Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
******************************************************************
      @RISK: The Consensus Security Vulnerability Alert
Feb 14, 2008                                      Vol. 7. Week 7
******************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform          			Number of Updates and Vulnerabilities
- ------------------------		-------------------------------------
Microsoft Windows				3 (#1, #9, #11)
Other Microsoft Products			3 (#10, #11, #12, #13, #14, #18)
Third Party Windows Apps			20 (#3, #4, #7, #16)
Mac Os						2 (#2, #19)
Linux						2
BSD						1
Novell						2
Cross Platform					13 (#5, #6, #8, #15, #17, #20)
Web Application - Cross Site Scripting		14
Web Application - SQL Injection			24
Web Application					23
Network Device					1

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Windows WebDAV Mini-Redirector Heap Overflow (MS08-007)
(2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-001)
(3) CRITICAL: Apple QuickTime ActiveX Control Multiple Vulnerabilities
(4) CRITICAL: Novell Client "NWSPOOL.DLL" Buffer Overflow
(5) CRITICAL: Symantec Backup Exec System Recovery Manager Arbitrary File Upload
(6) CRITICAL: Adobe Reader Multiple Vulnerabilities
(7) CRITICAL: Adobe Flash Media Server Multiple Vulnerabilities
(8) CRITICAL: ClamAV Multiple Vulnerabilities
(9) HIGH: Microsoft OLE Memory Corruption (MS08-008)
(10) HIGH: Microsoft Word Memory Corruption (MS08-009)
(11) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-010)
(12) HIGH: Microsoft Office Publisher Multiple Vulnerabilities (MS08-012)
(13) HIGH: Microsoft Office Memory Corruption (MS08-013)
(14) HIGH: Microsoft Works Converter Multiple Vulnerabilities (MS08-011)
(15) HIGH: IBM DB2 Universal Database Administration Server Memory Corruption
(16) HIGH: SAP SAPlpd and SAPSprint Multiple Vulnerabilities
(17) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
(18) MODERATE: Microsoft Internet Information Services ASP Remote Code Execution
(MS08-006)
(19) MODERATE: Apple iPhoto Format Photocast Format String Vulnerability
(20) MODERATE: MPlayer Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
08.7.1 - Microsoft February 2008 Advance Notification Multiple Vulnerabilities
 -- Third Party Windows Apps
08.7.2 - Titan FTP Server USER/PASS Commands Buffer Overflow
08.7.3 - Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow
08.7.4 - Facebook Photo Uploader 4 ActiveX Control "ExtractIptc/ExtractExif"
Buffer Overflow Vulnerabilities
08.7.5 - Aurigma Image Uploader ActiveX Controls "ExtractIptc/ExtractExif"
Buffer Overflow Vulnerabilities
08.7.6 - Yahoo! Music JukeBox MediaGrid "mediagrid.dll" ActiveX Control Remote
Buffer Overflow
08.7.7 - Yahoo! Music JukeBox "datagrid.dll" ActiveX Control Remote Buffer
Overflow
08.7.8 - Namo Web Editor "NamoInstaller.dll" ActiveX Control Remote Buffer
Overflow
08.7.9 - Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer Overflow
08.7.10  - Xlight FTP Server LDAP Blank Password Authentication Bypass
08.7.11  - Print Manager Plus PQCore Remote Denial of Service
08.7.12  - Titan FTP Server DELE Command Remote Buffer Overflow
08.7.13  - SAPlpd Multiple Remote Vulnerabilities
08.7.14  - WinCom LPD Total Multiple Buffer Overflow Vulnerabilities and
Authentication Bypass
08.7.15  - Nero Media Player M3U Buffer Overflow
08.7.16  - Symantec Backup Exec System Recovery Manager FileUpload Class
Unauthorized File Upload
08.7.17  - GlobalLink "HanGamePlugincn18.dll" ActiveX Control Buffer Overflow
08.7.18  - dBpowerAMP Audio Player M3U Buffer Overflow
08.7.19  - Symantec Altiris Notification Server Agents Shatter Attack Privilege
Escalation
08.7.20  - Symantec Ghost Solution Suite ARP Spoofing Authentication Bypass
08.7.21  - Check Point VPN SecureClient/SecuRemote Local Login Credentials
Information Disclosure
 -- Mac Os
08.7.22  - Apple iPhoto Photocast Subscription Remote Format String
 -- Linux
08.7.23  - MPlayer "demux_audio.c" Remote Stack-Based Buffer Overflow
08.7.24  - MPlayer "demux_mov.c" Remote Code Execution
 -- BSD
08.7.25  - OpenBSD PRNG DNS Cache Poisoning and Predictable IP ID Weakness
 -- Novell
08.7.26  - Novell Netmail IMAP "AUTHENTICATE GSSAPI" Buffer Overflow
08.7.27  - Novell Challenge Response Client Local Clipboard Disclosure Weakness
 -- Cross Platform
08.7.28  - IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple
Local Vulnerabilities
08.7.29  - Rasterbar Software libtorrent "bdecode_recursive()" Remote Denial of
Service
08.7.30  - Avaya Distributed Office IP Tables Remote Denial of Service
08.7.31  - Ipswitch FTP Log Server Denial of Service
08.7.32  - HP OpenView Network Node Manager Unspecified Denial of Service
08.7.33  - dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
08.7.34  - Adobe Reader Multiple Unspecified Security Vulnerabilities
08.7.35  - KAME Project IPv6 IPComp Header Denial of Service
08.7.36  - Sun Java RunTime Environment Read and Write Permission Multiple
Privilege Escalation Vulnerabilities
08.7.37  - TCL/TK Tk Toolkit "ReadImage()" GIF File Buffer Overflow
08.7.38  - WS_FTP Server Manager Authentication Bypass and Information
Disclosure Vulnerabilities
08.7.39  - TinTin++ and WinTin++ "#chat" Command Multiple Security
Vulnerabilities
08.7.40  - HP Select Identity 4.20 and Prior Unspecified Remote Unauthorized
Access
 -- Web Application - Cross Site Scripting
08.7.41  - Domain Trader "catalog.php" Cross-Site Scripting
08.7.42  - WP-Footnotes WordPress Plugin Multiple Remote Vulnerabilities
08.7.43  - Novell GroupWise WebAccess Multiple Cross-Site Scripting
Vulnerabilities
08.7.44  - CruxCMS "search.php" Cross-Site Scripting
08.7.45  - IBM OS/400 HTTP Server Expect Header Cross-Site Scripting
08.7.46  - HispaH Youtube Clone "load_message.php" Cross-Site Scripting
08.7.47  - AstroSoft HelpDesk Multiple Cross-Site Scripting Vulnerabilities
08.7.48  - DevTracker Module For bcoos and E-xoops Multiple Cross-Site Scripting
Vulnerabilities
08.7.49  - RaidenHTTPD Prior to 2.0.22 Unspecified Cross-Site Scripting
08.7.50  - MyNews "hash" Parameter Cross-Site Scripting
08.7.51  - Pagetool "search_term" Parameter Cross-Site Scripting
08.7.52  - Webmin Search Feature Cross-Site Scripting
08.7.53  - IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting
08.7.54  - LinPHA Multiple Cross-Site Scripting Vulnerabilities
 -- Web Application - SQL Injection
08.7.55  - Archimede Net 2000 "E-Guest_show.php" SQL Injection
08.7.56  - The Everything Development Engine "index.pl" SQL Injection
08.7.57  - phpShop "index.php" SQL Injection
08.7.58  - WordPress Plugin Wordspew SQL Injection
08.7.59  - Joomla! mosDirectory Component "catid" Parameter SQL Injection
08.7.60  - WordPress Plugin ShiftThis Newsletter SQL Injection
08.7.61  - Simple OS CMS "login.php" SQL Injection
08.7.62  - Codice CMS "login.php" SQL Injection
08.7.63  - A-Blog Cross-Site Scripting Vulnerability and SQL-Injection
08.7.64  - Joomla! and Mambo com_marketplace Component "catid" Parameter SQL
Injection
08.7.65  - iTechBids Gold "bidhistory.php" SQL Injection
08.7.66  - Awesom! for Joomla! and Mambo SQL Injection
08.7.67  - Joomla! and Mambo "com_shambo2" Component SQL Injection
08.7.68  - Joomla! and Mambo SOBI2 Component SQL Injection
08.7.69  - RMSOFT Gallery System For XOOPS "images.php" SQL Injection
08.7.70  - All Club CMS "index.php" SQL Injection
08.7.71  - photokorn "pic" Parameter SQL Injection
08.7.72  - Astanda Directory Project "detail.php" SQL Injection
08.7.73  - Joomla! and Mambo com_downloads Component "filecatid" Parameter SQL
Injection
08.7.74  - Joomla! and Mambo YNews Component 'id' Parameter SQL Injection
08.7.75  - Mihalism Multi Host "users.php" SQL Injection
08.7.76  - osCommerce "customer_testimonials.php" SQL Injection
08.7.77  - Joomla! and Mambo com_sermon Component "gid" Parameter SQL Injection
08.7.78  - Joomla! and Mambo com_doc Component "sid" Parameter SQL Injection
 -- Web Application
08.7.79  - LightBlog "cp_upload_image.php" Arbitrary File Upload
08.7.80  - Joomla! and Mambo NeoReferences Component 'catid' Parameter SQL
Injection
08.7.81  - IRIX "lpsched" Remote Command Execution
08.7.82  - iTechClassifieds "ViewCat.php" Input Validation
08.7.83  - DMSGuestbook Multiple Input Validation Vulnerabilities
08.7.84  - Gelato CMS "Comments.php" HTML Injection
08.7.85  - Anon Proxy Server Remote Authentication Buffer Overflow
08.7.86  - BlogPHP "index.php" SQL Injection Vulnerability and Cross-Site
Scripting
08.7.87  - Openads Delivery Engine Remote Code Execution
08.7.88  - Textpattern 4.0.5 Multiple Security Vulnerabilities
08.7.89  - Magnolia CE "ActivationHandler" URL Security Bypass
08.7.90  - Portail Web Php "site_path" Multiple Remote File Include
Vulnerabilities
08.7.91  - Download Management for PHP-Fusion Multiple Local File Include
Vulnerabilities
08.7.92  - VHD Web Pack "index.php" Local File Include
08.7.93  - XOOPS "lang" Parameter Local File Include
08.7.94  - Mailman "list templates" and "list info" Multiple HTML Injection
Vulnerabilities
08.7.95  - ocumentum Products "dmclTrace.jsp" Arbitrary File Overwrite
08.7.96  - WordPress "wp-admin/options.php" Remote Code Execution
08.7.97  - OpenSiteAdmin "path" Multiple Remote File Include Vulnerabilities
08.7.98  - HP Storage Essentials SRM Unspecified Remote Unauthorized Access
08.7.99  - WordPress "xmlrpc.php" Post Edit Unauthorized Access
08.7.100 - mini-pub "sFileName" Parameter Multiple Input Validation
Vulnerabilities
08.7.101 - MODx HTML Injection Vulnerability and Multiple Cross-Site Scripting
Vulnerabilities
 -- Network Device
08.7.102 - MicroTik RouterOS SNMP SET Denial of Service

