Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
March 13, 2008                                            Vol. 7. Week 11
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Microsoft Office                            10 (#1, #2, #3, #6)
Other Microsoft Products                     3
Third Party Windows Apps                    11 (#4, #5, #8, #10)
Linux                                        4
Solaris                                      2
Aix                                          1
Unix                                         1
Cross Platform                              17 (#7, #9)
Web Application - Cross Site Scripting      18
Web Application - SQL Injection             18
Web Application                             17
Network Device                               2

**************************** Sponsored By SANS **************************

Are you a penetration tester who wants to learn about the latest testing
procedures and tools to improve your skills? Come to the Penetration
Testing and Ethical Hacking Summit to hear experts discuss policy,
process and technical aspects of testing. June 2-3, Las Vegas.
http://www.sans.org/info/25688
*************************************************************************
TRAINING UPDATE
Where can you find the newest Penetration Testing techniques,
Application Pen Testing, Hacker Exploits, Secure Web Application
Development, Security Essentials, Forensics, Wireless, Auditing, CISSP,
and SANS' other top-rated courses?
- - SANS 2008 in Orlando (4/18-4/25) SANS' biggest program with myriad
bonus sessions and a huge exhibition of security products:
http://www.sans.org/sans2008
- - Washington DC (Tyson's) 3/24-3/31 http://www.sans.org/tysonscorner08
- - San Diego (5/9-5/16) http://www.sans.org/securitywest08
- - Toronto (5/10-5/16) http://www.sans.org/toronto08
- - and in 100 other cites and on line any-time: www.sans.org
______________________________________________________________________

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS08-014)
(2) CRITICAL: Microsoft Outlook 'mailto' Remote Command Execution (MS08-015)
(3) CRITICAL: Microsoft Office Multiple Vulnerabilities (MS08-016)
(4) CRITICAL: Cisco User Changeable Password Multiple Vulnerabilities
(5) CRITICAL: McAfee ePolicy Orchestrator Format String Vulnerability
(6) HIGH: Microsoft Office Web Components Multiple Vulnerabilities (MS08-017)
(7) HIGH: SAP MaxDB Multiple Vulnerabilities
(8) HIGH: RealPlayer ActiveX Control Memory Corruption
(9) MODERATE Adobe Form Designer and Form Client Multiple Vulnerabilities
(10) LOW: Timbuktu Pro Directory Traversal Vulnerability

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Microsoft Office
08.11.1  - Microsoft Excel Data Validation Record Remote Code Execution
08.11.2  - Microsoft Excel Import Remote Code Execution
08.11.3  - Microsoft Office Web Components ActiveX Control URL Parsing Remote
Code Execution
08.11.4  - Microsoft Office Web Components ActiveX Control DataSource Remote
Code Execution
08.11.5  - Microsoft Office File Memory Corruption
08.11.6  - Microsoft Outlook Mailto URI Remote Code Execution
08.11.7  - Microsoft Excel Style Record Remote Code Execution
08.11.8  - Microsoft Excel Formula Parsing Remote Code Execution
08.11.9  - Microsoft Excel Rich Text Remote Code Execution
08.11.10 - Microsoft Excel Conditional Formatting Values Remote Code Execution
 -- Other Microsoft Products
08.11.11 - Microsoft March 2008 Advance Notification Multiple Vulnerabilities
08.11.12 - Microsoft Internet Explorer Combined JavaScript and XML Remote
Information Disclosure
08.11.13 - Microsoft Internet Explorer FTP Cross-Site Command Injection
 -- Third Party Windows Apps
08.11.14 - ICQ Toolbar "toolbaru.dll" ActiveX Control "GetPropertyById" Remote
Denial of Service
08.11.15 - MicroWorld eScan Server Directory Traversal
08.11.16 - B21Soft BFup ActiveX Control "FilePath" Remote Buffer Overflow
08.11.17 - MailEnable 3.13 and Prior IMAP Service Multiple Remote
Vulnerabilities
08.11.18 - MailEnable SMTP EXPN/VRFY Commands Denial of Service
08.11.19 - Real Networks RealPlayer "rmoc3260.dll" ActiveX Control Memory
Corruption
08.11.20 - Symantec Altiris Deployment Server Agents "AClient.exe" Privilege
Escalation
08.11.21 - Kingsoft Antivirus Online Update Module ActiveX Control Remote Buffer
Overflow
08.11.22 - Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
08.11.23 - PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of Service
08.11.24 - Adobe Form Designer and Adobe Form Client Multiple Input Validation
Vulnerabilities
 -- Linux
08.11.25 - Panda Internet Security/Antivirus+Firewall 2008 CPoint.sys Memory
Corruption
08.11.26 - MoinMoin Macro Code Information Disclosure
08.11.27 - Dovecot Tab Character Password Check Security Bypass
08.11.28 - IBM AIX Multiple Kernel and Command Privilege Escalation
Vulnerabilities
 -- Solaris
08.11.29 - Sun Solaris 10 "ipsecah(7P)" Kernel Module Local Denial of Service
08.11.30 - Sun Solaris 10 Inter-Process Communication (IPC) Local Denial of
Service
 -- Aix
08.11.31 - IBM AIX "man" Local Privilege Escalation
 -- Unix
08.11.32 - SynCE "vdccm" Daemon Remote Unspecified Denial of Service
 -- Cross Platform
08.11.33 - Perforce Server Multiple Remote Denial of Service Vulnerabilities
08.11.34 - Fujitsu Interstage Smart Repository Multiple Unspecified Denial of
Service Vulnerabilities
08.11.35 - Programmer's Notepad "ctags" Buffer Overflow
08.11.36 - Ruby WEBrick Remote Directory Traversal and Information Disclosure
Vulnerabilities
08.11.37 - Sun Java Runtime Environment Image Parsing Heap Buffer Overflow
08.11.38 - IBM Rational ClearQuest Information Disclosure Weakness
08.11.39 - IBM Rational ClearQuest User Identifier Information Disclosure
Weakness
08.11.40 - Acronis True Image Echo Enterprise Server Multiple Remote Denial of
Service Vulnerabilities
08.11.41 - Remotely Anywhere "Accept-Charset" Parameter NULL Pointer Denial of
Service
08.11.42 - SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
08.11.43 - Motorola Timbuktu Pro File Upload and Denial of Service
Vulnerabilities
08.11.44 - SAP MaxDB "vserver" Component Remote Heap Memory Corruption
08.11.45 - ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
08.11.46 - IBM Informix Dynamic Server Multiple Remote Vulnerabilities
08.11.47 - Red Hat Directory Server 7.1 Local Insecure Permissions
08.11.48 - Adobe ColdFusion Administration Interface Failed Login Audit
08.11.49 - IBM WebSphere Prior to 6.1.0.15 Multiple Vulnerabilities
 -- Web Application - Cross Site Scripting
08.11.50 - Podcast Generator "set_permissions.php" Cross-Site Scripting
08.11.51 - Sun Java System Access Manager Administration Console Multiple
Cross-Site Scripting Vulnerabilities
08.11.52 - Xitex WebContent M1 "redirect.do" Cross-Site Scripting
08.11.53 - Check Point VPN-1 UTM Edge Login Page Cross-Site Scripting
08.11.54 - BosDates Multiple Cross-Site Scripting Vulnerabilities
08.11.55 - Dokeos Multiple Remote Code Execution and Cross-Site Scripting
Vulnerabilities
08.11.56 - imageVue Multiple "path" Parameter Cross-Site Scripting
Vulnerabilities
08.11.57 - MediaWiki "api.php" Cross-Site Scripting
08.11.58 - BosClassifieds "account.php" Cross-Site Scripting
08.11.59 - Neptune Web Server 404 Error Page Cross-Site Scripting
08.11.60 - RemotelyAnywhere HTTP Service Cross-Site Scripting
08.11.61 - MoinMoin GUI Editor Multiple Cross-Site Scripting Vulnerabilities
08.11.62 - EncapsGallery "file" Parameter Multiple Cross-Site Scripting
Vulnerabilities
08.11.63 - ManageEngine ServiceDesk Plus "SolutionSearch.do" Cross-Site
Scripting
08.11.64 - Sun Java Server Faces Cross-Site Scripting
08.11.65 - Savvy Content Manager "searchterms" Parameter Multiple Cross-Site
Scripting Vulnerabilities
08.11.66 - Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
08.11.67 - Adobe LiveCycle Workflow Management Login Page Cross-Site Scripting
 -- Web Application - SQL Injection
08.11.68 - PHP-Nuke Yellow_Pages Module "cid" Parameter SQL Injection
08.11.69 - PHP-Nuke KutubiSitte Module "kid" Parameter SQL Injection
08.11.70 - PHP-Nuke 4nChat Module "roomid" Parameter SQL Injection
08.11.71 - XOOPS WF-Downloads Module "viewcat.php" SQL Injection
08.11.72 - phpBB Filebase Module "filebase.php" SQL Injection
08.11.73 - Joomla! and Mambo "ensenanzas" Component "id" Parameter SQL Injection
08.11.74 - PHP-Nuke NukeC30 Module "id_catg" Parameter SQL Injection
08.11.75 - Batchelor Media BM Classifieds Multiple SQL Injection Vulnerabilities
08.11.76 - PHP-Nuke 4nAlbum Module "pid" Parameter SQL Injection
08.11.77 - PHP-Nuke Hadith Module "cat" Parameter SQL Injection
08.11.78 - Joomla! and Mambo "Candle" Component "cID" Parameter SQL Injection
08.11.79 - QuickTicket "qti_usr.php" SQL Injection
08.11.80 - Joomla! and Mambo "com_ewriting" Component "Itemid" Parameter SQL
Injection
08.11.81 - phpMyNewsLetter "archives.php" SQL Injection
08.11.82 - Mapbender "mod_gazetteer_edit.php" SQL Injection
08.11.83 - Joomla! and Mambo ProductShowcase Component "id" Parameter SQL
Injection
08.11.84 - Bloo index.php Multiple SQL Injection Vulnerabilities
08.11.85 - QuickTalk forum "qtf_ind_search_ov.php" SQL Injection
 -- Web Application
08.11.86 - Numara FootPrints HTML Injection and Remote Command Execution
Vulnerabilities
08.11.87 - Joomla! Prior to 1.0.15 RC4 Multiple Remote Vulnerabilities
08.11.88 - Yap Blog "index.php" Remote File Include
08.11.89 - Zimbra Collaboration Suite HTML Injection
08.11.90 - WordPress "users.php" and "invite.php" Multiple Cross-Site Scripting
Vulnerabilities
08.11.91 - SID "dir" Parameter Multiple Remote File Include Vulnerabilities
08.11.92 - osTicket Malformed Ticket Remote Denial of Service
08.11.93 - zKup Authentication Bypass
08.11.94 - F5 BIG-IP Web Management Interface Console HTML Injection
08.11.95 - Alkacon OpenCms Multiple Input Validation Vulnerabilities
08.11.96 - Horde Framework Theme File Include
08.11.97 - Mapbender "factor" Parameter Remote Code Injection
08.11.98 - Sun Java Web Console Information Disclosure Weakness
08.11.99 - Argon Technology Client Management Services TFTP Server Directory
Traversal
08.11.100 - Drake CMS "d_root" Parameter Local File Include
08.11.101 - Gallarific Cross-Site Scripting and Authentication Bypass
Vulnerabilities
08.11.102 - PHP-Nuke ZClassifieds Module "cat" Parameter SQL Injection
 -- Network Device
08.11.103 - Airspan ProST WiMAX Device Web Interface Authentication Bypass
08.11.104 - ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS08-014)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office System 2007
Microsoft Office Excel Viewer 2003
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac

