Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
March 6, 2008                                             Vol. 7. Week 10
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                  1
Third Party Windows Apps                  8 (#2, #5)
Linux                                     8
Solaris                                   1
Cross Platform                           16 (#1, #3, #4, #6, #7)
Web Application - Cross Site Scripting   11
Web Application - SQL Injection          14
Web Application                          18
Network Device                            3

***************************** Sponsored By SANS *************************

Two great Summits - one great location. Join your peers in Las Vegas for
the Penetration Testing Summit and Application Security Summit. Find out
what works and what doesn't in Penetration Testing and Application
Security. June 2-3.
http://www.sans.org/info/25243
http://www.sans.org/info/25248

*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Borland VisiBroker String Handling Vulnerabilities
(2) CRITICAL: Borland StarTeam Server Multiple Vulnerabilities
(3) CRITICAL: Versant Object Database Arbitrary Command Execution
(4) HIGH: GNOME Evolution Message Handling Format String Vulnerability
(5) HIGH: Symantec Backup Exec for Windows Multiple ActiveX Vulnerabilities
(6) MODERATE: Sun Java Runtime Environment Multiple Undisclosed Vulnerabilities
Other Software
(7) HIGH: SARG Multiple Vulnerabilities

**************************  Sponsored Links:  ***************************

1) Join SANS in Australia for SANS Canberra 2008, 30 June - 5 July! 
http://www.sans.org/info/25249
*************************************************************************
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
08.10.1  - Microsoft Jet DataBase Engine MDB File Parsing Unspecified Remote
 -- Third Party Windows Apps
08.10.2  - InterVideo WinDVD Media Center Remote Denial of Service
Vulnerabilities
08.10.3  - Trend Micro OfficeScan Buffer Overflow Vulnerability and Denial of
Service
08.10.4  - Symantec Backup Exec Scheduler ActiveX Control Multiple Stack-Based
Buffer Overflow Vulnerabilities
08.10.5  - Symantec Backup Exec Scheduler ActiveX Control Arbitrary File
Overwrite
08.10.6  - ICQ Message Processing Remote Format String
08.10.7  - Learn2 STRunner "iestm32.dll" ActiveX Control Multiple Buffer
Overflow Vulnerabilities
08.10.8  - PacketTrap pt360 Tool Suite TFTP Server Remote Denial of Service
08.10.9  - ICQ Toolbar "toolbaru.dll" ActiveX Control Remote Denial of Service
 -- Linux
08.10.10 - Ghostscript Unspecified Buffer Overflow
08.10.11 - D-Bus "send_interface" Attribute Security Policy Bypass
08.10.12 - am-utils "expn" Insecure Temporary File Creation
08.10.13 - XWine Printing Insecure Temporary File Creation
08.10.14 - Dovecot "mail_extra_groups" Insecure Settings Local Unauthorized
Access
08.10.15 - Linux Kiss Server Multiple Format String Vulnerabilities
08.10.16 - SILC Toolkit "silcutil.c" Function Buffer Overflow
08.10.17 - Gnome Evolution Encrypted Message Format String
 -- Solaris
08.10.18 - Sun Solaris 8 Directory Functions Local Denial of Service
 -- Cross Platform
08.10.19 - Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
08.10.20 - Crysis Username Format String
08.10.21 - NetBSD IPSec Policy Bypass
08.10.22 - IBM WebSphere MQ Security Bypass
08.10.23 - Citrix Presentation And Desktop Servers Information Disclosure
08.10.24 - NetWin SmsGate "Content-Length" Parameter Denial of Service
08.10.25 - Beehive/SendFile.NET "SendFile.jar" Insecure Default Account
Unauthorized Access
08.10.26 - ADI Convergence Galaxy FTP Server Password Remote Denial of Service
08.10.27 - PacketTrap pt360 Tool Suite TFTP Server Directory Traversal
08.10.28 - Android Web Browser GIF File Heap-Based Buffer Overflow
08.10.29 - Android Web Browser BMP File Integer Overflow
08.10.30 - Adobe Acrobat Reader "acroread" Insecure Temporary File Creation
08.10.31 - Borland StarTeam Multiple Remote Vulnerabilities
08.10.32 - Sun Java SE March 2008 Advance Notification of Multiple
Vulnerabilities
08.10.33 - Borland VisiBroker Smart Agent Multiple Remote Vulnerabilities
08.10.34 - Versant Object Database "VERSANT_ROOT" Remote Arbitrary Command
Execution
 -- Web Application - Cross Site Scripting
08.10.35 - Maian Script World Maian Cart Cross-Site Scripting
08.10.36 - Interspire Shopping Cart Cross-Site Scripting
08.10.37 - Juniper Networks Secure Access 2000 "rdremediate.cgi" Cross-Site
Scripting
08.10.38 - Flicks Software AuthentiX "username" Parameter Multiple Cross-Site
Scripting Vulnerabilities
08.10.39 - XRMS CRM "msg" Parameter Cross-Site Scripting
08.10.40 - Centreon "color_picker.php" Multiple Cross-Site Scripting
Vulnerabilities
08.10.41 - Crafty Syntax Live Help Multiple Cross-Site Scripting Vulnerabilities
08.10.42 - pfSense Unspecified Cross-Site Scripting Vulnerabilities
08.10.43 - XP Book "entry.php" Multiple Cross-Site Scripting Vulnerabilities
08.10.44 - TorrentTrader "msg" Parameter Cross-Site Scripting
08.10.45 - MG2 "list" Parameter Cross-Site Scripting Vulnerability
 -- Web Application - SQL Injection
08.10.46 - Joomla! and Mambo "com_simpleboard" Component "catid" Parameter SQL
Injection
08.10.47 - eazyPortal "upwd" and "uname" Multiple SQL Injection Vulnerabilities
08.10.48 - PHP-Nuke My_eGallery Module "gid" Parameter SQL Injection
08.10.49 - Koobi Pro "categ" Parameter SQL Injection
08.10.50 - Urulu "connectionId" Parameter Multiple SQL Injection Vulnerabilities
08.10.51 - Koobi "categ" Parameter SQL Injection
08.10.52 - Joomla! and Mambo "com_musica" Component "id" Parameter SQL Injection
08.10.53 - PHP-Nuke Johannes Hass "gaestebuch" Module "id" Parameter SQL
Injection
08.10.54 - phpComasy "index.php" SQL Injection
08.10.55 - phpArcadeScript "userid" Parameter SQL Injection
08.10.56 - PHP WEB SCRIPT Dynamic Photo Gallery "album.php" SQL Injection
08.10.57 - phpMyAdmin "$_REQUEST" SQL Injection
08.10.58 - PHP-Nuke eGallery Module "pid" Parameter SQL Injection
08.10.59 - Mitra Informatika Solusindo Cart "p" Parameter SQL Injection
 -- Web Application
08.10.60 - Centreon "get_image.php" Local File Include
08.10.61 - GROUP-E "head_auth.php" Remote File Include
08.10.62 - Drupal Multiple HTML Injection Vulnerabilities
08.10.63 - Barryvan Compo Manager "main.php" Remote File Include
08.10.64 - SiteBuilder Elite "CarpPath" Parameter Multiple Remote File Include
Vulnerabilities
08.10.65 - Podcast Generator Multiple Remote And Local File Include
Vulnerabilities
08.10.66 - Centreon "index.php" Local File Include
08.10.67 - netOffice Dwins Authentication Bypass Vulnerability and Arbitrary
File Upload
08.10.68 - Koobi Comment Form Authentication Bypass
08.10.69 - ViewVC Multiple Remote Information Disclosure Vulnerabilities
08.10.70 - phpMyTourney "tourney/index.php" Remote File Include
08.10.71 - Heathco Software h2desk Multiple Information Disclosure
Vulnerabilities
08.10.72 - MediaWiki JSON Callback Information Disclosure
08.10.73 - KC Wiki "wiki.php" Multiple Remote File Include Vulnerabilities
08.10.74 - Flyspray Multiple Information Disclosure, HTML Injection, and
Cross-Site Scripting Vulnerabilities
08.10.75 - SARG User-Agent Processing HTML Injection and Stack Buffer Overflow
Vulnerabilities
08.10.76 - PHP-Nuke "Seminars" Module "fileName" Parameter Local File Include
08.10.77 - Ariadne CMS Remote Arbitrary Shell Command Injection
 -- Network Device
08.10.78 - Juniper Networks Secure Access 2000 Web Root Path Disclosure
08.10.79 - Multiple Canon Multifunction Printer Products FTP Bounce
08.10.80 - Eye-Fi Multiple Security Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Borland VisiBroker String Handling Vulnerabilities
Affected:
Borland VisiBroker versions 8.00.00.C1.03 and prior