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Windows WebDAV Mini-Redirector Heap Overflow (MS08-007)
Affected:
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista

Description: Web Distributed Authoring and Versioning, known as WebDAV,
is a protocol allowing filesystem-like access to resources exported via
HTTP. The WebDAV mini-redirector is a kernel-level resource in Microsoft
Windows that allows systems to transparently access WebDAV resources.
The WebDAV mini-redirector contains a heap-based buffer overflow in its
handling of WebDAV traffic. A malicious WebDAV server could exploit this
vulnerability, allowing an attacker to execute arbitrary code with
SYSTEM privileges. Note that WebDAV resources can be accessed by
clicking links on web pages or email messages. Technical details are
publicly available for this vulnerability.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
Hex Blog Post (contains technical details)
http://hexblog.com/2008/02/mrxdavsys_and_hexrays.html
Wikipedia Article on WebDAV
http://en.wikipedia.org/wiki/WebDAV
SecurityFocus BID
http://www.securityfocus.com/bid/27670

***************************************************

(2) CRITICAL: Apple Mac OS X Multiple Vulnerabilities (Security Update 2008-001)
Affected:
Apple Mac OS X versions prior to 10.5.2

Description: Apple has released Security Update 2008-001, addressing
multiple vulnerabilities in Mac OS X. Vulnerabilities in URL handling,
photocasts and web page rendering can lead to arbitrary code execution
with the privileges of the current user. Flaws in the handling of
network accessible filesystems can lead to arbitrary code execution with
root or kernel level privileges. Additional vulnerabilities can lead to
denials-of-service or privilege escalation. Some technical details are
available via source code analysis, and technical details for other
vulnerabilities are publicly available.

Status: Apple confirmed, updates available.

References:
Apple Security Bulletin
http://docs.info.apple.com/article.html?artnum=307430
SecurityFocus BID
http://www.securityfocus.com/bid/27736

***************************************************

(3) CRITICAL: Apple QuickTime ActiveX Control Multiple Vulnerabilities
Affected:
Apple QuickTime ActiveX Control versions prior to 7.4.1

Description: Apple QuickTime is Apple's streaming media framework,
available for both Apple Mac OS X and Microsoft WIndows. On Microsoft
Windows, some functionality is provided by an ActiveX control. This
ActiveX control contains multiple vulnerabilities in its handling of
parameters passed to various methods. A malicious web page that
instantiates this control could exploit one of these vulnerabilities to
execute arbitrary code with the privileges of the current user. Full
technical details and a proof-of-concept are publicly available for
these vulnerabilities. Note that the affected control is installed along
with Apple iTunes and Apple Safari.

Status: Apple has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism using CLSID
"02BF25D5-8C17-4B23-BC80-D3488ABDDC6B". Note that this may affect normal
application functionality.

References:
Posting by Laurent Gaffie
http://www.securityfocus.com/archive/1/488045
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Apple QuickTime Home Page
http://www.apple.com/quicktime
SecurityFocus BID
http://www.securityfocus.com/bid/27769

***************************************************

(4) CRITICAL: Novell Client "NWSPOOL.DLL" Buffer Overflow
Affected:
Novell Client versions prior to 4.91 update 2

Description: The Novell Client for Microsoft Windows allows Windows
users to access services provided by Novell servers. The client contains
a Remote Procedure Call (RPC) interface that is exposed by default.
Various methods exported by this interface contain buffer overflow
vulnerabilities. A specially crafted call to one of these methods would
allow an attacker to exploit these vulnerabilities and execute arbitrary
code with SYSTEM privileges. Novell had patched this vulnerability, but
it was discovered that the patch contains a logical flaw re-exposing the
original vulnerability. The original vulnerability was discussed in an
earlier edition of @RISK.

Status: Novell confirmed, updates available.

References:
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-005.html
Zero Day Initiative Advisory for the original vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-045.html
Novell Update Information
http://download.novell.com/Download?buildid=SszG22IIugM~
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=6&i=32#widely3
SecurityFocus BID
http://www.securityfocus.com/bid/27741

***************************************************

(5) CRITICAL: Symantec Backup Exec System Recovery Manager Arbitrary File Upload
Affected:
Symantec Backup System Recovery Manager versions prior to 7.0.3

Description: Symantec Backup Exec System Recovery Manager is a popular
enterprise backup component. It contains a web-based administration
interface. This interface provides facilities to upload files to the
server. The file upload component fails to properly validate the paths
given to it by users. A specially crafted request would allow an
attacker to upload an arbitrary file to any location on the
administration server. The administration server runs with SYSTEM
privileges and this vulnerability can be leveraged to run arbitrary code
with SYSTEM privileges. A proof-of-concept is publicly available for
this vulnerability.

Status: Symantec confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-003.html
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2008.02.04.html
Proof-of-Concept
http://milw0rm.com/exploits/5078
Vendor Home Page
http://www.symantec.com
SecurityFocus BID
http://www.securityfocus.com/bid/27487

***************************************************

(6) CRITICAL: Adobe Reader Multiple Vulnerabilities
Affected:
Adobe Reader versions prior to 8.1.2

Description: Adobe Reader is Adobe's reader for the Portable Document
Format (PDF). Reader contains multiple vulnerabilities in its handling
of JavaScript embedded in PDF documents. A specially crafted PDF
containing calls to certain JavaScript functions could exploit these
vulnerabilities, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that PDF documents are generally
viewed upon receipt, and without further user action. Several
proofs-of-concept are publicly available for these vulnerabilities, and
these vulnerabilities are being actively exploited in the wild.

Status: Adobe confirmed, updates available.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-004.html
Adobe Security Advisory
http://www.adobe.com/support/security/advisories/apsa08-01.html
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656
Proofs-of-Concept
https://www.immunityinc.com/downloads/immpartners/acrobat.tgz
https://www.immunityinc.com/downloads/immpartners/acrobatfull.tgz
Adobe Update Information
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
SecurityFocus BID
http://www.securityfocus.com/bid/27641

***************************************************

(7) CRITICAL: Adobe Flash Media Server Multiple Vulnerabilities
Affected:
Adobe Flash Media Server versions prior to 2.0.5

Description: Adobe Flash Media Server is Adobe's media and data server.
It contains multiple vulnerabilities in its handling of user requests.
A specially crafted Real Time Messaging Protocol (RTMP) message sent to
the server could trigger one of several vulnerabilities. Successfully
exploiting these vulnerabilities would allow an attacker to execute
arbitrary code with the privileges of the vulnerable process (usually
SYSTEM). Some technical details are publicly available for these
vulnerabilities.

Status: Adobe confirmed, updates available.

References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-03.html
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=663
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=662
Wikipedia Article on the Real Time Messaging Protocol
http://en.wikipedia.org/wiki/Real_Time_Messaging_Protocol
Product Home Page
http://www.adobe.com/products/flashmediaserver/
SecurityFocus BID
http://www.securityfocus.com/bid/27762

***************************************************

(8) CRITICAL: ClamAV Multiple Vulnerabilities
Affected:
ClamAV versions prior to 0.92.1

Description: ClamAV is a popular open source antivirus system. It
contains multiple vulnerabilities in its parsing of executables. A
specially crafted Portable Executable (PE) file or executable file
compressed with the MEW application could trigger a memory corruption
vulnerability. Successfully exploiting these vulnerabilities would allow
an attacker to execute arbitrary code with the privileges of the
vulnerable process. Note that, on systems using ClamAV to scan email,
it is sufficient for exploitation to have an email transit the system;
no user interaction is necessary. Technical details for these
vulnerabilities are available via source code analysis.

Status: ClamAV confirmed, updates available.

