Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Feb 21, 2008                                               Vol. 7. Week 8
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                           8 (#1, #2)
Mac Os                                             1
Linux                                              2
Cross Platform                                     9 (#3)
Network Device                                     1 (#4)
Web Application - Cross Site Scripting             7
Web Application - SQL Injection                   48
Web Application                                   15

************************* Sponsored By SANS *****************************
SANS OnSite Training 
Your Location! Your Schedule! Lower Cost! Contact us by March 31 and
receive additional free seats (up to $25,000 value)

"Additionally, if you answer four simple questions, and place an order
by June 30, 2007 for a SANS OnSite class, we will provide you with one
free bonus seat in your OnSite class (up to $5,100 value). More
importantly, theses questions will help us assist you in creating a
training solution that meets both your professional development and
budgetary needs."
Click here today! http://www.sans.org/info/24354
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Symantec Veritas Storage Foundation Administrator Service Buffer
Overflow
(2) CRITICAL: EMC RepliStor Multiple Vulnerabilities
(3) HIGH: Opera Multiple Vulnerabilities
(4) MODERATE: Cisco Unified IP Phones Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
 -- Third Party Windows Apps
08.08.1 - Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote
Denial of Service Vulnerabilities
08.08.2 - Sami FTP Server Multiple Commands Remote Denial of Service
Vulnerabilities
08.08.3 - freeSSHd "SSH2_MSG_NEWKEYS" Packet Remote Denial of Service
08.08.4 - DESLock+ IOCTL Request Local Code Execution and Denial of Service
Vulnerabilities
08.08.5 - Foxit WAC Remote Access Server Heap Buffer Overflow
08.08.6 - webcamXP Multiple Information Disclosure and Denial of Service
Vulnerabilities
08.08.7 - Hitachi EUR Print Manager Remote Denial of Service
08.08.8 - Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial of Service
 -- Mac Os
08.08.9 - Apple iPhoto DPAP Remote Denial of Service
 -- Linux
08.08.10  - Multiple Horde Products Security Bypass
08.08.11  - SWORD Remote Arbitrary Command Execution
 -- Cross Platform
08.08.12  - Mozilla Firefox IFrame Recursion Remote Denial of Service
08.08.13  - Multiple Web Browser BMP Partial Palette Information Disclosure and
Denial of Service
08.08.14  - wyrd Insecure Temporary File Creation
08.08.15  - Kerio MailServer Multiple Unspecified Vulnerabilities
08.08.16  - IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
08.08.17  - SIMM-Comm SCI Photo Chat Directory Traversal
08.08.18  - Lyris ListManager Multiple Remote Vulnerabilities
08.08.19  - Now SMS/MMS Gateway Multiple Buffer Overflow Vulnerabilities
08.08.20  - Opera Web Browser 9.25 Multiple Security Vulnerabilities
 -- Web Application - Cross Site Scripting
08.08.21  - Sophos Email Appliance Web Interface Multiple Cross-Site Scripting
Vulnerabilities
08.08.22  - IBM Lotus Quickr Unspecified Cross-Site Scripting
08.08.23  - RunCMS "admin.php" Cross-Site Scripting
08.08.24  - ProjectPier Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
08.08.25  - Crafty Syntax Live Help "lostsheep.php" Cross-Site Scripting
08.08.26  - IBM Lotus QuickPlace "Main.nsf" Cross-Site Scripting
08.08.27  - Jinzora Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
 -- Web Application - SQL Injection
08.08.28  - Joomla! MCQuiz Component "tid" Parameter SQL Injection
08.08.29  - Joomla! PAXXGallery Component "userid" Parameter SQL Injection
08.08.30  - Joomla! and Mambo "com_quiz" Component "tid" Parameter SQL Injection
08.08.31  - e-Vision CMS "id" Parameter Multiple SQL Injection Vulnerabilities
08.08.32  - Joomla! and Mambo "com_smslist" Component "listid" Parameter SQL
Injection
08.08.33  - Joomla! and Mambo "com_activities" Component "id" Parameter SQL
Injection
08.08.34  - Joomla! and Mambo "com_sg" Component "pid" Parameter SQL Injection
08.08.35  - Joomla! and Mambo "faq" Component "catid" Parameter SQL Injection