Description: Microsoft Excel contains multiple vulnerabilities in its
handling of a variety of Excel document features. Failure to properly
parse Excel files could lead to a variety of memory corruption
vulnerabilities. A specially crafted Excel file containing one of these
features could trigger one of these vulnerabilities. Successfully
exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user. Note
that, on recent versions of Microsoft Office, Excel files are not opened
upon receipt without user interaction. Some technical details are
publicly available for these vulnerabilities. At least one of these
vulnerabilities is being actively exploited in the wild.

Status: Microsoft confirmed, updates available.

References:
TippingPoint Security Advisory
http://dvlabs.tippingpoint.com/advisory/TPTI-08-03
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=671
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=672
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-014.mspx
Microsoft Technet Article (includes technical details)
http://blogs.technet.com/swi/archive/2008/03/11/the-case-of-the-uninitialized-
stack-variable-vulnerability.aspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/28095
http://www.securityfocus.com/bid/28166
http://www.securityfocus.com/bid/28170
http://www.securityfocus.com/bid/27305
http://www.securityfocus.com/bid/28168
http://www.securityfocus.com/bid/28094
http://www.securityfocus.com/bid/28167

*****************************************************

(2) CRITICAL: Microsoft Outlook 'mailto' Remote Command Execution (MS08-015)
Affected:
Microsoft Outlook 2000
Microsoft Outlook XP
Microsoft Outlook 2003
Microsoft Office 2007

Description: Microsoft Outlook fails to properly sanitize the contents
of "mailto:" URLs that are passed to it as arguments. A "mailto:" URL
is used to provide a link to an email address. On Microsoft Windows,
clicking a "mailto:" URL will invoke the application associated with
"mailto:" URLs; this is often Outlook. A specially crafted "mailto:" URL
could bypass sanitization, allowing for the injection of arbitrary
commands. Successfully exploiting this vulnerability would allow an
attacker to execute arbitrary commands with the privileges of the
current user. Some technical details are publicly available for this
vulnerability.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-015.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=673
Microsoft Technet Article (includes technical details)
http://blogs.technet.com/swi/archive/2008/03/11/protocol-handler-and-its-default
-security-zone.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/28147

*****************************************************

(3) CRITICAL: Microsoft Office Multiple Vulnerabilities (MS08-016)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Excel Viewer
Microsoft Office 2004 for Mac

Description: Microsoft Office contains a flaw in its handling of
Microsoft Excel and Office files. A specially crafted file could trigger
one of two memory corruption vulnerabilities. Successfully exploiting
one of these vulnerabilities would allow an attacker to execute
arbitrary code with the privileges of the current user. Note that, on
recent versions of Microsoft Office, documents are not opened upon
receipt without user interaction. Some technical details are publicly
available for these vulnerabilities.

Status: Microsoft confirmed, updates available.

References:
Zero Day Initiative Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-008/
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-016.mspx
SecurityFocus BIDs
http://www.securityfocus.com/bid/28146
http://www.securityfocus.com/bid/23826

*****************************************************

(4) CRITICAL: Cisco User Changeable Password Multiple Vulnerabilities
Affected:
Cisco User Changeable Password versions prior to 4.2

Description: Cisco User Changeable Password is a Cisco utility to
provide password and other authentication credential updates via a
web-based interface. It contains multiple buffer overflow
vulnerabilities in its handling of user input. A specially crafted
request would allow an unauthenticated attacker to exploit one of these
buffer overflows. Successfully exploiting one of these buffer overflows
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. Note that this may afford the attacker access
to an authentication database, potentially leading to further
exploitation. Note that full technical details and a proof-of-concept
are publicly available for this vulnerability. An additional
cross-site-scripting vulnerability was also discovered in this product.

