Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
January 9, 2009                                           Vol. 8. Week 02
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                          1
Third Party Windows Apps                          1  (#2)
Linux                                             2
Solaris                                           1
Cross Platform                                   16 (#1, #3, #4)
Web Application - Cross Site Scripting            2
Web Application - SQL Injection                  19
Web Application                                  16
Network Device                                    2

*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Widely Deployed Software
(1) CRITICAL: HP OpenView Multiple Vulnerabilities
(2) HIGH: ComponentOne SizerOne ActiveX Control Buffer Overflow
(3) MODERATE: Computer Associates Multiple Products Remote Command Execution
(4) LOW: OpenSSL Signature Verification Weakness

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Other Microsoft Products
09.2.1 - Microsoft MSN Messenger IP Address Information Disclosure
 -- Third Party Windows Apps
09.2.2 - Elecard MPEG Player ".m3u" File Remote Stack Buffer Overflow
 -- Linux
09.2.3 - Linux Kernel Malformed "msghdr" Structure Remote Denial of Service
09.2.4 - Linux Kernel "FWD-TSN" Chunk Remote Buffer Overflow
 -- Solaris
09.2.5 - Sun Solaris NFS Version 4 Client Unspecified Local Denial of Service
 -- Cross Platform
09.2.6 - Destiny Media Player ".lst" File Remote Stack Buffer Overflow
09.2.7 - Apple Safari Webkit "alink" Property Memory Leak Remote Denial of
Service
09.2.8 - MemberKit My Picture Album Arbitrary File Upload
09.2.9 - Audacity "lib-src/allegro/strparse.cpp" Buffer Overflow
09.2.10  - Destiny Media Player
09.2.11  - VMWare Player and Workstation "vmware-authd" Multiple Remote Denial
of Service Vulnerabilities
09.2.12  - aMSN ".ctt" File Remote Denial of Service
09.2.13  - Links SSL Certificate Verification Security Weakness
09.2.14  - DotNetNuke User Account Security Bypass
09.2.15  - Google Chrome FTP Client PASV Port Scan Information Disclosure
09.2.16  - Walusoft TFTPServer2000 TFTP Server Directory Traversal
09.2.17  - Samba Registry Share Name Unauthorized Access
09.2.18  - L2J Multiple Unspecified Security Vulnerabilities
09.2.19  - Mozilla Firefox xdg-open "mailcap" File Remote Code Execution
09.2.20  - Massimiliano Montoro Cain & Abel Malformed ".conf" File Buffer
Overflow
09.2.21  - Mylene Multiple Unspecified Security Vulnerabilities
 -- Web Application - Cross Site Scripting
09.2.22  - KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of Service
Vulnerabilities
09.2.23  - Apache Roller "q" Parameter Cross Site Scripting
 -- Web Application - SQL Injection
09.2.24  - Joomla! and Mambo Simple Review Component "category" Parameter SQL
Injection
09.2.25  - 2Capsule Sticker "sticker.php" SQL Injection
09.2.26  - PowerNews "news.php" SQL Injection
09.2.27  - w3blabor CMS "admin/index.php" SQL Injection
09.2.28  - PowerClan Admin Login SQL Injection
09.2.29  - ASPThai.Net Webboard "bview.asp" SQL Injection
09.2.30  - GForge "GroupJoinRequest.class" SQL Injection
09.2.31  - WSN Guest "search.php" SQL Injection
09.2.32  - Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection
Vulnerabilities
09.2.33  - PhpMesFilms "index.php" SQL Injection
09.2.34  - plxWebDev plx Autoreminder "members.php" SQL Injection
09.2.35  - webSPELL Multiple SQL Injection Vulnerabilities
09.2.36  - SolucionXpressPro "main.php" SQL Injection
09.2.37  - Joomla! Phoca Documentation Component "id" Parameter SQL Injection
09.2.38  - Joomla! "com_na_newsdescription" Component "newsid" Parameter SQL
Injection
09.2.39  - RiotPix "read.php" SQL Injection
09.2.40  - RiotPix "username" Parameter SQL Injection
09.2.41  - Goople CMS "frontpage.php" SQL Injection
09.2.42  - IT!CMS "login.php" SQL Injection
 -- Web Application
09.2.43  - Cybershade CMS "index.php" Multiple Remote File Include
Vulnerabilities
09.2.44  - PNphpBB2 "ModName" Parameter Local File Include Vulnerabilities
09.2.45  - Lito Lite SQL Injection and Cross-Site Scripting Vulnerabilities
09.2.46  - DDL-Speed Script Multiple Remote File Include Vulnerabilities
09.2.47  - PHPFootball "filter.php" Password Hash Information Disclosure
09.2.48  - phpSkelSite Multiple Input Validation Vulnerabilities
09.2.49  - Built2Go PHP Rate My Photo "member.php" Arbitrary File Upload
09.2.50  - Built2Go PHP Link Portal "member.php" Arbitrary File Upload
09.2.51  - PHPAuctions "profile.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
09.2.52  - PHPAuctions Cookie Authentication Bypass
09.2.53  - SimpleIrcBot Authentication Unspecified Security Bypass
09.2.54  - PHPAuctions Multiple Remote File Include Vulnerabilities
09.2.55  - ezPack "index.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
09.2.56  - Movable Type "publish post" Security Bypass
09.2.57  - playSMS Multiple Remote and Local File Include Vulnerabilities
09.2.58  - Joomla! XStandard Component Directory Traversal
 -- Network Device
09.2.59  - Nokia Series 60 SMS/MMS Remote Denial of Service
09.2.60  - Intel Trusted Execution Technology Multiple Unspecified Security
Bypass Vulnerabilities
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************
(1) CRITICAL: HP OpenView Multiple Vulnerabilities
Affected:
HP OpenView versions 7.51 and prior

