLICITY versions prior to 7.0
SIM 9 are affected.
Ref: http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458
______________________________________________________________________

08.5.14 CVE: Not Available
Platform: Linux
Title: MoinMoin MOIN_ID Cookie Remote Authentication Bypass
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for UNIX and Linux platforms. The
application is exposed to an authentication bypass issue because it
fails to properly sanitize user-supplied input. MoinMoin versions in
the 1.5 series are affected.
Ref: http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630
______________________________________________________________________

08.5.15 CVE: CVE-2007-5764
Platform: Aix
Title: IBM AIX "pioout" Local Buffer Overflow
Description: AIX is a UNIX operating system from IBM. The "pioout"
command is used to print a file or a burst page on a printer. The
application is exposed to a local buffer overflow issue because it
fails to perform adequate boundary checks on user-supplied input. This
issue affects the "/usr/lib/lpd/pio/etc/pioout" command in the
"printers.rte" fileset.
Ref: http://www.securityfocus.com/archive/1/486999
______________________________________________________________________

08.5.16 CVE: Not Available
Platform: Aix
Title: IBM AIX "uspchrp" Local Buffer Overflow
Description: AIX is a UNIX operating system from IBM. The "uspchrp"
command is used in the AIX diagnostics subsystem. The application is
exposed to a local buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue affects
the "/usr/lpp/diagnostics/bin/uspchrp" command in the
"devices.chrp.base.diag" fileset.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4072
______________________________________________________________________

08.5.17 CVE: Not Available
Platform: Aix
Title: IBM AIX "utape" Local Buffer Overflow
Description: AIX is a UNIX operating system from IBM. The "utape"
command is used in the AIX diagnostics subsystem. The application is
exposed to a local buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue affects
the "/usr/lpp/diagnostics/bin/utape" command in the
"devices.scsi.tape.diag" fileset.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4070
______________________________________________________________________

08.5.18 CVE: Not Available
Platform: Aix
Title: IBM AIX Logical Volume Manager Multiple Commands Local Buffer
Overflow Vulnerabilities
Description: AIX is a UNIX operating system from IBM. The application
is exposed to multiple local buffer overflow issues because it fails
to perform adequate boundary checks on user-supplied input.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4068
______________________________________________________________________

08.5.19 CVE: Not Available
Platform: Aix
Title: IBM AIX "swap" Commands Local Buffer Overflow Vulnerabilities
Description: AIX is a UNIX operating system from IBM. The "swap",
"swapon" and "swapoff" commands are used to activate and deactivate
paging spaces. The application is exposed to multiple local buffer
overflow issues because it fails to perform adequate boundary checks
on user-supplied input.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4064
______________________________________________________________________

08.5.20 CVE: Not Available
Platform: Aix
Title: IBM AIX WebSM Remote Client For Linux Local Insecure File
Permissions
Description: WebSM Remote Client for Linux provides remote
administration functionality for AIX systems. The application is
exposed to a local insecure file permissions vulnerability due to a
configuration error. Specifically, certain files created during
installation have incorrect world-writable permissions.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4066
______________________________________________________________________

08.5.21 CVE: Not Available
Platform: Aix
Title: IBM AIX "ps" Local Information Disclosure
Description: AIX is a UNIX operating system from IBM. The "ps" command
is used to display details for processes. The application is exposed
to a local information disclosure issue that stems from a design
error. Specifically, the "/usr/bin/ps" command in the "bos.rte.control"
fileset does not properly restrict access to process details.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4075
______________________________________________________________________

08.5.22 CVE: Not Available
Platform: Unix
Title: Axigen AXIMilter Filtering Module Remote Format String
Description: Axigen is a mail server designed for UNIX and UNIX-like
operating systems. AXIMilter is the AXIGEN Filtering Module that
provides an interface for third-party software to access and modify
emails. The application is exposed to a remote format string issue
because it fails to properly sanitize user-supplied input before
including it in the format-specifier argument of a formatted printing
function. Specifically, the issue arises when the application tries to
parse malicious message headers. Axigen version 5.0.2 is affected.
Ref: http://www.securityfocus.com/bid/27363
______________________________________________________________________

08.5.23 CVE: CVE-2007-5958
Platform: Cross Platform
Title: X.Org X Server X:1 -sp Command Information Disclosure
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local information disclosure
issue that allows an attacker to obtain information through the "X:1
- -sp <file>" command.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103205-1&searchclause=
______________________________________________________________________

