Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
Feb 28, 2008                                               Vol. 7. Week 9
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Office                                1
Third Party Windows Apps                        7 (#1, #3, #5, #6)
Linux                                           3
BSD                                             2
Solaris                                         3
Unix                                            3
Cross Platform                                 19 (#2, #4, #7)
Web Application - Cross Site Scripting         10
Web Application - SQL Injection                38
Web Application                                18
Network Device                                  3

**************************** Sponsored By SANS **************************

Application security is rapidly passing the other hot areas to be the
highest priority investment organizations are making in protecting their
growing online presence. Join other professionals at the Application
Security Summit June 2-3. Hear what your peers are doing in this space
and what the best tools are to address Application Security.
http://www.sans.org/info/24649
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Trend Micro OfficeScan Password Handling Buffer Overflow
(2) HIGH: Mozilla Thunderbird MIME Handling Buffer Overflow
(3) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
(4) HIGH: Symantec Scan Engine RAR File Handling Buffer Overflow
(5) HIGH: ActivePDF Server Request Handling Buffer Overflow
(6) HIGH: ICQ Format String Vulnerability
(7) MODERATE: Ghostscript Document Handling Buffer Overflow

*************************  Sponsored Links:  ***************************

1) Learn what's effective  in penetration testing and vulnerability
assessments. Penetration Testing and Ethical Hacking Summit June 2-3.
http://www.sans.org/info/24654
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Microsoft Office
08.09.1  - Microsoft Word Unspecified Remote Code Execution
 -- Third Party Windows Apps
08.09.2  - Novell iPrint Client "ienipp.ocx" ActiveX Control Buffer Overflow
08.09.3  - Symantec Storage Foundation for Windows Scheduler Service Denial of
Service
08.09.4  - EMC RepliStor Multiple Remote Heap Based Buffer Overflow
Vulnerabilities
08.09.5  - Move Media Player Quantum Streaming "qsp2ie07074039.dll" ActiveX
Control Buffer Overflow
08.09.6  - Double-Take Denial of Service and Information Disclosure
Vulnerabilities
08.09.7  - Rising Web Scan Object "OL2005.dll" ActiveX Control Remote Code
Execution
08.09.8  - Various IP Security Camera ActiveX Controls "url" Attribute Buffer
Overflow
 -- Linux
08.09.9  - DSPAM Debian "libdspam7-drv-mysql" Cron Job MySQL Calls Local
Information Disclosure
08.09.10 - The SWORD Project Diatheke Unspecified Remote Command Execution
08.09.11 - KVM Block Device Backend Local Security Bypass
 -- BSD
08.09.12 - OpenBSD "tcp_respond()" Remote Denial of Service
08.09.13 - OpenBSD IPv6 Routing Headers Remote Denial of Service
 -- Solaris
08.09.14 - Sun Solaris cpc(3CPC) Sub-System Local Denial of Service
Vulnerabilities
08.09.15 - Sun Solaris DTrace Dynamic Tracing Framework Information Disclosure
08.09.16 - Sun Solaris Internet Protocol "ip(7P)" Security Bypass and Denial of
Service Vulnerabilities
 -- Unix
08.09.17 - splitvt "xprop" Local Privilege Escalation
08.09.18 - CUPS "process_browse_data()" Remote Double Free Denial of Service
08.09.19 - CUPS Multiple Remote Denial of Service Vulnerabilities
 -- Cross Platform
08.09.20 - Zilab Chat and Instant Messaging (ZIM) Server Multiple
Vulnerabilities
08.09.21 - Symantec Storage Foundation Veritas Enterprise Administrator Heap
Buffer Overflow
08.09.22 - Sybase MobiLink Multiple Heap Buffer Overflow Vulnerabilities
08.09.23 - SurgeMail Real CGI Executables Remote Buffer Overflow
08.09.24 - SurgeFTP "Content-Length" Parameter NULL Pointer Denial of Service
08.09.25 - lighttpd File Descriptor Array Remote Denial of Service
08.09.26 - Apple Safari BMP and GIF Files Remote Denial of Service and
Information Disclosure
08.09.27 - Mozilla Firefox Domain Extensions Insecure Cookie Access
08.09.28 - Fujitsu Interstage Application Server Single Sign-On Buffer Overflow
08.09.29 - VMWare Products Shared Folders "MultiByteToWideChar()" Variant
Directory Traversal
08.09.30 - MyServer Mutltiple HTTP Methods "204 Not Content" Error Remote Denial
of Service Vulnerabilities
08.09.31 - SurgeMail and WebMail "Page" Command Remote Format String
08.09.32 - DNSSEC-Tools libval Security Bypass
08.09.33 - Symantec Decomposer Resource Consumption Denial of Service
08.09.34 - Symantec Decomposer Unspecified Remote Buffer Overflow
08.09.35 - VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution
08.09.36 - Mozilla Thunderbird External-Body MIME Remote Heap Buffer Overflow
08.09.37 - activePDF Server Packet Processing Remote Heap Overflow
08.09.38 - Symark PowerBroker Client Multiple Local Buffer Overflow
Vulnerabilities
 -- Web Application - Cross Site Scripting
08.09.39 - MoinMoin Multiple Cross-Site Scripting Vulnerabilities
08.09.40 - Tor World CGI Scripts Unspecified Cross-Site Scripting
Vulnerabilities
08.09.41 - IBM Lotus Quickr QuickPlace Server Calendar "Count" Parameter
Cross-Site Scripting
08.09.42 - OSSIM Open Source Security Information Management "login.php"
Cross-Site Scripting
08.09.43 - Citrix MetaFrame Web Manager "login.asp" Cross-Site Scripting
08.09.44 - TikiWiki "tiki-edit_article.php" Cross-Site Scripting
08.09.45 - Matt's Whois "mwhois.php" Cross-Site Scripting
08.09.46 - Packeteer PacketShaper and PolicyCenter "whatever.htm" Cross-Site
Scripting
08.09.47 - Alkacon OpenCms "tree_files.jsp" Cross-Site Scripting
08.09.48 - Plume CMS "manager/xmedia.php" Cross-Site Scripting
 -- Web Application - SQL Injection
08.09.49 - PHP-Nuke Manuales Module "cid" Parameter SQL Injection
08.09.50 - PHP-Nuke NukeC Module "id_catg" Parameter SQL Injection
08.09.51 - XOOPS "prayerlist" Module "cid" Parameter SQL Injection
08.09.52 - RunCMS MyAnnonces Module "cid" Parameter SQL Injection
08.09.53 - XOOPS eEmpregos Module "index.php" SQL Injection
08.09.54 - Highwood Design hwdVideoShare "Itemid" Parameter SQL Injection
08.09.55 - PHP-Nuke Okul Module "okulid" Parameter SQL Injection
08.09.56 - PHP-Nuke Docum Module "artid" Parameter SQL Injection
08.09.57 - PHP-Nuke Inhalt Module "cid" Parameter SQL Injection
08.09.58 - iScripts MultiCart "productdetails.php" SQL Injection
08.09.59 - Joomla! and Mambo 'com_clasifier' Component "cat_id" Parameter SQL
Injection
08.09.60 - Joomla! and Mambo "com_joomlavvz" Component "id" Parameter SQL
Injection
08.09.61 - Joomla! and Mambo COM_MOST SQL Injection
08.09.62 - Joomla! and Mambo "com_asortyment" Component "katid" Parameter SQL
Injection
08.09.63 - Joomla! and Mambo "com_inter" Component "id" Parameter SQL Injection
08.09.64 - Joomla! and Mambo Referenzen Component "id" Parameter SQL Injection
08.09.65 - OSSIM Open Source Security Information Management
"modifyportform.php" SQL Injection
08.09.66 - beContent "news.php" SQL Injection
08.09.67 - PHP-Nuke Classifieds Module SQL Injection
08.09.68 - XOOPS Tiny Event SQL Inejction
08.09.69 - PHP-Nuke Downloads Module "sid" Parameter SQL Injection
08.09.70 - PHP-Nuke Recipe Module "recipeid" Parameter SQL Injection
08.09.71 - Joomla! and Mambo "com_hello_world" Component 'id' Parameter SQL
Injection
08.09.72 - PHP-Nuke Gallery Module "aid" Parameter SQL Injection
08.09.73 - PHP-Nuke Sections Module "artid" Parameter SQL Injection
08.09.74 - auraCMS "lihatberita" Module "id" Parameter SQL Injection
08.09.75 - Joomla! and Mambo "com_publication" Component "pid" Parameter SQL
Injection
08.09.76 - Joomla! and Mambo "com_blog" Component "pid" Parameter SQL Injection
08.09.77 - Gary's Cookbook "id" Parameter SQL Injection
08.09.78 - Softbiz Jokes and Funny Pictures Script "sbcat_id" Parameter SQL
Injection
08.09.79 - Joomla! and Mambo "com_wines" Component "id" Parameter SQL Injection
08.09.80 - Galore Simple Shop SQL Injection
08.09.81 - XOOPS XM-Memberstats Module SQL Injection
08.09.82 - PHP-Nuke Sell Module "cid" Parameter SQL Injection
08.09.83 - PORAR Webboard "question.asp" SQL Injection
08.09.84 - PHP-Nuke Kose_Yazilari Module "artid" Parameter Multiple SQL
Injection Vulnerabilities
08.09.85 - MiniNuke "members.asp" SQL Injection
08.09.86 - Nukedit "email" Parameter SQL Injection
 -- Web Application
08.09.87 - Schoolwires Academic Portal SQL Injection and Cross-Site Scripting
Vulnerabilities
08.09.88 - PunBB Password Reset Weak Random Number Security Bypass
08.09.89 - Globsy "globsy_edit.php" Local File Include
08.09.90 - Invision Power Board BBCode Handling Unspecified HTML Injection
08.09.91 - DrBenHur.com DBHcms "mod.extmanager.php" Remote File Include
08.09.92 - Aeries Student Information System Multiple Input Validation
Vulnerabilities
08.09.93 - Quantum Game Library "CONFIG[gameroot]" Parameter Multiple Remote
File Include Vulnerabilities
08.09.94 - phpProfiles "body_comm.inc.php" Remote File Include
08.09.95 - PHPEcho CMS "Smarty.class.php" Remote File Include
08.09.96 - LWS php Download Manager "body.inc.php" Local File Include
08.09.97 - Portail Web Php Multiple Remote And Local File Include
Vulnerabilities
08.09.98 - LWS php User Base "header.inc.php" Remote File Include
08.09.99 - LWS php User Base "unverified.inc.php" Local File Include
08.09.100 - phpRaider Resistance Field HTML Injection
08.09.101 - WordPress Sniplets Plugin Multiple Input Validation Vulnerabilities
08.09.102 - H-Sphere SiteStudio Unspecified Issues
08.09.103 - S9Y Serendipity "Real Name" Field HTML Injection
08.09.104 - IBM ISS Internet Scanner HTML Injection
 -- Network Device
08.09.105 - Vocera Communications System PEAP Certificate Verification Security
Bypass
08.09.106 - ZyXEL Gateway Products Multiple Vulnerabilities
08.09.107 - Nortel UNIStim IP Phone Remote Ping Denial of Service
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Trend Micro OfficeScan Password Handling Buffer Overflow
Affected:
Trend Micro OfficeScan versions 8.0 and prior