References:
ClamAV Release Notes
http://sourceforge.net/project/shownotes.php?release_id=575703
iDefense Security Advisoriy
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658
ClamAV Home Page
http://www.clamav.net/
SecurityFocus BID
http://www.securityfocus.com/bid/27751

***************************************************

(9) HIGH: Microsoft OLE Memory Corruption (MS08-008)
Affected:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Visual Basic 6.0

Description: Microsoft Object Linking and Embedding (OLE) is Microsoft
Windows component used for application communication and control. It is
related to the ActiveX suite of technologies. OLE contains a flaw in its
handling of certain user requests. A specially crafted web page could
exploit this flaw, leading to a memory corruption. Successfully
exploiting this vulnerability would allow an attacker to execute
arbitrary code with the privileges of the current user.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/27661

***************************************************

(10) HIGH: Microsoft Word Memory Corruption (MS08-009)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Word Viewer 2003

Description: Microsoft Word contains a flaw in its handling of certain
Word documents. A specially crafted Word document could trigger a memory
corruption vulnerability in Word. Successfully exploiting this
vulnerability would allow an attacker to execute arbitrary code with the
privileges of the current user. Note that on recent versions of
Microsoft Office, Word documents are not opened upon receipt without
user interaction. Some technical details are publicly available for this
vulnerability.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx
Reversemode Advisory
http://www.securityfocus.com/archive/1/488071
SecurityFocus BID
http://www.securityfocus.com/bid/27656

***************************************************

(11) HIGH: Microsoft Internet Explorer Multiple Vulnerabilities (MS08-010)
Affected:
Microsoft Internet Explorer versions 7 and prior

Description: Microsoft Internet Explorer contains multiple
vulnerabilities in its handling of a variety of web page elements, image
formats, and ActiveX controls. A specially crafted web page containing
one of these objects could trigger a memory corruption vulnerability.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the current
user.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-006.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=661
SecurityFocus BIDs
http://www.securityfocus.com/bid/27666
http://www.securityfocus.com/bid/27668
http://www.securityfocus.com/bid/27689

***************************************************

(12) HIGH: Microsoft Office Publisher Multiple Vulnerabilities (MS08-012)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003 

Description: Microsoft Office Publisher contains multiple
vulnerabilities in its handling of Publisher files. A specially crafted
Publisher file could trigger a memory corruption vulnerability upon
opening. Some technical details are publicly available for this
vulnerability. Note that on recent versions of Microsoft Office,
Publisher files are not opened upon receipt without user intervention.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-012.mspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/27740
http://www.securityfocus.com/bid/27739

***************************************************

(13) HIGH: Microsoft Office Memory Corruption (MS08-013)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2004 for Mac

Description: Microsoft Office allows document authors to embed objects
in documents. A document with a specially crafted embedded object could
trigger a memory corruption vulnerability in Office. Successfully
exploiting this vulnerability would allow an attacker to execute
arbitrary code with the privileges of the current user. Note that on
recent versions of Microsoft Office, documents are not opened upon
receipt without user intervention.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx
SecurityFocus BID
http://www.securityfocus.com/bid/27738

***************************************************

(14) HIGH: Microsoft Works Converter Multiple Vulnerabilities (MS08-011)
Affected:
Microsoft Office 2003
Microsoft Works 8
Microsoft Works Suite 2005

Description: The Microsoft Works Converter is used to convert documents
created by Microsoft Works into other formats. It contains multiple
flaws in its handling of invalid Works documents. A specially crafted
Works document could trigger one of these flaws, leading to a memory
corruption vulnerability. Successfully exploiting this vulnerability
would allow an attacker to execute arbitrary code with the privileges
of the current user. Note that on recent versions of Microsoft Office,
documents are not opened upon receipt without user intervention.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=659
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=660
SecurityFocus BIDs
http://www.securityfocus.com/bid/27657
http://www.securityfocus.com/bid/27658
http://www.securityfocus.com/bid/27659

***************************************************

(15) HIGH: IBM DB2 Universal Database Administration Server Memory Corruption
Affected:
IBM DB2 Universal Database versions prior to 9 Fix Pack 4

Description: IBM DB2 Universal Database (DB2) is IBM's enterprise
database. It provides an administrative interface (known as the
Administration Server). The Administration Server contains a memory
corruption vulnerability due to a failure to validate client input. A
specially crafted request could trigger this vulnerability, and it is
believed that this vulnerability might allow remote code execution with
the privileges of the vulnerable process. Some technical details are
available for this vulnerability. Note that an additional local
privilege escalation vulnerability was also found in the main DB2
system.

Status: IBM confirmed, updates available. Users can mitigate the impact
of this vulnerability by blocking access to TCP port 523 at the network
perimeter, if possible.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=654
IBM Support Documents
http://www-1.ibm.com/support/docview.wss?uid=swg21256235
http://www-1.ibm.com/support/docview.wss?uid=swg21255572
SecurityFocus BID
http://www.securityfocus.com/bid/27596

***************************************************

(16) HIGH: SAP SAPlpd and SAPSprint Multiple Vulnerabilities
Affected:
SAP SAPSprint versions prior to 1018
SAP SAPlpd versions 6.28 and prio
SAP GUI versions 7.10 and prior

Description: SAP SAPSprint and SAPlpd are printing components used in
the SAP GUI interface to the SAP system. SAPlpd is a server for the Line
Printer Daemon Protocol, and SAPSprint is a newer service designed to
replace SAPlpd. These products contain multiple vulnerabilities. An
attacker who sent a specially crafted request to one of these components
could trigger one of these vulnerabilities, allowing the attacker to
execute arbitrary code with the privileges of the current user. Multiple
proofs-of-concept are publicly available for these vulnerabilities.

Status: SAP confirmed, updates available.

References:
Advisory from Luigi Auriemma (includes proofs-of-concept)
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060042.html
Posting by Robert Ingruber
http://www.securityfocus.com/archive/1/487575
Wikipedia Article on the Line Printer Daemon Protocol
http://en.wikipedia.org/wiki/Line_Printer_Daemon_protocol
SAP Home Page
http://www.sap.com/usa/index.epx
SecurityFocus BID
http://www.securityfocus.com/bid/27613

***************************************************

(17) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
Affected:
Sun Java Runtime Environment versions prior to 6 Update 1
Sun Java Development Kit versions prior to 6 Update 1

Description: Sun's Java Runtime Environment contains multiple
vulnerabilities in its handling of Java applets and applications. A
specially crafted applet or application could bypass the normal sandbox
provided by the runtime environment. Bypassing the sandbox environment
would allow an otherwise untrusted applet or application to modify files
or execute arbitrary commands with the privileges of the current user.
Note that Java applets embedded in web pages are often run without first
prompting the user. Sun's Java Runtime Environment is installed on Apple
Mac OS X and many Unix, Linux, and Unix-like systems by default. It is
also installed on a large number of Microsoft Windows systems.

Status: Sun confirmed, updates available.

References:
Sun Security Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
Sun Java Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/27650

***************************************************

(18) MODERATE: Microsoft Internet Information Services ASP Remote Code Execution
(MS08-006)
Affected:
Microsoft Windows XP
Microsoft Windows Server 2003

Description: Microsoft Active Server Pages (ASP) is a Microsoft
technology for dynamically generating web pages. A flaw in the handling
of certain ASP functions could trigger a remote code execution
vulnerability on a vulnerable server. Note that an attacker would need
access to upload or otherwise insert ASP code into a web page. Note that
ASP.NET is not affected by this vulnerability, and the vulnerable
versions of the software are not installed by default on recent versions
of Microsoft Windows. Note that a proof-of-concept for this
vulnerability is available to members of Immunity Security's Partners'
Program.

Status: Microsoft confirmed, updates available.

References;
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
Proof-of-Concept
https://www.immunityinc.com/downloads/immpartners/iisasp.py
SecurityFocus BID
http://www.securityfocus.com/bid/27676

***************************************************

(19) MODERATE: Apple iPhoto Format Photocast Format String Vulnerability
Affected:
Apple iPhoto versions prior to 7.1.2

Description: Apple iPhoto, Apple's photo management application,
contains a vulnerability in its handling of "photocasts", or syndicated
collections of photos. A specially crafted photocast could trigger this
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that the victim must explicitly
subscribe to a malicious photocast to be vulnerable.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307398
Product Home Page
http://www.apple.com/ilife/iphoto
SecurityFocus BID
http://www.securityfocus.com/bid/27636

***************************************************

(20) MODERATE: MPlayer Multiple Vulnerabilities
Affected:
MPlayer versions 1.0rc2 and prior

Description: MPlayer is a popular cross-platform media player, used
predominately on Linux, Unix, and Unix-like systems. It contains
multiple vulnerabilities in its processing of media files. A specially
crafted movie or audio file could trigger one of these vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the current
user. Note that, depending on configuration, media content may be opened
upon receipt, without user intervention. MPlayer is installed by default
on numerous Linux distributions. A proof-of-concept for these
vulnerabilities is publicly available, and full technical details are
available via source code analysis.

Status: MPlayer has has confirmed, updates available.