Description: Borland VisiBroker is the most popular commercial
implementation of the Common Object Request Broker Architecture (CORBA).
CORBA is an industry standard object model and architecture for
interprocess communication. VisiBroker contains a flaw in its handling
of CORBA strings. A specially crafted string with an overlarge length
could trigger an integer overflow vulnerability. Successfully exploiting
this vulnerability would allow an attacker to execute arbitrary code
with the privileges of the vulnerable process. Full technical details
and a proof-of-concept are publicly available for this vulnerability.

Status: Borland has not confirmed, no updates available.

References:
Security Advisory by Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/visibroken-adv.txt
Wikipedia Article on CORBA
http://en.wikipedia.org/wiki/Common_Object_Request_Broker_Architecture
Product Home Page
http://www.borland.com/us/products/visibroker/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/28084

************************************************

(2) CRITICAL: Borland StarTeam Server Multiple Vulnerabilities
Affected:
Borland StarTeam Server versions 10.0.0.57 and prior

Description: Borland StarTeam is a change and source code management
system for enterprises. Its server component contains multiple integer
overflow vulnerabilities in their handling of user requests. A specially
crafted user request could trigger one of these integer overflows.
Successfully exploiting one of these vulnerabilities would allow an
attacker to execute arbitrary code with the privileges of the vulnerable
process. Full technical details and a proof-of-concept are publicly
available for these vulnerabilities. Additionally, StarTeam MPX, a
messaging system built on top of StarTeam was discovered to use
vulnerable versions of some networking libraries, leading to multiple
vulnerabilities. These vulnerabilities were discussed in a previous
edition of @RISK.

Status: Borland has not confirmed, no updates available.

References:
Security Advisories from Luigi Auriemma (includes proofs-of-concept)
http://aluigi.altervista.org/adv/starteammpx-adv.txt
http://aluigi.altervista.org/adv/starteamz-adv.txt
Previous @RISK Entry
http://www.sans.org/newsletters/risk/display.php?v=7&i=4#widely5
Product Home Page
http://www.borland.com/us/products/starteam/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/28080

************************************************

(3) CRITICAL: Versant Object Database Arbitrary Command Execution
Affected:
Versant Object Database versions 7.0.1.3 and prior

Description: The Versant Object Database is a popular enterprise object
database system for C++ and Java. It contains an input sanitization flaw
when processing user requests. A user request containing a specially
crafted command name would allow an attacker to execute arbitrary
commands on the vulnerable system with the privileges of the Object
Database process. Full technical details and a proof-of-concept are
publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available.

References:
Security Advisory by Luigi Auriemma (includes proof-of-concept)
http://aluigi.altervista.org/adv/versantcmd-adv.txt
Product Home Page
http://www.versant.com/en_US/products/objectdatabase
SecurityFocus BID
http://www.securityfocus.com/bid/28097

************************************************

(4) HIGH: GNOME Evolution Message Handling Format String Vulnerability
Affected:
GNOME Evolution versions 2.12.3 and prior

Description: Evolution is the GNOME desktop environment's mail and
personal information management application. It contains a flaw in
handling encrypted messages. Opening or displaying a specially crafted
encrypted message could trigger a format string vulnerability in
Evolution. Successfully exploiting this vulnerability would allow an
attacker to execute arbitrary code with the privileges of the current
user. The GNOME desktop environment is the default desktop environment
for a variety of Linux distributions, including distributions from Red
Hat and Ubuntu. GNOME Is also the primary desktop environment for recent
versions of Sun's Solaris operating system. Technical details for this
vulnerability are available via source code analysis.