Status: Cisco confirmed, updates available.

References:
Cisco Security Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
Recurity Labs Security Advisory
http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt
Product Documentation
http://www.cisco.com/warp/public/480/ucp.html
SecurityFocus BID
http://www.securityfocus.com/bid/28222

*****************************************************

(5) CRITICAL: McAfee ePolicy Orchestrator Format String Vulnerability
Affected:
McAfee ePolicy Orchestrator versions 4.0 and prior

Description: McAfee ePolicy Orchestrator is an enterprise policy
management framework. It contains a format string vulnerability in its
logging subsystem. A specially crafted request could trigger this
vulnerability. Successfully exploiting this vulnerability would allow
an attacker to execute arbitrary code with the privileges of the
vulnerable process. Full technical details and a proof-of-concept are
publicly available for this vulnerability. Note that other products
using the McAfee Framework may also be vulnerable.

Status: McAfee has not confirmed, no updates available.

References:
Advisory from Luigi Auriemma
http://aluigi.altervista.org/adv/meccaffi-adv.txt
Proof-of-Concept (binary file link)
http://aluigi.org/poc/meccaffi.zip
Product Home Page
http://www.mcafee.com/us/enterprise/products/system_security_management/
epolicy_orchestrator.html)
SecurityFocus BID
http://www.securityfocus.com/bid/28228

*****************************************************

(6) HIGH: Microsoft Office Web Components Multiple Vulnerabilities (MS08-017)
Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Visual Studio .NET 2002
Microsoft Visual Studio .NET 2003
Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2000
Microsoft Internet Security and Acceleration Server 2000

Description: The Microsoft Office Web Components are a collection of
ActiveX controls used for manipulating office documents. They contain
several flaws in their handling of method calls. A specially crafted web
page that instantiated one of these components could trigger a memory
corruption vulnerability. Successfully exploiting this vulnerability
would allow an attacker to execute arbitrary code with the privileges
of the current user.

Status: Microsoft confirmed, updates available. Users can mitigate the
impact of these vulnerabilities by disabling the affected controls via
Microsoft's "killbit" mechanism for CLSIDs
"0002E533-0000-0000-C000-000000000046",
"0002E530-0000-0000-C000-000000000046",
"0002E510-0000-0000-C000-000000000046", and
"0002E511-0000-0000-C000-000000000046".

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx
Microsoft Knowledge Base Article (details the "killbit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/28135

*****************************************************

(7) HIGH: SAP MaxDB Multiple Vulnerabilities
Affected:
SAP MaxDB versions 7.6.0.37 and prior

Description: MaxDB is an enterprise database system from SAP. It
contains multiple flaws in its handling of user requests. A specially
crafted user request could trigger one of several memory corruption
vulnerabilities.  Successfully exploiting one of these vulnerabilities
would allow an attacker to execute arbitrary code with the privileges
of the vulnerable process. Note that some versions of MaxDB are open
source, and these versions are presumed vulnerable. Therefore, technical
details for these vulnerabilities are publicly available via source code
analysis.

Status: SAP confirmed, updates available. Users can mitigate the impact
of these vulnerabilities by blocking access to TCP port 7210.

References:
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
Product Home Page
https://www.sdn.sap.com/irj/sdn/maxdb
SecurityFocus BID
http://www.securityfocus.com/bid/28183

*****************************************************

(8) HIGH: RealPlayer ActiveX Control Memory Corruption
Affected:
RealPlayer versions 11.x and prior

Description: RealPlayer provides some of its functionality on Microsoft
Windows via an ActiveX control. This control contains a flaw in its
handling of its "Console" property. A specially crafted web page that
instantiates this control could trigger this flaw, leading to memory
corruption. Successfully exploiting this corruption would allow an
attacker to execute arbitrary code with the privileges of the current
user. Full technical details are publicly available for this
vulnerability, as is a proof-of-concept.

Status: Real has not confirmed, no updates available. Users can mitigate
the impact of this vulnerability by disabling the affected control using
Microsoft's "killbit" mechanism using CLSIDs
"2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93" and
"CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA".

References:
Posting by Elazar (includes proof-of-concept)
http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html
Microsoft Knowledge Base Article (details the "killbit" mechanism)
http://support.microsoft.com/kb/240797
Vendor Home Page
http://www.real.com
SecurityFocus BID
http://www.securityfocus.com/bid/28157

*****************************************************

(9) MODERATE Adobe Form Designer and Form Client Multiple Vulnerabilities
Affected:
Adobe Form Designer versions 5.0 and prior
Adobe Form Client versions 5.0 and prior

Description: Adobe Form Designer is a tool allowing developers to deploy
forms as HTML or PDF documents. The Adobe Form Client is used to view
this documents. A specially crafted form file could trigger one of
multiple vulnerabilities in the affected application. Successfully
exploiting one of these vulnerabilities would allow an attacker to
execute arbitrary code with the privileges of the current user. No
technical details are publicly available for these vulnerabilities.

Status: Adobe confirmed, updates available.

References:
Adobe Security Advisory
http://www.adobe.com/support/security/bulletins/apsb08-09.html
Product Home Page
http://www.adobe.com/products/server/formdesigner/index.html
SecurityFocus BID
http://www.securityfocus.com/bid/28210

*****************************************************

(10) LOW: Timbuktu Pro Directory Traversal Vulnerability
Affected:
Timbuktu Pro versions 8.6.5 and prior

Description: Timbuktu Pro is a remote computer management product. It
contains a flaw in its handling of files uploaded to a remotely managed
computer. A specially crafted upload request could trigger a directory
traversal vulnerability, allowing the attacker to place a file in any
location on the system. A proof-of-concept for this vulnerability is
available. Note that this vulnerability does not allow already-existing
files to be overwritten or replaced. Authentication may be required to
exploit this vulnerability; this is unconfirmed.

Status: Vendor has not confirmed, no updates available.

References:
Advisory from Luigi Auriemma
http://aluigi.altervista.org/adv/timbuto-adv.txt
Proof-of-Concept (binary file link)
http://aluigi.org/poc/timbuto.zip
Product Home Page
http://www.netopia.com/software/products/tb2/
SecurityFocus BID
http://www.securityfocus.com/bid/28081

**********************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 11, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.

______________________________________________________________________

08.11.1 CVE: CVE-2008-0111
Platform: Microsoft Office
Title: Microsoft Excel Data Validation Record Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to perform sufficient validation
of data when loading Excel files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.2 CVE: CVE-2008-0112
Platform: Microsoft Office
Title: Microsoft Excel Import Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to perform sufficient validation
when importing files.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.3 CVE: CVE-2006-4695
Platform: Microsoft Office
Title: Microsoft Office Web Components ActiveX Control URL Parsing
Remote Code Execution
Description: Microsoft Office Components is a collection of Component
Object Model (COM) controls for publishing and viewing spreadsheets,
charts, and databases on websites. The software is exposed to a remote
code execution issue when parsing a specially crafted execution
command.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
______________________________________________________________________

08.11.4 CVE: CVE-2007-1201
Platform: Microsoft Office
Title: Microsoft Office Web Components ActiveX Control DataSource
Remote Code Execution
Description: Microsoft Office Component is a collection of Component
Object Model (COM) controls for publishing and viewing spreadsheets,
charts, and databases on websites. The application is exposed to a
remote code execution issue when handling a specially crafted 
execution command.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
______________________________________________________________________

08.11.5 CVE: CVE-2008-0118
Platform: Microsoft Office
Title: Microsoft Office File Memory Corruption
Description: Microsoft Office is exposed to a remote memory corruption
issue because of an improper calculation of values used to allocate
memory when Office files are opened. This may lead to an exploitable
memory corruption issue.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-016.mspx
______________________________________________________________________