Description: HP OpenView is a popular suite of network monitoring and
management applications. It contains multiple vulnerabilities in a
variety of Common Gateway Interface (CGI) components. These components
are used to provide web interfaces to various parts of the application.
A specially crafted web request to one of these vulnerable applications
could trigger a buffer overflow vulnerability. Successfully exploiting
this vulnerability would allow an attacker to execute arbitrary code
with the privileges of the vulnerable process. Some technical details
are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Secunia Advisory
http://secunia.com/advisories/28074/
Product Home Page
https://h10078.www1.hp.com/cda/hpms/display/main/hpms_content.jsp?zn=bto&cp=1-11
-15-119^1155_4000_100
SecurityFocus BID
http://www.securityfocus.com/bid/33147

******************************************************************

(2) HIGH: ComponentOne SizerOne ActiveX Control Buffer Overflow
Affected:
ComponentOne SizerOne ActiveX control versions prior to 8.0.20081.142

Description: The ComponentOne SizerOne ActiveX control is a popular
ActiveX control used to provide dynamic sizing of user interface
elements, as well as tabbed user interface elements. It contains a
buffer overflow in its handling of its "AddTab" method. A specially
crafted web page that instantiated this control could trigger this
buffer overflow, allowing an attacker to execute arbitrary code with the
privileges of the vulnerable process. This ActiveX control is used in
some popular software products, such as SAP and TSC2 Helpdesk.

Status: Vendor confirmed, updates available. Users can mitigate the
impact of this vulnerability by disabling the affected control via
Microsoft's "kill bit" mechanism. Note that this will affect common
application functionality.

References:
Secunia Security Advisory
http://secunia.com/secunia_research/2008-52/
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
Product Home Page
http://www.componentone.com/SuperProducts/SizerOne/
SecurityFocus BID
http://www.securityfocus.com/bid/33148

*****************************************************************

(3) MODERATE: Computer Associates Multiple Products Remote Command Execution
Affected:
Computer Associates Service Metric Analysis versions 11.1 SP 1 and prior
Computer Associates Service Level Management 3.5

Description: Multiple Computer Associates products are reported to
contain a remote command execution vulnerability due to insufficient
authentication validation. A remote attacker could exploit this
vulnerability to execute arbitrary commands with the privileges of the
vulnerable process. Reportedly, no authentication is necessary to
exploit this vulnerability. Few technical details are publicly available
for this vulnerability.

Status: Vendor confirmed, updates available. Users are advised to
restrict access to the vulnerable application at the network perimeter
if possible.

References:
Computer Associates Security Advisory
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148
Product Home Page
http://www.ca.com/us/products/product.aspx?id=4574
SecurityFocus BID
http://www.securityfocus.com/bid/33161

********************************************************************

(4) LOW: OpenSSL Signature Verification Weakness
Affected:
OpenSSL versions prior to 0.9.8i

Description: OpenSSL is an open source implementation of the Transport
Layer Security (TLS, formerly the Secure Sockets Layer, SSL). It also
provides general cryptographic services. It is widely used by both free
and commercial software and used by default on a variety of operating
systems, including most Unix and Linux-based systems. It contains a
weakness in its verification of digital signatures and certificates,
used by parties to verify their identity. A common use of digital
certificates is to verify website authenticity. A specially crafted
digital signature could bypass authentication, causing a vulnerable
application to believe it is legitmate - for example, a malicious
website could trick a web browser into believing that the site is
something other than what it is. Full technical details are publicly
available for this vulnerability. OpenSSL is the cryptographic framework
used by web browsers such as Mozilla Firefox and Apple Safari, among
others.

