Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Feb. 4, 2008                                               Vol. 7. Week 6
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                   14 (#1, #2, #3, #4, #6)
Linux                                       4
Aix                                         1
Unix                                        1
Cross Platform                              8 (#5, #7)
Web Application - Cross Site Scripting     18
Web Application - SQL Injection            23
Web Application                            29
Network Device                              2

************************* SPONSORED BY SANS *****************************

SANS is presenting a special workshop on Sunday, March 2, 2008, prior
to the Gartner Wireless & Mobile Summit which is being held March 3-5
at the Hyatt Regency Chicago in Chicago, Illinois.

SANS instructor Matt Luallen will present: Mobile Information Security
= People + Operations + Technology. Matt Luallen is one of the many
experts you'll be hearing from at this event, which includes 40
analyst-led sessions presenting the latest research and case studies,
as well as actionable recommendations for next steps you can implement
immediately.
Find out more about this event at http://www.sans.org/info/23443
*************************************************************************
SECURITY TRAINING UPDATE: Where can you find the newest Penetration
Testing techniques, Application Pen Testing, Hacker Exploits, Secure Web
Application Development, Security Essentials, Forensics, Wireless,
Auditing, CISSP, and SANS' other top-rated courses?
- - Las Vegas (3/17 - 3/18) Penetration Testing Summit:
  (an ultra cool program) http://www.sans.org/pentesting08_summit
- - Phoenix (2/11 - 2/18) http://www.sans.org/phoenix08/event.php
- - Prague (2/18-2/23): http://www.sans.org/prague08
- - SANS 2008 (4/18-4/25) In Orlando SANS' biggest program with myriad
bonus sessions: http://www.sans.org/sans2008
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint
(www.tippingpoint.com)Widely Deployed Software

(1) CRITICAL: Titan FTP Server Multiple Buffer Overflow Vulnerabilities
(2) HIGH: Multiple Yahoo! Jukebox ActiveX Controls Multiple Vulnerabilities
(3) HIGH: Multiple Uploader ActiveX Controls Buffer Overflows
(4) HIGH: eLynx SwiftView Buffer Overflow
(5) MODERATE: UltraVNC Client Protocol Negotiation Buffer Overflow
(6) MODERATE: IrfanView FlashPix Memory Corruption
Other Software
(7) HIGH: Gnumeric Excel File Handling Memory Corruption

**************************  SPONSORED LINK  *************************
1) Learn about testing network security and encryption technology.
Complimentary Tested with Spirent Security Testing Seminar.
http://www.sans.org/info/23448
*********************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Third Party Windows Apps
08.6.1 - Hero Super Player 3000 M3U Buffer Overflow
08.6.2 - MailBee Objects "MailBee.dll" ActiveX Control Multiple Insecure Method
Vulnerabilities
08.6.3 - Namo Web Editor "NamoInstaller.dll" ActiveX Control Arbitrary Command
Execution
08.6.4 - Persits Software XUpload "AddFile()" Method ActiveX Control Remote
Buffer Overflow
08.6.5 - Chilkat Email "ChilkatCert.dll" ActiveX Control Insecure Method
08.6.6 - SafeNET High Assurance Remote and SoftRemote IPSecDrv.SYS Local
Privilege Escalation
08.6.7 - LSrunasE and Supercrypt RC4 Weak Encryption
08.6.8 - GFL SDK Library Buffer Overflow
08.6.9 - SwiftView ActiveX Control and Browser Plugin Stack-Based Buffer
Overflow
08.6.10  - MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer
Overflow
08.6.11  - Facebook Photo Uploader 4 "ImageUploader4.1.ocx" ActiveX Control
Buffer Overflow
08.6.12  - Aurigma Image Uploader "ImageUploader4.ocx" ActiveX Control Buffer
Overflow
08.6.13  - Chilkat FTP "ChilkatCert.dll" ActiveX Control Insecure Method
08.6.14  - UltraVNC VNCViewer "ClientConnection.cpp" Remote Buffer Overflow
 -- Linux
08.6.15  - International Components for Unicode Library (libicu) Multiple Memory
Corruption Vulnerabilities
08.6.16  - Linux Kernel "isdn_common.c" Local Buffer Overflow
08.6.17  - Linux Kernel PowerPC "chrp/setup.c" NULL Pointer Dereference Denial
of Service
08.6.18  - Linux Kernel Page Faults Using NUMA Local Denial of Service
 -- Aix
08.6.19  - IBM AIX "piox25.c/piox25remote.sh" Local Buffer Overflow
 -- Unix
08.6.20  - PatchLink Update Multiple Insecure Temporary File Creation
Vulnerabilities
 -- Cross Platform
08.6.21  - IrfanView FPX File Remote Memory Corruption
08.6.22  - IBM Hardware Management Console Pegasus CIM Server Denial of Service
08.6.23  - IBM Informix Storage Manager Multiple Buffer Overflow Vulnerabilities
08.6.24  - Firebird Username Remote Buffer Overflow
08.6.25  - Firebird Relational Database "protocol.cpp" XDR Protocol Remote
Memory Corruption
08.6.26  - Xdg-Utils "xdg-open" and "xdg-email" Multiple Remote Command
Execution Vulnerabilities
08.6.27  - Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code Execution
08.6.28  - Sun Java RunTime Environment XML Parsing Unspecified
 -- Web Application - Cross Site Scripting
08.6.29  - Tripwire Enterprise Login Page Cross-Site Scripting
08.6.30  - SunGard Banner Student "add1" Parameter Cross-Site Scripting
08.6.31  - Yamaha RT Series Routers Cross-Site Request Forgery
08.6.32  - Endian Firewall "userlist.php" Cross-Site Scripting
08.6.33  - Mambo MOStlyCE Module "connector.php" Cross-Site Scripting
08.6.34  - eTicket "index.php" Cross-Site Scripting
08.6.35  - Drake CMS "index.php" Cross-Site Scripting
08.6.36  - trixbox "index.php" Multple Cross-Site Scripting Vulnerabilities
08.6.37  - F5 BIG-IP Application Security Manager "report_type" Cross-Site
Scripting
08.6.38  - Nucleus CMS "action.php" Cross-Site Scripting
08.6.39  - AmpJuke "index.php" Cross-Site Scripting
08.6.40  - Hal Networks Multiple Products Cross-Site Scripting Vulnerabilities
08.6.41  - webSPELL "index.php" Cross-Site Scripting
08.6.42  - Mercantec SoftCart Multiple Parameters Multiple Cross-Site Scripting
Vulnerabilities
08.6.43  - OpenBSD bgplg "cmd" Parameter Cross-Site Scripting
08.6.44  - Livelink ECM UTF-7 Cross-Site Scripting
08.6.45  - Liferay Enterprise Portal User-Agent HTTP Header Cross-Site Scripting
08.6.46  - Uniwin eCart Professional "rp" Cross-Site Scripting Vulnerabilities
 -- Web Application - SQL Injection
08.6.47  - Bigware Shop "main_bigware_53.tpl.php" SQL Injection
08.6.48  - Mambo LaiThai Multiple SQL Injection And Unspecified Vulnerabilities
08.6.49  - WordPress Plugin fGallery SQL Injection
08.6.50  - WordPress Plugin WP-Cal SQL Injection
08.6.51  - phpIP Management Multiple SQL Injection Vulnerabilities
08.6.52  - Joomla com_fq Component "index.php" SQL Injection
08.6.53  - Mambo Newsletter Component "Itemid" Parameter SQL Injection
08.6.54  - Joomla! com_mamml Component "index.php" SQL Injection
08.6.55  - WordPress Plugin wp-AdServe SQL Injection
08.6.56  - Mambo/Joomla Glossary "com_glossary" Component SQL Injection
08.6.57  - Coppermine Photo Gallery Multiple SQL Injection Vulnerabilities
08.6.58  - Mambo/Joomla "com_musepoes" Component "aid" Parameter SQL Injection
08.6.59  - Mambo/Joomla "com_buslicense" Component "aid" Parameter SQL Injection
08.6.60  - Joomla! com_recipes Component "id" Parameter SQL Injection
08.6.61  - Joomla! EstateAgent Component "index.php" SQL Injection
08.6.62  - Joomla! com_jokes Component "cat" Parameter SQL Injection
08.6.63  - ibProArcade "overwrite_order" Parameter SQL Injection
08.6.64  - WordPress WassUp Plugin "spy.php" SQL Injection
08.6.65  - ELOG "logbook" HTML Injection
08.6.66  - DeltaScripts PHP Links "vote.php" SQL Injection
08.6.67  - Joomla! and Mambo com_restaurant Component "id" Parameter SQL
Injection
08.6.68  - Joomla! and Mambo AkoGallery Component "id" Parameter SQL Injection
08.6.69  - Joomla! and Mambo Catalog Component "id" Parameter SQL Injection
 -- Web Application
08.6.70  - Smart Publisher "/admin/op/disp.php" Remote Code Execution
08.6.71  - Bubbling Library "dispatcher.php" Multiple Local File Include
Vulnerabilities
08.6.72  - VB Marketing "tseekdir.cgi" Local File Include
08.6.73  - phpMyClub "page_courante" Parameter Local File Include
08.6.74  - ClanSphere "install.php" Local File Include
08.6.75  - Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload
08.6.76  - ASPired2Protect Login Page Authentication Bypass
08.6.77  - CandyPress Multiple Input Validation Vulnerabilities
08.6.78  - WebCalendar Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
08.6.79  - Gerd Tentler Simple Forum Multiple Input Validation Vulnerabilities
08.6.80  - Bubbling Library Multiple Local File Include Vulnerabilities
08.6.81  - phpCMS "parser/parser.php" Local File Include
08.6.82  - Connectix Boards "part_userprofile.php" Remote File Include
08.6.83  - Coppermine Photo Gallery "showdoc.php" Multiple Cross-Site Scripting
Vulnerabilities
08.6.84  - Coppermine Photo Gallery Multiple Remote Command Execution
Vulnerabilities
08.6.85  - SQLiteManager "confirm.php" Remote File Include
08.6.86  - DeltaScripts PHP Links "smarty.php" Remote File Include
08.6.87  - ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple Remote File
Include Vulnerabilities
08.6.88  - VirtueMart Information Disclosure
08.6.89  - Mindmeld "MM_GLOBALS["home"]" Multiple Remote File Include
Vulnerabilities
08.6.90  - sflog! "index.php" Multiple Local File Include Vulnerabilities
08.6.91  - Drupal OpenID Module "claimed_id" Provider Spoofing
08.6.92  - Drupal Secure Site Module Authentication Bypass
08.6.93  - Drupal Comment Upload Module Upload Validation Function Arbitrary
File Upload
08.6.94  - Drupal Project Issue Tracking Module Multiple Input Validation
Vulnerabilities
08.6.95  - Liferay Enterprise Portal User Profile Greeting HTML Injection
08.6.96  - Liferay Enterprise Portal "User-Agent" HTTP Header Script Injection
08.6.97  - Liferay Enterprise Portal Admin Portlet Shutdown Message HTML
Injection
08.6.98  - Nilsons Blogger "comments.php" Local File Include
 -- Network Device
08.6.99  - Cisco PIX/ASA Enable Login Prompt Privilege Escalation
08.6.100 - 2Wire Routers "H04_POST" Access Validation
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Titan FTP Server Multiple Buffer Overflow Vulnerabilities
Affected:
Titan FTP Server versions 3.30 and prior