08.08.36  - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.37  - Yellow Swordfish Simple Forum "index.php" SQL Injection
08.08.38  - Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
08.08.39  - Joomla! and Mambo "com_salesrep" Component "rid" Parameter SQL
Injection
08.08.40  - Joomla! and Mambo "com_lexikon" Component "id" Parameter SQL
Injection
08.08.41  - Joomla! and Mambo "com_filebase" Component "filecatid" Parameter SQL
Injection
08.08.42  - Joomla! and Mambo "com_scheduling" Component "id" Parameter SQL
Injection
08.08.43  - WP Photo Album "photo" Parameter SQL Injection
08.08.44  - Joomla! and Mambo "com_galeria" Component "id" Parameter SQL
Injection
08.08.45  - Joomla! and Mambo "com_jooget" Component "id" Parameter SQL
Injection
08.08.46  - AuraCMS Multiple SQL Injection Vulnerabilities
08.08.47  - Joomla! and Mambo Quran Component SQL Injection
08.08.48  - Simple CMS "indexen.php" SQL Injection
08.08.49  - Joomla! and Mambo Portfolio Manager Component "categoryId" Parameter
SQL Injection
08.08.50  - astatsPRO com_astatspro Component "id" Parameter SQL Injection
08.08.51  - Joomla! and Mambo com_profile Component "oid" Parameter SQL
Injection
08.08.52  - Joomla! and Mambo com_detail Component "id" Parameter SQL Injection
08.08.53  - Yellow Swordfish Simple Forum "sf-profile.php" SQL Injection
08.08.54  - WordPress Recipes Blog Plugin "id" Parameter SQL Injection
08.08.55  - WordPress wp-people Plugin "wp-people-popup.php" SQL Injection
08.08.56  - Joomla! and Mambo com_downloads Component "cat" Parameter SQL
Injection
08.08.57  - XOOPS myTopics Module "print.php" SQL Injection
08.08.58  - PHP-Nuke Books Module "cid" Parameter SQL Injection
08.08.59  - Joomla! and Mambo "com_pccookbook" Component "user_id" Parameter SQL
Injection
08.08.60  - sCssBoard "index.php" Multiple SQL Injection Vulnerabilities
08.08.61  - PHP-Nuke Sections Module "artid" Parameter SQL Injection
08.08.62  - Facile Forms "catid" Parameter SQL Injection
08.08.63  - Joomla! and Mambo "com_team" Component SQL Injection
08.08.64  - Joomla! and Mambo com_iigcatalog Component "cat" Parameter SQL
Injection
08.08.65  - Joomla! and Mambo com_formtool Component "catid" Parameter SQL
Injection
08.08.66  - Woltlab Burning Board  "password" SQL Injection
08.08.67  - Joomla! and Mambo com_genealogy Component "id" Parameter SQL
Injection
08.08.68  - iJoomla com_magazine Component "pageid" Parameter SQL Injection
08.08.69  - XOOPS "vacatures" Module "cid" Parameter SQL Injection
08.08.70  - XOOPS "events" Module "id" Parameter SQL Injection
08.08.71  - XOOPS "seminars" Module "id" Parameter SQL Injection
08.08.72  - XOOPS "badliege" Module "id" Parameter SQL Injection
08.08.73  - PHP-Nuke Web_Links Module "cid" Parameter SQL Injection
08.08.74  - XOOPS "classifieds" Module "cid" Parameter SQL Injection
08.08.75  - PHP-Nuke EasyContent Module "page_id" Parameter SQL Injection
 -- Web Application
08.08.76  - Dokeos Multiple SQL Injection, HTML Injection, Cross-Site Scripting,
and File Upload Vulnerabilities
08.08.77  - 2eNetWorX StatCounteX Administration Pages Authentication Bypass
08.08.78  - BanPro DMS "index.php" Local File Include
08.08.79  - Joomla! and Mambo com_ricette Component "id" Parameter SQL Injection
08.08.80  - LightBlog "view_member.php" Local File Include
08.08.81  - XPWeb "Download.php" File Disclosure
08.08.82  - TRUC Tracking Requirements & Use Cases "download.php" File
Disclosure
08.08.83  - Claroline Multiple Remote Vulnerabilities
08.08.84  - PHPizabi "image.php" Arbitrary File Upload
08.08.85  - ATutor User Profile Multiple HTML Injection Vulnerabilities
08.08.86  - Thecus N5200Pro NAS Server Control Panel "usrgetform.html" Remote
File Include
08.08.87  - WebGUI Username HTML Injection
08.08.88  - Google Hack Honeypot File Upload Manager "delall" Unauthorized File
Access
08.08.89  - SmarterTools SmarterMail Subject Field HTML Injection
08.08.90  - Spyce Sample Scripts Multiple Input Validation Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Symantec Veritas Storage Foundation Administrator Service Buffer
Overflow
Affected:
Symantec Veritas Storage Foundation versions 5.0 and prior