08.5.24 CVE: Not Available
Platform: Cross Platform
Title: BitDefender Products Update Server HTTP Daemon Directory
Traversal
Description: BitDefender Update Server is included in multiple
BitDefender products and allows users to remotely update other
computers on a network. The Update Server is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the HTTP Daemon (http.exe). This daemon runs
with SYSTEM-level privileges.
Ref: http://www.securityfocus.com/archive/1/486701
______________________________________________________________________

08.5.25 CVE: CVE-2008-0128
Platform: Cross Platform
Title: Apache Tomcat SingleSignOn Remote Information Disclosure
Description: Apache Tomcat is a Java-based webserver application for
multiple operating systems. The application is exposed to a remote
information disclosure issue because the application fails to properly
restrict access to sensitive information. Specifically, it does not set
the "secure" attribute for the "JSESSIONIDSSO" cookie when using the
"SingleSignOn" valve over HTTPS. Tomcat version 5.5.20 is affected.
Ref: http://security-tracker.debian.net/tracker/CVE-2008-0128
______________________________________________________________________

08.5.26 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Application Server serveServletsByClassnameEnabled
Unspecified
Description: IBM WebSphere Application Server is exposed to an
unspecified issue that occurs when "serveServletsByClassnameEnabled"
is set. WebSphere Application Server versions 6.0 through 6.0.2.25 and
6.1 through 6.1.0.14 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018067
______________________________________________________________________

08.5.27 CVE: CVE-2007-6429
Platform: Cross Platform
Title: X.Org X Server "MIT-SHM" Local Privilege Escalation
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local privilege escalation
issue in the "MIT-SHM" extension, which is used to create a "pixmap"
in shared memory.
Ref: http://www.securityfocus.com/archive/1/486516
______________________________________________________________________

08.5.28 CVE: CVE-2007-6427
Platform: Cross Platform
Title: X.Org X Server "Xinput" Extension Local Privilege Escalation
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local privilege escalation
issue that affects multiple functions residing in the "Xinput"
extension. The issue occurs when swapping the byte order of client
requests.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=643
______________________________________________________________________

08.5.29 CVE: CVE-2008-0006
Platform: Cross Platform
Title: X.Org X Server PCF Font Parser Buffer Overflow
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a buffer overflow issue
that affects the PCF Font parser because the application fails to perform
adequate boundary checks on user-supplied data.
Ref:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103192-1&searchclause=
______________________________________________________________________

08.5.30 CVE: CVE-2007-6429
Platform: Cross Platform
Title: X.Org X Server "EVI" Extension Local Privilege Escalation
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local privilege escalation
issue in the "EVI" extension, which is used to process "GetVisualInfo"
requests.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=645
______________________________________________________________________

08.5.31 CVE: CVE-2007-5760
Platform: Cross Platform
Title: X.Org X Server "PassMessage" Request Local Privilege Escalation
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local privilege escalation
issue that resides in the code that processes "PassMessage" requests.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0031.html
______________________________________________________________________

08.5.32 CVE: CVE-2007-6428
Platform: Cross Platform
Title: X.Org X Server "TOG-CUP" Extension Local Privilege Escalation
Description: The X.Org X Server is an open-source X Windows System for
UNIX, Linux, and variants. It is freely available and distributed
publicly. The application is exposed to a local privilege escalation
issue that affects the "ProcGetReservedColormapEnteries()" function of
the "TOG-CUP" extension. This issue occurs because the application
uses a 32-bit user-supplied value to reference memory.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0030.html
______________________________________________________________________

08.5.33 CVE: Not Available
Platform: Cross Platform
Title: Numara FootPrints "MRchat.pl" and "MRABLoad2.pl" Multiple
Remote Command Execution Vulnerabilities
Description: Numara FootPrints is a service desk management solution
available for multiple platforms. The application is exposed to
multiple issues that can be leveraged to execute arbitrary commands.
These issues occur because the application fails to adequately
sanitize user-supplied input. FootPrints versions prior to 8.1 are
affected.
Ref:
http://support.unipress.com/MRcgi/MRTicketPage.pl?USER=&MRP=0&PROJECTID=4&MR=
89552&MAXMININC=&MAJOR_MODE=DETAILS
______________________________________________________________________