Description: Titan FTP Server is a popular enterprise File Transfer
Protocol (FTP) server for Microsoft Windows. It contains multiple buffer
overflow vulnerabilities in its handling of user-supplied authentication
credentials. An overlong username or password passed to the server could
trigger these buffer overflows. Successfully exploiting one of these
buffer overflows would allow an attacker to execute arbitrary code with
the privileges of the vulnerable process (usually SYSTEM). Full
technical details and a proof-of-concept are publicly available for this
vulnerability. No authentication is required to exploit this
vulnerability.

Status: Titan has not confirmed, no updates available.

References:
Post by securfrog (includes proof-of-concept)
http://www.securityfocus.com/archive/1/487431
Product Home Page
http://www.titanftp.com/products/titanftp/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/27568

*****************************************************************

(2) HIGH: Multiple Yahoo! Jukebox ActiveX Controls Multiple Vulnerabilities
Affected:
Yahoo! Jukebox mediagrid.dll ActiveX Control
Yahoo! Jukebox datagrid.dll ActiveX Control

Description: Yahoo! Jukebox is Yahoo's popular music management service.
Part of its functionality is provided by two ActiveX controls,
"mediagrid.dll" and "datagrid.dll". These controls contain multiple
buffer overflow vulnerabilities in their handling of a variety of
parameters. A malicious web page that instantiated one of these controls
could trigger one of these vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the current user. Multiple
proofs-of-concept and technical details are publicly available for these
vulnerabilities.

Status: Yahoo! has not confirmed, no updates available. Users can
mitigate the impact of these vulnerabilities by disabling the affected
controls via Microsoft's "kill bit" mechanism for CLSIDs
"22FD7C0A-850C-4A53-9821-0B0915C96139" and
"5F810AFC-BB5F-4416-BE63-E01DD117BD6C". Note that this may affect normal
application functionality.

References:
Proofs-of-Concept
http://milw0rm.com/exploits/5052
http://milw0rm.com/exploits/5051
http://milw0rm.com/exploits/5048
http://milw0rm.com/exploits/5046
http://milw0rm.com/exploits/5043
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Yahoo! Jukebox Home Page
http://music.yahoo.com/jukebox/
SecurityFocus BIDs
http://www.securityfocus.com/bid/27578
http://www.securityfocus.com/bid/27579

*****************************************************************

(3) HIGH: Multiple Uploader ActiveX Controls Buffer Overflows
Affected:
MySpace Uploader ActiveX Control
Facebook Photo Uploader 4 ActiveX Control
Aurigma ImageUploader ActiveX Control

Description: Multiple image uploading ActiveX controls contain buffer
overflows in their handling of control properties. These controls are
used by several web sites to facilitate image uploading. Most
importantly, these controls are used by two extremely popular social
networking sites, MySpace and Facebook. A specially crafted web page
that instantiates one of these controls could exploit this buffer
overflow to execute arbitrary code with the privileges of the current
user. A proof-of-concept and full technical details are publicly
available for this vulnerability.

Status: MySpace has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
controls via Microsoft's "kill bit" mechanism using CLSIDs
"48DD0448-9209-4F81-9F6D-D83562940134" and
"6E5E167B-1566-4316-B27F-0DDAB3484CF7". Note that this may affect normal
application functionality.