08.11.6 CVE: CVE-2008-0110
Platform: Microsoft Office
Title: Microsoft Outlook Mailto URI Remote Code Execution
Description: Microsoft Outlook is exposed to a remote code execution
issue because it fails to adequately validate user-supplied data. This
issue occurs when users with the affected application installed visit
malicious sites containing "mailto:" URIs. When specially crafted
"mailto:" URIs are passed to Outlook, memory corruption may occur in a
manner that allows attackers to execute arbitrary code.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-015.mspx
______________________________________________________________________

08.11.7 CVE: CVE-2008-0114
Platform: Microsoft Office
Title: Microsoft Excel Style Record Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to adequately validate "Style"
record information.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.8 CVE: CVE-2008-0115
Platform: Microsoft Office
Title: Microsoft Excel Formula Parsing Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to adequately parse specially
crafted formulas.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.9 CVE: CVE-2008-0116
Platform: Microsoft Office
Title: Microsoft Excel Rich Text Remote Code Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to adequately validate
user-supplied Rich Text Format (RTF) data.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.10 CVE: CVE-2008-0117
Platform: Microsoft Office
Title: Microsoft Excel Conditional Formatting Values Remote Code
Execution
Description: Microsoft Excel is a spreadsheet application that is part
of the Microsoft Office suite. The application is exposed to a remote
code execution issue when parsing malformed Excel files. This issue
occurs because the application fails to adequately validate
conditional format values.
Ref: http://www.microsoft.com/technet/security/Bulletin/MS08-014.mspx
______________________________________________________________________

08.11.11 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft March 2008 Advance Notification Multiple
Vulnerabilities
Description: Microsoft has released advance notification of four
security bulletins being released on March 11, 2008.  The highest
severity rating for these issues is "Critical".
Ref: http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx
______________________________________________________________________

08.11.12 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer Combined JavaScript and XML Remote
Information Disclosure
Description: Microsoft Internet Explorer is exposed to a remote
information disclosure issue because of a flaw in the interaction
between JavaScript and XML processing in Internet Explorer.
Ref: http://www.0x000000.com/index.php?i=525&bin=1000001101
______________________________________________________________________

08.11.13 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer FTP Cross-Site Command Injection
Description: Microsoft Internet Explorer is a web browser for the
Microsoft Windows operating system that also supports File Transfer
Protocol (FTP) client functionality. The application is exposed to an
issue that occurs because the application fails to adequately sanitize
user-supplied data. Internet Explorer versions 5 and 6 are affected.
Ref: http://www.rapid7.com/advisories/R7-0032.jsp
______________________________________________________________________

08.11.14 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ Toolbar "toolbaru.dll" ActiveX Control "GetPropertyById"
Remote Denial of Service
Description: ICQ Toolbar is a set of addons for Microsoft Internet
Explorer. The application is exposed to a denial of service issue
because it fails to perform adequate boundary checks on user-supplied
data. ICQ Toolbar version 2.3 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.11.15 CVE: Not Available
Platform: Third Party Windows Apps
Title: MicroWorld eScan Server Directory Traversal
Description: MicroWorld eScan Server contains a read-only FTP server
that is used as part of the eScan Management Console application.
The application is exposed to a directory traversal issue because it
fails to sufficiently sanitize user-supplied input data. MicroWorld
eScan Server version 9.0.742.98 is affected.
Ref: http://www.securityfocus.com/archive/1/489228
______________________________________________________________________

08.11.16 CVE: Not Available
Platform: Third Party Windows Apps
Title: B21Soft BFup ActiveX Control "FilePath" Remote Buffer Overflow
Description: B21Soft BFup ActiveX control is exposed to a
buffer overflow issue because it fails to bounds check user-supplied
data before copying it into an insufficiently sized buffer. This issue
occurs when an excessive amount of data is passed to the "FilePath"
property of the ActiveX control. B21Soft BFup versions 1.0.308.19 and
earlier are affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.11.17 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailEnable 3.13 and Prior IMAP Service Multiple Remote
Vulnerabilities
Description: MailEnable is a commercially available mail server for
the Microsoft Windows platform. The application is exposed to multiple
remote issues in the IMAP service. MailEnable version 3.13 is
affected.
Ref: http://www.securityfocus.com/archive/1/489270
______________________________________________________________________

08.11.18 CVE: Not Available
Platform: Third Party Windows Apps
Title: MailEnable SMTP EXPN/VRFY Commands Denial of Service
Description: MailEnable is a commercially available mail server for
the Microsoft Windows platform. The application is exposed to a remote
denial of service issue. This issue arises in the SMTP server when
processing "EXPN" and "VRFY" commands and may result in a crash of the
affected service.
Ref: http://www.securityfocus.com/bid/28154
______________________________________________________________________

08.11.19 CVE: Not Available
Platform: Third Party Windows Apps
Title: Real Networks RealPlayer "rmoc3260.dll" ActiveX Control Memory
Corruption
Description: Real Networks RealPlayer is an application that allows
users to play various media formats. The application is exposed to a
memory corruption issue. Real Networks RealPlayer version 11 is
affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.11.20 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Altiris Deployment Server Agents "AClient.exe"
Privilege Escalation
Description: Symantec Altiris Deployment Server Agents provide core
components used by each Altiris solution and support the entire
Altiris Infrastructure. The application is exposed to shatter attacks
that can result in an escalation of privileges.
Ref: http://www.symantec.com/avcenter/security/Content/2008.03.10.html
______________________________________________________________________

08.11.21 CVE: Not Available
Platform: Third Party Windows Apps
Title: Kingsoft Antivirus Online Update Module ActiveX Control Remote
Buffer Overflow
Description: Kingsoft Antivirus Online Update Module ActiveX control
is exposed to a buffer overflow issue because it fails to bounds check
user-supplied data before copying it into an insufficiently sized
buffer.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.11.22 CVE: Not Available
Platform: Third Party Windows Apps
Title: Acronis Snap Deploy PXE Server TFTP Directory Traversal and
Denial of Service Vulnerabilities
Description: Acronis Snap Deploy is a software deployment application
available for Microsoft Windows. The application is exposed to
multiple remote issues.
Ref: http://aluigi.altervista.org/adv/acropxe-adv.txt
______________________________________________________________________

08.11.23 CVE: Not Available
Platform: Third Party Windows Apps
Title: PacketTrap pt360 Tool Suite PRO TFTP Server Remote Denial of
Service
Description: PacketTrap pt360 Tool Suite PRO is an application for
managing networks. The TFTP server is a component of the suite. The
application is exposed to a remote denial of service issue.
PacketTrap pt360 Tool Suite PRO TFTP server version 2.0.3901.0 is
affected.
Ref: http://www.securityfocus.com/archive/1/489355
______________________________________________________________________

08.11.24 CVE: CVE-2007-6253
Platform: Third Party Windows Apps
Title: Adobe Form Designer and Adobe Form Client Multiple
Input Validation Vulnerabilities
Description: Adobe Form Designer and Adobe Form Client are exposed to
multiple input validation issues because they fail to adequately
sanitize user-supplied input data.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-09.html
______________________________________________________________________

08.11.25 CVE: Not Available
Platform: Linux
Title: Panda Internet Security/Antivirus+Firewall 2008 CPoint.sys
Memory Corruption
Description: Panda Internet Security/Antivirus+Firewall 2008 is
exposed to a local kernel memory corruption issue due to insufficient
validation of IOCTL requests.
Ref: http://www.trapkit.de/advisories/TKADV2008-001.txt
______________________________________________________________________