08.5.34 CVE: Not Available
Platform: Cross Platform
Title: Citadel SMTP RCPT TO Remote Buffer Overflow
Description: Citadel is an open-source server application designed to
provide email and communications services. The application is exposed
to a buffer overflow issue because the software fails to properly
bounds-check user-supplied input before copying it into an
insufficiently sized memory buffer. Citadel versions prior to 7.11 are
affected.
Ref: http://www.securityfocus.com/bid/27376
______________________________________________________________________

08.5.35 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Provisioning Manager for OS Deployment Denial of
Service
Description: IBM Tivoli Provisioning Manager for OS Deployment is used
to deploy and manage operating systems from a single remote console.
The application is exposed to a denial of service issue. IBM Tivoli
Provisioning Manager for OS Deployment versions prior to 5.1.0.3 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24018010
______________________________________________________________________

08.5.36 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Business Service Manager Password Disclosure
Description: IBM Tivoli Business Service Manager is a tool suite that
helps organize and allocate enterprise IT resources. The application
is exposed to a local password disclosure issue that arises because of
a design error. Specifically, certain passwords are stored in cleartext
format on "reconfig" or in "SM_server.log". IBM Tivoli Business
Service Manager version 4.1.1 is affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24017939
______________________________________________________________________

08.5.37 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Interstage HTTP Server Multiple Unspecified Denial of
Service Vulnerabilities
Description: Fujitsu Interstage HTTP Server is exposed to multiple
issues, including an unspecified denial of service issue that occurs
when the application handles certain requests and an unspecified denial
of service issue that exists in the way the application handles SSL
sessions. Solaris products with the T023AS-03 urgent corrections
applied are affected.
Ref:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-
200802e.html
______________________________________________________________________

08.5.38 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Prior to 6.0.2.25 Multiple Remote Vulnerabilities
Description: IBM WebSphere Application Server is a utility for
creating enterprise web applications. The application is exposed to
multiple remote issues. IBM WebSphere Application Server versions
prior to 6.0.2.25 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876
______________________________________________________________________

08.5.39 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox chrome:// URI JavaScript File Request
Information Disclosure
Description: Mozilla Firefox is a browser available for multiple
platforms. The application is exposed to an information disclosure
issue because it fails to restrict access to local JavaScript files.
This issue occurs when handling chrome: URIs that use hex escaped
directory traversal characters to point to arbitrary local JavaScript
files on affected computers. This is achieved by specifying a chrome
URI as the "src" parameter of an HTML "<script>" element. Firefox
version 2.0.0.11 is affected.
Ref:
http://www.hiredhacker.com/2008/01/19/firefox-chrome-url-handling-directory-
traversal/
______________________________________________________________________

08.5.40 CVE: CVE-2007-4850
Platform: Cross Platform
Title: PHP cURL "safe mode" Security Bypass
Description: PHP is a general purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP cURL is an extension that provides support for the "libcurl"
library. The application is exposed to a "safe mode" security bypass
issue. PHP versions 5.2.5 and 5.2.4 are affected.
Ref:
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=
markup
______________________________________________________________________

08.5.41 CVE: Not Available
Platform: Cross Platform
Title: SDL_image Invalid GIF File LWZ Minimum Code Size Remote Buffer
Overflow
Description: SDL (Simple DirectMedia Layer) is a cross-platform
multimedia library that provides various low level functionalities.
SDL_image is an image handling library that is part of the SDL
library. The application is exposed to a remote buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. SDL_image versions prior to 1.2.7 are affected.
Ref: http://www.securityfocus.com/archive/1/486853
______________________________________________________________________

08.5.42 CVE: Not Available
Platform: Cross Platform
Title: aconon Mail Template Parameter Directory Traversal
Description: aconon Mail is a commercial newsletter and email
marketing software. It provides public archive of sent newsletters
through a web interface. The application is exposed to a directory
traversal issue because it fails to sufficiently sanitize
user-supplied input to the "template" parameter of the "archiv.cgi"
script. aconon Mail 2007 Enterprise SQL version 11.7.0 and 2004
Enterprise SQL version 11.5.1 are affected.
Ref: http://www.securityfocus.com/bid/27427
______________________________________________________________________