References:
Proof-of-Concept
http://milw0rm.com/exploits/5025
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BIDs
http://www.securityfocus.com/bid/27533
http://www.securityfocus.com/bid/27534
http://www.securityfocus.com/bid/27539

*****************************************************************

(4) HIGH: eLynx SwiftView Buffer Overflow
Affected:
eLynx SwiftView versions prior to 8.3.5

Description: eLynx SwiftView is a popular enterprise document printing
and viewing system. Part of its functionality is provided via a web
browser plugin and an ActiveX control. Both the plugin and control
contain a buffer overflow vulnerability. A malicious web page that uses
the plugin or instantiates the control could trigger this buffer
overflow and allow an attacker to execute arbitrary code with the
privileges of the current user. Some technical details are publicly
available for this vulnerability.

Status: eLynx confirmed, updates available. Users can mitigate the
impact of the ActiveX version of this vulnerability by disabling the
affected control via Microsoft's "kill bit" mechanism using CLSID
"7DD62E58-5FA8-11D2-AFB7-00104B64F126". Note that this may affect normal
application functionality.

References:
eLynx Security Bulletin
http://www.swiftview.com/tech/security/bulletins/SBSV-07-10-02.htm
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/639169
Product Home Page
http://www.swiftview.com/
SecurityFocus BID
http://www.securityfocus.com/bid/27527

*****************************************************************

(5) MODERATE: UltraVNC Client Protocol Negotiation Buffer Overflow
Affected:
UltraVNC versions prior to UltraVNC  1.0.4 with Security Update

Description: UltaVNC  is a client and server package for the Virtual
Network Computing (VNC) desktop sharing protocol. Its client component
contains a buffer overflow in its handling of protocol negotiation
requests. A malicious VNC server could exploit this vulnerability by
sending a malformed version string to the client upon connection. A
client could also be exploited if the client is run in "listening" mode,
in which it acts like a VNC server. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. The UltraVNC server component is not
affected. Technical details for this vulnerability are available via
source code analysis.

Status: UltraVNC confirmed, updates available.

References:
UltraVNC Forum Posting
http://forum.ultravnc.info/viewtopic.php?t=11850
Wikipedia Article on Virtual Network Computing
http://en.wikipedia.org/wiki/Virtual_Network_Computing
Product Home Page
http://uvnc.com/download/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/27561

*****************************************************************

(6) MODERATE: IrfanView FlashPix Memory Corruption
Affected:
IrfvanView FlashPix Plugin versions 3.9.8.0 and prior

Description: IrfvanView is a popular image viewing application for
Microsoft Windows. Its FlashPix plugin allows it to display FlashPix
image files. This plugin contains a memory corruption vulnerability. A
specially crafted FlashPix file could exploit this vulnerability,
allowing an attacker to execute arbitrary code with the privileges of
the current user. Note that, depending upon configuration, FlashPix
files may be opened automatically by IrfanView, without first prompting
the user. A proof-of-concept and technical details are publicly
available for this vulnerability.

Status: IrfvanView has not confirmed, no updates available.

References:
Proof-of-Concept
http://milw0rm.com/exploits/4998
Wikipedia Article on FlashPix
http://en.wikipedia.org/wiki/FlashPix
Product Home Page
http://www.irfanview.com
SecurityFocus BID
http://www.securityfocus.com/bid/27479

*****************************************************************

****************
Other Software
****************

(7) HIGH: Gnumeric Excel File Handling Memory Corruption
Affected:
Gnumeric versions prior to 1.8.1

Description: Gnumeric is a popular cross-platform spreadsheet
application, developed as part of the GNOME project. It is distributed
by default with several Linux and UNIX-like operating system
distributions. Versions are also available for Microsoft Windows.
Gnumeric contains a memory corruption vulnerability in its handling of
Microsoft Excel formatted files. A specially crafted file could trigger
this vulnerability, allowing an attacker to execute arbitrary code with
the privileges of the current user.  Full technical details are
available for this vulnerability via source code analysis.

Status: Gnumeric confirmed, updates available.

References:
Gnumeric Bug Report
http://bugzilla.gnome.org/show_bug.cgi?id=505330
Gnumeric Release Notes
http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml
Project Home Page
http://www.gnome.org/projects/gnumeric/
GNOME Home Page
http://www.gnome.org
SecurityFocus BID
http://www.securityfocus.com/bid/27536

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 6, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.6.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hero Super Player 3000 M3U Buffer Overflow
Description: Hero Super Player 3000 is a media player application for
the Windows operating system. The application is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application handles a
specially crafted .M3U file and the user clicks the "DelUnselect"
button.
Ref: http://www.securityfocus.com/bid/27478
______________________________________________________________________

08.6.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailBee Objects "MailBee.dll" ActiveX Control Multiple Insecure
Method Vulnerabilities
Description: MailBee Objects is a set of components for sending,
receiving, and managing email. The application is exposed to mulitple
issues that allows attackers to create or overwrite arbitrary data
with the privileges of the application using the control (typically
Internet Explorer). MailBee Objects version 5.5 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Namo Web Editor "NamoInstaller.dll" ActiveX Control Arbitrary
Command Execution
Description: Namo Web Editor ActiveSquare is an ActiveX control. The
control is exposed to an issue that lets attackers execute arbitrary
commands. "NamoInstaller.dll" version 3.0.0.1 of the Namo Web Editor
ActiveSquare 6 control is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Persits Software XUpload "AddFile()" Method ActiveX Control
Remote Buffer Overflow
Description: The XUpload ActiveX control allows users to upload files
to a server. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input. "xupload.ocx" 3.0.0.4 of XUpload version 3.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat Email "ChilkatCert.dll" ActiveX Control Insecure Method
Description: Chilkat Email is an ActiveX control for sending and
receiving email. The control is exposed to an issue that allows
attackers to create or overwrite arbitrary data with the privileges of
the application using it (typically Internet Explorer). This issue
affects the "SaveLastError" attribute of the "ChilkatCert.dll" ActiveX
control. "ChilkatCert.dll" library of the Chilkat Email ActiveX
control version 7.8 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: SafeNET High Assurance Remote and SoftRemote IPSecDrv.SYS Local
Privilege Escalation
Description: SafeNET High Assurance Remote and SoftRemote are security
carrier-grade VPN applications that include FIPS technology, device
authentication, and the Advanced Encryption Standard (AES) algorithm.
The application is exposed to a local privilege escalation issue
because a user-definable offset is used in an indirect system call.
"IPSecDrv.sys" version 10.4.0.12 when running on Windows operating
systems is affected. The driver is included with SafeNET HighAssurance
Remote and SafeNET HighAssurance SoftRemote. This issue may also
affect other versions as well as versions running on other operating
platforms.
Ref: http://www.securityfocus.com/bid/27496
______________________________________________________________________

08.6.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: LSrunasE and Supercrypt RC4 Weak Encryption
Description: LSrunasE and Supercrypt are utilities used to run
commands under a different user account within Windows batch scripts.
The application is exposed to a weak encryption issue due to insecure
usage of the RC4 encryption algorithm. The issue occurs because the
application uses the same keystream to generate encrypted data.
LSrunasE version 1.0 and Supercrypt version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/27500
______________________________________________________________________

08.6.8 CVE: CVE-2008-0064
Platform: Third Party Windows Apps
Title: GFL SDK Library Buffer Overflow
Description: GFL SDK is an image library for developers. The library
is exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. Specifically, the
error arises in the "libgfl280.dll" file when the library processes
RGBE files. GFL SDK version 2.870 is affected. XnView versions 1.91
and 1.92 that use the library and NConvert 4.85 are also affected.
Ref: http://secunia.com/secunia_research/2008-1/advisory/
______________________________________________________________________