Description: Veritas Storage Foundation is an enterprise storage
management application from Symantec. It provides an administration
service that is network accessible. This administration service has a
flaw in its handling of user data An overlong request could trigger a
heap buffer overflow. Successfully exploiting this buffer overflow would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process (usually SYSTEM). Some technical details for this
vulnerability are publicly available.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to UDP port 3207 at the
network perimeter, if possible.

References:
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-08-007.html
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2008.02.20a.html
Product Home Page
http://www.symantec.com/business/products/overview.jsp?pcid=2245&pvid=203_1
SecurityFocus BID
http://www.securityfocus.com/bid/25778

*****************************************************************

(2) CRITICAL: EMC RepliStor Multiple Vulnerabilities
Affected:
EMC RepliStor versions 6.2 and prior

Description: EMC RepliStor is a popular enterprise backup application.
It contains multiple vulnerabilities in its handling of compressed data.
A specially crafted request containing compressed data could trigger one
of these vulnerabilities, leading to a heap buffer overflow.
Successfully exploiting one of these overflows would allow an attacker
to execute arbitrary code with the privileges of the vulnerable process
(usually SYSTEM). No authentication is necessary to exploit these
vulnerabilities.

Status: EMC confirmed, updates available. Users can mitigate the impact
of these vulnerabilities by blocking TCP ports 7144 and 7145 at the
network perimeter, if possible.

References:
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=664
Product Home Page
http://software.emc.com/products/software_az/replistor.htm
SecurityFocus BID
http://www.securityfocus.com/bid/27915

*****************************************************************

(3) HIGH: Opera Multiple Vulnerabilities
Affected:
Opera versions 9.25 and prior

Description: Opera is a popular cross-platform web browser. It contains
multiple vulnerabilities in its handling of certain HTML constructs. A
specially crafted web page could exploit one of these vulnerabilities
to execute arbitrary JavaScript code in a different security context
than the page that sourced the script. Additionally, a flaw in the
rendering of certain elements could lead a user into believing that a
file input form is another kind of form, potentially leading to an
arbitrary file upload vulnerability with user interaction. Some
technical details are publicly available for these vulnerabilities.

Status: Opera confirmed, updates available.

References:
Opera Security Advisories
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/880/
http://www.opera.com/support/search/view/879/
Opera Home Page
http://www.opera.com
SecurityFocus BID
http://www.securityfocus.com/bid/27901

*****************************************************************

(4) MODERATE: Cisco Unified IP Phones Multiple Vulnerabilities
Affected:
Cisco Unified IP Phones running the SCCP firmware

Description: Cisco Unified IP Phones are a range of Voice-over-IP (VoIP)
phones from Cisco. They contain multiple flaws in their handling of
network traffic. Flaws in the parsing of SSH, DNS, SIP, telnet, ICMP,
and HTTP requests could trigger buffer overflows or other
vulnerabilities. Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code on the phone or create
a denial-of-service condition. Phones are vulnerable to most of these
vulnerabilities in their default configuration.

Status: Cisco confirmed, updates available.

References:
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20080213-phone.shtml
Cisco Mitigation Document
http://www.cisco.com/en/US/products/
products_applied_mitigation_bulletin09186a0080949c7f.html
SecurityFocus BID
http://www.securityfocus.com/bid/27774

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 8, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.08.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Teamtek Universal FTP Server CWD, LIST, and PORT Commands
Remote Denial of Service Vulnerabilities
Description: Universal FTP is an FTP server for Microsoft Windows.
Universal FTP is exposed to multiple remote denial of service issues
because it fails to handle exceptional conditions. These issues occur
when the "CWD", "LIST", and "PORT" commands are passed unexpected
data. Universal FTP Server version 1.0.44 is affected.
Ref: http://www.securityfocus.com/archive/1/488142
______________________________________________________________________

08.08.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Sami FTP Server Multiple Commands Remote Denial of Service
Vulnerabilities
Description: Sami FTP Server is a File Transfer Protocol server for
various Microsoft Windows platforms. The application is exposed to
multiple remote denial of service issues because it fails to handle
exceptional conditions. Sami FTP Server versions in the 2.0 series are
affected.
Ref: http://www.securityfocus.com/archive/1/488198
______________________________________________________________________

08.08.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: freeSSHd "SSH2_MSG_NEWKEYS" Packet Remote Denial of Service
Description: freeSSHd is a free implementation of an SSH server for
windows. freeSSHd is exposed to a remote denial of service issue due
to a NULL-pointer access and can be triggered by sending the
"SSH2_MSG_NEWKEYS" packet as a first command. freeSSHd versions 1.2.0
and earlier are affected.
Ref: http://aluigi.altervista.org/adv/freesshdnull-adv.txt
______________________________________________________________________

08.08.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: DESLock+ IOCTL Request Local Code Execution and Denial of
Service Vulnerabilities
Description: DESlock+ is a data encryption application for the
Microsoft Windows platform. The application is exposed to multiple
issues in the "DLMFENC.sys" and "DLMFDISK.sys" drivers. DESlock+
versions 3.2.6 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27862
______________________________________________________________________

08.08.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Foxit WAC Remote Access Server Heap Buffer Overflow
Description: Foxit WAC Remote Access Server is a telnet and SSH server
available for Microsoft Windows. The application is exposed to a
heap-based buffer overflow issue because it fails to properly
bounds check user-supplied data. Foxit WAC Remote Access Server
versions 2.0 Build 3503 and earlier are affected.
Ref: http://aluigi.altervista.org/adv/wachof-adv.txt
______________________________________________________________________

08.08.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: webcamXP Multiple Information Disclosure and Denial of Service
Vulnerabilities
Description: webcamXP is commercial webcam software with an integrated
webserver for use on Microsoft Windows platforms. The application is
exposed to multiple issues that can allow an attacker to harvest
potentially sensitive information or cause denial of service
conditions. These issues occur because the application's webserver
fails to sufficiently check the webcam number provided by the client.
webcamXP versions 3.72.440 and 4.05.280 beta and earlier are affected.
Ref: http://aluigi.altervista.org/adv/webcamxp-adv.txt
______________________________________________________________________