Status: Vendor confirmed, updates available.

References:
oCERT Security Advisory
http://www.ocert.org/advisories/ocert-2008-016.html
Wikipedia Article on SSL/TLS
http://en.wikipedia.org/wiki/Transport_Layer_Security
Product Home Page

SecurityFocus BID
http://www.securityfocus.com/bid/33150


**********************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 2, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 6391 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________

09.2.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft MSN Messenger IP Address Information Disclosure
Description: Microsoft MSN Messenger is an instant messaging
application. The application is exposed to an information disclosure
issue because it fails to properly handle various NAT clients.
Microsoft MSN Messenger version 8.5.1 is affected.
Ref:
http://www.securityfocus.com/archive/1/archive/1/499624/100/0/threaded
______________________________________________________________________

09.2.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: Elecard MPEG Player ".m3u" File Remote Stack Buffer Overflow
Description: Elecard MPEG Player is a multimedia player application
available for Microsoft Windows. Elecard MPEG Player is exposed to a
remote stack-based buffer overflow issue because it fails to perform
adequate checks on user-supplied input. Elecard MPEG Player version
5.5 is affected.
Ref: http://www.securityfocus.com/bid/33089
______________________________________________________________________

09.2.3 CVE: Not Available
Platform: Linux
Title: Linux Kernel Malformed "msghdr" Structure Remote Denial of
Service
Description: The Linux Kernel gets exposed to a remote denial of
service issue while handling malformed data passed to the
"msg_control" parameter of the "msghdr" structure. Linux Kernel
versions 2.6.18, 2.6.20, 2.6.21, 2.6.22 and 2.6.24 are affected.
Ref: http://www.securityfocus.com/archive/1/499700
______________________________________________________________________

09.2.4 CVE: Not Available
Platform: Linux
Title: Linux Kernel "FWD-TSN" Chunk Remote Buffer Overflow
Description: The Linux Kernel is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. Specifically, the vulnerability occurs because of a failure to
validate "FWD-TSN" chunks. Linux Kernel version 2.6.28 is affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=478800
______________________________________________________________________

09.2.5 CVE: Not Available
Platform: Solaris
Title: Sun Solaris NFS Version 4 Client Unspecified Local Denial of
Service
Description: Sun Solaris is a UNIX-based operating system. Solaris is
exposed to a local denial of service issue. Specifically, the issue is
related to an unspecified error in the NFS version 4 (NFSv4) client.
Solaris 10 and OpenSolaris based on builds snv_01 to snv_101 are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248566-1
______________________________________________________________________

09.2.6 CVE: Not Available
Platform: Cross Platform
Title: Destiny Media Player ".lst" File Remote Stack Buffer Overflow
Description: Destiny Media Player is a multimedia player application.
Destiny Media Player is exposed to a remote stack-based buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. Destiny Media Player version 1.61.0 is affected.
Ref: http://www.securityfocus.com/archive/1/499740
______________________________________________________________________

09.2.7 CVE: Not Available
Platform: Cross Platform
Title: Apple Safari Webkit "alink" Property Memory Leak Remote Denial
of Service
Description: Apple Safari is a web browser application available for
Mac OS X and Microsoft Windows. Apple Safari is exposed to a denial of
service issue that exists in the Webkit library. This issue occurs
when handling an excessively large string passed to the "alink"
property of the "body" HTML tag. Apple Safari version 3.2 running on
Microsoft Windows Vista is affected.
Ref:
http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html
______________________________________________________________________

09.2.8 CVE: Not Available
Platform: Cross Platform
Title: MemberKit My Picture Album Arbitrary File Upload
Description: MemberKit is PHP-based content management system for
membership sites. The application is exposed to an issue that lets
attackers upload arbitrary files. The issue occurs because the
application fails to adequately sanitize file extensions before
uploading files via the My Picture Album section of the affected
application. MemberKit version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33088
______________________________________________________________________