08.11.26 CVE: CVE-2008-1099
Platform: Linux
Title: MoinMoin Macro Code Information Disclosure
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for UNIX and Linux platforms. The
application is exposed to an information disclosure issue.
Ref: http://www.securityfocus.com/bid/28178
______________________________________________________________________

08.11.27 CVE: Not Available
Platform: Linux
Title: Dovecot Tab Character Password Check Security Bypass
Description: Dovecot is a mail-server application for Linux and
UNIX-like operating systems. The application is exposed to a security
bypass issue because it fails to adequately sanitize user-supplied
input. Dovecot versions prior to 1.0.13 and 1.1.rc3 are affected.
Ref: http://dovecot.org/list/dovecot-news/2008-March/000064.html
______________________________________________________________________

08.11.28 CVE: Not Available
Platform: Linux
Title: IBM AIX Multiple Kernel and Command Privilege Escalation
Vulnerabilities
Description: IBM AIX is exposed to multiple privilege escalation
issues. IBM AIX versions 5.2, 5.3 and 6.1 are affected.
Ref:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154
______________________________________________________________________

08.11.29 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 "ipsecah(7P)" Kernel Module Local Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. The
application is exposed to a denial of service issue because of an
unspecified error that affects the "ipsecah(7P)" kernel module.
Solaris 10 for SPARC and x86 architectures is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233761-1
______________________________________________________________________

08.11.30 CVE: Not Available
Platform: Solaris
Title: Sun Solaris 10 Inter-Process Communication (IPC) Local Denial
of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution.
Solaris is exposed to a denial of service issue because of an
unspecified error that affects the Inter-Process Communication (IPC)
message queue sub-system. This issue allows local unprivileged
attackers to block all input/output operations on a message queue.
Solaris 10 for SPARC and x86 architectures is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231403-1
______________________________________________________________________

08.11.31 CVE: Not Available
Platform: Aix
Title: IBM AIX "man" Local Privilege Escalation
Description: IBM AIX is exposed to a local privilege escalation issue
because it fails to specify full paths to executables. Specifically,
the "man" utility fails to specify the full path to executables that it
calls.
Ref: http://www-1.ibm.com/support/docview.wss?uid=isg1IZ17177
______________________________________________________________________

08.11.32 CVE: Not Available
Platform: Unix
Title: SynCE "vdccm" Daemon Remote Unspecified Denial of Service
Description: SynCE is an open-source project that provides tools to
communicate between Microsoft Windows CE or Pocket PC devices and
computers running Linux/UNIX. The application is exposed to a denial
of service issue. SynCE "vdccm" Daemon versions prior to 0.10.1 are
affected.
Ref: http://sourceforge.net/forum/forum.php?forum_id=766440
______________________________________________________________________

08.11.33 CVE: Not Available
Platform: Cross Platform
Title: Perforce Server Multiple Remote Denial of Service
Vulnerabilities
Description: Perforce Server is a file repository application. The
application is exposed to multiple remote denial of service issues.
Perforce Server version 2007.3 is affected.
Ref: http://www.securityfocus.com/archive/1/489179
______________________________________________________________________

08.11.34 CVE: Not Available
Platform: Cross Platform
Title: Fujitsu Interstage Smart Repository Multiple Unspecified Denial of
Service Vulnerabilities
Description: Fujitsu Interstage Smart Repository is exposed to two
denial of service issues. One issue occurs when the application handles
an incorrect request. The other issue occurs because of the way the
application handles large data that is sent to the attribute value
registered in it.
Ref:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr
-200801e.html
______________________________________________________________________

08.11.35 CVE: Not Available
Platform: Cross Platform
Title: Programmer's Notepad "ctags" Buffer Overflow
Description: Programmer's Notepad is an open-source text editor. The
application is exposed to a buffer overflow issue because it fails to
perform adequate boundary checks on user-supplied data. The issue
occurs when processing malformed "ctags". Programmer's Notepad version
2.0.6.1 is affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=581499&group_id=45545
______________________________________________________________________

08.11.36 CVE: Not Available
Platform: Cross Platform
Title: Ruby WEBrick Remote Directory Traversal and Information
Disclosure Vulnerabilities
Description: The Ruby programming language comes standard with the
WEBrick web server package. It can be used as a component of larger
programs to enable web server functionality. It is exposed to remote
directory traversal and information disclosure issues.
Ref: http://www.securityfocus.com/archive/1/489205
______________________________________________________________________

08.11.37 CVE: CVE-2008-1193
Platform: Cross Platform
Title: Sun Java Runtime Environment Image Parsing Heap Buffer Overflow
Description: Sun Java Runtime Environment is exposed to a heap-based
buffer overflow issue because the application fails to perform adequate
boundary checks on user-supplied data. The vulnerability is due to an
integer overflow that occurs in the "SpCurveToPublic()" function.
Ref: https://rhn.redhat.com/errata/RHSA-2008-0186.html
______________________________________________________________________

08.11.38 CVE: Not Available
Platform: Cross Platform
Title: IBM Rational ClearQuest Information Disclosure Weakness
Description: IBM Rational ClearQuest is an application for managing
software projects. The application is exposed to an information
disclosure issue due to a design error. Specifically, the application
produces different error messages for unsuccessful login attempts
depending on whether the attempt was performed with a valid or invalid
username. IBM Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are
affected.
Ref: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24018297
______________________________________________________________________

08.11.39 CVE: Not Available
Platform: Cross Platform
Title: IBM Rational ClearQuest User Identifier Information Disclosure
Weakness
Description: IBM Rational ClearQuest is an application for managing
software projects. The application is exposed to an information
disclosure issue due to a design error. Specifically, the application
uses session cookies that contain information about the user. IBM
Rational ClearQuest versions 7.0.1.1 and 7.0.0.2 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg24018297
______________________________________________________________________

08.11.40 CVE: Not Available
Platform: Cross Platform
Title: Acronis True Image Echo Enterprise Server Multiple Remote
Denial of Service Vulnerabilities
Description: Acronis True Image Echo Enterprise Server is an
application that allows users to view and manage backup for all
systems on the network. The application is exposed to multiple remote
denial of service issues.
Ref: http://aluigi.altervista.org/adv/acrogroup-adv.txt
______________________________________________________________________

08.11.41 CVE: Not Available
Platform: Cross Platform
Title: Remotely Anywhere "Accept-Charset" Parameter NULL Pointer
Denial of Service
Description: Remotely Anywhere is an application that allows remote
administration of computers. It is exposed to a remote denial of service
issue because it fails to adequately sanitize user-supplied input.
Remotely Anywhere Server and Workstation version 8.0.688 is affected.
Ref: http://www.securityfocus.com/bid/28175
______________________________________________________________________

08.11.42 CVE: CVE-2008-0306
Platform: Cross Platform
Title: SAP MaxDB sdbstarter Environment Variable Local Privilege
Escalation
Description: MaxDB is a database application developed by SAP. It is
available for multiple platforms. The application is exposed to a
local privilege escalation issue in the "sdbstarter" utility.  This
issue is due to the handling of certain unspecified environment
variables used to specify configuration settings of various MaxDB
components. MaxDB version 7.6.0.37 on both Linux and Solaris platforms
is affected.
Ref: http://www.securityfocus.com/archive/1/489361
______________________________________________________________________

08.11.43 CVE: Not Available
Platform: Cross Platform
Title: Motorola Timbuktu Pro File Upload and Denial of Service
Vulnerabilities
Description: Motorola Timbuktu Pro is an application for remote
computer access. It's available for Apple Mac OS X and Microsoft
Windows. The application is exposed to multiple remote issues.
Motorola Timbuktu Pro version 8.6.5 for Windows is affected.
Ref: http://www.securityfocus.com/archive/1/489360
______________________________________________________________________