08.08.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hitachi EUR Print Manager Remote Denial of Service
Description: Hitachi EUR Print Manager is a print server for Windows.
The application is exposed to a remote denial of service issue when
the application receives unexpected data.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS08-001_e/index-e.html
______________________________________________________________________

08.08.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Hitachi SEWB/PLATFORM SEWB3 Unspecified Denial of Service
Description: Hitachi SEWB/PLATFORM SEWB3 is exposed to a denial of
service issue. The application may crash when it receives invalid data
from a process other than a SEWB process. The issue presents itself
when the application is configured as a server-client system and
affects both server and client messaging services.
Ref:
http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html
______________________________________________________________________

08.08.9 CVE: Not Available
Platform: Mac Os
Title: Apple iPhoto DPAP Remote Denial of Service
Description: Apple iPhoto is a tool for editing and publishing
photographs. It is available as part of iLife for Apple Mac OS X.
Digital Photo Access Protocol (DPAP) is used by Apple iPhoto for
sharing digital photographs. The application is exposed to a denial of
service issue that occurs because the application fails handle a
specially-crafted "dpap://" URI. Apple iPhoto versions 4.0.3 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/27867
______________________________________________________________________

08.08.10 CVE: Not Available
Platform: Linux
Title: Multiple Horde Products Security Bypass
Description: Horde products are exposed to a security bypass issue
because the applications fail to properly validate access to address
book contacts. Horde Groupware version 1.0.3, Horde Groupware Webmail
Edition version 1.0.4, and Turba Contact Manager version 2.1.6 are all
affected.
Ref: http://bugs.horde.org/ticket/?id=%236208
______________________________________________________________________

08.08.11 CVE: Not Available
Platform: Linux
Title: SWORD Remote Arbitrary Command Execution
Description: SWORD is a software framework used for research
manipulation of Biblical texts. Diatheke is a script used as a
front-end to SWORD's Bible software library. It allows users to create
Web sites. The application is exposed to a remote shell command
execution issue due to insufficient sanitization of user-supplied
data. SWORD versions 1.5.10 and 1.5.9 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466449
______________________________________________________________________

08.08.12 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox IFrame Recursion Remote Denial of Service
Description: Mozilla Firefox is a web browser available for multiple
operating platforms. The application is exposed to a remote denial of
service issue due to a way the browser handles IFrames. Firefox
version 2.0.0.12 is affected.
Ref: http://www.securityfocus.com/bid/27812
______________________________________________________________________

08.08.13 CVE: CVE-2008-0420
Platform: Cross Platform
Title: Multiple Web Browser BMP Partial Palette Information Disclosure
and Denial of Service
Description: Mozilla FireFox and Opera are web browsers available for
multiple platforms. FireFox and Opera web browsers are exposed to an
issue that can result in information disclosure or a denial of service
when handling certain BMP files with partial palettes. Mozilla FireFox
version 2.0.0.11 and Opera Web Browser version 9.50 Beta are affected.
Ref: http://www.securityfocus.com/archive/1/488264
______________________________________________________________________

08.08.14 CVE: Not Available
Platform: Cross Platform
Title: wyrd Insecure Temporary File Creation
Description: The "wyrd" program is a freely available text-based
front-end to the Remind application.  Remind is a calendar and alarm
program. The application is exposed to a security issue that allows
attackers to create temporary files in an insecure manner. wyrd
version 1.4.3-b3 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466382
______________________________________________________________________

08.08.15 CVE: Not Available
Platform: Cross Platform
Title: Kerio MailServer Multiple Unspecified Vulnerabilities
Description: Kerio MailServer is a mail server designed for use with
Microsoft Windows, Apple Mac OS X, Linux, and UNIX-variant operating
systems. The application is exposed to multiple issues. Kerio
MailServer versions prior to 6.5.0 are affected.
Ref: http://www.kerio.com/kms_history.html
______________________________________________________________________

08.08.16 CVE: Not Available
Platform: Cross Platform
Title: IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
Description: IBM DB2 Universal Database Server is a database server
designed to run on various platforms including Linux, AIX, Solaris,
and Microsoft Windows. The application is exposed to multiple issues.
IBM DB2 Universal Database versions 9.1 and prior to Fixpak 4a are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg21255607
______________________________________________________________________

08.08.17 CVE: Not Available
Platform: Cross Platform
Title: SIMM-Comm SCI Photo Chat Directory Traversal
Description: SCI Photo Chat is a chat server implemented in Java. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. SCI Photo Chat versions
3.4.9 and earlier are affected.
Ref: http://aluigi.altervista.org/adv/scichatdt-adv.txt
______________________________________________________________________

08.08.18 CVE: CVE-2007-6319
Platform: Cross Platform
Title: Lyris ListManager Multiple Remote Vulnerabilities
Description: Lyris ListManager is a mailing list application. The
application is exposed to multiple remote issues.
Ref: http://www.securityfocus.com/archive/1/488343
______________________________________________________________________