References:
CORE Security Advisories
http://www.coresecurity.com/?action=item&id=2102
http://www.coresecurity.com/?action=item&id=2103
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/27499.py
MPlayer Home Page
http://www.mplayerhq.hu
SecurityFocus BIDs
http://www.securityfocus.com/bid/27499
http://www.securityfocus.com/bid/27441

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 7, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.7.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft February 2008 Advance Notification Multiple
Vulnerabilities
Description: Microsoft has provided advance notification for twelve
security bulletins releasing on February 12, 2008. The highest severity
rating for these issues is "Critical".
Ref: http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
______________________________________________________________________

08.7.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Titan FTP Server USER/PASS Commands Buffer Overflow
Description: Titan FTP Server is an FTP implementation that is
available for Microsoft Windows operating systems. The application is
exposed to a buffer overflow issue because it fails to bounds check
user-supplied data before copying it into an insufficiently sized
buffer. Specifically, this issue presents itself when overly long
arguments are passed through the "USER" and "PASS" commands.
Ref: http://www.securityfocus.com/archive/1/487431
______________________________________________________________________

08.7.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WS_FTP SFTP Opendir Command Buffer Overflow
Description: Ipswitch WS_FTP client is an FTP implementation that is
available for Microsoft Windows operating systems. The application is
exposed to a buffer overflow issue because it fails to bounds check
user-supplied data before copying it into an insufficiently sized
buffer. Specifically, this issue presents itself when attackers send
excessively long arguments to an "opendir" command via SFTP. Ipswitch
WS_FTP client version 6.1.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487441
______________________________________________________________________

08.7.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Facebook Photo Uploader 4 ActiveX Control
"ExtractIptc/ExtractExif" Buffer Overflow Vulnerabilities
Description: Facebook Photo Uploader ActiveX control lets Facebook
users upload album and image files to the server. The control is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data. These issues affect
the "ExtractIptc" and "ExtractExif" properties of the
"ImageUploader4.ocx" library. "ImageUploader4.ocx" version 4.5.57.0 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.7.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Aurigma Image Uploader ActiveX Controls
"ExtractIptc/ExtractExif" Buffer Overflow Vulnerabilities
Description: Aurigma Image Uploader ActiveX Control lets users manage
and upload images to a server. The control is exposed to multiple buffer
overflow issues because it fails to perform adequate boundary checks on
user-supplied data. These issues affect the "Extractlptc" and
"ExtractExif" properties of the "ImageUploader4.ocx" and the
"ImageUploader5.ocx" libraries. Aurigma ImageUploader4 versions
4.5.70.0, 4.5.126.0 and 4.6.17.0 are affected. Aurigma ImageUploader5
version 5.0.10.0 is also affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.7.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo! Music JukeBox MediaGrid "mediagrid.dll" ActiveX Control
Remote Buffer Overflow
Description: Yahoo! Music JukeBox is a music player for Windows. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. This issue
affects the second parameter passed to the "AddBitmap()" function of
the "mediagrid.dll" ActiveX control. "mediagrid.dll" version 2.2.2.56
is affected.
Ref: http://www.kb.cert.org/vuls/id/340860
______________________________________________________________________

08.7.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo! Music JukeBox "datagrid.dll" ActiveX Control Remote
Buffer Overflow
Description: Yahoo! Music JukeBox is a music player for Windows. The
application is exposed to a buffer overflow issue because it fails to perform
adequate boundary
checks on user-supplied input. This issue affects the first parameter
passed to the "AddButton()" function of the "datagrid.dll" ActiveX
control. "datagrid.dll" version 2.2.2.56 is affected.
Ref: http://www.kb.cert.org/vuls/id/101676
______________________________________________________________________

08.7.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Namo Web Editor "NamoInstaller.dll" ActiveX Control Remote
Buffer Overflow
Description: Namo Web Editor ActiveSquare is an ActiveX control that
provides rich documents creation and upload functionality. The control
is exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue affects
the "Install()" function of the "NamoInstaller.dll" ActiveX control.
"NamoInstaller.dll" version 3.0.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.7.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer
Overflow
Description: Yahoo! Music Jukebox is a music player for Windows. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied input. This issue
affects the first parameter passed to the "AddImage()" function of the
"datagrid.dll" ActiveX control. "datagrid.dll" version 2.2.2.56 is
affected.
Ref: http://www.kb.cert.org/vuls/id/101676
______________________________________________________________________

08.7.10 CVE: Not Available
Platform: Third Party Windows Apps
Title: Xlight FTP Server LDAP Blank Password Authentication Bypass
Description: Xlight FTP Server is an FTP server available for
Microsoft Windows. The application is exposed to an authentication
bypass issue in the LDAP authentication mechanism. Specifically, the
application allows users to login with blank passwords when a password
is required. Xlight FTP versions prior to 2.83 are affected.
Ref: http://www.xlightftpd.com/whatsnew.htm
______________________________________________________________________

08.7.11 CVE: Not Available
Platform: Third Party Windows Apps
Title: Print Manager Plus PQCore Remote Denial of Service
Description: Print Manager Plus is a commercially-available print
management application available for Microsoft Windows platforms. The
application is exposed to a remote denial of service issue when
excessively long messages are sent to the application over TCP port
48101. Messages of approximately 600 bytes may trigger this issue.
This occurs due to an improperly bounded "vswprintf()" function call
while creating a log message. Print Manager Plus versions prior to
7.0.127.16 are affected.
Ref: http://aluigi.altervista.org/adv/pqcorez-adv.txt
______________________________________________________________________

08.7.12 CVE: Not Available
Platform: Third Party Windows Apps
Title: Titan FTP Server DELE Command Remote Buffer Overflow
Description: Titan FTP Server is an FTP implementation that is
available for Microsoft Windows operating systems. The application is
exposed to a remote buffer overflow issue because it fails to
bounds check user-supplied data before copying it into an
insufficiently sized buffer. Specifically, this issue presents itself
when overly long arguments are passed through the "DELE" command.
Titan FTP Server version 6.05 build 550 is affected.
Ref: http://www.securityfocus.com/bid/27611
______________________________________________________________________

08.7.13 CVE: Not Available
Platform: Third Party Windows Apps
Title: SAPlpd Multiple Remote Vulnerabilities
Description: SAP GUI is an interface to the SAP database application.
It includes SAPlpd, a line printer daemon for providing printing
interoperability for Unix operating systems. The application is
exposed to multiple remote issues. SAPlpd, as included with SAP GUI
version 7.10 is affected.
Ref: http://www.securityfocus.com/archive/1/487508
______________________________________________________________________

08.7.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: WinCom LPD Total Multiple Buffer Overflow Vulnerabilities and
Authentication Bypass
Description: WinCom LPD Total is a commercial line printer daemon
available for Microsoft Windows platforms. The application is exposed
to multiple issues. WinCom LPD Total version 3.0.2.623 is affected.
Ref: http://www.securityfocus.com/archive/1/487507
______________________________________________________________________

08.7.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nero Media Player M3U Buffer Overflow
Description: Nero Media Player is a media player for the Windows
operating system. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application handles a
specially crafted .M3U file with an overly long URI. Nero Media Player
versions 1.4.0.35b and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/487578
______________________________________________________________________

08.7.16 CVE: CVE-2008-0457
Platform: Third Party Windows Apps
Title: Symantec Backup Exec System Recovery Manager FileUpload Class
Unauthorized File Upload
Description: Symantec Backup Exec System Recovery Manager is exposed
to an issue that allows arbitrary unauthorized files to be uploaded to
any location on the affected server. This issue exists in the
"FileUpload" class on the Symantec LiveState Apache Tomcat server and
can be leveraged to execute arbitrary code with SYSTEM-level
privileges.
Ref: http://seer.entsupport.symantec.com/docs/297171.htm
______________________________________________________________________

08.7.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: GlobalLink "HanGamePlugincn18.dll" ActiveX Control Buffer
Overflow
Description: GlobalLink is an online gaming portal application. The
application is exposed to a buffer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
data. The issue exists in the "hgs_startNotify()" method of the
"HanGamePluginCn18.dll" ActiveX control. GlobalLink versions 2.8.1.2
beta and 2.6.1.29 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.7.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: dBpowerAMP Audio Player M3U Buffer Overflow
Description: dBpowerAMP Audio Player is an audio player that plays
various media formats. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied input. This issue occurs when the application fails to
handle malformed audio ".M3U" files. dBpowerAMP Audio Player version
2.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487605
______________________________________________________________________

08.7.19 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Notification Server Agents Shatter Attack
Privilege Escalation
Description: Symantec Altiris Notification Server Agents provide core
components used by each Altiris solution and support the entire
Altiris Infrastructure. The application is susceptible to shatter
attacks that can result in an escalation of privileges.
Shatter attacks are a technique used to bypass security restrictions
between processes running in the same session.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.06.html
______________________________________________________________________

08.7.20 CVE: CVE-2008-0640
Platform: Third Party Windows Apps
Title: Symantec Ghost Solution Suite ARP Spoofing Authentication
Bypass
Description: Symantec Ghost Solution Suite is an application used for
enterprise-wide remote PC deployment, recovery, cloning, and
migration. It enables administrators to deploy or restore an operating
system image or application onto a PC and migrate user settings and
profiles to customize the PC. The application is exposed to an
authentication bypass issue because the application does not
authenticate network connections between the Ghost console and the
Ghost Management Agent. Symantec Ghost Solution Suite versions 1.1,
2.0.0 and 2.0.1 are affected.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.07.html
______________________________________________________________________

08.7.21 CVE: Not Available
Platform: Third Party Windows Apps
Title: Check Point VPN SecureClient/SecuRemote Local Login Credentials
Information Disclosure
Description: Check Point VPN-1 SecureClient/SecuRemote client for
Microsoft Windows is a Virtual Private Network application used to
securely connect remote computers to enterprise networks. The
application is exposed to an information disclosure issue because it
fails to protect user login credentials.
Ref:
https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenter
.psml
______________________________________________________________________

08.7.22 CVE: CVE-2008-0043
Platform: Mac Os
Title: Apple iPhoto Photocast Subscription Remote Format String
Description: iPhoto is a photograph editing and publishing tool
available as part of iLife and is available for Apple Mac OSX. The
application is exposed to a format string issue. The problem occurs
when an unsuspecting user subscribes to a malicious photocast.
iPhoto versions prior to 7.1.2 are affected.
Ref: http://docs.info.apple.com/article.html?artnum=307398
______________________________________________________________________