08.5.43 CVE: Not Available
Platform: Cross Platform
Title: SDL_image IFF ILBM File Remote Buffer Overflow
Description: SDL (Simple DirectMedia Layer) is a cross-platform
multimedia library that provides various low level functionalities.
SDL_image is an image handling library that is part of the SDL
library. The application is exposed to a remote buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. SDL_image version 1.2.6 is affected.
Ref:
http://www.libsdl.org/cgi/viewvc.cgi/trunk/SDL_image/IMG_lbm.c?r1=3341&r2=3521
______________________________________________________________________

08.5.44 CVE: Not Available
Platform: Cross Platform
Title: Apple iPhone Mobile Safari Memory Exhaustion Remote Denial of
Service
Description: Apple iPhone is exposed to a remote denial of service
issue because it fails to handle excessive memory use. This issue
occurs when Mobile Safari is used to view specially crafted webpages.
iPhone version 1.1.2 is affected.
Ref: http://www.securityfocus.com/bid/27442
______________________________________________________________________

08.5.45 CVE: CVE-2008-0008
Platform: Cross Platform
Title: PulseAudio Local Privilege Escalation
Description: PulseAudio is a sound server available for various
platforms. The application is exposed to a local privilege escalation
issue that stems from a design error. This issue occurs because the
application fails to properly ensure that it has dropped its
privileges. PulseAudio versions prior to 0.9.9 are affected.
Ref:
https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html
______________________________________________________________________

08.5.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MegaBBS "upload.asp" Cross-Site Scripting
Description: MegaBBS is a bulletin board system implemented in ASP.
The application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "target"
parameter of the "upload.asp" script. MegaBBS version 1.5.14b is
affected.
Ref: http://www.securityfocus.com/archive/1/486723
______________________________________________________________________

08.5.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MediaWiki Search Bar Cross-Site Scripting
Description: MediaWiki is a wiki application. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to parameters used in conjunction with
the search bar.
Ref: http://www.securityfocus.com/bid/27370
______________________________________________________________________

08.5.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Agares phpAutoVideo Cross-Site Scripting Vulnerability and
Remote File Include
Description: phpAutoVideo is a web-based application for running a
video site. The application is exposed to multiple input validation
issues, including a cross-site scripting issue affecting the "cat"
parameter of the "index.php" script, and a remote file include issue
affecting the "loadpage" parameter of the
"/theme/phpAutoVideo/LightTwoOh/sidebar.php" script. phpAutoVideo
version 2.21 is affected.
Ref: http://www.securityfocus.com/archive/1/486591
______________________________________________________________________

08.5.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mantis "Most Active Bugs" Summary Cross-Site Scripting
Description: Mantis is a web-based bug tracker. It is written in PHP
and supported by a MySQL database. The application is exposed to a
cross-site scripting issue because it fails to properly sanitize
user-supplied input. This issue is affected by the "Most Active Bugs"
category of the "Summary" page. Mantis versions prior to 1.1.1 are
affected.
Ref: http://www.mantisbt.org/changelog.php
______________________________________________________________________

08.5.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PacerCMS "submit.php" Cross-Site Scripting
Description: PacerCMS is a content management system. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to the "submit.php" script.
PacerCMS version 0.6 is affected.
Ref: http://www.securityfocus.com/archive/1/486796
______________________________________________________________________

08.5.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Novemberborn sIFR "txt" Parameter Cross-Site Scripting
Description: sIFR (Scalable Inman Flash Replacement) is a web
application that converts plain browser text to a replacement typeface
regardless of whether the font is installed on a user's computer. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "txt" parameter
used by "<fontname>.swf" files. sIFR versions prior to 2.0.3 and 3r278
are affected.
Ref: http://www.securityfocus.com/archive/1/486787
______________________________________________________________________

08.5.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ELOG Cross-Site Scripting Vulnerability and Denial of Service
Description: ELOG is a web-log application. The application is exposed
to a cross-site scripting issue because it fails to properly handle
user-supplied input to the "subtext" parameter. ELOG versions prior to
2.7.1 are affected.
Ref: http://midas.psi.ch/elog/download/ChangeLog
______________________________________________________________________

08.5.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DeluxeBB "attachments_header.php" Cross-Site Scripting
Description: DeluxeBB is a web-based bulletin board application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the
"lang_listofmatches" parameter of the "admincp/attachments_header.php"
script. DeluxeBB version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/486804
______________________________________________________________________

08.5.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Wordpress Plugin WP-Forum SQL Injection
Description: WebPress is a web-based publishing application
implemented in PHP. WP-Forum plugin for WordPress provides forum
functionality. The plugin is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "user"
parameter of the "wp-forum.php" script before using it in an SQL
query. WP-Forum version 1.7.4 is affected.
Ref: http://www.securityfocus.com/bid/27362
______________________________________________________________________