Status: GNOME confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-8/advisory/
Evolution Home Page
http://www.gnome.org/projects/evolution/
GNOME Home Page
http://www.gnome.org/
SecurityFocus BID
http://www.securityfocus.com/bid/28102

************************************************

(5) HIGH: Symantec Backup Exec for Windows Multiple ActiveX Vulnerabilities
Affected:
Symantec Backup Exec for Windows versions 12.0.1364 and prior

Description: Symantec Backup Exec is a popular enterprise backup
solution. Part of its functionality on Microsoft Windows is provided by
an ActiveX control. This control contains multiple vulnerabilities in
several methods. A malicious web page that instantiates this control
could trigger one of these vulnerabilities. Successfully exploiting one
of these vulnerabilities would allow an attacker to execute arbitrary
code with the privileges of the current user. Some technical details are
publicly available for these vulnerabilities.

Status: Symantec confirmed, updates available.

References:
Secunia Security Advisories
http://secunia.com/secunia_research/2007-101/advisory/
http://secunia.com/secunia_research/2007-101/advisory/
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2008.02.29.html
SecurityFocus BIDs
http://www.securityfocus.com/bid/28008
http://www.securityfocus.com/bid/26904

************************************************

(6) MODERATE: Sun Java Runtime Environment Multiple Undisclosed Vulnerabilities
Affected:
Sun Java Runtime Environment versions prior to 6 Update 5.

Description: The Sun Java Runtime Environment contains multiple
vulnerabilities. The exact nature of these vulnerabilities is unknown,
but it suspected that at least one may allow arbitrary code execution
or privilege escalation from within the Java Runtime Environment. Sun
has released updates to the Java Runtime Environment to address these
vulnerabilities.

Status: Sun confirmed, updates available.

References:
Sun Java Release Notes
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
Sun Java Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/28083

****************
Other Software
****************

(7) HIGH: SARG Multiple Vulnerabilities
Affected:
SARG versions 2.x and prior

Description: SARG is the Squid Analysis Report Generator. It is used to
analyze and generate reports based on the logs written by the popular
Squid caching web proxy engine. It is often run on web and proxy servers
automatically and set intervals to process logs. It contains multiple
vulnerabilities in its handling of Squid log files. Since these log
files contain logs from requests to the associated proxy server,
external users can influence their contents. A specially crafted log
file containing a log of a malicious request could trigger a buffer
overflow vulnerability in SARG, allowing an attacker to execute
arbitrary code with the privileges of the vulnerable process.
Additionally, SARG does not properly sanitize log entries for JavaScript
code. This code could be executed in a browser when that browser is used
to view the generated report. Technical details for these
vulnerabilities are available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Secunia Security Advisory
http://secunia.com/advisories/28668/
SARG Release Notes
http://sourceforge.net/project/shownotes.php?release_id=581212
SARG Home Page
http://sarg.sourceforge.net/sarg.php
Squid Home Page
http://www.squid-cache.org/
SecurityFocus BID
http://www.securityfocus.com/bid/28077

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 10, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.10.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Jet DataBase Engine MDB File Parsing Unspecified
Remote
Description: Microsoft Jet Database Engine (Jet) provides data access
to various applications such as Microsoft Access, Microsoft Visual
Basic, and third-party applications. The application is exposed to an
issue that arises when the application parses malicious MDB files.
Ref: http://support.microsoft.com/kb/925330
______________________________________________________________________

08.10.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: InterVideo WinDVD Media Center Remote Denial of Service
Vulnerabilities
Description: InterVideo WinDVD Media Center is a suite of applications
designed to play music, video, DVD, and images. The application is
exposed to multiple remote denial of service issues due to
NULL-pointer dereference errors when handling network packets
containing two CRLF sequences. InterVideo WinDVD Media Center version
2.11.15.0 is affected.
Ref: http://www.securityfocus.com/bid/28016
______________________________________________________________________

08.10.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Trend Micro OfficeScan Buffer Overflow Vulnerability and Denial
of Service
Description: Trend Micro OfficeScan is an integrated enterprise-level
security product that protects against viruses, spyware, worms, and
blended threats. The application is exposed to a buffer overflow issue
and a denial of service issue. OfficeScan Corporate Edition 8.0 Patch
2 Build 1189 and earlier, and OfficeScan Corporate Edition 7.0 Patch 3
Build 1314 and earlier are affected.
Ref: http://www.securityfocus.com/archive/1/488839
______________________________________________________________________

08.10.4 CVE: CVE-2007-6016
Platform: Third Party Windows Apps
Title: Symantec Backup Exec Scheduler ActiveX Control Multiple
Stack-Based Buffer Overflow Vulnerabilities
Description: Symantec Backup Exec is a network-enabled backup solution
for Novell NetWare and Microsoft Windows platforms. An ActiveX control
in the scheduler component of Backup Exec is exposed to multiple
stack-based buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.29.html
______________________________________________________________________

08.10.5 CVE: CVE-2007-6017
Platform: Third Party Windows Apps
Title: Symantec Backup Exec Scheduler ActiveX Control Arbitrary File Overwrite
Description: Symantec Backup Exec is a network-enabled backup solution
for Novell NetWare and Microsoft Windows platforms. The application is
exposed to an issue that lets attackers overwrite arbitrary files.
Ref: http://www.symantec.com/avcenter/security/Content/2008.02.29.html
______________________________________________________________________

08.10.6 CVE: CVE-2008-1120
Platform: Third Party Windows Apps
Title: ICQ Message Processing Remote Format String
Description: ICQ is an instant-messaging client application for
Microsoft Windows. The application is exposed to a remote format
string issue because it fails to properly sanitize user-supplied input
before including it in the format-specifier argument of a
formatted-printing function. ICQ version 6 build 6043 is affected.
Ref: http://board.raidrush.ws/showthread.php?t=386983
______________________________________________________________________

08.10.7 CVE: CVE-2007-6252
Platform: Third Party Windows Apps
Title: Learn2 STRunner "iestm32.dll" ActiveX Control Multiple Buffer
Overflow Vulnerabilities
Description: Learn2 STRunner is an ActiveX control to display
multimedia content primarily for online tutorials. The application is
exposed to multiple buffer overflow issues because it fails to perform
adequate boundary checks on user-supplied data.
Ref: http://www.kb.cert.org/vuls/id/524857
______________________________________________________________________