08.7.23 CVE: CVE-2008-0486
Platform: Linux
Title: MPlayer "demux_audio.c" Remote Stack-Based Buffer Overflow
Description: MPlayer is a movie player application that supports
multiple media formats. The application is exposed to a remote
stack-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input prior to copying it to an
insufficiently sized buffer. This issue occurs when the
"libmpdemux/demux_audio.c" source file uses a user-supplied "length"
value to index the "comment" buffer from a specially-crafted FLAC
file. MPlayer version 1.0 rc2 is affected.
Ref: http://www.coresecurity.com/?action=item&id=2103
______________________________________________________________________

08.7.24 CVE: CVE-2008-0485
Platform: Linux
Title: MPlayer "demux_mov.c" Remote Code Execution
Description: MPlayer is an application for playing movies. It runs on
Linux operating systems. The application is exposed to a remote code
execution issue because it fails to handle specially-crafted "MOV"
files. This issue affects the "libmpdemux" library from the
"demux_mov.c" source file and is due to an arbitrary pointer
de-reference. MPlayer version 1.0rc2 is affected.
Ref: http://www.coresecurity.com/?action=item&id=2102
______________________________________________________________________

08.7.25 CVE: Not Available
Platform: BSD
Title: OpenBSD PRNG DNS Cache Poisoning and Predictable IP ID Weakness
Description: A PRNG originating in OpenBSD is exposed to a weakness
that exposes DNS cache poisoning and predictable IP ID sequence
issues. This issue is due to a flaw in the linear congruential
generator (LCG) pseudo-random number generator algorithm. The flaw
allows attackers to compute the internal state of the PRNG, allowing
them to predict subsequent numbers. The BIND 9 server included in
OpenBSD from versions 3.3 through to 4.2 is affected.
Ref: http://www.trusteer.com/docs/dnsopenbsd.html
______________________________________________________________________

08.7.26 CVE: Not Available
Platform: Novell
Title: Novell Netmail IMAP "AUTHENTICATE GSSAPI" Buffer Overflow
Description: Novel
Platformil is a commercially available email and
calendar server application. The application is exposed to a
stack-based buffer overflow issue because the application fails to
perform sufficient bounds checks on user-supplied data.  This issue
affects the IMAP "AUTHENTICATE GSSAPI" command.
Ref: http://www.securityfocus.com/bid/27567
______________________________________________________________________

08.7.27 CVE: Not Available
Platform: Novell
Title: Novell Challenge Response Client Local Clipboard Disclosure
Weakness
Description: Novell Challenge Response Client is an authentication
module for Novell Client software. The application is exposed to a
local information disclosure weakness due to a failure of the software
to properly restrict access to potentially sensitive information.
Ref: https://secure-support.novell.com/KanisaPlatform/Publishing/686/3
726376_f.SAL_Public.html
______________________________________________________________________

08.7.28 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16
Multiple Local Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms including Linux, AIX, Solaris,
and Microsoft Windows. The application is exposed to multiple local
issues. IBM DB2 Universal Database Server versions prior to 8.2 Fixpak
16 are affected.
Ref:
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/
APARLIST.TXT
______________________________________________________________________

08.7.29 CVE: Not Available
Platform: Cross Platform
Title: Rasterbar Software libtorrent "bdecode_recursive()" Remote
Denial of Service
Description: Rasterbar Software libtorrent is a freely-available
library that implements the BitTorrent protocol. It is implemented in
C++. The library is exposed to a remote denial of service issue due to
a failure of the library to properly handle unexpected network data.
Libtorrent versions prior to 0.12.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=572524
______________________________________________________________________

08.7.30 CVE: Not Available
Platform: Cross Platform
Title: Avaya Distributed Office IP Tables Remote Denial of Service
Description: Avaya Distributed Office is a centrally managed
communications platform. The application is exposed to a denial of
service issue due to the implementation of "iptables", which is
used for packet filtering. Avaya Distributed Office version
1.1.1_41.03 is affected.
Ref:
http://support.avaya.com/japple/css/japple?temp.documentID=334284&temp.productID
=154235&temp.releaseID=331129&temp.bucketID=126655&PAGE=Document
______________________________________________________________________

08.7.31 CVE: Not Available
Platform: Cross Platform
Title: Ipswitch FTP Log Server Denial of Service
Description: WS_FTP is an FTP server available for Microsoft Windows.
The FTP Log Server is a daemon used for logging operations of the FTP
server. WS_FTP Log Server shipped with WS_FTP is exposed to a remote
denial of service issue in the FTP Log Server. This issue occurs when
handling more than 20 UDP packets containing more than 4096 bytes of
data within a time frame of less then one second. This will cause the
logging operation to terminate. WS_FTP running FTP Log Server version
7.9.14.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487506
______________________________________________________________________

08.7.32 CVE: CVE-2008-0212
Platform: Cross Platform
Title: HP OpenView Network Node Manager Unspecified Denial of Service
Description: HP OpenView Network Node Manager is a fault-management
application for IP networks. The application is exposed to an
unspecified denial of service issue. HP OpenView Network Node Manager
versions 6.41, 7.01, and 7.51 are affected.
Ref: http://www.securityfocus.com/archive/1/487586
______________________________________________________________________

08.7.33 CVE: Not Available
Platform: Cross Platform
Title: dBpowerAMP Audio Player M3U Buffer Overflow Vulnerability
Description: dBpowerAMP Audio Player is affected by a buffer-overflow
issue because it fails to perform adequate boundary checks on user-supplied
input. dBpoweramp Audio Player Release 2 is affected.
Ref: http://www.securityfocus.com/bid/27639
______________________________________________________________________

08.7.34 CVE: Not Available
Platform: Cross Platform
Title: Adobe Reader Multiple Unspecified Security Vulnerabilities
Description: Adobe Reader is a freely available, proprietary
application to access PDF documents. The application is exposed to
multiple security issues due to unspecified errors. Adobe Reader
versions prior to 8.1.2 are affected.
Ref:
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1
______________________________________________________________________

08.7.35 CVE: CVE-2008-0177
Platform: Cross Platform
Title: KAME Project IPv6 IPComp Header Denial of Service
Description: The KAME project aims to provide a free stack of IPv6,
IPsec, and Mobile IPv6 for BSD variants. IPComp (IP payload
compression) is a protocol used to reduce the size of IP datagrams.
The application is exposed to a denial of service issue because it
does not properly process IPv6 packets that contain the IPComp header.
Ref: http://www.kb.cert.org/vuls/id/110947
______________________________________________________________________

08.7.36 CVE: Not Available
Platform: Cross Platform
Title: Sun Java RunTime Environment Read and Write Permission Multiple
Privilege Escalation Vulnerabilities
Description: Sun Java Runtime Environment (JRE) is an enterprise
development platform. JRE is exposed to multiple privilege escalation
issues when running untrusted applications or applets. The issue
occurs because an application or applet can grant itself unauthorized
privileges on the behalf of an unsuspecting user. JDK and JRE version
6 Updates 1 and earlier, as well as 5.0 Updates 13 and earlier are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1

______________________________________________________________________

08.7.37 CVE: CVE-2008-0553
Platform: Cross Platform
Title: TCL/TK Tk Toolkit "ReadImage()" GIF File Buffer Overflow
Description: TCL/TK Tk Toolkit is a GUI-based Tcl (Tool Command
Language) toolkit. The application is exposed to a buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied GIF image data before copying it to an insufficiently
sized buffer. TCL/TK versions prior to 8.5.1 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
______________________________________________________________________

08.7.38 CVE: Not Available
Platform: Cross Platform
Title: WS_FTP Server Manager Authentication Bypass and Information
Disclosure Vulnerabilities
Description: WS_FTP Server Manager is the web administration interface
for WS_FTP server. The application is also known as WS_FTP WebService.
The application is exposed to multiple remote issues. WS_FTP Server
Manager version 6.1.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487682
______________________________________________________________________

08.7.39 CVE: Not Available
Platform: Cross Platform
Title: TinTin++ and WinTin++ "#chat" Command Multiple Security
Vulnerabilities
Description: TinTin++ is a MUD client that includes chat
functionality. WinTin++ is the client ported to Microsoft Windows
computers. The "#chat" command of TinTin++ and WinTin++ binds to TCP
port 4050 in order to receive messages and files from other clients.
The application is exposed to multiple security issues. TinTin++ and
WinTin++ version 1.97.9 is affected.
Ref: http://www.securityfocus.com/archive/1/487687
______________________________________________________________________

08.7.40 CVE: CVE-2008-0214
Platform: Cross Platform
Title: HP Select Identity 4.20 and Prior Unspecified Remote
Unauthorized Access
Description: HP Select Identity is an application used to manage user
identities and access rights. The application is exposed to an
unspecified unauthorized access issue.
Ref: http://www.securityfocus.com/archive/1/487694
______________________________________________________________________

08.7.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Domain Trader "catalog.php" Cross-Site Scripting
Description: Domain Trader is a domain parking and auction
application. The application is exposed to cross-site scripting
attacks because it fails to sufficiently sanitize user-supplied input
to the "id" parameter of the "catalog.php" script. Domain Trader
version 2.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487433
______________________________________________________________________

08.7.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WP-Footnotes WordPress Plugin Multiple Remote Vulnerabilities
Description: WP-Footnotes is a plugin for the WordPress application
that adds footnote functionality. The application is exposed to
multiple cross-site scripting issues because the application fails to
properly sanitize user-supplied input. WP-Footnotes Plugin version 2.2
is affected.
Ref: http://www.securityfocus.com/archive/1/487430
______________________________________________________________________