08.6.9 CVE: CVE-2007-5602
Platform: Third Party Windows Apps
Title: SwiftView ActiveX Control and Browser Plugin Stack-Based Buffer
Overflow
Description: SwiftView is an application used to print or view PCL,
HPGL, and TIFF files. The application is exposed to a stack-based
buffer overflow issue. This issue affects the ActiveX control
provided by "svocx.ocx". The browser plugin version of the application
is also affected.
Ref: http://www.kb.cert.org/vuls/id/639169
______________________________________________________________________

08.6.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: MySpace Uploader "MySpaceUploader.ocx" ActiveX Control Buffer
Overflow
Description: MySpace Uploader ActiveX Control lets MySpace users
upload files to the server. 
The control is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. This issue
affects the "Action" property of the "MySpaceUploader.ocx" library.
MySpace Uploader ActiveX Control versions 1.0.0.4 and 1.0.0.5 are
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Facebook Photo Uploader 4 "ImageUploader4.1.ocx" ActiveX
Control Buffer Overflow
Description: Facebook Photo Uploader ActiveX control lets Facebook
users upload album and image files to the server. The control is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data. This issue affects the
"Action" property of the "ImageUploader4.1.ocx" library. The
"ImageUploader4.1.ocx" version 4.5.57.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aurigma Image Uploader "ImageUploader4.ocx" ActiveX Control
Buffer Overflow
Description: Aurigma Image Uploader ActiveX Control lets users manage
and upload images to a server. The control is exposed to a buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. This issue affects the "Action" property of the
"ImageUploader4.ocx" library. Image Uploader version 4.5.70.0 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: Chilkat FTP "ChilkatCert.dll" ActiveX Control Insecure Method
Description: Chilkat FTP is an ActiveX control for sending and
receiving files. The control is exposed to an issue that allows
attackers to create or overwrite arbitrary data with the privileges of
the application using it (typically Internet Explorer). This issue
affects the "SavePkcs8File" attribute of the "ChilkatCert.dll" ActiveX
control. Chilkat FTP ActiveX version 2.0 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.6.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: UltraVNC VNCViewer "ClientConnection.cpp" Remote Buffer
Overflow
Description: UltraVNC is a client/server remote access suite that
allows remote users to access desktops as though they are local users.
It was formerly known as Ultr@VNC. The application is exposed to a
remote buffer overflow issue due to a failure of the application to
properly validate user-supplied string lengths before copying them
into static process buffers. UltraVNC version 1.0.2 and UltraVNC 104
release candidates released prior to January 25, 2008 are affected.
Ref: http://forum.ultravnc.info/viewtopic.php?t=11850
______________________________________________________________________

08.6.15 CVE: CVE-2007-4770, CVE-2007-4771
Platform: Linux
Title: International Components for Unicode Library (libicu) Multiple
Memory Corruption Vulnerabilities
Description: The International Components for Unicode (libicu) is a
freely-available library for handling Unicode data in applications.
The library is exposed to multiple memory corruption issues. The
International Components for Unicode versions 3.8.1 and earlier are
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=429025
______________________________________________________________________

08.6.16 CVE: CVE-2007-6151
Platform: Linux
Title: Linux Kernel "isdn_common.c" Local Buffer Overflow
Description: The Linux kernel is exposed to a local buffer overflow
issue because it fails to properly bounds check user-supplied input
before copying it into an insufficiently sized buffer. This issue
occurs in the the "isdn_ioctl()" function in the "isdn_common.c"
source file. The struct "iocts" is not NULL terminated, which can
allow specially-crafted IOCTL data to overrun a memory buffer. Linux
kernel versions prior to 2.6.25 are affected.
Ref:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=
eafe1aa37e6ec2d56f14732b5240c4dd09f0613a
______________________________________________________________________

08.6.17 CVE: CVE-2007-6694
Platform: Linux
Title: Linux Kernel PowerPC "chrp/setup.c" NULL Pointer Dereference
Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue. This issue occurs in the "chrp_show_cpuinfo()" function of the
"chrp/setup.c" source file. Specifically, a NULL-pointer dereference
exception occurs when the "of_get_property()" function fails. When a
failure does occur, the "strcmp()" function is called, which causes
the kernel to access a dereferenced pointer. Linux kernel versions
2.4.21 through 2.6.18-53 running on the PowerPC architecture are
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0055.html
______________________________________________________________________

08.6.18 CVE: CVE-2007-4130
Platform: Linux
Title: Linux Kernel Page Faults Using NUMA Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly handle certain page faults when
using NUMA (Non-Uniform Memory Access) methods. This issue arises when
invalid bitmasks are processed by the "set_mempolicy()" function in
the "mm/mempolicy.c" source file during page faults. Linux kernel
versions 2.6.9 and earlier are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0055.html
______________________________________________________________________

08.6.19 CVE: Not Available
Platform: Aix
Title: IBM AIX "piox25.c/piox25remote.sh" Local Buffer Overflow
Description: AIX is a UNIX operating system from IBM. The application
is exposed to a local buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. Specifically
the issue can be triggered by supplying overly long input to
"piox25.c" and "piox25remote.sh".
Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ13739
______________________________________________________________________

08.6.20 CVE: Not Available
Platform: Unix
Title: PatchLink Update Multiple Insecure Temporary File Creation
Vulnerabilities
Description: PatchLink Update is an application for managing patches
and vulnerabilities in a medium to large sized enterprise. The
"logtrimmer" log rotation utility and the "rebootTask" script create
temporary files with predictable filenames in an insecure manner.
Ref: http://www.securityfocus.com/archive/1/487103
______________________________________________________________________

08.6.21 CVE: Not Available
Platform: Cross Platform
Title: IrfanView FPX File Remote Memory Corruption
Description: IrfanView is an image viewer that supports multiple file
formats. The application is exposed to a remote memory corruption
issue because it fails to handle specially crafted ".FPX" files.
IrfanView version 4.10 is affected.
Ref: http://www.securityfocus.com/bid/27479
______________________________________________________________________

08.6.22 CVE: Not Available
Platform: Cross Platform
Title: IBM Hardware Management Console Pegasus CIM Server Denial of
Service
Description: IBM Hardware Management Console enables an administrator
to manage the configuration and operation of partitions in a computer
and to monitor the computer for hardware problems. IBM Hardware
Management Console is exposed to a denial of service issue due to an
unspecified error in the Pegasus CIM Server. Hardware Management
Console version V7 R3.2.0 is affected.
Ref:
https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.
html#specific
______________________________________________________________________

08.6.23 CVE: Not Available
Platform: Cross Platform
Title: IBM Informix Storage Manager Multiple Buffer Overflow
Vulnerabilities
Description: IBM Informix Dynamic Server is an application server that
runs on various platforms. Informix Storage Manager (ISM) is
distributed as part of IBM Informix Dynamic Server (IDS). The
application is exposed to multiple buffer overflow issues because it
fails to properly bounds-check user-supplied data. IBM Informix
Dynamic Server versions 10.00.xC8, 11.10.xC2 and earlier on Microsoft
Windows platforms are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21294211
______________________________________________________________________

08.6.24 CVE: Not Available
Platform: Cross Platform
Title: Firebird Username Remote Buffer Overflow
Description: Firebird is a relational database that runs on Windows,
Linux, and UNIX systems. The application is exposed to a remote
buffer overflow issue because it fails to properly check boundaries on
user-supplied data before using it in a finite-sized buffer. The
problem occurs when the application processes usernames and can be
exploited by remote attackers to cause a stack overflow by supplying a
specially-crafted, overly long username. Firebird versions 2.1 Beta 2,
2.0.3, 2.0.2, 2.0.0, 1.0.3, 2.1 Beta 1, 2.1 Alpha 1, 2.0.1 and 1.5.4
are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570816
______________________________________________________________________