08.10.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: PacketTrap pt360 Tool Suite TFTP Server Remote Denial of
Service
Description: PacketTrap pt360 Tool Suite is a network configuration
management application. The TFTP server is a component of the suite.
The application is exposed to a remote denial of service issue.
PacketTrap pt360 Tool Suite TFTP server version 1.1.33.1 is affected.
Ref: http://www.securityfocus.com/archive/1/489042
______________________________________________________________________

08.10.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ Toolbar "toolbaru.dll" ActiveX Control Remote Denial of
Service
Description: ICQ Toolbar is a set of add-ons for Microsoft Internet
Explorer. The application is exposed to a denial of service issue
because the application fails to perform adequate boundary checks on
user-supplied data. ICQ Toolbar version 2.3 Beta is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.10.10 CVE: CVE-2008-0411
Platform: Linux
Title: Ghostscript Unspecified Buffer Overflow
Description: Ghostscript is a freely available, open-source package
for rendering PostScript and PDF files. The application is exposed to
an unspecified buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. This issue occurs
when the application fails to handle malformed files.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0155.html
______________________________________________________________________

08.10.11 CVE: CVE-2008-0595
Platform: Linux
Title: D-Bus "send_interface" Attribute Security Policy Bypass
Description: D-Bus is a message bus system, a simple way for
applications to talk to one another. The application is exposed to an
issue that can allow its security policy to be bypassed. D-Bus
versions prior to 1.0.3 and 1.2.20 are affected.
Ref:
http://lists.freedesktop.org/archives/dbus/2008-February/009401.html
______________________________________________________________________

08.10.12 CVE: CVE-2008-1078
Platform: Linux
Title: am-utils "expn" Insecure Temporary File Creation
Description: The "am-utils" package is a port of the BSD automounter
"amd". The application is exposed to a security issue that allows
attackers to create temporary files in an insecure manner. The issue
presents itself because temporary files created by the "expn" utility
are writable by unauthorized local users.
Ref:
https://issues.rpath.com/browse/RPL-2255;jsessionid=
6248CE409F65BC9D8F19AC3D3C0FB5B9?page=com.atlassian.jira.plugin.system.
issuetabpanels:all-tabpanel
______________________________________________________________________

08.10.13 CVE: CVE-2008-0930
Platform: Linux
Title: XWine Printing Insecure Temporary File Creation
Description: XWine is a graphical user interface for WINE. The
application is exposed to a security issue because it creates
temporary files in an insecure manner. The issue occurs because the
application creates and uses temporary files with predictable
filenames when printing. XWine version 1.0.1 is affected.
Ref: http://packages.qa.debian.org/x/xwine.html
______________________________________________________________________

08.10.14 CVE: Not Available
Platform: Linux
Title: Dovecot "mail_extra_groups" Insecure Settings Local
Unauthorized Access
Description: Dovecot is a POP3 and IMPAP server for Linux and UNIX
operating platforms. The application is exposed to an issue that can
result in unauthorized access to arbitrary data. Dovecot versions
0.99.10.6 through 1.0.10 are affected.
Ref: http://www.dovecot.org/list/dovecot-news/2008-March/000061.html
______________________________________________________________________

08.10.15 CVE: Not Available
Platform: Linux
Title: Linux Kiss Server Multiple Format String Vulnerabilities
Description: Linux Kiss Server is a server for kiss enabled players.
The application is exposed to multiple format string issues because it
fails to properly sanitize user-supplied input before including it in
the format-specifier argument of a formatted-printing function. Linux
Kiss Server version 1.2 is affected.
Ref: http://www.vashnukad.com/
______________________________________________________________________

08.10.16 CVE: Not Available
Platform: Linux
Title: SILC Toolkit "silcutil.c" Function Buffer Overflow
Description: SILC Toolkit is an application-development framework to
implement secure conferencing services using the SILC protocol, which
supports AES, SHA-1, PKCS#1, PKCS#3, X.509, and OpenPGP. The application
is exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. SILC Toolkit versions
prior to 1.1.6 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=372021
______________________________________________________________________

08.10.17 CVE: CVE-2008-0072
Platform: Linux
Title: Gnome Evolution Encrypted Message Format String
Description: Gnome Evolution is an email, address book, and calendar
application for users of the GNOME desktop. The application is exposed
to a format string issue because it fails to properly
sanitize user-supplied input before passing it as the format specifier
argument of a formatted-printing function when processing encrypted
email massages. Gnome Evolution version 2.12.3 is affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0177.html
______________________________________________________________________

08.10.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 8 Directory Functions Local Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to a denial of service issue due to an
unspecified issue that affects directory functions and can be
triggered by a sequence of system calls or commands issued in a
specific manner. Solaris 8 for SPARC and x86 architectures is
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200163-1
______________________________________________________________________

08.10.19 CVE: CVE-2008-1072, CVE-2008-1071, CVE-2008-1070
Platform: Cross Platform
Title: Wireshark 0.99.7 Multiple Denial of Service Vulnerabilities
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic. It's available for Microsoft Windows and
UNIX-like operating systems. The application is exposed to multiple
denial of service issues when handling certain types of packets and
protocols in varying conditions. Wireshark versions 0.6.0 up to and
including 0.99.7 are affected.
Ref: http://www.wireshark.org/security/wnpa-sec-2008-01.html
______________________________________________________________________

08.10.20 CVE: CVE-2008-1127
Platform: Cross Platform
Title: Crysis Username Format String
Description: Crysis is a commercially-available game by Crytek, and
distributed by Electronic Arts. The application is exposed to a format
string issue that affects a "vsprintf()" function that is used during
the creation of debug strings. Crysis version 1.1.1.5879 is affected.
Ref: http://www.securityfocus.com/bid/28039
______________________________________________________________________

08.10.21 CVE: Not Available
Platform: Cross Platform
Title: NetBSD IPSec Policy Bypass
Description: IPSec is a series of security protocols that operate at
the network layer. The application is exposed to an issue that may
allow an attacker to bypass policy restrictions.
Ref: http://www.securityfocus.com/bid/28045
______________________________________________________________________