08.7.43 CVE: CVE-2006-4220
Platform: Web Application - Cross Site Scripting
Title: Novell GroupWise WebAccess Multiple Cross-Site Scripting
Vulnerabilities
Description: Novell GroupWise WebAccess is a secure, mobile option for
GroupWise collaboration software. The application is exposed to
multiple cross-site scripting issues because it fails to sufficiently
sanitize user-supplied input to the "User.html", "Error",
"User.Theme.index" and "User.lang" parameters of the "webacc" servlet.
Novell GroupWise WebAccess version 7 is affected.
Ref:
http://www.novell.com/documentation/gw7/readmeusgw7sp3/readmeusgw7sp3.
html#b4qb42z
______________________________________________________________________

08.7.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CruxCMS "search.php" Cross-Site Scripting
Description: CruxCMS is a PHP-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "search" parameter of the
"search.php" script. CruxCMS version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/27588
______________________________________________________________________

08.7.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM OS/400 HTTP Server Expect Header Cross-Site Scripting
Description: IBM OS/400 HTTP Server is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input before using it in dynamically generated content. The probl: Third 
ccurs when the server receives a malformed Expect header.
Specifically, the server will include the header in a generated error
page without escaping the data.
Ref:
ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/
APARLIST.TXT
______________________________________________________________________

08.7.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: HispaH Youtube Clone "load_message.php" Cross-Site Scripting
Description: HispaH Youtube Clone is a web-based application that
allows users to build sites that are similar to YouTube. The
application is exposed to a cross-site scripting issue because the
application fails to properly sanitize user-supplied input to the
"lang[please_wait]" parameter of the
"siteadmin/editor_files/includes/load_message.php" script.
Ref: http://www.securityfocus.com/bid/27598
______________________________________________________________________

08.7.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AstroSoft HelpDesk Multiple Cross-Site Scripting
Vulnerabilities
Description: AstroCart HelpDesk is an ASP-based helpdesk application.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/487487
______________________________________________________________________

08.7.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: DevTracker Module For bcoos and E-xoops Multiple Cross-Site
Scripting Vulnerabilities
Description: bcoos and E-xoops are two content community management
systems. DevTracker is a module for bcoos and E-xoops. The application
is exposed to multiple cross-site scripting issues because it fails to
sanitize user-supplied input. These issues affect the "order_by" and
"direction" parameters of the "index.php" script. bcoos versions 1.1.11
and earlier and E-xoops versions 1.0.8 and earlier are affected.
Ref:
http://lostmon.blogspot.com/2008/02/bcoos-and-e-xoops-devtracker-module-two.html
______________________________________________________________________

08.7.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RaidenHTTPD Prior to 2.0.22 Unspecified Cross-Site Scripting
Description: RaidenHTTPD is a web server application. The application
is exposed to an unspecified cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data. RaidenHTTPD version
2.0.19 is affected.
Ref: http://www.securityfocus.com/bid/27628
______________________________________________________________________

08.7.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MyNews "hash" Parameter Cross-Site Scripting
Description: MyNews is a web-based news publishing application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "hash" parameter
of the "index.php" script, when used in combination with the "admin"
action. MyNews versions 1.6.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27652
______________________________________________________________________

08.7.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pagetool "search_term" Parameter Cross-Site Scripting
Description: Pagetool is a PHP-based content manager. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to the "search_term" parameter of the
"index.php" script when the "name" parameter is set to
"pagetool_search". Pagetool version 1.0.7 is affected.
Ref: http://www.securityfocus.com/bid/27653
______________________________________________________________________

08.7.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Webmin Search Feature Cross-Site Scripting
Description: Webmin is a web-based system administration application
for Unix-based computers.
The application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied input to the "Search" input box.
Webmin version 1.390 and Usermin version 1.300 are affected.
Ref: http://www.securityfocus.com/archive/1/487656
______________________________________________________________________

08.7.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting
Description: IBM WebSphere is a commercial web application server,
which runs on a number of platforms including Linux and Unix variants
and Microsoft Windows operating environments. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to an unspecified parameter when returning
error pages from the caching proxy server. The issue arises when CGI
mapping rules are enabled. IBM WebSphere versions 5.1, 5.1.1, 6.0,
6.0.1, 6.0.2 and 6.1 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg21294776
______________________________________________________________________

08.7.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: LinPHA Multiple Cross-Site Scripting Vulnerabilities
Description: LinPHA is a PHP-based image gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input data. LinPHA
versions prior to 1.3.3 are affected.
Ref:
http://linpha.cvs.sourceforge.net/linpha/linpha/ChangeLog?view=markup
______________________________________________________________________

08.7.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Archimede Net 2000 "E-Guest_show.php" SQL Injection
Description: Archimede Net 2000 is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "display" parameter of
the "telefonia/E-Guest_show.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27563
______________________________________________________________________

08.7.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: The Everything Development Engine "index.pl" SQL Injection
Description: The Everything Development Engine is a Perl-based
web management application. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "node_id" parameter of the "index.pl" script
before using it in an SQL query. The Everything Development Engine
version Pre-1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/487436
______________________________________________________________________

08.7.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpShop "index.php" SQL Injection
Description: phpShop is a PHP-based shopping cart application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. This occurs because input-sanitization code in the "index.php"
script fails to properly ensure that only valid data is passed.
phpShop version 0.8.1 is affected.
Ref: http://www.securityfocus.com/archive/1/487435
______________________________________________________________________

08.7.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin Wordspew SQL Injection
Description: WebPress is a web-based publishing application
implemented in PHP. Wordspew is a plugin for WordPress. The plugin is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"wordspew-rss.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27583
______________________________________________________________________

08.7.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! mosDirectory Component "catid" Parameter SQL Injection
Description: mosDirectory is an information-directory component for
the Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter before using it in an SQL
query. Joomla! mosDirectory version 2.3.2 is affected.
Ref: http://www.securityfocus.com/bid/27585
______________________________________________________________________

08.7.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Plugin ShiftThis Newsletter SQL Injection
Description: WebPress is a web-based publishing application
implemented in PHP. ShiftThis Newsletter is a plugin for WordPress.
The plugin is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "newsletter" parameter
of the "shiftthis-preview.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27586
______________________________________________________________________

08.7.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple OS CMS "login.php" SQL Injection
Description: Simple OS CMS is an PHP-based content management system
(CMS). The application is exposed to a SQL injection issue because it
fails to adequately sanitize user-supplied input to the "username"
parameter of the "login.php" script. Simple OS CMS version 0.1c beta
is affected.
Ref: http://www.securityfocus.com/bid/27589
______________________________________________________________________

08.7.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Codice CMS "login.php" SQL Injection
Description: Codice CMS is a content management system (CMS). The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "username" parameter of
the "login.php" script.
Ref: http://www.securityfocus.com/bid/27592
______________________________________________________________________

08.7.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: A-Blog Cross-Site Scripting Vulnerability and SQL Injection
Description: A-Blog is a PHP-based web-log application. The
application is exposed to a cross-site scripting issue because it
fails to sanitize user-supplied data to the "words" parameter of the
"search.php" script. A-Blog version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/27594
______________________________________________________________________

08.7.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_marketplace Component "catid" Parameter
SQL Injection
Description: The "com_marketplace" component is a classified ad module
for the Joomla! and Mambo content managers. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "com_marketplace"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27600
______________________________________________________________________

08.7.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iTechBids Gold "bidhistory.php" SQL Injection
Description: iTechBids Gold is an online auction application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "item_id" parameter of
the "bidhistory.php" script before using it in an SQL query.TechBids
Gold version 3 is affected.
Ref: http://www.securityfocus.com/bid/27601
______________________________________________________________________

08.7.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Awesom! for Joomla! and Mambo SQL Injection
Description: Awesom! (Amazon Web Services for Opensource Mambo) is a
component that lets web site developers create lists of products to
feature on their Mambo-driven sites using information provided by
Amazon through Amazon Web Services. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "listid" parameter of the "com_awesom"
component before using it in an SQL query. Awesom! version 0.3.2 is
affected.
Ref: http://www.securityfocus.com/bid/27607
______________________________________________________________________

08.7.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_shambo2" Component SQL Injection
Description: com_shambo2 is a component module available for the
Joomla! and Mambo content management systems. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "Itemid" parameter of the
"com_shambo2" component before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27609
______________________________________________________________________

08.7.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo SOBI2 Component SQL Injection
Description: SOBI2 (Sigsiu Online Business Index 2) is a component for
Joomla! and Mambo that lets users create and manage business catalogs.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "catid" parameter
of the "om_sobi2" component before using it in an SQL query. SOBI2 RC
version 2.5.3 is affected.
Ref: http://www.securityfocus.com/bid/27617
______________________________________________________________________

08.7.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RMSOFT Gallery System For XOOPS "images.php" SQL Injection
Description: RMSOFT Gallery System is an image gallery module for
XOOPS content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "user" parameter of the "images.php" script before using it in an
SQL query. RMSOFT Gallery System version 2.0 is affected.
Ref: http://www.milw0rm.com/exploits/5062
______________________________________________________________________

08.7.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: All Club CMS "index.php" SQL Injection
Description: All Club CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "username" parameter of
the "login.php" script. All Club CMS version 0.0.1f is affected.
Ref: http://www.securityfocus.com/bid/27624
______________________________________________________________________

08.7.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: photokorn "pic" Parameter SQL Injection
Description: photokorn is a PHP-based photo gallery application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pic" parameter of the
"index.php" script before using it in an SQL query. photokorn version
1.543 is affected.
Ref: http://www.securityfocus.com/bid/27627
______________________________________________________________________