08.5.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 360 Web Manager "form.php" SQL Injection
Description: 360 Web Manager is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "IDFM" parameter of the "form.php"
script before using it in an SQL query. 360 Web Manager version 3.0 is
affected.
Ref: http://www.securityfocus.com/bid/27364
______________________________________________________________________

08.5.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: boastMachine "mail.php" SQL Injection
Description: boastMachine is a blogging application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "mail.php"
script before using it in an SQL query. boastMachine version 3.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/486737
______________________________________________________________________

08.5.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VP-ASP "paypalresult.asp" SQL Injection
Description: Virtual Programming VP-ASP is a shopping cart for
ecommerce sites. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"paypalresult.asp" script file before using it in an SQL query. VP-ASP
versions 6.50 and earlier are affected.
Ref: http://www.vpasp.com/sales/securitypatches.asp
______________________________________________________________________

08.5.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Coppermine Photo Gallery "thumbnails.php" SQL Injection
Description: Coppermine Photo Gallery is a web-based photo gallery
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"albpw" cookie-parameter of the "thumbnails.php" script before using
it in an SQL query. Coppermine Photo Gallery version 1.4.10 is
affected.
Ref: http://www.securityfocus.com/bid/27372
______________________________________________________________________

08.5.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mooseguy Blog System "blog.php" SQL Injection
Description: Mooseguy Blog System is a web-based blog application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "month" parameter of
the "blog.php" script before using it in an SQL query. Mooseguy Blog
System version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/27377
______________________________________________________________________

08.5.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyBB "private.php" SQL Injection
Description: MyBB, also known as MyBulletinBoard, is a web-based
bulletin board application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "options[disablesmilies]" parameter of the
"private.php" script before using it in an SQL query. MyBB version
1.2.11 is affected.
Ref: http://www.securityfocus.com/archive/1/486763
______________________________________________________________________

08.5.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AlstraSoft Forum Pay Per Post Exchange "index.php" SQL
Injection
Description: Forum Pay Per Post Exchange is a web-based application
enabling users to get paid for submitting forum posts. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data before using it in an SQL query.
Specifically, the "catid" parameter of the "index.php" script when
using "menu=forum_catview" is not properly sanitized.
Ref: http://alstrasoft.com/forum-pay-per-post-exchange.htm
______________________________________________________________________

08.5.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PacerCMS "id" Parameter Multiple SQL Injection Vulnerabilities
Description: PacerCMS is a content management system. The application
is exposed to multiple SQL injection issues because it fails to
properly sanitize user-supplied input. PacerCMS versions prior to
0.6.1 are affected.
Ref: http://www.securityfocus.com/archive/1/486796
______________________________________________________________________

08.5.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: EasySiteNetwork Recipe Website Script "list.php" SQL Injection
Description: EasySiteNetwork Recipe Website Script is a web-based
application for the display and distribution of recipes. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "categoryid" parameter
of the "list.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27405
______________________________________________________________________

08.5.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Search Module "sid" Parameter SQL Injection
Description: PHP-Nuke is a web-based content management system (CMS).
The application is exposed to an SQL injection issue because it fails
to properly sanitize user-supplied input to the "sid" parameter of the
Search module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27408
______________________________________________________________________

08.5.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Foojan WMS "index.php" SQL Injection
Description: Foojan WMS is a PHP-based web management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "story" parameter of
the "index.php" script before using it in an SQL query. Foojan WMS
version 1.0 is affected.
Ref: http://www.milw0rm.com/exploits/4968
______________________________________________________________________

08.5.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: LulieBlog "voircom.php" SQL Injection
Description: LulieBlog is a PHP-based web-log application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"voircom.php" script before using it in an SQL query. LulieBlog
version 1.0.2 is affected.
Ref: http://www.securityfocus.com/bid/27416
______________________________________________________________________

08.5.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Tiger Php News System "catid" Parameter SQL Injection
Description: Tiger Php News System is a web-based news application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "catid" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/486961
______________________________________________________________________

08.5.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Flinx "category.php" SQL Injection
Description: Flinx is a PHP linkware script. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"category.php" script before using it in an SQL query. Flinx versions
1.3 and earlier are affected.
Ref: http://www.milw0rm.com/exploits/4985
______________________________________________________________________