Description: OfficeScan is an enterprise antivirus product from Trend
Micro. It contains a buffer overflow in its handling of passwords when
authenticating users. A specially crafted request containing an overlong
password could trigger this buffer overflow. Successfully exploiting
this buffer overflow would allow an attacker to execute arbitrary code
with the privileges of the vulnerable process. Full technical details
and multiple proofs-of-concept are publicly available for this
vulnerability. Note that some versions of OfficeScan crash rather than
allow remote code execution, meaning that on those versions of
OfficeScan, this vulnerability is only a denial-of-service. An
additional denial-of-service vulnerability is also disclosed in this
advisory.

Status: Trend Micro has not confirmed, no updates available.

References:
Advisory by Luigi Auriemma (includes multiple proofs-of-concept)
http://aluigi.altervista.org/adv/officescaz-adv.txt
Product Home Page
http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition
/
SecurityFocus BID
http://www.securityfocus.com/bid/28020

*********************************************************************

(2) HIGH: Mozilla Thunderbird MIME Handling Buffer Overflow
Affected:
Mozilla Thunderbird versions prior to 2.0.0.12

Description: Mozilla Thunderbird is an email and news client from the
Mozilla Foundation. Thunderbird supports Multipurpose Internet Mail
Extensions (MIME), a set of extensions to core email protocols to
support non-textual data in email messages. A flaw in parsing certain
MIME headers could result in a heap buffer overflow. A specially crafted
email message could exploit this buffer overflow to execute arbitrary
code with the privileges of the current user. This vulnerability can be
exploited whenever an email is viewed in Thunderbird. Some technical
details are provided in the advisories, and full technical details are
available via source code analysis.

Status: Mozilla confirmed, updates available. A workaround is also
available, as documented in the iDefense and Mozilla advisories below.

References:
Mozilla Security Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668
Wikipedia Article on MIME
http://en.wikipedia.org/wiki/MIME
Product Home Page
http://www.mozilla.com/en-US/thunderbird/
SecurityFocus BID
http://www.securityfocus.com/bid/28012

*********************************************************************

(3) HIGH: Novell iPrint Client ActiveX Control Buffer Overflow
Affected:
Novell iPrint Client versions 4.32 and prior

Description: Novell iPrint is a printing technology from Novell that
allows users to submit print jobs from web browsers to remote printers
using the Internet Printing Protocol (IPP). Part of its functionality
is provided by an ActiveX control. This control contains a buffer
overflow vulnerability in its "ExecuteRequest" method. A specially
crafted web page that invokes this method with an overlong argument
could trigger this buffer overflow. Successfully exploiting this flaw
would allow an attacker to execute arbitrary code with the privileges
of the current user. Some technical details are publicly available for
this vulnerability.

Status: Novell confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism. Note that this will impact normal
application functionality.