08.7.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Astanda Directory Project "detail.php" SQL Injection
Description: Astanda Directory Project is a search engine. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "link_id" parameter of
the "detail.php" script before using it in an SQL query. Astanda
Directory Project versions 1.2 and 1.3 are affected.
Ref: http://www.securityfocus.com/bid/27646
______________________________________________________________________

08.7.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_downloads Component "filecatid" Parameter
SQL Injection
Description: The "com_downloads" component is a module for downloading
files for the Joomla! and Mambo content managers. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "filecatid" parameter of the
"com_downloads" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27648
______________________________________________________________________

08.7.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo YNews Component "id" Parameter SQL Injection
Description: YNews is a news script component for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to properly sanitize user-supplied input to the
"id" parameter of the "index.php" script when the "options" parameter
is set to "com_ynews". YNews version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/27649
______________________________________________________________________

08.7.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mihalism Multi Host "users.php" SQL Injection
Description: Mihalism Multi Host is an image hosting application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Username" form field
parameter of the "users.php" script before using it in an SQL query.
The affected form field is used when "lost_pass rd_go" is passed to the
affected script as an argument to the "act" parameter. Mihalism Multi
Host version 3.0.0 is affected.
Ref: http://www.securityfocus.com/bid/27651
______________________________________________________________________

08.7.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: osCommerce "customer_testimonials.php" SQL Injection
Description: osCommerce is a web-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "testimonial_id"
parameter of the "customer_testimonials.php" script before using it in
an SQL query. osCommerce version 3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/487678
______________________________________________________________________

08.7.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_sermon Component "gid" Parameter SQL
Injection
Description: The "com_sermon" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "gid" parameter of the "com_sermon" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27673
______________________________________________________________________

08.7.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_doc Component "sid" Parameter SQL
Injection
Description: The "com_doc" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "sid" parameter of the "com_doc" module before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27679
______________________________________________________________________

08.7.79 CVE: Not Available
Platform: Web Application
Title: LightBlog "cp_upload_image.php" Arbitrary File Upload
Description: LightBlog is a PHP-based web-log application. The
application is exposed to a vulnerability that lets
attackers upload arbitrary files because it fails to adequately
sanitize user-supplied input. This issue affects the
"cp_upload_image.php" script. LightBlog version 9.5 is affected.
Ref: http://www.securityfocus.com/archive/1/487398
______________________________________________________________________

08.7.80 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo NeoReferences Component "catid" Parameter SQL
Injection
Description: The NeoReferences is a reference component for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of "index.php" when the
option parameter is set to "com_neoreferences". NeoReferences version
1.3.1 is affected.
Ref: http://www.securityfocus.com/bid/27564
______________________________________________________________________

08.7.81 CVE: CVE-2001-0800
Platform: Web Application
Title: IRIX "lpsched" Remote Command Execution
Description: The "lpsched" utility in IRIX starts the "lp" printing
service. The application is exposed to a remote shell
command execution issue due to not sanitizing shell meta-characters.
Ref:
ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
______________________________________________________________________

08.7.82 CVE: Not Available
Platform: Web Application
Title: iTechClassifieds "ViewCat.php" Input Validation
Description: iTechClassifieds is a commercially available
classified-ad application. The application is exposed to an input
validation issue because the application fails to properly sanitize
user-supplied input to the "CatID" parameter of the "ViewCat.php"
script. The contents of this parameter is used in an SQL query, and is
also returned to the user in dynamically-generated HTML content.
Ref: http://www.securityfocus.com/archive/1/487439
______________________________________________________________________

08.7.83 CVE: Not Available
Platform: Web Application
Title: DMSGuestbook Multiple Input Validation Vulnerabilities
Description: DMSGuestbook is a guestbook plugin for WordPress. The
application is exposed to multiple input validation issues. RunCMS
version 1.6 is affected.
Ref: http://www.securityfocus.com/archive/1/487437
______________________________________________________________________

08.7.84 CVE: Not Available
Platform: Web Application
Title: Gelato CMS "Comments.php" HTML Injection
Description: Gelato CMS is a PHP-based content manager. The
application is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input data. This issue occurs in
the "comments" form field parameter of the "comment.php" script.
Gelato CMS version 0.95 is affected.
Ref: http://www.securityfocus.com/bid/27587
______________________________________________________________________

08.7.85 CVE: Not Available
Platform: Web Application
Title: Anon Proxy Server Remote Authentication Buffer Overflow
Description: Anon Proxy Server is a web-based anonymous proxy server.
It is implemented in PHP and C. The application is exposed to a remote
buffer overflow issue due to a failure of the application to
sufficiently bounds check user-supplied input. Anon Proxy Server
versions prior to 0.103 are affected.
Ref: http://www.securityfocus.com/archive/1/487446
______________________________________________________________________

08.7.86 CVE: Not Available
Platform: Web Application
Title: BlogPHP "index.php" SQL Injection Vulnerability and Cross-Site
Scripting
Description: BlogPHP is a web-log application. The application is
exposed to multiple input validation issues because the application
fails to sufficiently sanitize user-supplied input. BlogPHP version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/27591/references
______________________________________________________________________

08.7.87 CVE: Not Available
Platform: Web Application
Title: Openads Delivery Engine Remote Code Execution
Description: Openads (formerly known as phpAdsNew) is a PHP-based ad
server. The application is exposed to an issue that lets remote
attackers execute arbitrary code because it fails to sufficiently
sanitize user-supplied input to an unspecified parameter of the
Delivery Engine. Openads versions prior to 2.4.3 are affected.
Ref: http://www.securityfocus.com/archive/1/487486
______________________________________________________________________

08.7.88 CVE: Not Available
Platform: Web Application
Title: Textpattern 4.0.5 Multiple Security Vulnerabilities
Description: Textpattern is a content manager. The application is
exposed to multiple security issues. Textpattern version 4.0.5 is
affected.
Ref: http://www.securityfocus.com/archive/1/487483
______________________________________________________________________

08.7.89 CVE: Not Available
Platform: Web Application
Title: Magnolia CE "ActivationHandler" URL Security Bypass
Description: Magnolia CE is a content management system implemented in
Java. The application is exposed to a security bypass issue because
it fails to check permissions in the "/ActivationHandler" URL when
adding content to the web site. Magnolia CE versions prior
to 3.5.4 are affected.
Ref: http://jira.magnolia.info/browse/MAGNOLIA-2021
______________________________________________________________________

08.7.90 CVE: Not Available
Platform: Web Application
Title: Portail Web Php "site_path" Multiple Remote File Include
Vulnerabilities
Description: PHP Web Portail is a web portal. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "site_path"
parameter. Portail Web Php version 2.5.1.1 is affected.
Ref: http://www.securityfocus.com/bid/27616
______________________________________________________________________

08.7.91 CVE: Not Available
Platform: Web Application
Title: Download Management for PHP-Fusion Multiple Local File Include
Vulnerabilities
Description: Download Management is a module for PHP-Fusion CMS that
provides file management functionality. The application is exposed to
multiple local file include issues because it fails to properly
sanitize user-supplied input to the "settings[locale]" parameter of
the "infusion.php" and "download_management.php" scripts. Download
Management version 1.00 is affected.
Ref: http://www.securityfocus.com/bid/27618
______________________________________________________________________

08.7.92 CVE: Not Available
Platform: Web Application
Title: VHD Web Pack "index.php" Local File Include
Description: VHD Web Pack (Virtual Hard Drive Web Pack) is a web-based
application for online file storing and sharing. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "page" parameter of the
"index.php" script. VHD Web Pack version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27621
______________________________________________________________________

08.7.93 CVE: Not Available
Platform: Web Application
Title: XOOPS "lang" Parameter Local File Include
Description: XOOPS is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "lang" HTTP POST parameter of the
"htdocs/install/index rd_go" is passed to the affected script as an
argument to the "act" parameter. Mihalism Multi Host version 3.0.0 is
affected.  ` Ref: http://www.securityfocus.com/bid/27651
______________________________________________________________________

08.7.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: osCommerce "customer_testimonials.php" SQL Injection
Description: osCommerce is a web-based ecommerce application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "testimonial_id"
parameter of the "customer_testimonials.php" script before using it in
an SQL query. osCommerce version 3.1 is affected.
Ref: http://www.securityfocus.com/archive/1/487678
______________________________________________________________________

08.7.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_sermon Component "gid" Parameter SQL
Injection
Description: The "com_sermon" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "gid" parameter of the "com_sermon" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27673
______________________________________________________________________

08.7.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo com_doc Component "sid" Parameter SQL
Injection
Description: The "com_doc" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "sid" parameter of the "com_doc" module before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27679
______________________________________________________________________

08.7.79 CVE: Not Available
Platform: Web Application
Title: LightBlog "cp_upload_image.php" Arbitrary File Upload
Description: LightBlog is a PHP-based web-log application. The
application is exposed to a vulnerability that lets
attackers upload arbitrary files because it fails to adequately
sanitize user-supplied input. This issue affects the
"cp_upload_image.php" script. LightBlog version 9.5 is affected.
Ref: http://www.securityfocus.com/archive/1/487398
______________________________________________________________________

08.7.80 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo NeoReferences Component "catid" Parameter SQL
Injection
Description: The NeoReferences is a reference component for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of "index.php" when the
option parameter is set to "com_neoreferences". NeoReferences version
1.3.1 is affected.
Ref: http://www.securityfocus.com/bid/27564
______________________________________________________________________