08.11.44 CVE: CVE-2008-0307
Platform: Cross Platform
Title: SAP MaxDB "vserver" Component Remote Heap Memory Corruption
Description: SAP MaxDB is a database application developed by SAP. The
application is exposed to a heap memory corruption issue in the
"vserver" component which is listening on TCP port 7210 by default.
MaxDB version 7.6.0.37 running on the Linux operating system is
affected.
Ref: http://www.securityfocus.com/archive/1/489357
______________________________________________________________________

08.11.45 CVE: Not Available
Platform: Cross Platform
Title: ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
Description: ASG-Sentry is an application that monitors, manages and
controls networks. The application is available for Microsoft Windows
and Unix-like operating systems. ASG-Sentry version 7.0.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489359
______________________________________________________________________

08.11.46 CVE: CVE-2008-0727, CVE-2008-0949
Platform: Cross Platform
Title: IBM Informix Dynamic Server Multiple Remote Vulnerabilities
Description: IBM Informix Dynamic Server is an application server that
runs on various platforms. The application is exposed to multiple
remote issues.
Ref: http://www.securityfocus.com/bid/28198
______________________________________________________________________

08.11.47 CVE: CVE-2008-0890
Platform: Cross Platform
Title: Red Hat Directory Server 7.1 Local Insecure Permissions
Description: Red Hat Directory Server is a directory service for LDAP
(Lightweight Directory Access Protocol). The application is exposed to
an insecure permissions issue affecting the "/opt/redhat-ds/java/jars"
directory. Red Hat Directory Server version 7.1 prior to Service Pack
4 is affected.
Ref: http://rhn.redhat.com/errata/RHSA-2008-0173.html
______________________________________________________________________

08.11.48 CVE: CVE-2008-1203
Platform: Cross Platform
Title: Adobe ColdFusion Administration Interface Failed Login Audit
Description: Adobe ColdFusion is an application server and
software development framework used for creating dynamic web-based
content. The application is exposed to an issue that allows attackers
to conceal login attempts to the administrative interface because
failed login attempts are not logged. ColdFusion MX versions 7 and 8
are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-08.html
______________________________________________________________________

08.11.49 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Prior to 6.1.0.15 Multiple Vulnerabilities
Description: IBM WebSphere Application Server is a utility for
creating enterprise web applications. The application is exposed to
multiple remote issues. IBM WebSphere Application Server versions
prior to 6.1.0.15 are affected.
Ref: http://www-1.ibm.com/support/docview.wss?uid=swg27007951
______________________________________________________________________

08.11.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Podcast Generator "set_permissions.php" Cross-Site Scripting
Description: Podcast Generator is a PHP-based podcasting script. The
application is exposed to a cross-site scripting issue because it fails
to adequately sanitize user-supplied input to the "scriptlang" parameter
of the "set_permissions.php" script. Podcast Generator version 0.96.2
is affected.
Ref: http://www.securityfocus.com/bid/28106
______________________________________________________________________

08.11.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Java System Access Manager Administration Console Multiple
Cross-Site Scripting Vulnerabilities
Description: Sun Java System Access Manager is an application for
managing secure access to web applications. The application is exposed
to an undisclosed cross-site scripting issue because it fails to
properly sanitize user-supplied input to unspecified parameters when
processing the "Help" and "Version" windows in the Administration Console.
Sun Java System Access Manager versions 7.1 and 7 2005Q4 (7.0) are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-201251-1
______________________________________________________________________

08.11.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Xitex WebContent M1 "redirect.do" Cross-Site Scripting
Description: Xitex WebContent M1 is a web-based content management
system. The application is exposed to a cross-site scripting issue
because it fails to adequately sanitize user-supplied input to the
"sid" parameter of the "redirect.do" script.
Ref: http://www.securityfocus.com/bid/28115
______________________________________________________________________

08.11.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Check Point VPN-1 UTM Edge Login Page Cross-Site Scripting
Description: Check Point VPN-1 UTM Edge is an appliance that provides
VPN server functionality. It has a web interface that can be used for
administration purposes. The web interface is exposed to a cross-site
scripting issue because it fails to adequately sanitize user-supplied
input to the "user" HTTP POST parameter of the login page. Check Point
VPN-1 UTM Edge firmware version 7.0.48x is affected.
Ref: http://www.louhi.fi/advisory/checkpoint_080306.txt
______________________________________________________________________

08.11.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BosDates Multiple Cross-Site Scripting Vulnerabilities
Description: BosDates is a calendar application that is written in
PHP. The application is exposed to multiple cross-site scripting
issues because it fails to sanitize user-supplied input. This issue
affects the "type" parameter of the "calendar.php" script and the
"category" parameter of the "calendar_search.php" script.
Ref: http://www.securityfocus.com/bid/28117/references
______________________________________________________________________

08.11.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Dokeos Multiple Remote Code Execution and Cross-Site Scripting
Vulnerabilities
Description: Dokeos is a PHP-based application for online learning.
The application is exposed to multiple unspecified cross-site
scripting and multiple unspecified remote code execution issues
because the application fails to sufficiently sanitize user-supplied
data. Dokeos version 1.8.4 prior to SP3 is affected.
Ref: http://www.dokeos.com/wiki/index.php/Security
______________________________________________________________________

08.11.56 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: imageVue Multiple "path" Parameter Cross-Site Scripting
Vulnerabilities
Description: ImageVue is a web-based photo gallery application that is
implemented in Flash and PHP. The application is exposed to multiple
cross-site scripting issues because it fails to properly sanitize
user-supplied input. ImageVue version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/28138
______________________________________________________________________

08.11.57 CVE: CVE-2008-0460
Platform: Web Application - Cross Site Scripting
Title: MediaWiki "api.php" Cross-Site Scripting
Description: MediaWiki is a PHP-based wiki application. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input to an unspecified
parameter in the "api.php" script.
Ref:
https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00147.html
______________________________________________________________________

08.11.58 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: BosClassifieds "account.php" Cross-Site Scripting
Description: BosClassifieds is a classified-ad application implemented
in PHP. The application is exposed to a cross-site scripting issue
because it fails to adequately sanitize user-supplied input to the
"returnTo" parameter of the "account.php" script. BosClassifieds
version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/28140
______________________________________________________________________

08.11.59 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Neptune Web Server 404 Error Page Cross-Site Scripting
Description: Neptune Web Server is an application server developed by
Silver Forge Systems. The application is exposed to a cross-site
scripting issue because it fails to sanitize user-supplied input. This
issue occurs in the 404 error page. Neptune Web Server Professional
Edition version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489282
______________________________________________________________________

08.11.60 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: RemotelyAnywhere HTTP Service Cross-Site Scripting
Description: RemotelyAnywhere is an application that allows remote
administration of computers. The application is exposed to a
cross-site scripting vulnerability because it fails to properly
sanitize user-supplied input to the "img" directory of its HTTP
service.
Ref: http://www.securityfocus.com/archive/1/489395
______________________________________________________________________

08.11.61 CVE: CVE-2008-1098
Platform: Web Application - Cross Site Scripting
Title: MoinMoin GUI Editor Multiple Cross-Site Scripting
Vulnerabilities
Description: MoinMoin is a freely available, open-source wiki written
in Python. It is available for UNIX and Linux platforms. The
application is exposed to multiple cross-site scripting issues because
it fails to sufficiently sanitize user-supplied input to unspecified
parameters of the "GUI editor formatter" and the code to delete pages.
Ref: http://www.securityfocus.com/bid/28173
______________________________________________________________________