08.6.25 CVE: CVE-2008-0387
Platform: Cross Platform
Title: Firebird Relational Database "protocol.cpp" XDR Protocol Remote
Memory Corruption
Description: Firebird is a Relational Database Management System
(RDBMS) available for multiple operating systems. The application is
exposed to an integer overflow issue because it fails to ensure that
integer values aren't overrun.
Ref: http://www.securityfocus.com/archive/1/487173
______________________________________________________________________

08.6.26 CVE: CVE-2008-0386
Platform: Cross Platform
Title: Xdg-Utils "xdg-open" and "xdg-email" Multiple Remote Command
Execution Vulnerabilities
Description: Xdg-Utils is a set of utilities allowing various
applications to easily integrate with the free desktop configurations.
The application is exposed to multiple remote command execution issues
because it fails to sufficiently sanitize user-supplied data to the
"xdg-open" and "xdg-email" shell scripts.
Ref: http://www.securityfocus.com/bid/27528
______________________________________________________________________

08.6.27 CVE: Not Available
Platform: Cross Platform
Title: Gnumeric XLS HLINK Opcode Handling Remote Arbitrary Code
Execution
Description: Gnumeric is an open-source spreadsheet application. The
application is exposed to a remote arbitrary code execution issue due
to integer overflow and signedness errors when the application tries
to process the XLS HLINK opcodes. Specifically the
"excel_read_HLINK()" function in "plugins/excel/ms-excel-read.c" is
affected. Gnumeric version 1.6.3 is affected.
Ref: http://bugzilla.gnome.org/show_bug.cgi?id=505330
______________________________________________________________________

08.6.28 CVE: Not Available
Platform: Cross Platform
Title: Sun Java RunTime Environment XML Parsing Unspecified
Description: Sun Java Runtime Environment (JRE) is exposed to an
unspecified issue that can occur when parsing malicious XML content.
This issue affects trusted Java applications running on sites that
have the "external general entities" property set to FALSE. JDK and
JRE versions 6 Update 3 and earlier are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1
______________________________________________________________________

08.6.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tripwire Enterprise Login Page Cross-Site Scripting
Description: Tripwire Enterprise is a configuration audit and control
system. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the
application's web-based server management login page. Tripwire
Enterprise version 7.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487229
______________________________________________________________________

08.6.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SunGard Banner Student "add1" Parameter Cross-Site Scripting
Description: Banner is a software suite for administering colleges and
other institutions. Banner Student is an information system for
students, prospects, and faculty. The application is exposed to
cross-site scripting attacks because it fails to sufficiently sanitize
user-supplied input to the emergency contact address field "add1" of
the "ss/bwgkoemr.P_UpdateEmrgContacts" script. Banner Student version
7.3 is affected.
Ref: http://www.securityfocus.com/archive/1/487250
______________________________________________________________________

08.6.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Yamaha RT Series Routers Cross-Site Request Forgery
Description: Yamaha routers are network devices designed for home and
small-office setups. Multiple Yamaha routers are exposed to a
cross-site request forgery issue. Attackers exploit this issue by
tricking a user into visiting a malicious web page. Yamaha routers
in the RT and SRT series are affected.
Ref: http://www.securityfocus.com/bid/27491
______________________________________________________________________

08.6.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Endian Firewall "userlist.php" Cross-Site Scripting
Description: Endian Firewall is a threat management appliance that
protects users from spam, viruses and various other threats. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. Specifically, the
web interface fails to sanitize user-supplied data to the "psearch"
parameter of the "userslist.php" script. Endian Firewall version 2.1.2
is affected.
Ref: http://www.securityfocus.com/bid/27477
______________________________________________________________________

08.6.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mambo MOStlyCE Module "connector.php" Cross-Site Scripting
Description: MOStlyCE is a WYSIWYG editor module included with the Mambo
content manager. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"Command" parameter of the
"mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector
.php"
script. MOStlyCE version 2.4 included with Mambo 4.6.3 is affected.
Ref: http://www.securityfocus.com/archive/1/487128
______________________________________________________________________

08.6.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: eTicket "index.php" Cross-Site Scripting
Description: eTicket is an open-source support-ticket system based on
osTicket. The application is exposed to cross-site scripting attacks
because it fails to sufficiently sanitize user-supplied input to the
"index.php" script. eTicket version 1.5.6-RC4 is affected.
Ref: http://www.securityfocus.com/archive/1/487133
______________________________________________________________________

08.6.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Drake CMS "index.php" Cross-Site Scripting
Description: Drake CMS is a content manager. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "option" parameter of the
"index.php" script. Drake CMS version 0.4.9 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-drake_cms.html
______________________________________________________________________

08.6.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: trixbox "index.php" Multple Cross-Site Scripting
Vulnerabilities
Description: trixbox (formerly Asterisk@Home) is a line of
Asterisk-based IP-PBX products. The application is exposed to multiple
cross-site scripting issues because it fails to properly sanitize
user-supplied input to the "user/index.php" and "maint/index.php"
scripts. trixbox version 2.4.2.0 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-trixbox.html
______________________________________________________________________

08.6.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: F5 BIG-IP Application Security Manager "report_type" Cross-Site
Scripting
Description: F5 BIG-IP Application Security Manager is a web and
operational infrastructure security product module for BIG-IP. The web
management interface is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the
"report_type" parameter of the "rep_request.php" script. F5 BIG-IP
Application Security Manager version 9.4.3 is affected.
Ref: http://www.securityfocus.com/archive/1/487118
______________________________________________________________________

08.6.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Nucleus CMS "action.php" Cross-Site Scripting
Description: Nucleus CMS is a web-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "action.php"
script. Nucleus CMS version 3.31 is affected.
Ref: http://www.securityfocus.com/archive/1/487255
______________________________________________________________________

08.6.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AmpJuke "index.php" Cross-Site Scripting
Description: AmpJuke is a PHP-based, music streaming application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "limit"
parameter of the "index.php" script. AmpJuke version 0.7.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/487258
______________________________________________________________________

08.6.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hal Networks Multiple Products Cross-Site Scripting
Vulnerabilities
Description: Hal Networks products provide shopping cart functionality
using various technologies. The application is exposed to cross-site
scripting issue because they fail to properly sanitize user-supplied
input to unspecified parameters.
Ref: http://www.securityfocus.com/bid/27513
______________________________________________________________________

08.6.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: webSPELL "index.php" Cross-Site Scripting
Description: webSPELL is a PHP-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
properly sanitize user-supplied input to the "sort" parameter of the
"index.php" script. webSPELL version 4.01.02 is affected.
Ref: http://www.securityfocus.com/archive/1/487312
______________________________________________________________________

08.6.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Mercantec SoftCart Multiple Parameters Multiple Cross-Site
Scripting Vulnerabilities
Description: Mercantec SoftCart is a shopping-cart application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. These issues affected the
"License_Plate", "License_State", "Ticket_Date", and "Ticket_Number"
parameters of "SoftCart.exe". Mercantec SoftCart version 5.1.2.2 is
affected.
Ref: http://www.securityfocus.com/bid/27524
______________________________________________________________________