References:
Novell Security Advisory
http://download.novell.com/Download?buildid=prBBH4JpImA~
Secunia Security Advisory
http://secunia.com/advisories/27994/
Wikipedia Article on IPP
http://en.wikipedia.org/wiki/Internet_Printing_Protocol
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.novell.com/products/netware/printing/quicklook.html
SecurityFocus BID
http://www.securityfocus.com/bid/27939

*********************************************************************

(4) HIGH: Symantec Scan Engine RAR File Handling Buffer Overflow
Affected:
Symantec Scan Engine versions 5.1.2 and prior

Description: Symantec Scan Engine is a version of Symantec's antivirus
engine designed to be included in other products. The engine supports
scanning requests submitted via the Internet Content Adaptation Protocol
(ICAP). A specially crafted RAR archive file submitted from a remote
user could trigger a heap overflow in the scan engine process.
Successfully exploiting this overflow would allow an attacker to execute
arbitrary code with the privileges of the vulnerable process. Note that,
depending on how the scan engine is integrated with other products, it
may be possible to exploit this vulnerability remotely and without any
user interaction. Any product using the scan engine should be considered
vulnerable.

Status: Symantec confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP port 1344 at the
network perimeter, if possible. Also patched in this update is a
denial-of-service vulnerability.

References:
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2008.02.27.html
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=666
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
Wikipedia Article on ICAP
http://en.wikipedia.org/wiki/Internet_Content_Adaptation_Protocol
Wikipedia Article on the RAR File Format
http://en.wikipedia.org/wiki/RAR_%28file_format%29
Product Home Page
http://www.symantec.com/business/products/overview.jsp;jsessionid=
C3868263582F4FB5597B5D93C8EFD1AE?pcid=2251&pvid=836_1
SecurityFocus BID
http://www.securityfocus.com/bid/27913

*********************************************************************

(5) HIGH: ActivePDF Server Request Handling Buffer Overflow
Affected:
ActivePDF Server versions 3.8.5.14 and prior

Description: ActivePDF is a popular server application for generating
Portable Document Format (PDF) files. It contains a flaw in its handling
of user requests. A specially crafted packet set to the server could
trigger a buffer overflow. Successfully exploiting this buffer overflow
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. Some technical details are publicly available
for this vulnerability.

Status: ActivePDF confirmed, updates available. Users can mitigate the
impact of this vulnerability by blocking access to TCP port 53535 at the
network perimeter.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2007-87/advisory/
Product Home Page
http://www.activepdf.com/products/serverproducts/server/index.cfm
SecurityFocus BID
http://www.securityfocus.com/bid/28013

*********************************************************************

(6) HIGH: ICQ Format String Vulnerability
Affected:
ICQ versions 6 and prior

Description: ICQ is a popular instant messaging application. It contains
a flaw in its handling of received messages. A specially crafted message
containing certain formatting characters could trigger a format string
vulnerability. Successfully exploiting this vulnerability could allow
an attacker to execute arbitrary code with the privileges of the current
user. Note that if a user has ICQ configured to accept incoming messages
(the default configuration), no user interaction is required to exploit
this vulnerability. Some technical details and a simple proof-of-concept
are publicly available for this vulnerability.

Status: ICQ has not confirmed, no updates available.

References:
Secunia Security Advisory
http://secunia.com/advisories/29138/
Advisory from B0B (in German)
http://board.raidrush.ws/showthread.php?t=386983
ICQ Home Page
http://www.icq.com
SecurityFocus BID
http://www.securityfocus.com/bid/28027

*********************************************************************

(7) MODERATE: Ghostscript Document Handling Buffer Overflow
Affected:
GNU Ghostscript versions 8.61 and prior

Description: Ghostscript is an open source parsing and display engine
for the PostScript (PS) and Portable Document Format (PDF) page
description languages. It is the default PS and PDF viewer for a variety
of Linux distributions and forms the basis of other PS and PDF viewers.
It contains a flaw in its handling of certain PostScript constructions.
A specially crafted PS file could trigger this flaw, leading to a
stack-based buffer overflow. Successfully exploiting this buffer
overflow would allow an attacker to execute arbitrary code with the
privileges of the current user. Depending upon configuration,
Ghostscript may be used to open PostScript documents upon receipt,
without further user interaction. Full technical details for this
vulnerability and a proof-of-concept are publicly available.

Status: Vendor confirmed, updates available.

References:
Security Advisory from Chris Evans
http://scary.beasts.org/security/CESA-2008-001.html
Wikipedia Article on PostScript
http://en.wikipedia.org/wiki/PostScript
Wikipedia Article on PDF
http://en.wikipedia.org/wiki/Portable_Document_Format
Ghostscript Home Page
http://www.ghostscript.com
SecurityFocus BID
http://www.securityfocus.com/bid/28017
 
**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 9, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.09.1 CVE: Not Available
Platform: Microsoft Office
Title: Microsoft Word Unspecified Remote Code Execution
Description: Microsoft Word is exposed to an unspecified remote code
execution issue. Please refer to the following link for further
information.
Ref: http://www.scmagazineus.com/Olympic-spam-carries-malicious-code-M
essageLabs/article/107232/
______________________________________________________________________

08.09.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Novell iPrint Client "ienipp.ocx" ActiveX Control Buffer
Overflow
Description: Novell iPrint Client lets users access printers from
remote locations. The application is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. Novell iPrint Client versions 4.26 and 4.32 are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.09.3 CVE: CVE-2007-4516
Platform: Third Party Windows Apps
Title: Symantec Storage Foundation for Windows Scheduler Service
Denial of Service
Description: Symantec Storage Foundation for Windows is a networked
storage management tool. The application is exposed to a denial of
service issue because it fails to validate user-supplied input.
Storage Foundation for Windows version 5.0 is affected.
Ref:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=665
______________________________________________________________________

08.09.4 CVE: CVE-2008-6426
Platform: Third Party Windows Apps
Title: EMC RepliStor Multiple Remote Heap Based Buffer Overflow
Vulnerabilities
Description: EMC RepliStor provides data recovery and protection for
Microsoft Windows platforms. The application is exposed to multiple
remote heap-based buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied input before using it in an
insufficiently sized buffer. EMC RepliStor version 6.2 SP2 is
affected.
Ref: http://www.securityfocus.com/archive/1/488410
______________________________________________________________________

08.09.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: Move Media Player Quantum Streaming "qsp2ie07074039.dll"
ActiveX Control Buffer Overflow
Description: Move Media Player is a web-based multimedia player.
Quantum Streaming ActiveX control is a plug-in for Internet Explorer.
The control is exposed to a remote buffer overflow issue because it
fails to properly bounds check user-supplied data before copying it
into an insufficiently sized buffer. Quantum Streaming
"qsp2ie07074039.dll" ActiveX control version 7.7.4.39 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.09.6 CVE: CVE-2008-0974, CVE-2008-0976, CVE-2008-0977,
CVE-2008-0978
Platform: Third Party Windows Apps
Title: Double-Take Denial of Service and Information Disclosure
Vulnerabilities
Description: Double-Take is a disaster recovery and backup software
application. The application is exposed to multiple remote issues. 
Double-Take version 5.0.0.2865 and 4.5 are affected.
Ref: http://www.securityfocus.com/bid/27951
______________________________________________________________________