08.11.62 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: EncapsGallery "file" Parameter Multiple Cross-Site Scripting
Vulnerabilities
Description: EncapsGallery is a photo gallery application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to the "file" parameter of the
"watermark.php" and "catalog_watermark.php" scripts. EncapsGallery
version 1.11.2 is affected.
Ref: http://www.securityfocus.com/bid/28178
______________________________________________________________________

08.11.63 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ManageEngine ServiceDesk Plus "SolutionSearch.do" Cross-Site Scripting
Description: ManageEngine ServiceDesk Plus is a Help Desk management
application. It is available for Windows and Linux. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the "searchText" parameter in the
"SolutionSearch.do" script. ManageEngine ServiceDesk Plus version
7.0.0 Build 7011 for Microsoft Windows is affected.
Ref: http://www.securityfocus.com/bid/28191
______________________________________________________________________

08.11.64 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Sun Java Server Faces Cross-Site Scripting
Description: Sun Java Server Faces is a Java-based Web application
development framework. The application is exposed to a cross-site
scripting issue because it fails to properly sanitize user-supplied
input. Sun Java Server Faces version 1.2 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233561-1
______________________________________________________________________

08.11.65 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Savvy Content Manager "searchterms" Parameter Multiple Cross-Site
Scripting Vulnerabilities
Description: Savvy Content Manager is a commercially-available web
content application implemented in Cold Fusion. The application is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied input.
Ref: http://www.besavvy.com/blog/index.cfm/2008/3/11/Security-Patch
______________________________________________________________________

08.11.66 CVE: CVE-2008-0643, CVE-2008-0644
Platform: Web Application - Cross Site Scripting
Title: Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities
Description: ColdFusion is software for developing web applications.
ColdFusion is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied
input. Adobe ColdFusion MX versions 7 and 8 are affected.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-07.html
______________________________________________________________________

08.11.67 CVE: CVE-2008-1202
Platform: Web Application - Cross Site Scripting
Title: Adobe LiveCycle Workflow Management Login Page Cross-Site
Scripting
Description: Adobe LiveCycle is a process management solution for
document services. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize
user-supplied data. The issue occurs in the web management login page.
Ref: http://www.adobe.com/support/security/bulletins/apsb08-10.html
______________________________________________________________________

08.11.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Yellow_Pages Module "cid" Parameter SQL Injection
Description: Yellow_Pages is a directory listing application for the
PHP-Nuke content manager. The component is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cid" parameter. Yellow_Pages component version 1 is affected.
Ref: http://www.paglasoft.com/product8
______________________________________________________________________

08.11.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke KutubiSitte Module "kid" Parameter SQL Injection
Description: KutubiSitte is a module for the PHP-Nuke content manager.
The component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "kid" parameter.
Ref: http://www.securityfocus.com/archive/1/489219
______________________________________________________________________

08.11.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke 4nChat Module "roomid" Parameter SQL Injection
Description: 4nChat is a chat application for the PHP-Nuke content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "roomid"
parameter.
Ref: http://www.securityfocus.com/bid/28128
______________________________________________________________________

08.11.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: XOOPS WF-Downloads Module "viewcat.php" SQL Injection
Description: The WF-Downloads module is a PHP-based application for
the XOOPS content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "cid" parameter of the "viewcat.php" script
before using it in an SQL query.
Ref:
http://smartfactory.ca/modules/wfdownloads/singlefile.php?cid=16&lid=107
______________________________________________________________________

08.11.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpBB Filebase Module "filebase.php" SQL Injection
Description: Filebase is a module for phpBB. It allows users to upload
files to a phpBB forum. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "filebase.php" script before using it in an
SQL query. All versions of Filebase are affected.
Ref: http://www.securityfocus.com/bid/28194
______________________________________________________________________

08.11.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "ensenanzas" Component "id" Parameter SQL
Injection
Description: "ensenanzas" is a component for the Joomla! and Mambo
content managers. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "com_ensenanzas" component before using it in an
SQL query.
Ref: http://www.securityfocus.com/archive/1/489390
______________________________________________________________________

08.11.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke NukeC30 Module "id_catg" Parameter SQL Injection
Description: NukeC30 is a module for the PHP-Nuke content manager. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id_catg" parameter.
The NukeC30 module version 3.0 is affected.
Ref: http://www.securityfocus.com/archive/1/489387
______________________________________________________________________

08.11.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Batchelor Media BM Classifieds Multiple SQL Injection
Vulnerabilities
Description: BM Classifieds is a PHP-based classifieds manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "cat"
parameter of the "showad.php" script and "ad" parameter of the
"pfriendly.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/28159
______________________________________________________________________

08.11.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke 4nAlbum Module "pid" Parameter SQL Injection
Description: 4nAlbum is a module for the PHP-Nuke content manager. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "pid" parameter when
used in conjunction with the "showpic" action.
Ref: http://www.securityfocus.com/bid/28162
______________________________________________________________________

08.11.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Nuke Hadith Module "cat" Parameter SQL Injection
Description: Hadith is a module for the PHP-Nuke content manager. The
component is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cat" parameter.
Ref: http://www.securityfocus.com/archive/1/489323
______________________________________________________________________

08.11.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "Candle" Component "cID" Parameter SQL
Injection
Description: Candle is a component for the Joomla! and Mambo content
managers. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cID"
parameter of the "com_candle" component before using it in an SQL
query. Candle version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/28174
______________________________________________________________________

08.11.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuickTicket "qti_usr.php" SQL Injection
Description: QuickTicket is a trouble-ticket manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "qti_usr.php"
script. QuickTicket versions 1.4 and 1.5.0.3 are affected.
Ref: http://www.securityfocus.com/bid/28176
______________________________________________________________________

08.11.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "com_ewriting" Component "Itemid" Parameter
SQL Injection
Description: The "com_ewriting" component is a module for the Joomla!
and Mambo content managers. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "Itemid" parameter of the "com_ewriting"
component. eWriting version 1.2.1 is affected.
Ref: http://www.securityfocus.com/bid/28179
______________________________________________________________________

08.11.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: phpMyNewsLetter "archives.php" SQL Injection
Description: phpMyNewsLetter is a newsletter-management application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "msg_id" parameter
of the "archives.php" script. phpMyNewsLetter version 0.8 beta 5 is
affected.
Ref: http://www.securityfocus.com/bid/28189
______________________________________________________________________

08.11.82 CVE: CVE-2008-0301
Platform: Web Application - SQL Injection
Title: Mapbender "mod_gazetteer_edit.php" SQL Injection
Description: Mapbender is a geospatial portal site management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"gaz" parameter of the "mod_gazetteer_edit.php" script. Mapbender
versions prior to 2.4.5 rc1 are affected.
Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2008-002.php
______________________________________________________________________

08.11.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo "ProductShowcase" Component "id" Parameter SQL
Injection
Description: ProductShowcase is a photo gallery component for the
Joomla! and Mambo content managers. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "com_productshowcase"
component before using it in an SQL query. ProductShowcase version 1.5
is affected.
Ref: http://www.securityfocus.com/bid/28202
______________________________________________________________________

08.11.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bloo index.php Multiple SQL Injection Vulnerabilities
Description: Bloo is an object-oriented web log application based on
the Phoo Phramework. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data. Bloo version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/28203
______________________________________________________________________

08.11.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: QuickTalk forum "qtf_ind_search_ov.php" SQL Injection
Description: QuickTalk forum is a forum manager implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "qtf_ind_search_ov.php" script. QuickTalk forum versions 1.6 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/28215
______________________________________________________________________

08.11.86 CVE: Not Available
Platform: Web Application
Title: Numara FootPrints HTML Injection and Remote Command Execution
Vulnerabilities
Description: Numara FootPrints is software for service-desk
management; it is available for multiple platforms. The application is
exposed to multiple input validation issues. Numara FootPrints version
8.1 for Linux is affected.
Ref: http://www.securityfocus.com/bid/28103
______________________________________________________________________