08.6.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OpenBSD bgplg "cmd" Parameter Cross-Site Scripting
Description: OpenBSD bgplg is a CGI script used to for web-based
read-only access to limited Border Gateway Protocol daemon (bgpd(8))
information. The application is exposed to a cross-site scripting
issue because it fails to properly sanitize user-supplied input to the
"cmd" parameter script. bgplg shipped with OpenBSD version 4.1 is
affected.
Ref: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/bgplg/bgplg.c
______________________________________________________________________

08.6.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Livelink ECM UTF-7 Cross-Site Scripting
Description: Livelink ECM is an enterprise content management system.
The application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input. The application
fails to set the HTTP Content-Type "charset" in the response header or
HTML body, which allows remote attackers to inject arbitrary UTF-7
script code. Livelink ECM versions up to and including 9.7.0 are
affected.
Ref: http://www.withdk.com/2008/01/31/livelink-utf-7-xss-vulnerability/
______________________________________________________________________

08.6.45 CVE: CVE-2008-0178
Platform: Web Application - Cross Site Scripting
Title: Liferay Enterprise Portal User-Agent HTTP Header Cross-Site
Scripting
Description: Liferay Enterprise Portal is a Java-based web portal for
enterprises. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input to
the "Enterprise Admin Session Monitoring" portion of the application.
Specifically, the application fails to sanitize the HTTP "User-Agent"
header, which allows remote attackers to inject arbitrary script code.
Liferay Enterprise Portal version 4.3.6 is affected.
Ref: http://www.kb.cert.org/vuls/id/326065
______________________________________________________________________

08.6.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Uniwin eCart Professional "rp" Cross-Site Scripting
Vulnerabilities
Description: Uniwin eCart Professional is a shopping cart application
implemented in ASP. The application is exposed to multiple cross-site
scripting issues because it fails to sufficiently sanitize
user-supplied input to the "rp" parameter in the "cartView.asp" script and
multiple unspecified scripts. Uniwin eCart Professional versions prior
to 2.0.16 are affected.
Ref: http://www.securityfocus.com/bid/27560
______________________________________________________________________

08.6.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bigware Shop "main_bigware_53.tpl.php" SQL Injection
Description: Bigware Shop is a PHP-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pollid" parameter of
the "main_bigware_53.tpl.php" script before using it in an SQL query.
Bigware Shop version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27489
______________________________________________________________________

08.6.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo LaiThai Multiple SQL Injection And Unspecified
Vulnerabilities
Description: Mambo LaiThai is a Thai implementation of the Mambo
content manager. The application is exposed to multiple issues. Mambo
LaiThai version 4.5.5 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=571300
______________________________________________________________________

08.6.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin fGallery SQL Injection
Description: WebPress is a web-based publishing application
implemented in PHP. fGallery plugin for WordPress provides image
gallery functionality. The plugin is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"album" parameter of the "fim_rss.php" script before using it in an
SQL query. fGallery version 2.4.1 is affected.
Ref: http://www.securityfocus.com/bid/27464
______________________________________________________________________

08.6.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin WP-Cal SQL Injection
Description: WebPress is a web-based publishing application. WP-Cal
plugin for WordPress provides calendar functionality. The plugin is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user" parameter of the
"wp-forum.php" script before using it in an SQL query. WP-Cal version
0.3 is affected.
Ref: http://www.securityfocus.com/bid/27465
______________________________________________________________________

08.6.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpIP Management Multiple SQL Injection Vulnerabilities
Description: phpIP Management is a web-based IP address management
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data.
phpIP Management version 4.3.2 is affected.
Ref: http://www.securityfocus.com/bid/27468
______________________________________________________________________

08.6.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla com_fq Component "index.php" SQL Injection
Description: com_fq is a faq component module for Joomla! content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "listid"
parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27501
______________________________________________________________________

08.6.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo Newsletter Component "Itemid" Parameter SQL Injection
Description: Mambo is a PHP-based content manager. The Newsletter
component of the application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"Itemid" parameter of "index.php" before using it in an SQL query.
Mambo version 4.5 is affected.
Ref: http://www.securityfocus.com/bid/27502
______________________________________________________________________

08.6.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! com_mamml Component "index.php" SQL Injection
Description: Joomla com_mamml is a module for the Joomla! content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "listid"
parameter of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27503
______________________________________________________________________

08.6.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin wp-AdServe SQL Injection
Description: WebPress is a web-based publishing application
implemented in PHP. wp-AdServe plugin for WordPress provides
advertising server functionality. The plugin is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "adclick.php" script
before using it in an SQL query. wp-AdServe version 0.2 is affected.
Ref: http://wordpress.org/extend/plugins/adserve/
______________________________________________________________________

08.6.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo/Joomla Glossary "com_glossary" Component SQL Injection
Description: Mambo and Joomla are PHP-based content managers. The
"com_glossary"  component for Mambo/Joomla is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data before using it in an SQL query. Specifically, this
issue affects the "catid" parameter. "com_glossary" version 2.0 is
affected.
Ref: http://www.securityfocus.com/bid/27505
______________________________________________________________________

08.6.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Coppermine Photo Gallery Multiple SQL Injection Vulnerabilities
Description: Coppermine Photo Gallery is a web-based, photo gallery
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
unspecified parameters of the "reviewcom.php" and "util.php" scripts
before using it in an SQL query. Coppermine Photo Gallery versions
prior to 1.4.15 are affected.
Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
______________________________________________________________________

08.6.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo/Joomla "com_musepoes" Component "aid" Parameter SQL
Injection
Description: Mambo and Joomla are PHP-based content managers. The
"com_musepoes" component for Mambo/Joomla is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "aid" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27507
______________________________________________________________________

08.6.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mambo/Joomla "com_buslicense" Component "aid" Parameter SQL
Injection
Description: Mambo and Joomla are PHP-based content managers. The
"com_buslicense" component for Mambo/Joomla is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "aid" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27508
______________________________________________________________________

08.6.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! com_recipes Component "id" Parameter SQL Injection
Description: The com_recipes component is a recipe module for the
Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "index.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27519
______________________________________________________________________

08.6.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! EstateAgent Component "index.php" SQL Injection
Description: The Joomla! EstateAgent component is a module for the
Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "objid" parameter of the "index.php" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27520
______________________________________________________________________

08.6.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! com_jokes Component "cat" Parameter SQL Injection
Description: The "com_jokes" component is a module for the Joomla!
content manager. The application is exposed to a SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cat" parameter of the "index.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27522
______________________________________________________________________

08.6.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ibProArcade "overwrite_order" Parameter SQL Injection
Description: ibProArcade is a PHP-based arcade system. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "overwrite_order" parameter of the
"index.php" script before using it in an SQL query. ibProArcade
version 3.3.0 is affected.
Ref: http://www.securityfocus.com/bid/27523
______________________________________________________________________

08.6.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress WassUp Plugin "spy.php" SQL Injection
Description: WassUp is a WordPress plugin for tracking website
statistics. The plugin is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "to_date"
parameter of the "spy.php" script before using it in an SQL query.
WassUp version 1.4.3 is affected.
Ref: http://www.securityfocus.com/bid/27525
______________________________________________________________________

08.6.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ELOG "logbook" HTML Injection
Description: ELOG is a web-log application written for use on
Microsoft Windows and Linux/Unix platforms. The application is exposed
to an HTML injection issue because it fails to properly sanitize
user-supplied input to the "logbook" script. ELOG versions prior to
2.7.2 are affected.
Ref: http://midas.psi.ch/elog/download/ChangeLog
______________________________________________________________________