08.08.19 CVE: Not Available
Platform: Cross Platform
Title: Now SMS/MMS Gateway Multiple Buffer Overflow Vulnerabilities
Description: Now SMS/MMS Gateway is an application for sending SMS and
MMS messages. The application is exposed to multiple buffer overflow
issues because it fails to perform adequate boundary checks on
user-supplied data. Now SMS/MMS Gateway versions 2007.06.27 and
earlier are affected.
Ref: http://www.securityfocus.com/archive/1/488365
______________________________________________________________________

08.08.20 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser 9.25 Multiple Security Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. The application is exposed to multiple security
issues. Opera Web Browser versions prior to Opera 9.26 are affected.
Ref: http://www.opera.com/support/search/view/879/
______________________________________________________________________

08.08.21 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sophos Email Appliance Web Interface Multiple Cross-Site
Scripting Vulnerabilities
Description: Sophos Email Appliance provides protection against spam,
viruses and other threats affecting emails. It also provides an
administration web interface available over HTTPS on TCP Port 18080.
The application is exposed to multiple cross-site scripting issues
because it fails to properly sanitize user-supplied input to the
"error" and "go" parameters of the "Login" script. Sophos Email
Appliance versions prior to 2.1.1.0 are affected.
Ref: http://www.sophos.com/support/knowledgebase/article/34733.html
______________________________________________________________________

08.08.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr Unspecified Cross-Site Scripting
Description: IBM Lotus Quickr is a web-based collaboration software.
The application is exposed to an unspecified cross-site scripting
issue because it fails to sufficiently sanitize user-supplied input.
Lotus Quickr versions prior to 8.0.0.2 Hotfix 11 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg24016411
______________________________________________________________________

08.08.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RunCMS "admin.php" Cross-Site Scripting
Description: RunCMS is a PHP-based content manager. The application is
exposed to cross-site scripting attacks because it fails to
sufficiently sanitize user-supplied input to the
"modules/system/admin.php" script. RunCMS version 1.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/488287
______________________________________________________________________

08.08.24 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ProjectPier Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: ProjectPier is a task and project management application.
The application is exposed to multiple input validation issues.
ProjectPier version 0.8.0 is affected.
Ref: http://www.securityfocus.com/archive/1/488294
______________________________________________________________________

08.08.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Crafty Syntax Live Help "lostsheep.php" Cross-Site Scripting
Description: Crafty Syntax Live Help (CSLH) is a web application that
allows website operators to monitor visitors and open chat sessions
with them. The application is exposed to cross-site scripting attacks
because it fails to sufficiently sanitize user-supplied input to the
"lostsheep.php" script.
Ref: http://www.securityfocus.com/archive/1/488286
______________________________________________________________________

08.08.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus QuickPlace "Main.nsf" Cross-Site Scripting
Description: IBM Lotus QuickPlace is web-based collaboration
software. QuickPlace was replaced by Lotus Quickr on October 10, 2007
and it is no longer supported by IBM. The application is exposed to a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied input. QuickPlace version 7.0 is affected.
Ref: http://www.securityfocus.com/bid/27871
______________________________________________________________________

08.08.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Jinzora Multiple HTML Injection and Cross-Site Scripting
Vulnerabilities
Description: Jinzora is a web-based media streaming and management
system. The application is exposed to multiple input validation issues
because it fails to sufficiently sanitize user-supplied input. Jinzora
version 2.7.5 is affected.
Ref: http://www.securityfocus.com/archive/1/488326
______________________________________________________________________

08.08.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! MCQuiz Component "tid" Parameter SQL Injection
Description: MCQuiz is a component for the Joomla! content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "tid" parameter.
MCQuiz version 0.9 is affected.
Ref: http://www.milw0rm.com/exploits/5118
______________________________________________________________________

08.08.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! PAXXGallery Component "userid" Parameter SQL Injection
Description: PAXXGallery is a component for the Joomla! content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "userid"
parameter. PAXXGallery version 0.2 is affected.
Ref: http://www.securityfocus.com/bid/27811
______________________________________________________________________

08.08.30 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_quiz" Component "tid" Parameter SQL Injection
Description: The Quiz component for the Joomla! and Mambo content
managers is used to create and manage quizzes and tests. The component
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "tid" parameter of the "com_quiz"
component before using it in an SQL query. Quiz versions 0.81 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/27808
______________________________________________________________________

08.08.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: e-Vision CMS "id" Parameter Multiple SQL Injection
Vulnerabilities
Description: e-Vision CMS is a content management application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the following
scripts and parameters: "print.php: id" and "iframe.php: id". e-Vision
CMS version 2.02 is affected.
Ref: http://www.securityfocus.com/bid/27816
______________________________________________________________________

08.08.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_smslist" Component "listid" Parameter SQL
Injection
Description: The "com_smslist" component is a module for the Joomla!
and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "listid" parameter of the "com_smslist"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488230
______________________________________________________________________

08.08.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_activities" Component "id" Parameter SQL Injection
Description: "com_activities" is a component for the Joomla! and Mambo
content managers. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488232
______________________________________________________________________

08.08.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_sg" Component "pid" Parameter SQL Injection
Description: "com_sg" is a component for the Joomla! and Mambo content
managers. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "pid"
parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27821
______________________________________________________________________