08.09.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Rising Web Scan Object "OL2005.dll" ActiveX Control Remote Code
Execution
Description: Rising Web Scan Object is an ActiveX control installed by
the online version of Rising Antivirus online scanner. The control is
exposed to a remote code execution issue because it fails to properly 
verify the origin of the dynamic-link library it uses. Rising Web Scan
Object "OL2005.dll" version 18.0.0.7 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.09.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: Various IP Security Camera ActiveX Controls "url" Attribute
Buffer Overflow
Description: D-Link MPEG4 SHM Audio Control, 4xem VatCtrl Class and
RTSP MPEG4 SP Control are ActiveX controls for various security
cameras. The applications are exposed to a remote buffer overflow
issue because they fail to properly bounds-check user-supplied data
before copying it into an insufficiently sized buffer.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.09.9 CVE: CVE-2007-6418
Platform: Linux
Title: DSPAM Debian "libdspam7-drv-mysql" Cron Job MySQL Calls Local
Information Disclosure
Description: DSPAM is a scalable, enterprise-level anti-spam filter.
The "libdspam7-drv-mysql" cron job in Debian is exposed to an
information disclosure issue because it passes sensitive information
as command-line arguments. libdspam7-drv-mysql version 3.6.8-5 is
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448519
______________________________________________________________________

08.09.10 CVE: CVE-2008-0932
Platform: Linux
Title: The SWORD Project Diatheke Unspecified Remote Command Execution
Description: Diatheke is a CGI-based, front-end web script for the
SWORD Project's Bible software library. The application is exposed to
an issue that can result in the execution of arbitrary shell commands.
SWORD version 1.5.9 is affected.
Ref: http://www.securityfocus.com/bid/27987
______________________________________________________________________

08.09.11 CVE: Not Available
Platform: Linux
Title: KVM Block Device Backend Local Security Bypass
Description: KVM (Kernel-based Virtual Machine) is an open-source
virtualization application for Linux. The application is exposed to a
local security bypass issue because it fails to validate user-supplied
input.
Ref:
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.
html
______________________________________________________________________

08.09.12 CVE: Not Available
Platform: BSD
Title: OpenBSD "tcp_respond()" Remote Denial of Service
Description: OpenBSD is exposed to a remote denial of service issue
because of a flaw in the affected kernel when processing certain TCP
packets. This issue occurs in the "tcp_respond()" function in the
"sys/netinet/tcp_subr.c" source file. When responding to certain TCP
packets, the kernel fails to use the correct TCP header, which can
trigger a panic. OpenBSD version 4.2 is affected.
Ref: http://www.openbsd.org/errata42.html#007_tcprespond
______________________________________________________________________

08.09.13 CVE: Not Available
Platform: BSD
Title: OpenBSD IPv6 Routing Headers Remote Denial of Service
Description: OpenBSD is exposed to a remote denial of service issue
because of a flaw in the affected kernel when processing certain TCP
packets. This issue occurs in the "ip6_check_rh0hdr()" function in the
"sys/netinet6/ip6_input.c" source file and can be exploited by sending
a specially crafted packet with malformed IPv6 routing headers.
OpenBSD version 4.2 is affected.
Ref: http://www.openbsd.org/errata42.html
______________________________________________________________________

08.09.14 CVE: Not Available
Platform: Solaris
Title: Sun Solaris cpc(3CPC) Sub-System Local Denial of Service
Vulnerabilities
Description: Sun Solaris is an enterprise-grade Unix distribution. The
application is exposed to two denial of service issues due to two
separate race-condition errors that affect the CPU Performance
Counters (cpc(3CPC)) sub-system of the Solaris kernel. Solaris 10 for
SPARC and x86 architectures is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231466-1
______________________________________________________________________

08.09.15 CVE: Not Available
Platform: Solaris
Title: Sun Solaris DTrace Dynamic Tracing Framework Information
Disclosure
Description: Sun Solaris is an enterprise-level Unix distribution. The
application is exposed to an information disclosure issue that affects
the DTrace dynamic tracing framework because it fails to properly
validate access before allowing users to perform certain actions.
Solaris 10 for SPARC and x86 platforms is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231803-1
______________________________________________________________________

08.09.16 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Internet Protocol "ip(7P)" Security Bypass and
Denial of Service Vulnerabilities
Description: Sun Solaris is an enterprise-level Unix distribution. The
application is exposed to a security-bypass and denial of service
issue due to an unspecified error affecting Internet Protocol
implementation (ip(7P)). Sun Solaris versions 8, 9 and 10 for SPARC
and x86 platforms are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200183-1
______________________________________________________________________

08.09.17 CVE: CVE-2008-0162
Platform: Unix
Title: splitvt "xprop" Local Privilege Escalation
Description: splitvt is a VT100 window splitter, designed to allow the
user two command line interfaces in one terminal window. The
application is exposed to a local privilege escalation issue because
the application fails to drop group privileges prior to executing
"xprop".
Ref: http://www.securityfocus.com/bid/27936
______________________________________________________________________

08.09.18 CVE: CVE-2008-0882
Platform: Unix
Title: CUPS "process_browse_data()" Remote Double Free Denial of
Service
Description: CUPS, Common Unix Printing System, is a widely used set
of printing utilities for Unix-based systems. The application is
exposed to a remote denial of service issue because it fails to
protect against a double-free condition. CUPS version 1.3.5 is
affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0157.html
______________________________________________________________________

08.09.19 CVE: CVE-2008-0596, CVE-2008-0597
Platform: Unix
Title: CUPS Multiple Remote Denial of Service Vulnerabilities
Description: CUPS, Common Unix Printing System, is a widely used set
of printing utilities for Unix-based systems. The application is
exposed to two remote denial of service issues. CUPS versions 1.1.17
and 1.1.22 are affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0153.html
______________________________________________________________________

08.09.20 CVE: Not Available
Platform: Cross Platform
Title: Zilab Chat and Instant Messaging (ZIM) Server Multiple
Vulnerabilities
Description: Zilab Chat and Instant Messaging (ZIM) Server is a chat
and Instant Messaging server for Microsoft Windows platforms. The
application is exposed to multiple issues that include denial of
service conditions and memory-corruption issues. Zilab Chat and
Instant Messaging (ZIM) Server versions 2.0 and 2.1 are affected.
Ref: http://aluigi.altervista.org/adv/zilabzcsx-adv.txt
______________________________________________________________________

08.09.21 CVE: CVE-2008-0638
Platform: Cross Platform
Title: Symantec Storage Foundation Veritas Enterprise Administrator
Heap Buffer Overflow
Description: Symantec Storage Foundation is an online storage manager.
Symantec Veritas Enterprise Administrator (VEA) is the management GUI
component of Symantec Storage Foundation. The application is exposed
to a remote heap-based buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/488420
______________________________________________________________________

08.09.22 CVE: Not Available
Platform: Cross Platform
Title: Sybase MobiLink Multiple Heap Buffer Overflow Vulnerabilities
Description: Sybase MobiLink is software for the two-way
synchronization of data between a central, consolidated database and a
number of remote databases. The application is part of Sybase's SQL
Anywhere Studio package. The application is exposed to multiple
heap-based buffer overflow issues because the software fails to
perform adequate boundary checks on user-supplied data. MobiLink
version 10.0.1.3629 is affected.
Ref: http://www.securityfocus.com/archive/1/488409
______________________________________________________________________

08.09.23 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail Real CGI Executables Remote Buffer Overflow
Description: SurgeMail is a mail server application. The application
is exposed to a remote buffer overflow issue because it fails to
properly bounds check user-supplied input. The issue occurs when
handling environment strings. SurgeMail version 38k4 and earlier are
affected.
Ref: http://www.securityfocus.com/archive/1/488741
______________________________________________________________________