08.6.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: DeltaScripts PHP Links "vote.php" SQL Injection
Description: DeltaScripts PHP Links is a web-based link directory. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"vote.php" script before using it in an SQL query. PHP Links versions
1.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27530
______________________________________________________________________

08.6.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_restaurant Component "id" Parameter SQL
Injection
Description: The "com_restaurant" component is a restaurant module for
the Joomla! and Mambo content managers. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_restaurant"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27551
______________________________________________________________________

08.6.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo AkoGallery Component "id" Parameter SQL
Injection
Description: The AkoGallery component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of "com_akogallery" before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27557
______________________________________________________________________

08.6.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Catalog Component "id" Parameter SQL
Injection
Description: CatalogShop is a third-party, e-commerce component for
Mambo and Joomla!. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of "index.php" when the "option" parameter is set
to "com_catalogshop". CatalogShop version 1.0 b1 is affected.
Ref: http://www.securityfocus.com/bid/27558
______________________________________________________________________

08.6.70 CVE: Not Available
Platform: Web Application
Title: Smart Publisher "/admin/op/disp.php" Remote Code Execution
Description: Smart Publisher is a PHP-based application that allows
users to develop and publish static and dynamic web sites. The
application is exposed to an issue that lets remote attackers execute
arbitrary code because it fails to properly sanitize user-supplied
input to the "filedata" parameter of the "/admin/op/disp.php" script.
Smart Publisher version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/27488
______________________________________________________________________

08.6.71 CVE: Not Available
Platform: Web Application
Title: Bubbling Library "dispatcher.php" Multiple Local File Include
Vulnerabilities
Description: Bubbling Library provides a set of plugins for building
event-driven web applications. The application is exposed to multiple
local file include issues because it fails to properly sanitize
user-supplied input to the "uri" parameter. Bubbling Library version
1.32 is affected.
Ref: http://www.securityfocus.com/bid/27482
______________________________________________________________________

08.6.72 CVE: Not Available
Platform: Web Application
Title: VB Marketing "tseekdir.cgi" Local File Include
Description: VB Marketing is web-based application implemented in
Perl. The application is exposed to a local file include issue because
it fails to properly sanitize user-supplied input to the "location"
parameter of the "tseekdir.cgi" script.
Ref: http://www.securityfocus.com/bid/27475
______________________________________________________________________

08.6.73 CVE: Not Available
Platform: Web Application
Title: phpMyClub "page_courante" Parameter Local File Include
Description: phpMyClub is a PHP-based content manager (CMS) designed
for sport associations. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "page_courante" parameter. phpMyClub version 0.0.1 is
affected.
Ref: http://www.securityfocus.com/bid/27480
______________________________________________________________________

08.6.74 CVE: Not Available
Platform: Web Application
Title: ClanSphere "install.php" Local File Include
Description: Clansphere is a PHP-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "lang" parameter of
the "install.php" script. ClanSphere version 2007.4.4 is affected.
Ref: http://www.securityfocus.com/archive/1/487132
______________________________________________________________________

08.6.75 CVE: Not Available
Platform: Web Application
Title: Mambo MOStlyCE Module Image Manager Utility Arbitrary File
Upload
Description: MOStlyCE is a WYSIWYG editor module included with the Mambo
content manager. The application is exposed to an arbitrary file upload
issue because it fails to sufficiently sanitize user-supplied input. The
issue occurs when the module's "Image Manager" utility is installed.
MOStlyCE version 2.4 included with Mambo version 4.6.3 is affected.
Ref: http://www.securityfocus.com/archive/1/487128
______________________________________________________________________

08.6.76 CVE: Not Available
Platform: Web Application
Title: ASPired2Protect Login Page Authentication Bypass
Description: ASPired2Protect is an ASP-based file protection system
with an Access database. The application is exposed to an
authentication bypass issue because it fails to adequately check
user-supplied input to the Login page.
Ref: http://www.securityfocus.com/archive/1/487137
______________________________________________________________________

08.6.77 CVE: Not Available
Platform: Web Application
Title: CandyPress Multiple Input Validation Vulnerabilities
Description: CandyPress is an ASP-based, e-commerce application. The
application is exposed to multiple input validation issues because it
fails to properly sanitize user-supplied input. CandyPress version
4.1.1.26 is affected.
Ref: http://www.securityfocus.com/archive/1/487058
______________________________________________________________________

08.6.78 CVE: Not Available
Platform: Web Application
Title: WebCalendar Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: WebCalendar is a web-based calendar implemented in PHP.
The application is exposed to multiple HTML injection and cross-site
scripting issues because the application fails to properly sanitize
user-supplied input before using it in dynamically generated content.
WebCalendar version 1.1.6 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-webcalendar.
html
______________________________________________________________________

08.6.79 CVE: Not Available
Platform: Web Application
Title: Gerd Tentler Simple Forum Multiple Input Validation
Vulnerabilities
Description: Gerd Tentler Simple Forum is web-based forum software.
The application is exposed to multiple input validation issues because
it fails to sufficiently sanitize user-supplied input. Simple Forum
version 3.2 is affected.
Ref: http://www.milw0rm.com/exploits/4989
______________________________________________________________________

08.6.80 CVE: Not Available
Platform: Web Application
Title: Bubbling Library Multiple Local File Include Vulnerabilities
Description: Bubbling Library provides a set of plug-ins for building
event-driven web applications. The application is exposed to multiple
local file include issues because it fails to properly sanitize
user-supplied input data. Bubbling Library version 1.32 is affected.
Ref: http://www.securityfocus.com/bid/27466
______________________________________________________________________

08.6.81 CVE: Not Available
Platform: Web Application
Title: phpCMS "parser/parser.php" Local File Include
Description: phpCMS is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "file" parameter of the
"parser/parser.php" script. phpCMS version 1.2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/487251
______________________________________________________________________

08.6.82 CVE: Not Available
Platform: Web Application
Title: Connectix Boards "part_userprofile.php" Remote File Include
Description: Connectix Boards is a PHP-based forum application. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "template_path"
parameter of the "templates/Official/part_userprofile.php" script.
Connectix Boards versions 0.8.1 and 0.8.2 are affected.
Ref: http://www.securityfocus.com/bid/27506
______________________________________________________________________

08.6.83 CVE: Not Available
Platform: Web Application
Title: Coppermine Photo Gallery "showdoc.php" Multiple Cross-Site
Scripting Vulnerabilities
Description: Coppermine Photo Gallery is a web-based, photo gallery
application. The application is exposed to multiple cross-site
scripting issues because it fails to properly sanitize user-supplied
input to the "h" and "t" parameters of the "docs/showdoc.php" script.
Coppermine Photo Gallery versions prior to 1.4.15 are affected.
Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
______________________________________________________________________

08.6.84 CVE: Not Available
Platform: Web Application
Title: Coppermine Photo Gallery Multiple Remote Command Execution
Vulnerabilities
Description: Coppermine Photo Gallery is a web-based, photo gallery
application. The application is exposed to multiple issues that
attackers can leverage to execute arbitrary commands. These issues
occur because the application fails to adequately sanitize
user-supplied input. Coppermine Photo Gallery versions prior to 1.4.15
are affected.
Ref: http://coppermine-gallery.net/forum/index.php?topic=50103.0
______________________________________________________________________

08.6.85 CVE: Not Available
Platform: Web Application
Title: SQLiteManager "confirm.php" Remote File Include
Description: SQLiteManager is a web-based application for managing
SQLite databases. The application is exposed to a remote file include
issue because it fails to properly sanitize user-supplied input to the
"spaw_root" parameter of the "spaw/dialogs/confirm.php" script.
SQLiteManager version 1.2.0 is affected.
Ref: http://www.securityfocus.com/bid/27515
______________________________________________________________________