08.08.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "faq" Component "catid" Parameter SQL Injection
Description: The "faq" component for the Joomla! and Mambo content
managers is used to manage Frequently Asked Questions sections of
websites. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "catid"
parameter used by "faq" script code before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488234
______________________________________________________________________

08.08.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
Description: Simple Forum is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "topic" parameter of
the "forum.php" script. Simple Forum versions 1.10 and 1.11 are
affected.
Ref: http://www.securityfocus.com/archive/1/488220
______________________________________________________________________

08.08.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Yellow Swordfish Simple Forum "index.php" SQL Injection
Description: Simple Forum is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "forum" parameter of
the "index.php" script. Simple Forum versions 1.7 and 1.9 are
affected.
Ref: http://www.securityfocus.com/archive/1/488240
______________________________________________________________________

08.08.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Yellow Swordfish Simple Forum "topic" Parameter SQL Injection
Description: Simple Forum is a web-based forum application implemented
in PHP, for the WordPress web-log framework. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "topic" parameter when used in
conjunction with the "page_id" action.
Ref: http://www.securityfocus.com/archive/1/488233
______________________________________________________________________

08.08.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_salesrep" Component "rid" Parameter SQL
Injection
Description: The "com_salesrep" module is a component for the Joomla!
and Mambo content managers. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "rid" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/488267
______________________________________________________________________

08.08.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_lexikon" Component "id" Parameter SQL
Injection
Description: The "com_lexikon" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_lexikon" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488266
______________________________________________________________________

08.08.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_filebase" Component "filecatid" Parameter
SQL Injection
Description: The "com_filebase" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "filecatid" parameter of the "com_filebase"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488268
______________________________________________________________________

08.08.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_scheduling" Component "id" Parameter SQL
Injection
Description: The "com_scheduling" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_scheduling"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488269
______________________________________________________________________

08.08.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WP Photo Album "photo" Parameter SQL Injection
Description: WP Photo Album is a web-based image publishing
application. The application is a plug-in for WordPress. The plugin is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "photo" parameter before using it
in an SQL query. WP Photo Album version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/488290
______________________________________________________________________

08.08.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_galeria" Component "id" Parameter SQL
Injection
Description: The "com_galeria" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_galeria" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488285
______________________________________________________________________

08.08.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_jooget" Component "id" Parameter SQL Injection
Description: The "com_jooget" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "com_jooget" module before using it in an
SQL query.
Ref: http://www.securityfocus.com/archive/1/488289
______________________________________________________________________

08.08.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AuraCMS Multiple SQL Injection Vulnerabilities
Description: AuraCMS is a PHP-based content manager. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data. AuraCMS version 1.62 is
affected.
Ref: http://www.securityfocus.com/bid/27841
______________________________________________________________________

08.08.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "Quran" Component SQL Injection
Description: "Quran" is a component for the Joomla! and Mambo content
managers. The application is exposed to an SQL injection issue because
it fails to properly sanitize user-supplied input to the "surano"
parameter of the "com_quran" module. "Quran" versions 1.1 and earlier
are affected.
Ref: http://www.securityfocus.com/bid/27842
______________________________________________________________________

08.08.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Simple CMS "indexen.php" SQL Injection
Description: Simple CMS is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "area" parameter of the
"indexen.php" script before using it in an SQL query. Simple CMS
versions 1.0.3 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/488288
______________________________________________________________________

08.08.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Portfolio Manager Component "categoryId"
Parameter SQL Injection
Description: Portfolio Manager is a component for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to properly sanitize user-supplied input to the
"categoryId" parameter of the "com_portfolio" component. Portfolio
Manager version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/27849
______________________________________________________________________

08.08.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: astatsPRO "com_astatspro" Component "id" Parameter SQL Injection
Description: The "com_astatspro" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "refer.php" script of
the "com_astatspro" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27850
______________________________________________________________________

08.08.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_profile" Component "oid" Parameter SQL
Injection
Description: The "com_profile" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "oid" parameter of the "com_profile" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488277
______________________________________________________________________

08.08.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_detail" Component "id" Parameter SQL
Injection
Description: The "com_detail" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_detail" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488278
______________________________________________________________________

08.08.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Yellow Swordfish Simple Forum "sf-profile.php" SQL Injection
Description: Simple Forum is a web-based forum application for the
WordPress web-log framework. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "u" parameter of the "sf-profile.php"
script.
Ref: http://www.securityfocus.com/archive/1/488279
______________________________________________________________________

08.08.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress Recipes Blog Plugin "id" Parameter SQL Injection
Description: Recipes Blog is a recipe and cooking plugin for the
WordPress web-based publishing application. The plugin is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "wordspew-rss.php"
script of the "wp-content/recipe" plugin before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/488281
______________________________________________________________________

08.08.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WordPress "wp-people" Plugin "wp-people-popup.php" SQL Injection
Description: WordPress is a web-based publishing application.
"wp-people" is a plugin for WordPress. The plugin is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "person" parameter of the
"wp-people-popup.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488282
______________________________________________________________________