08.10.22 CVE: CVE-2008-1130
Platform: Cross Platform
Title: IBM WebSphere MQ Security Bypass
Description: IBM WebSphere MQ is a commercially available messaging
engine for enterprises. The application is exposed to a security
bypass issue because the application fails to properly restrict access
to certain functionality. IBM WebSphere MQ versions prior to 5.3 Fix
Pack 14 and prior to version 6.0.2.2 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg1IZ01272
______________________________________________________________________

08.10.23 CVE: Not Available
Platform: Cross Platform
Title: Citrix Presentation And Desktop Servers Information Disclosure
Description: Citrix Presentation and Desktop Servers are exposed to an
information disclosure issue. Citrix Presentation Server version 4.5
and Citrix Desktop Server version 1.0 are affected.
Ref: http://support.citrix.com/article/CTX116228
______________________________________________________________________

08.10.24 CVE: Not Available
Platform: Cross Platform
Title: NetWin SmsGate "Content-Length" Parameter Denial of Service
Description: NetWin SmsGate is a software that provides a gateway
between SMS and email. The application is exposed to a remote denial of
service issue due to a design error. Specifically, when the application
receives a request with an overly large "Content-Length" value it fails
to allocate memory and displays a message box, prompting the user to
choose an action. SmsGate versions 1.1n and earlier are affected.
Ref: http://aluigi.altervista.org/adv/smsgheit-adv.txt
______________________________________________________________________

08.10.25 CVE: Not Available
Platform: Cross Platform
Title: Beehive/SendFile.NET "SendFile.jar" Insecure Default Account
Unauthorized Access
Description: Beehive/SendFile.NET is a secure file-transfer product.
The application is exposed to an issue that can result in unauthorized
access. The issue occurs because of an insecure default account that
exists in the "outboxWriteUnsent()" function of the "FTPThread.class" 
in the "SendFile.jar" file.
Ref: http://www.securityfocus.com/archive/1/488947
______________________________________________________________________

08.10.26 CVE: Not Available
Platform: Cross Platform
Title: ADI Convergence Galaxy FTP Server Password Remote Denial of
Service
Description: ADI Convergence Galaxy FTP Server is a File Transfer
Protocol server application. The application is exposed to a denial of
service issue because it fails to perform adequate boundary checks on
user-supplied data. ADI Convergence Galaxy FTP Server version 0.1 is
affected.
Ref: http://www.securityfocus.com/archive/1/489008
______________________________________________________________________

08.10.27 CVE: Not Available
Platform: Cross Platform
Title: PacketTrap pt360 Tool Suite TFTP Server Directory Traversal
Description: PacketTrap pt360 Tool Suite is a network configuration
management application. The TFTP server is an FTP server component of
the suite. The application's default configuration is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input data. PacketTrap pt360 Tool Suite TFTP server
version 1.1.33.1 is affected.
Ref: http://www.securityfocus.com/archive/1/489034
______________________________________________________________________

08.10.28 CVE: CVE-2008-0985
Platform: Cross Platform
Title: Android Web Browser GIF File Heap-Based Buffer Overflow
Description: Android is a software stack for mobile devices that
includes an operating system, middleware, and key applications. The
application is exposed to a heap-based buffer overflow issue because
it fails to adequately bounds check user-supplied data before copying
it to an insufficiently sized memory buffer. Android SDK versions
m3-rc37a and earlier are affected.
Ref:
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-
released.html
______________________________________________________________________

08.10.29 CVE: CVE-2008-0986
Platform: Cross Platform
Title: Android Web Browser BMP File Integer Overflow
Description: Android is a software stack for mobile devices that
includes an operating system, middleware, and key applications. The
application is exposed to an integer overflow issue because it fails
to adequately handle user-supplied data. Android versions SDK m5-rc14
and earlier are affected.
Ref:
http://android-developers.blogspot.com/2008/03/android-sdk-update-m5-rc15-
released.html
______________________________________________________________________

08.10.30 CVE: CVE-2008-0883
Platform: Cross Platform
Title: Adobe Acrobat Reader "acroread" Insecure Temporary File Creation
Description: The Adobe Acrobat Reader package is a PDF file reader
that is available for multiple operating systems. The "acroread"
script is exposed to a security issue that allows attackers to create
temporary files in an insecure manner. SUSE Linux Enterprise Desktop
version 10 is affected.
Ref:
http://support.novell.com/techcenter/psdb/d8c48c63359fc807624182696d3d149c.html
______________________________________________________________________

08.10.31 CVE: Not Available
Platform: Cross Platform
Title: Borland StarTeam Multiple Remote Vulnerabilities
Description: Borland StarTeam is a commercially-available software
change management server application. The server component is
available for Microsoft Windows operating systems. The application is
exposed to multiple issues, including multiple integer overflow
issues, a heap overflow issue, and a denial of service issue. Borland
StarTeam Server 2008 and MPX products are affected.
Ref: http://www.securityfocus.com/archive/1/489037
______________________________________________________________________

08.10.32 CVE: Not Available
Platform: Cross Platform
Title: Sun Java SE March 2008 Advance Notification of Multiple
Vulnerabilities
Description: Sun has released an advance notification for security
updates for Java SE. The notification indicates that seven advisories
addressing multiple issues will be released on March 4, 2008.
Ref:
http://blogs.sun.com/security/entry/advance_notification_of_security_updates1
______________________________________________________________________

08.10.33 CVE: Not Available
Platform: Cross Platform
Title: Borland VisiBroker Smart Agent Multiple Remote Vulnerabilities
Description: Smart Agent provides COBRA ORB object location and
failure detection. The application is exposed to multiple remote
issues. Borland VisiBroker Smart Agent version 08.00.00.C1.03 is
affected.
Ref: http://www.securityfocus.com/bid/28084
______________________________________________________________________

08.10.34 CVE: Not Available
Platform: Cross Platform
Title: Versant Object Database "VERSANT_ROOT" Remote Arbitrary Command
Execution
Description: Versant Object Database is an enterprise-level
application for managing data. The application is exposed to an issue
that attackers can leverage to execute arbitrary commands. This issue
occurs because the application fails to adequately sanitize
user-supplied input during the client-to-server connection process.
Versant Object Database version 7.0.1.3  is affected.
Ref: http://www.securityfocus.com/bid/28097
______________________________________________________________________