08.09.24 CVE: Not Available
Platform: Cross Platform
Title: SurgeFTP "Content-Length" Parameter NULL Pointer Denial of
Service
Description: SurgeFTP is a file-transfer-protocol server available for
multiple operating platforms. The application is exposed to a remote
denial of service issue because it fails to perform adequate boundary
checks on user supplied input. SurgeFTP version 2.3a2 is affected.
Ref: http://www.securityfocus.com/archive/1/488745
______________________________________________________________________

08.09.25 CVE: Not Available
Platform: Cross Platform
Title: lighttpd File Descriptor Array Remote Denial of Service
Description: lighttpd is a freely available webserver application. The
application is exposed to a remote denial of service issue.
Specifically under certain circumstances the number of file
descriptors given to the application can be larger than the number
used by the application to allocate the file descriptor array. This
will cause the application to crash. lighttpd version 1.4.18 is
affected.
Ref: http://trac.lighttpd.net/trac/ticket/1562
______________________________________________________________________

08.09.26 CVE: CVE-2008-0894
Platform: Cross Platform
Title: Apple Safari BMP and GIF Files Remote Denial of Service and
Information Disclosure
Description: Apple Safari is a web browser available for multiple
operating systems. Safari is exposed to a remote issue that may lead
to a denial of service condition or information disclosure. This issue
occurs when the application tries to handle malformed image files.
Ref: http://www.securityfocus.com/archive/1/488264
______________________________________________________________________

08.09.27 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox Domain Extensions Insecure Cookie Access
Description: Mozilla Firefox is a web browsing application available
for multiple operating platforms. The application is exposed to an
issue that allows attackers to set cookies for certain domain
extensions. Mozilla Firefox 2 versions are affected.
Ref: http://www.securityfocus.com/bid/27950
______________________________________________________________________

08.09.28 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Interstage Application Server Single Sign-On Buffer
Overflow
Description: Fujitsu Interstage Application Server is a Java-based
application server. The application is exposed to a remote buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied input.
Ref:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-
200804e.html
______________________________________________________________________

08.09.29 CVE: CVE-2008-0923
Platform: Cross Platform
Title: VMWare Products Shared Folders "MultiByteToWideChar()" Variant
Directory Traversal
Description: Multiple VMWare products are prone to a
directory traversal vulnerability that affects shared folders. This
issue occurs when the "MultiByteToWideChar()" handles "PathName"
parameter arguments. VMware Workstation versions 6.0.2, 5.5.4 and
earlier, VMware Player versions 2.0.2, 1.0.4 and earlier, VMware ACE
versions 2.0.2, 1.0.2 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/488725
______________________________________________________________________

08.09.30 CVE: Not Available
Platform: Cross Platform
Title: MyServer Mutltiple HTTP Methods "204 Not Content" Error Remote
Denial of Service Vulnerabilities
Description: MyServer is a scalable web server application available
for Windows and Linux operating platforms. The application is exposed
to multiple remote denial of service issues because it fails to
adequately handle HTTP method requests that return a "204 No Content"
error. MyServer version 0.8.11 is affected.
Ref: http://www.securityfocus.com/bid/27981
______________________________________________________________________

08.09.31 CVE: Not Available
Platform: Cross Platform
Title: SurgeMail and WebMail "Page" Command Remote Format String
Description: SurgeMail and WebMail  are webmail applications. The
applications are exposed to a remote format string issue because they
fail to properly sanitize user-supplied input before including it in
the format-specifier argument of a formatted printing function. Netwin
SurgeMail versions 38k4 beta 39a and earlier, and Netwin WebMail versions
3.1s and earlier are affected.
Ref: http://www.securityfocus.com/bid/27990
______________________________________________________________________

08.09.32 CVE: Not Available
Platform: Cross Platform
Title: DNSSEC-Tools libval Security Bypass
Description: DNSSEC-Tools is a set of applications and libraries that
help in deployment of DNSSEC-related solutions. The application is
exposed to a security bypass issue due to an error in the libval
DNSSEC validation library. DNSSEC-Tools versions prior to 1.3.2 are
affected.
Ref:
http://dnssec-tools.svn.sourceforge.net/viewvc/dnssec-tools?view=rev&revision=
3872
______________________________________________________________________

08.09.33 CVE: Not Available
Platform: Cross Platform
Title: Symantec Decomposer Resource Consumption Denial of Service
Description: Symantec Decomposer is an application used to parse
certain archives while scanning for malicious content. Decomposer is
exposed to an issue that results in denial of service conditions
because it fails to adequately parse user-supplied input.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.27.html
______________________________________________________________________

08.09.34 CVE: Not Available
Platform: Cross Platform
Title: Symantec Decomposer Unspecified Remote Buffer Overflow
Description: Symantec Decomposer is exposed to a remote unspecified
buffer overflow issue because the application fails to properly
bounds check user-supplied input before copying it to an
insufficiently sized memory buffer.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.27.html
______________________________________________________________________

08.09.35 CVE: CVE-2008-0984
Platform: Cross Platform
Title: VideoLAN VLC Media Player MP4 Demuxer Remote Code Execution
Description: VideoLAN VLC media player is a multimedia application
available for multiple operating platforms. The application is exposed
to a remote code execution issue because it fails to adequately parse
specially crafted MP4 files. VideoLAN VLC media player versions prior
to 0.8.6e are affected.
Ref: http://www.videolan.org/security/sa0802.html
______________________________________________________________________

08.09.36 CVE: CVE-2008-0304
Platform: Cross Platform
Title: Mozilla Thunderbird External-Body MIME Remote Heap Buffer
Overflow
Description: Mozilla Thunderbird is a cross-platform mail client for
Windows, Linux, and Apple Mac OS X. The application is exposed to a
remote heap-based buffer overflow issue because it fails to properly
bounds-check user-supplied data. Mozilla Thunderbird versions prior to
2.0.0.12 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-12.html
______________________________________________________________________

08.09.37 CVE: Not Available
Platform: Cross Platform
Title: activePDF Server Packet Processing Remote Heap Overflow
Description: activePDF Server is used to generate and convert PDF
files. It is available for Microsoft Windows platforms. The
application is exposed to a remote heap overflow issue because it
fails to perform adequate boundary checks on user-supplied input.
activePDF Server versions 3.8.4 and 3.8.5.14 are affected.
Ref: http://secunia.com/secunia_research/2007-87/advisory/
______________________________________________________________________

08.09.38 CVE: Not Available
Platform: Cross Platform
Title: Symark PowerBroker Client Multiple Local Buffer Overflow
Vulnerabilities
Description: Symark PowerBroker is privilege-management software for
various platforms. It facilitates centralized access to all
superuser accounts in an enterprise environment. The application is
exposed to multiple local buffer overflow issues because it fails to
perform adequate boundary checks on user-supplied input. Symark
PowerBroker versions from 2.8 upto and including 5.0.1 are affected.
Ref: http://www.symark.com/support/PBFeb2008Announcement.html
______________________________________________________________________

08.09.39 CVE: CVE-2008-0780, CVE-2008-0781
Platform: Web Application - Cross Site Scripting
Title: MoinMoin Multiple Cross-Scripting Vulnerabilities
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for Unix and Linux platforms. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input. MoinMoin
versions 1.5.8 and earlier are affected and also MoinMoin versions
1.6.x prior to 1.6.1 are affected.
Ref: http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d
______________________________________________________________________