08.5.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Hotel and Resorts "user_login.asp" Multiple SQL Injection
Vulnerabilies
Description: Pre Hotel and Resorts is an ASP-based content management
system. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data to the
"Login" or "Password" form field parameters of the "user_login.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/487053
______________________________________________________________________

08.5.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Dynamic Institution "login.asp" Multiple SQL Injection
Vulnerabilies
Description: Pre Dynamic Institution is an ASP-based content
management system. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "Login" or "Password" form field parameters
of the "login.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/487054
______________________________________________________________________

08.5.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: E-SMART CART "Members Login" Multiple SQL Injection
Vulnerabilies
Description: E-SMART CART is an ASP-based ecommerce application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "Email" or
"Password" form field parameters of the "Member Login" section before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/487055
______________________________________________________________________

08.5.72 CVE: Not Available
Platform: Web Application
Title: Bloofox CMS Multiple Input Validation Vulnerabilities
Description: Bloofox is a CMS system. The application is exposed to a
directory traversal issue, a SQL injection issue, and an
authentication bypass issue. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "username" parameter of the
"class_permissions.php" script before using it in an SQL query.
Bloofox version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/27361
______________________________________________________________________

08.5.73 CVE: Not Available
Platform: Web Application
Title: GalaxyScripts Mini File Host "upload.php" POST Parameter Local
File Include
Description: Galaxyscripts Mini File Host is a file-hosting script.
The application is exposed to a local file include issue because it
fails to sufficiently sanitize user-supplied input to the "language"
parameter of the "upload.php" script when handling POST requests. Mini
File Host versions 1.2.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27366
______________________________________________________________________

08.5.74 CVE: Not Available
Platform: Web Application
Title: GradMan "info.php" Local File Include
Description: GradMan a web-based application for maintaining contact
with school alumni. The application is exposed to a local file include
issue because it fails to properly sanitize user-supplied input to the
"tabla" parameter of the "info.php" script. GradMan version 0.1.3 is
affected.
Ref: http://www.securityfocus.com/bid/27343
______________________________________________________________________

08.5.75 CVE: Not Available
Platform: Web Application
Title: Small Axe Weblog "linkbar.php" Remote File Include
Description: Small Axe Weblog is a PHP-based blog application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "cfile" parameter of
the "inc/linkbar.php" script. Small Axe Weblog version 0.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/27345
______________________________________________________________________

08.5.76 CVE: Not Available
Platform: Web Application
Title: Mahara HTML Arbitrary File Upload
Description: Mahara is an e-portfolio application implemented in Perl.
The application is exposed to an arbitrary file upload issue because
it fails to sufficiently sanitize user-supplied input. The issue
exists in the "Files" form field parameter of the "My Portfolio/Files"
page. Mahara versions 0.9.0 and prior are affected.
Ref: https://eduforge.org/frs/shownotes.php?release_id=342
______________________________________________________________________

08.5.77 CVE: Not Available
Platform: Web Application
Title: OZJournals "printpreview" Local File Disclosure
Description: OZJournals is web-log application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "id" parameter while in the
"printpreview" mode. OZJournals version 2.1.1 is affected.
Ref: http://www.securityfocus.com/bid/27375
______________________________________________________________________

08.5.78 CVE: Not Available
Platform: Web Application
Title: IDMOS CMS "download.php" Local File Include
Description: IDMOS CMS is a PHP-based content management application.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "fileName"
parameter of the "administrator/download.php" script. IDMOS version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/27379
______________________________________________________________________

08.5.79 CVE: Not Available
Platform: Web Application
Title: Lama Software "MY_CONF[classRoot]" Multiple Remote File Include
Vulnerabilities
Description: Lama Software is a web-based content management system.
The application is exposed to multiple remote file include issues
because it fails to sufficiently sanitize user-supplied input to the
"MY_CONF[classRoot]" parameter of the following scripts:
"admin/functions/inc.steps.access_error.php",
"admin/functions/inc.steps.check_login.php", and
"admin/functions/inc.steps.init_system.php".
Ref: http://www.securityfocus.com/bid/27380
______________________________________________________________________

08.5.80 CVE: Not Available
Platform: Web Application
Title: Small Axe Weblog "ffile" Parameter Remote File Include
Description: Small Axe Weblog is a PHP-based blog application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "ffile" parameter of
the "inc/linkbar.php" script. Small Axe Weblog version 0.3.1 is
affected.
Ref: http://www.securityfocus.com/bid/27383
______________________________________________________________________