08.10.35 CVE: CVE-2008-1075
Platform: Web Application - Cross Site Scripting
Title: Maian Script World Maian Cart Cross-Site Scripting
Description: Maian Cart is a PHP-based shopping cart. The application
is exposed to cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "keywords" parameter
of the "index.php" script. Maian Cart version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/28028
______________________________________________________________________

08.10.36 CVE: CVE-2008-1076
Platform: Web Application - Cross Site Scripting
Title: Interspire Shopping Cart Cross-Site Scripting
Description: Interspire Shopping Cart is a PHP-based shopping cart.
The application is exposed to cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the
"search_query" parameter of the "search.php" script.
Ref: http://www.securityfocus.com/bid/28029
______________________________________________________________________

08.10.37 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Juniper Networks Secure Access 2000 "rdremediate.cgi" Cross-Site
Scripting
Description: Juniper Networks Secure Access 2000 is a VPN (Virtual
Private Network) appliance used to securely connect remote clients to
enterprise networks. The application is exposed to a cross-site
scripting issue because it fails to adequately sanitize user-supplied
input to the "delivery_mode" parameter of the
"/dana-na/auth/rdremediate.cgi" script. Juniper Networks Secure Access
2000 version 5.5R1 Build 11711 is affected.
Ref: http://www.securityfocus.com/archive/1/488918
______________________________________________________________________

08.10.38 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Flicks Software AuthentiX "username" Parameter Multiple
Cross-Site Scripting Vulnerabilities
Description: Flicks Software AuthentiX is an ASP-based website
authentication application. The application is exposed to multiple
cross-site scripting issues because it fails to sanitize user-supplied
input. AuthentiX 6.3b1 Trial Version is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060476.html
______________________________________________________________________

08.10.39 CVE: CVE-2008-1129
Platform: Web Application - Cross Site Scripting
Title: XRMS CRM "msg" Parameter Cross-Site Scripting
Description: XRMS CRM is a web-based Customer Relationship Management
application. The application is exposed to a cross-site scripting
issue because it fails to adequately sanitize user-supplied input to
the "msg" parameter of the "/admin/users/self.php" script. XRMS CRM
version 1.99.2 is affected.
Ref: http://www.securityfocus.com/bid/28041
______________________________________________________________________

08.10.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Centreon "color_picker.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Centreon (formerly Oreon) is a PHP-based application for
monitoring networks. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input. The
"name" and "title" parameters of the
"/include/common/javascript/color_picker.php" script are affected.
Centreon versions 1.4.2.2 and 1.4.2.3 are affected.
Ref: http://www.securityfocus.com/bid/28043
______________________________________________________________________

08.10.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Crafty Syntax Live Help Multiple Cross-Site Scripting
Vulnerabilities
Description: Crafty Syntax Live Help (CSLH) is a web application that
allows site operators to monitor visitors and open chat sessions with
them. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input. The scripts
"user_questions.php", "livehelp.php", and "leavemessage.php" 
are affected. Crafty Syntax Live Help prior to 2.14.6 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=580994
______________________________________________________________________

08.10.42 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: pfSense Unspecified Cross-Site Scripting Vulnerabilities
Description: pfSense is an open source distribution of FreeBSD
designed for use as a firewall and router. The application is exposed
to cross-site scripting issues because it fails to sanitize
user-supplied input to unspecified parameters. pfSense versions prior
to 1.2 are affected.
Ref: http://www.securityfocus.com/bid/28072
______________________________________________________________________

08.10.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: XP Book "entry.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: XP Book is a PHP-based guestbook application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input. The "name" and "message"
parameters of the "/xpbook/entry.php" script are affected. XP Book
version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489025
______________________________________________________________________

08.10.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TorrentTrader "msg" Parameter Cross-Site Scripting
Description: TorrentTrader is a web-based torrent tracking
application. The application is exposed to a cross-site scripting
issue because it fails to adequately sanitize user-supplied input to
the "msg" parameter of the "account-inbox.php" script. TorrentTrader
Classic version 1.08 is affected.
Ref: http://www.securityfocus.com/archive/1/489039
______________________________________________________________________

08.10.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: MG2 "list" Parameter Cross-Site Scripting Vulnerability
Description: MG2 (Mini Gallery 2) is a web-based photo gallery
implemented in PHP. The application is exposed to a cross-site
scripting issue because it fails to adequately sanitize user-supplied
input to the "list" parameter of the "admin.php" script.
Ref: http://www.securityfocus.com/archive/1/489126
______________________________________________________________________

08.10.46 CVE: CVE-2008-1077
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_simpleboard" Component "catid" Parameter
SQL Injection
Description: The "com_simpleboard" component is a bulletin board
module for the Joomla! and Mambo content managers. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "catid" parameter of the
"com_simpleboard" component.
Ref: http://www.securityfocus.com/bid/28018
______________________________________________________________________

08.10.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eazyPortal "upwd" and "uname" Multiple SQL Injection
Vulnerabilities
Description: eazyPortal is a content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "upwd" and
"uname" parameters before using it in an SQL query. eazyPortal version
1.0 is affected.
Ref: http://www.securityfocus.com/bid/28019
______________________________________________________________________

08.10.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke My_eGallery Module "gid" Parameter SQL Injection
Description: "My_eGallery" is a photo album module for the PHP-Nuke
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"gid" parameter of the "modules.php" script when the "name" parameter
is set to "My_eGallery".
Ref: http://www.securityfocus.com/archive/1/488916
______________________________________________________________________

08.10.49 CVE: CVE-2008-1122
Platform: Web Application - SQL Injection
Title: Koobi Pro "categ" Parameter SQL Injection
Description: Koobi Pro is a web-based message board implemented in
PHP. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "categ"
parameter of the "index.php" script before using it in an SQL query.
Koobi Pro version 5.7 is affected.
Ref: http://www.securityfocus.com/bid/28031
______________________________________________________________________