08.09.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Tor World CGI Scripts Unspecified Cross-Site Scripting
Vulnerabilities
Description: Multiple CGI scripts from Tor World are prone to
cross-site scripting issues because the scripts fail to sanitize
user-supplied input to unspecified parameters.
Ref: http://www.securityfocus.com/bid/27919
______________________________________________________________________

08.09.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Quickr QuickPlace Server Calendar "Count" Parameter
Cross-Site Scripting
Description: Lotus Quickr, the latest evolution of Lotus QuickPlace,
is a content collaboration and sharing system available for multiple
operating platforms. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input to the "Count" parameter when opening a document in the "QuickPlace
Calender" feature. Lotus Quickr version 8.0 is affected.
Ref: http://www.securityfocus.com/bid/27925
______________________________________________________________________

08.09.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: OSSIM Open Source Security Information Management "login.php"
Cross-Site Scripting
Description: OSSIM (Open Source Security Information Management) is a
compilation of common security tools that are managed in a web
console. The application is exposed to a cross-site scripting issue
because it fails to properly sanitize user-supplied input to the
"dest" parameter of the "/ossim/session/login.php" script. OSSIM
version 0.9.9rc5 is affected.
Ref: http://www.securityfocus.com/archive/1/488450
______________________________________________________________________

08.09.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Citrix MetaFrame Web Manager "login.asp" Cross-Site Scripting
Description: MetaFrame is remote desktop software distributed by
Citrix. The application is exposed to a cross-site scripting issue
because it fails to sanitize user-supplied input to the
"NFuse_Message" parameter of the "login.asp" script.
Ref: http://www.securityfocus.com/bid/27948
______________________________________________________________________

08.09.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TikiWiki "tiki-edit_article.php" Cross-Site Scripting
Description: TikiWiki is a PHP-based wiki application. The application
is exposed to cross-site scripting attacks because it fails to
sufficiently sanitize user-supplied input to unspecified parameter of
the "tiki-special_chars.php" script. TikiWiki versions prior to
1.9.10.1 are affected.
Ref: http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=1498
______________________________________________________________________

08.09.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Matt's Whois "mwhois.php" Cross-Site Scripting
Description: Matt's Whois is lookup script. The application is exposed
to a cross-site scripting issue because it fails to sufficiently
sanitize user-supplied input to the "domain" parameter of the
"mwhois.php" script.
Ref: http://www.securityfocus.com/bid/27974
______________________________________________________________________

08.09.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Packeteer PacketShaper and PolicyCenter "whatever.htm"
Cross-Site Scripting
Description: Packeteer PacketShaper is a hardware device for
controlling and managing bandwidth. PolicyCenter monitor performance
and bandwidth utilization for each web application running on the
computer. The application is exposed to cross-site scripting issue
because they fail to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/488712
______________________________________________________________________

08.09.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Alkacon OpenCms "tree_files.jsp" Cross-Site Scripting
Description: Alkacon OpenCms is a web-based content management system.
The application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to the "resource"
parameter of the "treefiles.jsp" script.
Ref: http://www.securityfocus.com/archive/1/488708
______________________________________________________________________

08.09.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Plume CMS "manager/xmedia.php" Cross-Site Scripting
Description: Plume CMS is a CMS for managing dynamic web content,
blogs, and customer forums. The application is exposed to cross-site
scripting attacks because it fails to sufficiently sanitize
user-supplied input to the "dir" parameter of the "manager/xmedia.php"
script. Plume CMS version 1.2.2 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-plume-cms.html
______________________________________________________________________

08.09.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Manuales Module "cid" Parameter SQL Injection
Description: Manuales is a module for the PHP-Nuke content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cid" parameter before
using it in an SQL query. Manuales version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/27933
______________________________________________________________________

08.09.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke NukeC Module "id_catg" Parameter SQL Injection
Description: NukeC is an advertising module for PHP-Nuke. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id_catg" parameter
before using it in an SQL query. NukeC version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/27937
______________________________________________________________________

08.09.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS "prayerlist" Module "cid" Parameter SQL Injection
Description: The "prayerlist" module is a component for the XOOPS CMS.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "classifieds" module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488458
______________________________________________________________________

08.09.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RunCMS MyAnnonces Module "cid" Parameter SQL Injection
Description: MyAnnonces is a plugin for the RunCMS content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cid" parameter of
the "MyAnnonces" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27902
______________________________________________________________________

08.09.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS eEmpregos Module "index.php" SQL Injection
Description: eEmpregos is a module for the XOOPS CMS. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "cid" parameter of the "index.php"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488358
______________________________________________________________________

08.09.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Highwood Design hwdVideoShare "Itemid" Parameter SQL Injection
Description: hwdVideoShare is a module for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ItemId" parameter of the "com_hwdvideoshare" module before using it
in an SQL query.
Ref: http://www.securityfocus.com/bid/27907
______________________________________________________________________

08.09.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Okul Module "okulid" Parameter SQL Injection
Description: Okul is a module for the PHP-Nuke content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "okulid" parameter of
the "Okul" module before using it in an SQL query. Okul version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/27909
______________________________________________________________________

08.09.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Docum Module "artid" Parameter SQL Injection
Description: Docum is a module for the PHP-Nuke content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "artid" parameter of
the "Docum" module before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27912
______________________________________________________________________

08.09.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Inhalt Module "cid" Parameter SQL Injection
Description: Inhalt is a module for the content management system
PHP-Nuke. The component is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cid"
parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/27886
______________________________________________________________________

08.09.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: iScripts MultiCart "productdetails.php" SQL Injection
Description: iScripts MultiCart is a web-based ecommerce application.
The application is exposed to an SQL injection issue because it fails
to properly sanitize the  "productid" parameter of the
"productdetails.php" script. MultiCart version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/27916
______________________________________________________________________

08.09.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo 'com_clasifier' Component "cat_id" Parameter
SQL Injection
Description: The "com_pccookbook" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "cat_id" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/27917
______________________________________________________________________

08.09.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_joomlavvz" Component "id" Parameter SQL
Injection
Description: The "com_joomlavvz" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/488424
______________________________________________________________________

08.09.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo COM_MOST SQL Injection
Description: The "com_most" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "secid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488454
______________________________________________________________________

08.09.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_asortyment" Component "katid" Parameter
SQL Injection
Description: The "com_most" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "katid" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488459
______________________________________________________________________

08.09.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_inter" Component "id" Parameter SQL
Injection
Description: The "com_inter" component is a module for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488703
______________________________________________________________________

08.09.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Referenzen Component "id" Parameter SQL
Injection
Description: Referenzen is a reference component for the Joomla! and
Mambo content managers. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "detail" parameter of the "com_referenzen" component before using
it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488422
______________________________________________________________________

08.09.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: OSSIM Open Source Security Information Management
"modifyportform.php" SQL Injection
Description: OSSIM (Open Source Security Information Management) is a
compilation of common security tools that are managed in a web
console. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "portname"
parameter of the "/ossim/port/modifyportform.php" script before using
it in an SQL query. OSSIM version 0.9.9rc5 is affected.
Ref: http://www.securityfocus.com/archive/1/488450
______________________________________________________________________