08.08.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_downloads" Component "cat" Parameter SQL
Injection
Description: The "com_downloads" component is a module for downloading
files for the Joomla! and Mambo content managers. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cat" parameter in conjunction with
the "selectcat" action of the "com_downloads" module before using it
in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488291
______________________________________________________________________

08.08.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS myTopics Module "print.php" SQL Injection
Description: myTopics is a module for the XOOPS content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "articleid" parameter
of the "print.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27861
______________________________________________________________________

08.08.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Books Module "cid" Parameter SQL Injection
Description: Books is a module for the PHP-Nuke content manager. The
application is exposed to an SQL injection issue because it fails to
properly sanitize user-supplied input to the "cid" parameter of the
Books module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27863
______________________________________________________________________

08.08.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_pccookbook" Component "user_id"
Parameter SQL Injection
Description: The "com_pccookbook" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "user_id" parameter of the "com_pccookbook"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27864
______________________________________________________________________

08.08.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: sCssBoard "index.php" Multiple SQL Injection Vulnerabilities
Description: sCssBoard is a PHP-based web forum. The application is
exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/27866
______________________________________________________________________

08.08.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Sections Module "artid" Parameter SQL Injection
Description: Sections is a module for the PHP-Nuke content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "artid" parameter
of the "Sections" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27879
______________________________________________________________________

08.08.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Facile Forms "catid" Parameter SQL Injection
Description: Facile Forms is a component module available for the
Joomla! and Mambo content management systems. The component is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "com_facileforms"
component before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488335
______________________________________________________________________

08.08.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_team" Component SQL Injection
Description: The "com_team" component is a component module available
for the Joomla! and Mambo content management systems. The component is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter before using it in
an SQL query.
Ref: http://www.securityfocus.com/archive/1/488319
______________________________________________________________________

08.08.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_iigcatalog" Component "cat" Parameter SQL
Injection
Description: The "com_iigcatalog" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "cat" parameter of the "com_iigcatalog"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488320
______________________________________________________________________

08.08.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_formtool" Component "catid" Parameter SQL
Injection
Description: The "com_formtool" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "com_formtool"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488323
______________________________________________________________________

08.08.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Woltlab Burning Board "password" SQL Injection
Description: Woltlab Burning Board is a free, web-based, bulletin-board
package based on PHP and MySQL. The application is exposed to an SQL
injection issue because it fails to properly sanitize user-supplied
input to the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/488345
______________________________________________________________________

08.08.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_genealogy" Component "id" Parameter SQL
Injection
Description: The "com_genealogy" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_genealogy" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488342
______________________________________________________________________

08.08.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iJoomla "com_magazine" Component "pageid" Parameter SQL Injection
Description: The "com_magazine" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "pageid" parameter of the "com_magazine"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488351
______________________________________________________________________

08.08.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "vacatures" Module "cid" Parameter SQL Injection
Description: The "vacatures" module is a component for the XOOPS CMS.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "vacatures" module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488344
______________________________________________________________________

08.08.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "events" Module "id" Parameter SQL Injection
Description: XOOPS is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "events"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488350
______________________________________________________________________

08.08.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "seminars" Module "id" Parameter SQL Injection
Description: XOOPS is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "events"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488352
______________________________________________________________________

08.08.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "badliege" Module "id" Parameter SQL Injection
Description: XOOPS is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "badliege"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488349
______________________________________________________________________

08.08.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke "Web_Links" Module "cid" Parameter SQL Injection
Description: "Web_Links" is a module for the PHP-Nuke content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "Web_Links" module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488356
______________________________________________________________________

08.08.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "classifieds" Module "cid" Parameter SQL Injection
Description: The "classifieds" module is a component for the XOOPS
CMS. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "cid"
parameter of the "classifieds" module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488357
______________________________________________________________________

08.08.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke EasyContent Module "page_id" Parameter SQL Injection
Description: EasyContent is a module for the PHP-Nuke content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "page_id" parameter
before using it in an SQL query.
Ref: http://www.milw0rm.com/exploits/5155
______________________________________________________________________

08.08.76 CVE: Not Available
Platform: Web Application
Title: Dokeos Multiple SQL Injection, HTML Injection, Cross-Site
Scripting, and File Upload Vulnerabilities
Description: Dokeos is a PHP-based application for online learning.
The application is exposed to multiple input validation issues because
the application fails to adequately sanitize user-supplied input.
Dokeos versions prior to 1.8.4 SP2 are affected.
Ref: http://projects.dokeos.com/index.php?do=details&task_id=2218
______________________________________________________________________

08.08.77 CVE: Not Available
Platform: Web Application
Title: 2eNetWorX StatCounteX Administration Pages Authentication
Bypass
Description: StatCounteX is a website statistics application. The
application is exposed to an issue that results in unauthorized
administrative access. The application fails to authenticate users
when the "/admin.asp" page is accessed, allowing an attacker to edit
the application's configuration. StatCounteX versions 3.0 and 3.1 are
affected.
Ref: http://www.securityfocus.com/archive/1/488200
______________________________________________________________________