08.10.50 CVE: CVE-2008-0385
Platform: Web Application - SQL Injection
Title: Urulu "connectionId" Parameter Multiple SQL Injection
Vulnerabilities
Description: Urulu is a PHP-based content manager that uses AJAX.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. Urulu version 2.1 and closed-source versions from
2008-02-05 through 2008-02-18 are affected.
Ref: http://www.securityfocus.com/archive/1/488909
______________________________________________________________________

08.10.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Koobi "categ" Parameter SQL Injection
Description: Koobi is a web-based message board. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "categ" parameter of the
"index.php" script before using it in an SQL query. Koobi versions
4.2.3 through 4.3.0 are affected.
Ref: http://www.securityfocus.com/bid/28059
______________________________________________________________________

08.10.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_musica" Component "id" Parameter SQL
Injection
Description: The "com_musica" component is a bulletin board module for
the Joomla! and Mambo content managers. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_musica"
component.
Ref: http://www.securityfocus.com/bid/28061
______________________________________________________________________

08.10.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Johannes Hass "gaestebuch" Module "id" Parameter SQL
Injection
Description: "gaestebuch" is a guestbook module written by Johannes
Hass for the PHP-Nuke content manager. The component is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter that is utilized by the
"gaestebuch" module. Johannes Hass gaestebuch version 2.2 is affected.
Ref: http://www.securityfocus.com/archive/1/489004
______________________________________________________________________

08.10.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpComasy "index.php" SQL Injection
Description: phpComasy is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "mod_project_id" parameter of the
"index.php" script before using it in an SQL query. phpComasy version
0.8 is affected.
Ref: http://www.securityfocus.com/bid/28064
______________________________________________________________________

08.10.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpArcadeScript "userid" Parameter SQL Injection
Description: phpArcadeScript is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "userid" parameter of
the "index.php" script before using it in an SQL query.
phpArcadeScript 1.0, 2.0, 3.0 RC1, and 3.0 RC2 are affected.
Ref: http://www.securityfocus.com/bid/28065
______________________________________________________________________

08.10.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP WEB SCRIPT Dynamic Photo Gallery "album.php" SQL Injection
Description: Dynamic Photo Gallery is a PHP-based web photo gallery.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "albumID" parameter
of the "album.php" script before using it in an SQL query. Dynamic
Photo Gallery version 1.02 is affected.
Ref: http://www.securityfocus.com/archive/1/489017
______________________________________________________________________

08.10.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMyAdmin "$_REQUEST" SQL Injection
Description: phpMyAdmin is a web-based administration interface for
MySQL databases. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data obtained
through the "$_REQUEST" super-global variable. phpMyAdmin versions
prior to 2.11.5 are affected.
Ref: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
______________________________________________________________________

08.10.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke eGallery Module "pid" Parameter SQL Injection
Description: eGallery is a photo album for the PHP-Nuke content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "pid"
parameter.
Ref: http://www.securityfocus.com/archive/1/489083
______________________________________________________________________

08.10.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mitra Informatika Solusindo Cart "p" Parameter SQL Injection
Description: Mitra Informatika Solusindo Cart is a PHP-based ecommerce
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"p" parameter of the "index.php" script.
Ref: http://www.securityfocus.com/archive/1/489116
______________________________________________________________________

08.10.60 CVE: Not Available
Platform: Web Application
Title: Centreon "get_image.php" Local File Include
Description: Centreon (formerly Oreon) is a PHP-based application for
monitoring networks. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "img" parameter of the "include/doc/get_image.php" script
before being used in an "fopen()" system call. Centreon version
1.4.2.2 and 1.4.2.3 are affected.
Ref: http://www.securityfocus.com/bid/28022
______________________________________________________________________

08.10.61 CVE: CVE-2008-1074
Platform: Web Application
Title: GROUP-E "head_auth.php" Remote File Include
Description: GROUP-E is a PHP-based collaboration software. The
application is exposed to a remote file include issue because it fails
to properly sanitize user-supplied input to the "CFG[PREPEND_FILE]"
parameter of the "head_auth.php" script. GROUP-E version 1.6.41 is
affected.
Ref: http://www.securityfocus.com/bid/28024
______________________________________________________________________

08.10.62 CVE: CVE-2008-1131
Platform: Web Application
Title: Drupal Multiple HTML Injection Vulnerabilities
Description: Drupal is an open-source content manager that is
available for a number of platforms. The application is exposed to two
HTML injection issues because it fails to sufficiently sanitize
user-supplied input. Drupal version 6.0 is affected.
Ref: http://drupal.org/node/227608
______________________________________________________________________

08.10.63 CVE: CVE-2008-1126
Platform: Web Application
Title: Barryvan Compo Manager "main.php" Remote File Include
Description: Barryvan Compo Manager is a PHP-based web application for
managing competitions. The application is exposed to a remote file
include issue because it fails to properly sanitize user-supplied
input to the "pageURL" parameter of the "main.php" script. Barryvan
Compo Manager version 0.3 is affected.
Ref: http://www.securityfocus.com/bid/28035
______________________________________________________________________

08.10.64 CVE: CVE-2008-1123
Platform: Web Application
Title: SiteBuilder Elite "CarpPath" Parameter Multiple Remote File
Include Vulnerabilities
Description: SiteBuilder Elite is an automated application for
creating web sites. The application is exposed to multiple remote file
include issues because it fails to sufficiently sanitize user-supplied
input to the "CarpPath" parameter of the following scripts:
"files/carprss.php" and "files/amazon-bestsellers.php". SiteBuilder
Elite version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/28036
______________________________________________________________________

08.10.65 CVE: CVE-2008-1124, CVE-2008-1125
Platform: Web Application
Title: Podcast Generator Multiple Remote and Local File Include
Vulnerabilities
Description: Podcast Generator is a PHP-based podcasting script.The
application is exposed to multiple remote and local file include
issues because it fails to sufficiently sanitize input. Podcast
Generator version 1.0 BETA 2 is affected.
Ref: http://www.securityfocus.com/bid/28038
______________________________________________________________________

08.10.66 CVE: Not Available
Platform: Web Application
Title: Centreon "index.php" Local File Include
Description: Centreon (formerly Oreon) is a PHP-based application for
monitoring networks. The application is exposed to a local file
include issue because it fails to properly sanitize user-supplied
input to the "page" parameter of the "include/doc/index.php" script
before using it in an "fopen()" system call. Centreon version 1.4.2.3
is affected.
Ref: http://www.securityfocus.com/bid/28052
______________________________________________________________________