08.5.81 CVE: Not Available
Platform: Web Application
Title: Frimousse "explorerdir.php" File Disclosure
Description: Frimousse is a PHP-based web interface for the VLC media
player. The application is exposed to an issue that lets attackers
obtain potentially sensitive information because it fails to prevent
access to arbitrary files. Frimousse version 0.0.2 is affected.
Ref: http://www.securityfocus.com/bid/27385
______________________________________________________________________

08.5.82 CVE: Not Available
Platform: Web Application
Title: aflog Multiple SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: aflog is a web-based blogging script. The application is
exposed to multiple input validation issues because it fails to
sufficiently sanitize user-supplied data. aflog version 1.01 is
affected.
Ref: http://www.securityfocus.com/bid/27398
______________________________________________________________________

08.5.83 CVE: Not Available
Platform: Web Application
Title: Belong Software Site Builder Administration Pages
Authentication Bypass
Description: Belong Software Site Builder is a content manager. The
application is exposed to  an issue that results in unauthorized
administrative access. The application fails to perform authentication
when certain pages are accessed. Site Builder version 0.1 beta is
affected.
Ref: http://www.securityfocus.com/archive/1/486803
______________________________________________________________________

08.5.84 CVE: Not Available
Platform: Web Application
Title: SetCMS "set" Parameter Local File Include
Description: SetCMS is a content manager. The application is exposed
to a local file include issue because it fails to properly initialize
the "set" parameter.  Local files can then be included which permit
command execution. SetCMS version 3.6.5 is affected.
Ref: http://www.securityfocus.com/bid/27407
______________________________________________________________________

08.5.85 CVE: Not Available
Platform: Web Application
Title: Apache "mod_negotiation" HTML Injection and HTTP Response
Splitting
Description: Apache "mod_negotation" allows the server to select the
content that best matches the clients capabilities. The module is
exposed to an HTML injection and HTTP response splitting issue because
it fails to properly sanitize user-supplied input when handling the
name of a file on the server.
Ref: http://www.mindedsecurity.com/MSA01150108.html
______________________________________________________________________

08.5.86 CVE: Not Available
Platform: Web Application
Title: YaBB SE Cookie Security Bypass
Description: YaBB SE is a web-based bulletin board. The application is
exposed to a security bypass issue because it fails to properly
validate user credentials. Specifically, by passing a specified user
ID in the cookie an attacker can bypass authentication and log in to
the application without providing valid user credentials. YaBB SE
versions 1.5.5 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27414
______________________________________________________________________

08.5.87 CVE: Not Available
Platform: Web Application
Title: Multiple Web Wiz Products Remote Information Disclosure
Description: Web Wiz Forums is a web-based bulletin board application.
Web Wiz NewsPad is a news-bulletin and newsletter application. Web Wiz
Rich Text Editor (RTE) is a WYSIWYG HTML text editor. All three
applications are implemented in ASP. The application is exposed to a
remote information disclosure issue because they fail to properly
sanitize user-supplied input. Forums version 9.07, NewsPad version
1.02, and Rich Text Editor version 4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/486866
______________________________________________________________________

08.5.88 CVE: Not Available
Platform: Web Application
Title: Web Wiz Rich Text Editor Arbitrary HTML File Creation
Description: Web Wiz Rich Text Editor (RTE) is a WYSIWYG HTML text
editor implemented in ASP. The application is exposed to an issue that
permits the creation of an arbitrary HTML file. Specifically, the
"RTE_popup_save_file.asp" script allows an attacker to save arbitrary
data to an "HTM" or "HTML" file on the vulnerable server. Rich Text
Editor version 4.0 is affected.
Ref: http://www.securityfocus.com/archive/1/486868
______________________________________________________________________

08.5.89 CVE: Not Available
Platform: Web Application
Title: Siteman "articles.php" File Disclosure
Description: Siteman is a PHP-based content management system. The
application is exposed to an issue that lets attackers obtain
potentially sensitive information because it fails to prevent access
to arbitrary files. Siteman version 1.1.9 is affected.
Ref: http://www.securityfocus.com/bid/27422
______________________________________________________________________