08.09.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: beContent "news.php" SQL Injection
Description: beContent is a web-based application framework. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"news.php" script before using it in an SQL query. beContent version
.031 is affected.
Ref: http://www.securityfocus.com/bid/27928
______________________________________________________________________

08.09.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Classifieds Module SQL Injection
Description: Classifieds is a module for the PHP-Nuke content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "Details" parameter
before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488440
______________________________________________________________________

08.09.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS Tiny Event SQL Inejction
Description: Tiny Event is an event calendar module for the XOOPS
content management system. The component is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "print" option of
"index.php" before using it in an SQL query. Tiny Event version 1.01
is affected.
Ref: http://www.securityfocus.com/archive/1/488451
______________________________________________________________________

08.09.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Downloads Module "sid" Parameter SQL Injection
Description: Downloads is a module for the PHP-Nuke content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "sid" parameter before
using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488452
______________________________________________________________________

08.09.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Recipe Module "recipeid" Parameter SQL Injection
Description: Recipe is a cookbook module for PHP-Nuke. The component
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "recipieid" parameter of the
"modules.php" script when the "name" parameter is set to "Recipe".
Recipe version 1.3 is affected.
Ref: http://www.securityfocus.com/archive/1/488649
______________________________________________________________________

08.09.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_hello_world" Component 'id' Parameter
SQL Injection
Description: The "com_hello_world" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter before using it in an SQL
query.
Ref: http://www.securityfocus.com/archive/1/488652
______________________________________________________________________

08.09.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Gallery Module "aid" Parameter SQL Injection
Description: Gallery is a photo gallery module for PHP-Nuke. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "aid" parameter when
the "module" parameter is set to "aid". Gallery version 1.3 is
affected.
Ref: http://www.securityfocus.com/archive/1/488649
______________________________________________________________________

08.09.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Sections Module "artid" Parameter SQL Injection
Description: Sections is a module for PHP-Nuke content manager. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "artid" parameter.
Ref: http://www.securityfocus.com/archive/1/488653
______________________________________________________________________

08.09.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: auraCMS "lihatberita" Module "id" Parameter SQL Injection
Description: auraCMS is a content management system. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter when the "pilih"
parameter is set to "lihatberita".
Ref: http://www.securityfocus.com/archive/1/488652
______________________________________________________________________

08.09.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_publication" Component "pid" Parameter
SQL Injection
Description: The "com_publication" component is a module for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "pid" parameter of the "com_publication"
module before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/488690
______________________________________________________________________

08.09.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_blog" Component "pid" Parameter SQL
Injection
Description: "com_blog" is a module for the Joomla! and Mambo content
managers. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "pid"
parameter of the "com_blog" component.
Ref: http://www.securityfocus.com/bid/27971
______________________________________________________________________

08.09.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Gary's Cookbook "id" Parameter SQL Injection
Description: Gary's Cookbook ("com_garyscookbook") is a component
module for the Joomla! and Mambo content management systems. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"com_garyscookbook" component.
Ref: http://www.securityfocus.com/archive/1/488696
______________________________________________________________________

08.09.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Softbiz Jokes and Funny Pictures Script "sbcat_id" Parameter
SQL Injection
Description: Softbiz Jokes and Funny Pictures Script is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"sbcat_id" parameter of the "index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/archive/1/488706
______________________________________________________________________

08.09.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_wines" Component "id" Parameter SQL
Injection
Description: "com_wines" is a winebook component module for the
Joomla! and Mambo content management systems. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "com_wines"
component.
Ref: http://www.securityfocus.com/archive/1/488698
______________________________________________________________________

08.09.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Galore Simple Shop SQL Injection
Description: Simple Shop is a shopping-cart component module for the
Joomla! and Mambo content management systems. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "section" parameter of the
"com_simpleshop" component.
Ref: http://www.securityfocus.com/archive/1/488692
______________________________________________________________________

08.09.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS XM-Memberstats Module SQL Injection
Description: XOOPS XM-Memberstats is a member statistics module for
the XOOPS content manager. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "letter" and "sortby" parameters of the
"xmmemberstats/index.php" script. XOOPS XM-Memberstats version 2.0e is
affected.
Ref: http://www.securityfocus.com/bid/27979
______________________________________________________________________

08.09.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Sell Module "cid" Parameter SQL Injection
Description: "Sell" is a shopping-cart module for the PHP-Nuke content
management system. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cid" parameter of the "modules.php" script when the "name" parameter
is set to "Sell".
Ref: http://www.securityfocus.com/archive/1/488718
______________________________________________________________________

08.09.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PORAR Webboard "question.asp" SQL Injection
Description: PORAR Webboard is a web-based bulletin board application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "QID" parameter of the "question.asp" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/27989
______________________________________________________________________

08.09.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Kose_Yazilari Module "artid" Parameter Multiple SQL
Injection Vulnerabilities
Description: Kose_Yazilari module for the PHP-Nuke content managers.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "artid"
parameter of the "Kose_Yazilari" module when performing the
"viewarticle" or "printpage" operations.
Ref: http://www.securityfocus.com/bid/27991
______________________________________________________________________

08.09.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MiniNuke "members.asp" SQL Injection
Description: MiniNuke is a content management system implemented in
ASP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "uid"
parameter of the "members.asp" script.
Ref: http://www.securityfocus.com/bid/28000
______________________________________________________________________

08.09.86 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Nukedit "email" Parameter SQL Injection
Description: Nukedit is a content manager implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "email" parameter of
the "utilities/login.asp" script.
Ref: http://www.securityfocus.com/bid/28009
______________________________________________________________________

08.09.87 CVE: Not Available
Platform: Web Application
Title: Schoolwires Academic Portal SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: Schoolwires Academic Portal is a content management
system implemented in ASP. The application is exposed to an SQL
injection issue and a cross-site scripting issue because the
application fails to sufficiently sanitize user-supplied input to the
"c" parameter of the "browse.asp" script.
Ref: http://www.securityfocus.com/bid/27903
______________________________________________________________________

08.09.88 CVE: Not Available
Platform: Web Application
Title: PunBB Password Reset Weak Random Number Security Bypass
Description: PunBB is a bulletin-board application. The application is
exposed to an issue that can allow an attacker to determine the
password of an arbitrary user due to a design flaw in its "Password
Reset" functionality. This issue occurs when a user generates a random
password and its associated activation link with this feature. PunBB
versions prior to 1.2.17 are affected.
Ref: http://www.securityfocus.com/archive/1/488408
______________________________________________________________________

08.09.89 CVE: Not Available
Platform: Web Application
Title: Globsy "globsy_edit.php" Local File Include
Description: Globsy is a PHP framework for the Google Talk network.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "file" parameter
of the "globsy_edit.php" script. Globsy version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/27910
______________________________________________________________________

08.09.90 CVE: Not Available
Platform: Web Application
Title: Invision Power Board BBCode Handling Unspecified HTML Injection
Description: Invision Power Board (IP.Board) is a content manager. The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. Invision Power Board version 2.3.4 released prior
to February 20, 2008 is affected.
Ref: http://forums.invisionpower.com/index.php?showtopic=269961
______________________________________________________________________

08.09.91 CVE: Not Available
Platform: Web Application
Title: DrBenHur.com DBHcms "mod.extmanager.php" Remote File Include
Description: DrBenHur.com DBHcms is a PHP-based content manager. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "do" parameter of the
"dbhcms/mod/mod.extmanager.php" script. DrBenHur.com DBHcms versions
1.1.4 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27996
______________________________________________________________________