08.10.67 CVE: Not Available
Platform: Web Application
Title: netOffice Dwins Authentication Bypass Vulnerability and
Arbitrary File Upload
Description: netOffice Dwins is a web-based time tracking, timesheet,
and  project management environment. The application is exposed to an
authentication bypass issue and an arbitrary file upload issue because
it fails to adequately sanitize user-supplied input. netOffice Dwins
version 1.3 p2 is affected.
Ref: http://www.securityfocus.com/archive/1/488958
______________________________________________________________________

08.10.68 CVE: Not Available
Platform: Web Application
Title: Koobi Comment Form Authentication Bypass
Description: Koobi is a web-based message board. The application is
exposed to an authentication bypass issue because it fails to perform
authentication checks to the "Comment" form. Koobi version 6.25 is
affected.
Ref: http://dream4.de/sicherheitsupdate_verfuegbar-112.htm
______________________________________________________________________

08.10.69 CVE: Not Available
Platform: Web Application
Title: ViewVC Multiple Remote Information Disclosure Vulnerabilities
Description: ViewVC is a web-based interface for CVS and Subversion
version-control repositories; it is implemented in Python. The
application is exposed to multiple information disclosure issues
because it fails to properly validate user privileges. ViewVC versions
prior to 1.0.5 are affected.
Ref:
http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?rev=HEAD
______________________________________________________________________

08.10.70 CVE: Not Available
Platform: Web Application
Title: phpMyTourney "tourney/index.php" Remote File Include
Description: phpMyTourney is a web-based application for hosting
tournaments. The application is exposed to a remote file include issue
because it fails to properly sanitize user-supplied input to the
"page" parameter of the "sources/tourney/index.php" script.
phpMyTourney version 2 is affected.
Ref: http://www.securityfocus.com/archive/1/488951
______________________________________________________________________

08.10.71 CVE: Not Available
Platform: Web Application
Title: Heathco Software h2desk Multiple Information Disclosure
Vulnerabilities
Description: Heathco Software h2desk is a PHP-based helpdesk
application. The application is exposed to multiple information
disclosure issues.
Ref: http://www.securityfocus.com/archive/1/488998
______________________________________________________________________

08.10.72 CVE: Not Available
Platform: Web Application
Title: MediaWiki JSON Callback Information Disclosure
Description: MediaWiki is a PHP-based wiki application. The
application is exposed to a cross-domain information disclosure issue
that stems from an error in processing of the JSON (JavaScript Object
Notation) callbacks by the MediaWiki API. MediaWiki versions 1.11
through 1.11.2 are affected.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
______________________________________________________________________

08.10.73 CVE: Not Available
Platform: Web Application
Title: KC Wiki "wiki.php" Multiple Remote File Include Vulnerabilities
Description: KC Wiki is a wiki application. The application is exposed
to multiple remote file include issues because it fails to properly
sanitize user-supplied input to the "page" parameter of the
"minimal/wiki.php" and "simplest/wiki.php" scripts. KC Wiki version
1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489024
______________________________________________________________________

08.10.74 CVE: Not Available
Platform: Web Application
Title: Flyspray Multiple Information Disclosure, HTML Injection, and
Cross-Site Scripting Vulnerabilities
Description: FlySpray is a bug tracking system. The application is
exposed to an information disclosure issue because it returns
different error messages when handling invalid authentication
credentials. Flyspray versions 0.9.9 through 0.9.9.4 are affected.
Ref: http://www.securityfocus.com/archive/1/489020
______________________________________________________________________

08.10.75 CVE: Not Available
Platform: Web Application
Title: SARG User-Agent Processing HTML Injection and Stack Buffer
Overflow Vulnerabilities
Description: SARG (Squid Analysis Report Generator) is an application
that logs web sites that users visit. The application is exposed to
multiple remote issues. SARG version 2.2.3.1 is affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=581212
______________________________________________________________________

08.10.76 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke "Seminars" Module "fileName" Parameter Local File
Include
Description: "Seminars" is a module for the PHP-Nuke content manager.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "fileName"
parameter when the "name" parameter is set to "Seminars".
Ref: http://www.securityfocus.com/archive/1/489084
______________________________________________________________________

08.10.77 CVE: Not Available
Platform: Web Application
Title: Ariadne CMS Remote Arbitrary Shell Command Injection
Description: Ariadne CMS is a web-based content manager. The
application is exposed to a remote command injection issue because it
fails to adequately sanitize user-supplied input data. Ariadne
versions prior to 2.6 are affected.
Ref: http://www.ariadne-cms.org/download/changes/
______________________________________________________________________

08.10.78 CVE: Not Available
Platform: Network Device
Title: Juniper Networks Secure Access 2000 Web Root Path Disclosure
Description: Juniper Networks Secure Access 2000 is a VPN (Virtual
Private Network) appliance used to securely connect remote clients to
enterprise networks. The application is exposed to a path disclosure
issue. This issue occurs when certain parameters are omitted from
requests to the "remediate.cgi" script. Secure Access 2000 5.5R1 Build
11711 is affected.
Ref: http://www.securityfocus.com/archive/1/488919
______________________________________________________________________

08.10.79 CVE: CVE-2008-0303
Platform: Network Device
Title: Multiple Canon Multifunction Printer Products FTP Bounce
Description: Canon multifunction printers are devices for printing,
faxing, copying and/or scanning documents. The application is exposed
to an FTP-Bounce issue that can allow remote attackers to connect
between the FTP server and an arbitrary port on another computer.
Ref: http://www.kb.cert.org/vuls/id/568073
______________________________________________________________________

08.10.80 CVE: Not Available
Platform: Network Device
Title: Eye-Fi Multiple Security Vulnerabilities
Description: The Eye-Fi Card is an SD (Secure Digital) memory card for
digital cameras that integrates Wi-Fi networking functionality 
to convert the camera into a WiFi device. The application is exposed
to multiple security issues. Eye-Fi version 1.1.2 is affected.
Ref: http://www.securityfocus.com/archive/1/489045
______________________________________________________________________
[ terug ]