08.11.87 CVE: CVE-2007-6642, CVE-2007-6643, CVE-2007-6644,
CVE-2007-6645
Platform: Web Application
Title: Joomla! Prior to 1.0.15 RC4 Multiple Remote Vulnerabilities
Description: Joomla! is a content management system implemented in
PHP. The application is exposed to multiple remote issues. Joomla
versions prior to 1.0.15 RC4 are affected.
Ref: http://www.joomla.org/content/view/4335/116/
______________________________________________________________________

08.11.88 CVE: Not Available
Platform: Web Application
Title: Yap Blog "index.php" Remote File Include
Description: Yap Blog is a web-log application implemented in PHP. The
application is exposed to a remote file include issue because it fails
to sufficiently sanitize user-supplied input to the "page" parameter
of the "index.php" script.
Ref: http://www.securityfocus.com/bid/28120
______________________________________________________________________

08.11.89 CVE: Not Available
Platform: Web Application
Title: Zimbra Collaboration Suite HTML Injection
Description: Zimbra Collaboration Suite is an Ajax-based messaging and
collaboration application. The application is exposed to an HTML
injection issue because it fails to properly sanitize user-supplied
input when handling email attachments. Zimbra Collaboration versions
4.0.3 and 4.5.6 are affected.
Ref: http://www.securityfocus.com/bid/28134
______________________________________________________________________

08.11.90 CVE: Not Available
Platform: Web Application
Title: WordPress "users.php" and "invite.php" Multiple Cross-Site
Scripting Vulnerabilities
Description: WordPress is a web-based publishing application
implemented in PHP. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
This issue affects the following scripts and parameters: "invites.php:
to" and "user.php: invitemail". WordPress version 2.3.2 is affected.
Ref: http://www.securityfocus.com/archive/1/489241
______________________________________________________________________

08.11.91 CVE: Not Available
Platform: Web Application
Title: SID "dir" Parameter Multiple Remote File Include
Vulnerabilities
Description: SID (Specimen Image Database) is a database application
that stores high resoultion images. The application is exposed to
multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "dir" parameter of
the following scripts: "client.php" and "taxonservice.php".
Ref: http://www.securityfocus.com/bid/28142
______________________________________________________________________

08.11.92 CVE: Not Available
Platform: Web Application
Title: osTicket Malformed Ticket Remote Denial of Service
Description: osTicket is a PHP-based support ticket application. The
application is exposed to a denial of service issue because it fails to
sufficiently sanitize user-supplied input. This issue occurs when the
application handles malformed tickets. osTicket version 1.6 is affected.
Ref:
http://www.digitrustgroup.com/advisories/web-application-security-osticket.html
______________________________________________________________________

08.11.93 CVE: Not Available
Platform: Web Application
Title: zKup Authentication Bypass
Description: zKup is a content management system. The application is
exposed to an issue that allows attackers to bypass authentication.
This issue occurs because the application fails to authenticate
administrative users.
Ref: http://www.milw0rm.com/exploits/5220
______________________________________________________________________

08.11.94 CVE: Not Available
Platform: Web Application
Title: F5 BIG-IP Web Management Interface Console HTML Injection
Description: F5 BIG-IP is a scalable application-server device. The
web management interface is exposed to an HTML injection issue because
it fails to properly sanitize user-supplied input to the console
feature. F5 BIG-IP version 9.4.3 is affected.
Ref: http://www.securityfocus.com/archive/1/489290
______________________________________________________________________

08.11.95 CVE: Not Available
Platform: Web Application
Title: Alkacon OpenCms Multiple Input Validation Vulnerabilities
Description: Alkacon OpenCms is content management system software.
The application is exposed to multiple input validation issues because
it fails to sufficiently sanitize user-supplied input. Alkacon OpenCms
version 7.0.3 is affected.
Ref: http://www.securityfocus.com/archive/1/489291
______________________________________________________________________

08.11.96 CVE: Not Available
Platform: Web Application
Title: Horde Framework Theme File Include
Description: Horde Framework is an application framework used with
other Horde Project products. The application is exposed to a file
include issue because it fails to sufficiently sanitize user-supplied
input to the "theme" parameter in "Registry.php". Horde version 3.1.6
is affected.
Ref: http://www.securityfocus.com/archive/1/489239
______________________________________________________________________

08.11.97 CVE: CVE-2008-0300
Platform: Web Application
Title: Mapbender "factor" Parameter Remote Code Injection
Description: Mapbender is a geographic data management application.
The application is exposed to a remote code injection issue because it
fails to sufficiently sanitize user-supplied input to the "factor"
parameter before using it as the filename for a subsequently generated
file. Mapbender versions 2.4 to 2.4.4 are affected.
Ref: http://www.redteam-pentesting.de/advisories/rt-sa-2008-001.php
______________________________________________________________________

08.11.98 CVE: Not Available
Platform: Web Application
Title: Sun Java Web Console Information Disclosure Weakness
Description: Sun Java Web Console provides a common location for users
to access web-based Sun system management applications. The
application is exposed to an information disclosure to an unspecified
error. Sun Java Web Console version 3.0.2 is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-231526-1
______________________________________________________________________

08.11.99 CVE: Not Available
Platform: Web Application
Title: Argon Technology Client Management Services TFTP Server
Directory Traversal
Description: Argon Technology Client Management Services (CMS) is a
suite of applications that are used to setup an open network boot
environment. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input data.
Argon Technology Client Management Services versions 1.31 and earlier
are affected.
Ref: http://aluigi.altervista.org/adv/argonauti-adv.txt
______________________________________________________________________

08.11.100 CVE: Not Available
Platform: Web Application
Title: Drake CMS "d_root" Parameter Local File Include
Description: Drake CMS is a content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "d_root" parameter of the
"install/index.php" script. Drake CMS version 0.4.11_RC8 is affected.
Ref: http://www.securityfocus.com/bid/28165
______________________________________________________________________

08.11.101 CVE: Not Available
Platform: Web Application
Title: Gallarific Cross-Site Scripting and Authentication Bypass
Vulnerabilities
Description: Gallarific is a web-gallery application. The application
is exposed to multiple remote issues. Gallarific paid and free
versions are affected.
Ref: http://www.securityfocus.com/bid/28163
______________________________________________________________________

08.11.102 CVE: Not Available
Platform: Web Application
Title: PHP-Nuke ZClassifieds Module "cat" Parameter SQL Injection
Description: ZClassifieds is a module for the PHP-Nuke content
manager. The component is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "cat"
parameter.
Ref: http://www.securityfocus.com/archive/1/489416
______________________________________________________________________

08.11.103 CVE: Not Available
Platform: Network Device
Title: Airspan ProST WiMAX Device Web Interface Authentication Bypass
Description: Airspan ProST WiMAX device is a customer premise device
that converts WiMAX (Worldwide Interoperability for Microwave Access)
to Ethernet. The device's web interface is exposed to an
authentication bypass issue because it fails to perform adequate
authentication checks.
Ref: http://www.kb.cert.org/vuls/id/248372
______________________________________________________________________

08.11.104 CVE: CVE-2008-1160
Platform: Network Device
Title: ZyXEL ZyWALL Quagga And Zebra Processes Default Account Password
Description: ZyXEL ZyWALL 1050 is an internet security appliance that
uses Quagga and Zebra daemon software. The issue occurs because the
device fails to change the default password when a legitimate user
sets a new password. ZyWALL version 1050 is affected.
Ref: http://www.securityfocus.com/bid/28184
______________________________________________________________________
[ terug ]