08.08.78 CVE: Not Available
Platform: Web Application
Title: BanPro DMS "index.php" Local File Include
Description: BanPro DMS is a document management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "action" parameter of
the "index.php" script. BanPro DMS version 1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/488271
______________________________________________________________________

08.08.79 CVE: Not Available
Platform: Web Application
Title: Joomla! and Mambo "com_ricette" Component "id" Parameter SQL
Injection
Description: The "com_ricette" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_ricette" module
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488292
______________________________________________________________________

08.08.80 CVE: Not Available
Platform: Web Application
Title: LightBlog "view_member.php" Local File Include
Description: LightBlog is a web-log application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "username" parameter of the
"view_member.php" script. LightBlog version 9.6 is affected.
Ref: http://www.securityfocus.com/archive/1/488283
______________________________________________________________________

08.08.81 CVE: Not Available
Platform: Web Application
Title: XPWeb "Download.php" File Disclosure
Description: XPWeb is a web-based application for managing eXtreme
Programming projects. The application is exposed to an issue that lets
attackers obtain potentially sensitive information because it fails to
properly sanitize user-supplied input to the "url" parameter of the
"Download.php" script. XPWeb version 3.3.2 is affected.
Ref: http://www.securityfocus.com/bid/27838
______________________________________________________________________

08.08.82 CVE: Not Available
Platform: Web Application
Title: TRUC Tracking Requirements & Use Cases "download.php" File
Disclosure
Description: TRUC is a web-based application for tracking requirements
and use cases. The application is exposed to an issue that lets
attackers obtain potentially sensitive information because it fails to
properly sanitize user-supplied input to the "upload_filename"
parameter of the "download.php" script. TRUC version 0.11.0 is
affected.
Ref: http://www.securityfocus.com/bid/27839
______________________________________________________________________

08.08.83 CVE: Not Available
Platform: Web Application
Title: Claroline Multiple Remote Vulnerabilities
Description: Claroline is an e-learning content manager. The
aplication is exposed to multiple remote issues. Claroline versions
1.8.8 and earlier are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=575934
______________________________________________________________________

08.08.84 CVE: Not Available
Platform: Web Application
Title: PHPizabi "image.php" Arbitrary File Upload
Description: PHPizabi is a social-networking platform. The application
is exposed to an issue that lets an attacker upload and execute
arbitrary script code in the context of the affected web server
process. The issue occurs because the application fails to
sufficiently sanitize user-supplied input. PHPizabi version 0.848b is
affected.
Ref: http://www.securityfocus.com/bid/27847
______________________________________________________________________

08.08.85 CVE: Not Available
Platform: Web Application
Title: ATutor User Profile Multiple HTML Injection Vulnerabilities
Description: ATutor is an online teaching application. The application
is exposed to multiple HTML injection issues because it fails to
sufficiently sanitize user-supplied input. The issues exist in the user
profile page of the "mail" and "forum" components. ATutor versions
1.5.5 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/488293
______________________________________________________________________

08.08.86 CVE: Not Available
Platform: Web Application
Title: Thecus N5200Pro NAS Server Control Panel "usrgetform.html"
Remote File Include
Description: Thecus N5200Pro NAS Server Control Panel is a web-based
administration interface for the NS200Pro NAS Server. The application
is exposed to a remote file include issue because it fails to properly
sanitize user-supplied input to the "name" parameter of the
"usrgetform.html" script.
Ref: http://www.securityfocus.com/bid/27865
______________________________________________________________________

08.08.87 CVE: Not Available
Platform: Web Application
Title: WebGUI Username HTML Injection
Description: WebGUI is a content manager and framework for web
applications. The application is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input. WebGUI
versions prior to 7.4.24 are affected.
Ref:
http://www.plainblack.com/getwebgui/advisories/webgui-7_4_24-stable-released
______________________________________________________________________

08.08.88 CVE: Not Available
Platform: Web Application
Title: Google Hack Honeypot File Upload Manager "delall" Unauthorized
File Access
Description: Google Hack Honeypot (GHH) project is a web-based
honeypot application designed to lure search engine attacks. File
Upload Manager is a component of GHH. File Upload Manager is exposed
to an unauthorized file access issue because the application fails to
validate users prior to processing HTTP GET requests that pass the
"delall" argument to the "act" parameter. File Upload Manager version
1.3 is affected.
Ref: http://www.securityfocus.com/bid/27877
______________________________________________________________________

08.08.89 CVE: Not Available
Platform: Web Application
Title: SmarterTools SmarterMail Subject Field HTML Injection
Description: SmarterTools SmarterMail is a web-based email server. It
is written in ASP and runs on Microsoft Windows. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input to the "Subject" field of
incoming email messages. SmarterMail Enterprise version 4.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/488313
______________________________________________________________________

08.08.90 CVE: Not Available
Platform: Web Application
Title: Spyce Sample Scripts Multiple Input Validation Vulnerabilities
Description: Spyce is a server-side scripting language for
Python-based dynamic HTML generation. The application is exposed to
multiple input validation issues. Spyce version 2.1.3 is affected.
Ref: http://www.procheckup.com/Vulnerability_PR08-01.php
______________________________________________________________________
[ terug ]