08.5.90 CVE: CVE-2008-0029
Platform: Web Application
Title: Cisco Application Velocity System (AVS) Remote Default Account
Vulnerabilities
Description: Cisco Application Velocity System (AVS) is an
appliance-based package designed to increase the performance and
security of HTML and XML-based applications. The application is
exposed to multiple default account issues. These issues stem from a
design flaw that makes several accounts available to remote attackers.
Cisco AVS versions prior to 5.1.0 are affected.
Ref: http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml
______________________________________________________________________

08.5.91 CVE: Not Available
Platform: Web Application
Title: Liquid-Silver CMS "update/index.php" Local File Include
Description: Liquid-Silver CMS is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "update" parameter of
the "update/index.php" script.
Ref: http://www.securityfocus.com/bid/27425
______________________________________________________________________

08.5.92 CVE: Not Available
Platform: Web Application
Title: SLAED CMS "index.php" Local File Include
Description: SLAED CMS is a PHP-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "newlang" parameter of
the "index.php" script. SLAED CMS version 2.5 Lite is affected.
Ref: http://www.securityfocus.com/bid/27426
______________________________________________________________________

08.5.93 CVE: Not Available
Platform: Web Application
Title: Seagull PHP Framework "optimizer.php" Information Disclosure
Description: Seagull is a PHP-based application framework. The
application is exposed to an issue that allows attackers to access
source code because it fails to properly sanitize user-supplied input.
Specifically, this issue affects the "files" parameter of the
"www/optimizer.php" script. Seagull PHP Framework version 0.6.3 is
affected.
Ref: http://www.securityfocus.com/bid/27437
______________________________________________________________________

08.5.94 CVE: Not Available
Platform: Web Application
Title: Drupal Workflow Module Multiple HTML Injection Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The Workflow module for Drupal is
exposed to multiple HTML injection issues because it fails to
sufficiently sanitize user-supplied input to unspecified workflow
message parameters. Workflow versions prior to 4.7.x-1.2 and 5.x-1.2
are affected.
Ref: http://drupal.org/node/213473
______________________________________________________________________

08.5.95 CVE: Not Available
Platform: Web Application
Title: ManageEngine Applications Manager Multiple Cross-Site Scripting
and Security Vulnerabilities
Description: ManageEngine Applications Manager is an enterprise tool
for monitoring and managing application servers. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input. Applications Manager
version 8.1 is affected.
Ref: http://www.securityfocus.com/bid/27443
______________________________________________________________________

08.5.96 CVE: Not Available
Platform: Web Application
Title: GE Fanuc Proficy Portal Remote Script Code Execution
Description: Proficy Real Time Information Portal is a web-based
application for managing production environment data. The application
is exposed to a remote script code execution issue because it fails to
properly sanitize user-supplied data.
Ref: http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
______________________________________________________________________

08.5.97 CVE: Not Available
Platform: Network Device
Title: Belkin Wireless G Plus MIMO Router Remote Authentication Bypass
Description: Belkin Wireless G Plus MIMO Router is exposed to an
authentication bypass issue because the device fails to properly check
authorization before it allows a user to perform certain administration
actions. Specifically the application does not restrict access to the
"SaveCfgFile.cgi" script that is used to modify the router's configuration
files. Firmware version 3.01.53 is affected.
Ref: http://www.securityfocus.com/bid/27359
______________________________________________________________________

08.5.98 CVE: Not Available
Platform: Network Device
Title: Alice Gate2 Plus Wi-Fi Router Cross-Site Request Forgery
Description: Alice Gate2 Plus Wi-Fi routers are network devices
designed for home and small-office setups. They support wireless
networking and DSL modem functionality. The application is exposed to
a cross-site request forgery issue.
Ref: http://www.securityfocus.com/archive/1/486733
______________________________________________________________________

08.5.99 CVE: CVE-2008-0028
Platform: Network Device
Title: Cisco PIX and ASA Appliance "TTL Decrement" Denial of Service
Description: Multiple Cisco security appliances are exposed to a
denial of service issue when the Time-To-Live (TTL) decrement feature
is enabled for handling IP packets. The following devices are
affected: Cisco PIX 500 Series Security Appliance and Cisco 5500
Series Adaptive Security Appliance(ASA). Devices running software
versions 7.2(2) up to 7.2(3)006 or 8.0(3) that have the TTL
decrement feature enabled are affected.
Ref: http://www.securityfocus.com/archive/1/486870
______________________________________________________________________
[ terug ]