08.7.81 CVE: CVE-2001-0800
Platform: Web Application
Title: IRIX "lpsched" Remote Command Execution
Description: The "lpsched" utility in IRIX starts the "lp" printing
service. The application is exposed to a remote shell
command execution issue due to not sanitizing shell meta-characters.
Ref:
ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
______________________________________________________________________

08.7.82 CVE: Not Available
Platform: Web Application
Title: iTechClassifieds "ViewCat.php" Input Validation
Description: iTechClassifieds is a commercially available
classified-ad application. The application is exposed to an input
validation issue because the application fails to properly sanitize
user-supplied input to the "CatID" parameter of the "ViewCat.php"
script. The contents of this parameter is used in an SQL query, and is
also returned to the user in dynamically-generated HTML content.
Ref: http://www.securityfocus.com/archive/1/487439
______________________________________________________________________

08.7.83 CVE: Not Available
Platform: Web Application
Title: DMSGuestbook Multiple Input Validation Vulnerabilities
Description: DMSGuestbook is a guestbook plugin for WordPress. The
application is exposed to multiple input validation issues. RunCMS
version 1.6 is affected.
Ref: http://www.securityfocus.com/archive/1/487437
______________________________________________________________________

08.7.84 CVE: Not Available
Platform: Web Application
Title: Gelato CMS "Comments.php" HTML Injection
Description: Gelato CMS is a PHP-based content manager. The
application is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input data. This issue occurs in
the "comments" form field parameter of the "comment.php" script.
Gelato CMS version 0.95 is affected.
Ref: http://www.securityfocus.com/bid/27587
______________________________________________________________________

08.7.85 CVE: Not Available
Platform: Web Application
Title: Anon Proxy Server Remote Authentication Buffer Overflow
Description: Anon Proxy Server is a web-based anonymous proxy server.
It is implemented in PHP and C. The application is exposed to a remote
buffer overflow issue due to a failure of the application to
sufficiently bounds check user-supplied input. Anon Proxy Server
versions prior to 0.103 are affected.
Ref: http://www.securityfocus.com/archive/1/487446
______________________________________________________________________

08.7.86 CVE: Not Available
Platform: Web Application
Title: BlogPHP "index.php" SQL Injection Vulnerability and Cross-Site
Scripting
Description: BlogPHP is a web-log application. The application is
exposed to multiple input validation issues because the application
fails to sufficiently sanitize user-supplied input. BlogPHP version
2.0 is affected.
Ref: http://www.securityfocus.com/bid/27591/references
______________________________________________________________________

08.7.87 CVE: Not Available
Platform: Web Application
Title: Openads Delivery Engine Remote Code Execution
Description: Openads (formerly known as phpAdsNew) is a PHP-based ad
server. The application is exposed to an issue that lets remote
attackers execute arbitrary code because it fails to sufficiently
sanitize user-supplied input to an unspecified parameter of the
Delivery Engine. Openads versions prior to 2.4.3 are affected.
Ref: http://www.securityfocus.com/archive/1/487486
______________________________________________________________________

08.7.88 CVE: Not Available
Platform: Web Application
Title: Textpattern 4.0.5 Multiple Security Vulnerabilities
Description: Textpattern is a content manager. The application is
exposed to multiple security issues. Textpattern version 4.0.5 is
affected.
Ref: http://www.securityfocus.com/archive/1/487483
______________________________________________________________________

08.7.89 CVE: Not Available
Platform: Web Application
Title: Magnolia CE "ActivationHandler" URL Security Bypass
Description: Magnolia CE is a content management system implemented in
Java. The application is exposed to a security bypass issue because
it fails to check permissions in the "/ActivationHandler" URL when
adding content to the web site. Magnolia CE versions prior
to 3.5.4 are affected.
Ref: http://jira.magnolia.info/browse/MAGNOLIA-2021
______________________________________________________________________

08.7.90 CVE: Not Available
Platform: Web Application
Title: Portail Web Php "site_path" Multiple Remote File Include
Vulnerabilities
Description: PHP Web Portail is a web portal. The application is
exposed to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "site_path"
parameter. Portail Web Php version 2.5.1.1 is affected.
Ref: http://www.securityfocus.com/bid/27616
______________________________________________________________________

08.7.91 CVE: Not Available
Platform: Web Application
Title: Download Management for PHP-Fusion Multiple Local File Include
Vulnerabilities
Description: Download Management is a module for PHP-Fusion CMS that
provides file management functionality. The application is exposed to
multiple local file include issues because it fails to properly
sanitize user-supplied input to the "settings[locale]" parameter of
the "infusion.php" and "download_management.php" scripts. Download
Management version 1.00 is affected.
Ref: http://www.securityfocus.com/bid/27618
______________________________________________________________________

08.7.92 CVE: Not Available
Platform: Web Application
Title: VHD Web Pack "index.php" Local File Include
Description: VHD Web Pack (Virtual Hard Drive Web Pack) is a web-based
application for online file storing and sharing. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "page" parameter of the
"index.php" script. VHD Web Pack version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27621
______________________________________________________________________

08.7.93 CVE: Not Available
Platform: Web Application
Title: XOOPS "lang" Parameter Local File Include
Description: XOOPS is a PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "lang" HTTP POST parameter of the
"htdocs/install/index" script. XOOPS version 2.0.18 is affected.
Ref: http://www.milw0rm.com/exploits/5057
______________________________________________________________________

08.7.94 CVE: CVE-2008-0564
Platform: Web Application
Title: Mailman "list templates" and "list info" Multiple HTML
Injection Vulnerabilities
Description: Mailman is a mailing list manager. The application is
exposed to multiple HTML injection issues because it fails to properly
sanitize user-supplied input. The issues occur when editing the "list
templates" and "list info" attributes. Mailman version 2.1.9 is
affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
______________________________________________________________________

08.7.95 CVE: Not Available
Platform: Web Application
Title: Documentum Products "dmclTrace.jsp" Arbitrary File Overwrite
Description: Documentum Administrator is a tool used to deploy and
configure new Documentum environments. Documentum Webtop is a
browser-based tool for accessing Documentum repositories. The
application is exposed to an issue that could permit an attacker to
overwrite arbitrary files because of a failure to validate
user-supplied input. This issue affects the "filename" attribute of
the "dmclTrace.jsp" script. Documentum Administrator version 5.3.0.313
and Documentum Webtop version 5.3.0.317 are affected.
Ref: http://www.securityfocus.com/archive/1/487603
______________________________________________________________________

08.7.96 CVE: Not Available
Platform: Web Application
Title: WordPress "wp-admin/options.php" Remote Code Execution
Description: WordPress allows users to generate news pages and
web logs dynamically; it is implemented in PHP with a MySQL database.
The application is exposed to an arbitrary code execution issue
because it fails to properly sanitize user-supplied input. This issue
affects "wp-admin/options.php". WordPress versions 2.3.2 and earlier
and WordPress MU versions prior to 1.3.2 are affected.
Ref:
http://www.buayacorp.com/files/wordpress/wordpress-mu-options-overwrite.html
______________________________________________________________________

08.7.97 CVE: Not Available
Platform: Web Application
Title: OpenSiteAdmin "path" Multiple Remote File Include
Vulnerabilities
Description: OpenSiteAdmin is a project that lets users create a
content management system for web sites. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "path" parameter. OpenSiteAdmin
version 0.9.1 Beta is affected.
Ref: http://www.securityfocus.com/bid/27640
______________________________________________________________________

08.7.98 CVE: CVE-2008-0215
Platform: Web Application
Title: HP Storage Essentials SRM Unspecified Remote Unauthorized
Access
Description: HP Storage Essentials SRM (Storage Resource Management)
is exposed to an unspecified unauthorized-access issue. Storage
Essentials SRM Standard and Enterprise versions prior to 6.0.0 are
affected.
Ref: http://www.securityfocus.com/archive/1/487653
______________________________________________________________________

08.7.99 CVE: Not Available
Platform: Web Application
Title: WordPress "xmlrpc.php" Post Edit Unauthorized Access
Description: WordPress allows users to generate news pages and
web-logs dynamically; it is implemented in PHP with a MySQL database.
The application is exposed to an unauthorized access issue in the
"xmlrpc.php" script when editing posts. Specifically, the application
allows attackers to edit other user's posts without proper
authorization. WordPress versions prior to 2.3.3 are affected.
Ref: http://wordpress.org/development/2008/02/wordpress-233/
______________________________________________________________________

08.7.100 CVE: Not Available
Platform: Web Application
Title: mini-pub "sFileName" Parameter Multiple Input Validation
Vulnerabilities
Description: mini-pub is a news publishing script. The application is
exposed to multiple input validation issues because it fails to
properly sanitize user-supplied input. mini-pub version 0.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/487695
______________________________________________________________________

08.7.101 CVE: Not Available
Platform: Web Application
Title: MODx HTML Injection Vulnerability and Multiple Cross-Site
Scripting Vulnerabilities
Description: MODx is a content management system (CMS) and
web-application framework. The application is exposed to multiple
input validation issues because it fails to properly sanitize
user-supplied input. MODx versions 0.9.6.1 and 0.9.6.1p1 are affected.
Ref: http://www.securityfocus.com/archive/1/487696
______________________________________________________________________

08.7.102 CVE: Not Available
Platform: Network Device
Title: MicroTik RouterOS SNMP SET Denial of Service
Description: MicroTik RouterOS is an operating system that converts
PCs into routers. The application is exposed to a denial of service
issue and can be triggered by sending specially-crafted SNMP SET UDP
packets to a device running the affected application. RouterOS
versions up to and including version 3.2 are affected.
Ref: http://www.securityfocus.com/bid/27599
______________________________________________________________________
[ terug ]