08.09.92 CVE: Not Available
Platform: Web Application
Title: Aeries Student Information System Multiple Input Validation
Vulnerabilities
Description: Aeries Student Information System is a school
administration application implemented in ASP. The application is
exposed to multiple input validation issues. Aeries Student
Information System versions 3.8.2.8 and 3.7.2.2 are affected.
Ref: http://www.securityfocus.com/archive/1/488428
______________________________________________________________________

08.09.93 CVE: Not Available
Platform: Web Application
Title: Quantum Game Library "CONFIG[gameroot]" Parameter Multiple
Remote File Include Vulnerabilities
Description: Quantum Game Library is a PHP-based application that
centralizes common game elements. The application is exposed to
multiple remote file include issues because it fails to sufficiently
sanitize user-supplied input to the "CONFIG[gameroot]" parameter of
the following scripts: "server_request.php" and "qlib/smarty.inc.php".
Quantum Game Library version 0.7.2c is affected.
Ref: http://www.securityfocus.com/bid/27945
______________________________________________________________________

08.09.94 CVE: Not Available
Platform: Web Application
Title: phpProfiles "body_comm.inc.php" Remote File Include
Description: phpProfiles is a profile management application
implemented in PHP. The application is exposed to a remote file
include issue because it fails to properly sanitize user-supplied
input to the "content" parameter of the "body_comm.inc.php" script.
phpProfiles version 4.5.2 is affected.
Ref: http://www.securityfocus.com/bid/27952
______________________________________________________________________

08.09.95 CVE: Not Available
Platform: Web Application
Title: PHPEcho CMS "Smarty.class.php" Remote File Include
Description: PHPEcho CMS is a content management system implemented in
PHP. The application is exposed to a remote file include issue because
it fails to properly sanitize user-supplied input to the
"smarty_compile_path" parameter of the "Smarty.class.php" script.
PHPEcho CMS version 2.0-rc3 is affected.
Ref: http://www.securityfocus.com/archive/1/488661
______________________________________________________________________

08.09.96 CVE: Not Available
Platform: Web Application
Title: LWS php Download Manager "body.inc.php" Local File Include
Description: LWS php Download Manager is a web-based application that
provides download and file masking functionality. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "content" parameter of the
"include/body.inc.php" script. php Download Manager versions 1.1 and
1.0 are affected.
Ref: http://www.securityfocus.com/bid/27961
______________________________________________________________________

08.09.97 CVE: Not Available
Platform: Web Application
Title: Portail Web Php Multiple Remote And Local File Include
Vulnerabilities
Description: Portail Web Php is a PHP-based content manager. The
application is exposed to multiple remote and local file include
issues because it fails to sufficiently sanitize input. Portail Web
Php versions 2.5.1.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/27962
______________________________________________________________________

08.09.98 CVE: Not Available
Platform: Web Application
Title: LWS php User Base "header.inc.php" Remote File Include
Description: LWS php User Base is a PHP-based user management system.
The application is exposed to a remote file include issue because it
fails to properly sanitize user-supplied input to the "menu" parameter
of the "templates/default/header.inc.php" script. php User Base
version 1.3 BETA is affected.
Ref: http://www.securityfocus.com/bid/27963
______________________________________________________________________

08.09.99 CVE: Not Available
Platform: Web Application
Title: LWS php User Base "unverified.inc.php" Local File Include
Description: LWS php User Base is a PHP-based user management system.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "template"
parameter of the "include/unverified.inc.php" script. php User Base
version 1.3 BETA is affected.
Ref: http://www.securityfocus.com/bid/27964
______________________________________________________________________

08.09.100 CVE: Not Available
Platform: Web Application
Title: phpRaider Resistance Field HTML Injection
Description: phpRaider is a web-based raid management application for
MMORPGs (Massive Multiplayer Online Role Playing Game). The
application is exposed to an HTML injection issue because it fails to
properly sanitize user-supplied input before using it in dynamically
generated content. This issue affects the "resistance" field of
character profiles. phpRaider version 1.0.7 is affected.
Ref: http://www.securityfocus.com/bid/27976
______________________________________________________________________

08.09.101 CVE: Not Available
Platform: Web Application
Title: WordPress Sniplets Plugin Multiple Input Validation
Vulnerabilities
Description: Sniplets is a text insertion plugin for WordPress. The
application is exposed to multiple input validation issues. WordPress
Sniplets version 1.1.2 is affected.
Ref: http://www.securityfocus.com/archive/1/488734
______________________________________________________________________

08.09.102 CVE: Not Available
Platform: Web Application
Title: H-Sphere SiteStudio Unspecified Issues
Description: H-Sphere SiteStudio is a web-based application for site
design. The application is exposed to an unspecified issue. H-Sphere
SiteStudio versions prior to 1.8b are affected.
Ref: http://www.psoft.net/misc/hs_ss_technical_update.html
______________________________________________________________________

08.09.103 CVE: CVE-2008-0124
Platform: Web Application
Title: S9Y Serendipity "Real Name" Field HTML Injection
Description: Serendipity is a blog application. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. This issue affects the "Real Name"  field parameter in the
"Dialogue" page contained in the "Personal Settings" section.
Serendipity versions prior to 1.3-beta1 are affected.
Ref: http://int21.de/cve/CVE-2008-0124-s9y.html
______________________________________________________________________

08.09.104 CVE: Not Available
Platform: Web Application
Title: IBM ISS Internet Scanner HTML Injection
Description: IBM ISS Internet Scanner is a vulnerability assessment
application. The application is exposed to an HTML injection issue
because it fails to properly sanitize user-supplied input to an
unspecified parameter before saving it as an HTML report. Internet
Scanner version 7.0 Service Pack 2 (build 7.2.2005.52) is affected.
Ref: http://www.iss.net/products/Internet_Scanner/product_main_page.html
______________________________________________________________________

08.09.105 CVE: Not Available
Platform: Network Device
Title: Vocera Communications System PEAP Certificate Verification
Security Bypass
Description: The Vocera Communications System badge devices are VOIP
(Voice Over IP) phone devices. The Vocera Communications System is
exposed to a security bypass issue in its PEAP implementation. This is
due to a failure of the software to properly validate server
certificates. Vocera Communications System badge devices are affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060453.html
______________________________________________________________________

08.09.106 CVE: Not Available
Platform: Network Device
Title: ZyXEL Gateway Products Multiple Vulnerabilities
Description: ZyXEL gateway products are devices for home and
small-office applications that provide gateway functionality and
support various interfaces. The application is exposed to multiple
issues.
Ref: http://www.securityfocus.com/archive/1/488431
______________________________________________________________________

08.09.107 CVE: Not Available
Platform: Network Device
Title: Nortel UNIStim IP Phone Remote Ping Denial of Service
Description: Nortel UNIStim IP Phones are voice-over-IP products that
utilize the proprietary Unified Networks IP Stimulus (UNIStim)
protocol. The application is exposed to a remote denial of service
issue because the software fails to properly handle unexpected network
datagrams. Phones with firmware 0604DAS are affected.
Ref: http://www.securityfocus.com/archive/1/488782
______________________________________________________________________
[ terug ]