08.6.86 CVE: Not Available
Platform: Web Application
Title: DeltaScripts PHP Links "smarty.php" Remote File Include
Description: DeltaScripts PHP Links is a web-based link directory. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the
"full_path_to_public_program" parameter of the "includes/smarty.php"
script. PHP Links versions 1.3 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27529
______________________________________________________________________

08.6.87 CVE: Not Available
Platform: Web Application
Title: ChronoEngine ChronoForms mosConfig_Absolute_Path Multiple
Remote File Include Vulnerabilities
Description: ChronoEngine ChronoForms is a component for the Joomla!
content manager. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input to the "mosConfig_absolute_path" parameter. ChronoForms version
2.3.5 is affected.
Ref: http://www.securityfocus.com/bid/27531
______________________________________________________________________

08.6.88 CVE: Not Available
Platform: Web Application
Title: VirtueMart Information Disclosure
Description: VirtueMart is a web-based shopping application. The
application is exposed to an information disclosure issue because it
fails to properly sanitize user-supplied input to an unspecified
parameter when viewing a product. The parameter is then used in the
script to read a template file. VirtueMart versions 1.0.13a and
earlier are affected.
Ref:
http://virtuemart.net/index.php?option=com_content&task=view&id=275&Itemid=127
______________________________________________________________________

08.6.89 CVE: Not Available
Platform: Web Application
Title: Mindmeld "MM_GLOBALS["home"]" Multiple Remote File Include
Vulnerabilities
Description: Mindmeld is a knowledge-sharing system. The application
is exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "MM_GLOBALS["home"]"
parameter. Mindmeld version 1.2.0.10 is affected.
Ref: http://www.securityfocus.com/bid/27538
______________________________________________________________________

08.6.90 CVE: Not Available
Platform: Web Application
Title: sflog! "index.php" Multiple Local File Include Vulnerabilities
Description: sflog! is a PHP-based, web log application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input to the "permalink"
and "section" parameters of the "index.php" script. sflog! version
0.96 is affected.
Ref: http://www.securityfocus.com/archive/1/487368
______________________________________________________________________

08.6.91 CVE: Not Available
Platform: Web Application
Title: Drupal OpenID Module "claimed_id" Provider Spoofing
Description: OpenID is a decentralized authentication system. An
OpenID module is available for Drupal. The OpenID module is exposed to
an issue that allows attackers to set up malicious OpenID Providers to
spoof a legitimate OpenID Authority. This issue occurs because the
module fails to adequately verify "claimed_id" values returned by an
OpenID Provider. OpenID versions prior to 5.x-1.1 are affected.
Ref: http://drupal.org/node/216022
______________________________________________________________________

08.6.92 CVE: Not Available
Platform: Web Application
Title: Drupal Secure Site Module Authentication Bypass
Description: Drupal is a content manager. The Secure Site module is a
third-party add-on that allows HTTP-based authentication for
Drupal-based web sites. The application is exposed to an authentication
bypass issue because of an error in the IP-authentication feature.
Secure Site for Drupal versions 5.x and 4.7.x are affected.
Ref: http://drupal.org/node/216019
______________________________________________________________________

08.6.93 CVE: Not Available
Platform: Web Application
Title: Drupal Comment Upload Module Upload Validation Function
Arbitrary File Upload
Description: The Drupal Comment Upload module is a module for 
Drupal content management that allows users to attach files to
comments. The application is exposed to an arbitrary file upload issue
because it fails to sufficiently sanitize user-supplied input. The
issue exists in the upload validation function when handling incorrect
data.
Ref: http://drupal.org/node/216024
______________________________________________________________________

08.6.94 CVE: Not Available
Platform: Web Application
Title: Drupal Project Issue Tracking Module Multiple Input Validation
Vulnerabilities
Description: Drupal is a content manager. The Project Issue Tracking
module is a third-party add-on that provides issue tracking
functionality for Drupal-based web sites. The module is exposed to
multiple input validation issues because it fails to adequately
sanitize user-supplied input.
Ref: http://drupal.org/node/216063
______________________________________________________________________

08.6.95 CVE: CVE-2008-0180
Platform: Web Application
Title: Liferay Enterprise Portal User Profile Greeting HTML Injection
Description: Liferay Enterprise Portal is a web-based portal
application implemented in Java. The application is exposed to an HTML
injection issue because it fails to properly sanitize user-supplied
input to the "Greeting" form field parameter located in the user
profile. Liferay Enterprise Portal versions prior to 4.4.0 and 4.3.7
are affected.
Ref: http://www.kb.cert.org/vuls/id/732449
______________________________________________________________________

08.6.96 CVE: CVE-2008-0179
Platform: Web Application
Title: Liferay Enterprise Portal "User-Agent" HTTP Header Script
Injection
Description: Liferay Enterprise Portal is a Java-based web portal for
enterprises. The application is exposed to a script injection issue
because it fails to properly sanitize user-supplied input.
Specifically, the user-supplied input from the "User-Agent" HTTP
header isn't sanitized when the application uses it to generate
"Forgot Password" emails. Liferay Enterprise Portal versions prior to
4.4.0 and 4.3.7 are affected.
Ref: http://www.kb.cert.org/vuls/id/888209
______________________________________________________________________

08.6.97 CVE: CVE-2008-0181
Platform: Web Application
Title: Liferay Enterprise Portal Admin Portlet Shutdown Message HTML
Injection
Description: Liferay Enterprise Portal is a web-based portal implemented
in Java. The application is exposed to an HTML injection issue because
it fails to properly sanitize user-supplied input to the message
displayed to all users when the application is shut down.  Liferay
Enterprise Portal version 4.4.0 and versions 4.3.7 and earlier are
affected.
Ref: http://www.kb.cert.org/vuls/id/217825
______________________________________________________________________

08.6.98 CVE: Not Available
Platform: Web Application
Title: Nilsons Blogger "comments.php" Local File Include
Description: Nilsons Blogger is a web-based blogging application. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "thispost" parameter
of the "comments.php" script. Nilsons Blogger version 0.11 is
affected.
Ref: http://www.securityfocus.com/archive/1/487384
______________________________________________________________________

08.6.99 CVE: Not Available
Platform: Network Device
Title: Cisco PIX/ASA Enable Login Prompt Privilege Escalation
Description: Cisco PIX and ASA security appliances are potentially
exposed to a privilege escalation issue. This issue occurs when users
with privilege level 0 attempt to connect to vulnerable devices
locally through the console, or remotely via telnet. Cisco PIX/ASA
operating system Finesse versions 7.1 and 7.2 are affected.
Ref: http://www.securityfocus.com/archive/1/486959
______________________________________________________________________

08.6.100 CVE: Not Available
Platform: Network Device
Title: 2Wire Routers "H04_POST" Access Validation
Description: 2Wire routers are network devices designed for home and
small-office setups. Multiple 2Wire routers are exposed to an access
validation issue because they fail to adequately authenticate users
prior to performing certain actions. This issue occurs when the
devices handle "xslt" requests for the "H04_POST" page that contain
arbitrary "PASSWORD" parameter data and a valid user name passed to
the "PASSWORD_CONF" parameter. 2Wire routers that have the "H04_POST"
page are affected.
Ref: http://www.securityfocus.com/bid/27516
______________________________________________________________________
[ terug ]