09.2.9 CVE: Not Available
Platform: Cross Platform
Title: Audacity "lib-src/allegro/strparse.cpp" Buffer Overflow
Description: Audacity is an audio editing application available for
multiple platforms. Audacity is exposed to a buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
data. This issue occurs in the "String_parse::get_nonspace_quoted()"
function of the "lib-src/allegro/strparse.cpp" source file when
handling malformed ".gro" files. Audacity version 1.6.2 is affected.
Ref: http://www.securityfocus.com/bid/33090
______________________________________________________________________

09.2.10 CVE: Not Available
Platform: Cross Platform
Title: Destiny Media Player
Description: Destiny Media Player is a multimedia player application
available for Microsoft Windows and Mac OS X. Destiny Media Player is
exposed to a remote stack-based buffer overflow issue because it fails
to perform adequate checks on user-supplied input. Destiny Media
Player 1.61.0 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/33091
______________________________________________________________________

09.2.11 CVE: Not Available
Platform: Cross Platform
Title: VMWare Player and Workstation "vmware-authd" Multiple Remote
Denial of Service Vulnerabilities
Description: VMWare Player and Workstation are actualization
applications available for multiple platforms. VMWare Player and
Workstation are exposed to multiple remote denial of service issues
because the applications fail to perform adequate boundary checks on
user-supplied input.
Ref: http://www.securityfocus.com/bid/33095
______________________________________________________________________

09.2.12 CVE: Not Available
Platform: Cross Platform
Title: aMSN ".ctt" File Remote Denial of Service
Description: aMSN is an instant messaging application available for
various operating systems. aMSN is exposed to a remote denial of
service issue that occurs because the application fails to perform
adequate boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/bid/33096
______________________________________________________________________

09.2.13 CVE: Not Available
Platform: Cross Platform
Title: Links SSL Certificate Verification Security Weakness
Description: Links is a text-based web browser. Links is exposed to an
SSL certificate verification security weakness. Reports indicate that
the browser fails for verify SSL certificates presented by a remote
server. Links version 2.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510417
______________________________________________________________________

09.2.14 CVE: Not Available
Platform: Cross Platform
Title: DotNetNuke User Account Security Bypass
Description: DotNetNuke is a framework to develop websites. The
application is exposed to an unspecified security bypass issue which
can allow a user to add additional roles to their user account.
DotNetNuke versions 4.5.2 up to and including 4.9.0 are affected.
Ref:
http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno24/tabid/1188/
Default.aspx
______________________________________________________________________

09.2.15 CVE: Not Available
Platform: Cross Platform
Title: Google Chrome FTP Client PASV Port Scan Information Disclosure
Description: Google Chrome is a web browser. The application is
exposed to an information disclosure issue because it fails to
adequately validate server-issued instructions while in PASV (passive)
mode. Google Chrome version 1.0.154.36 is affected.
Ref: http://www.securityfocus.com/archive/1/499745
______________________________________________________________________

09.2.16 CVE: Not Available
Platform: Cross Platform
Title: Walusoft TFTPServer2000 TFTP Server Directory Traversal
Description: Walusoft TFTPServer2000 is a TFTP server for Windows
platforms. The application is exposed to a directory traversal issue
because it fails to sufficiently sanitize user-supplied input.
Walusoft TFTPServer2000 version 3.6.1 is affected.
Ref: http://www.securityfocus.com/archive/1/499765
______________________________________________________________________

09.2.17 CVE: CVE-2009-0022
Platform: Cross Platform
Title: Samba Registry Share Name Unauthorized Access
Description: Samba is a freely available file and printer sharing
application maintained and developed by the Samba Development Team.
Samba is exposed to an unauthorized access vulnerability that occurs
when registry shares are enabled. Specifically, the application fails
to sufficiently validate share names.
Ref: http://www.securityfocus.com/bid/33118
______________________________________________________________________

09.2.18 CVE: Not Available
Platform: Cross Platform
Title: L2J Multiple Unspecified Security Vulnerabilities
Description: L2J is an Alternative Lineage 2 Game Server written in
Java. The application is exposed to multiple remote issues caused by
unspecified errors. L2J versions prior to L2J Gracia v2 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=109190&release_id=650923
______________________________________________________________________

09.2.19 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox xdg-open "mailcap" File Remote Code Execution
Description: Mozilla Firefox is a web browser application available for
various operating systems. Mozilla Firefox is exposed to a remote code
execution issue. This issue occurs because the application does not
properly validate the "mime-type" of files before calling the
"xdg-open" utility, as defined in "/etc/mailcap". Mozilla Firefox
running on Slackware Linux version 12.2 is affected.
Ref: http://www.securityfocus.com/bid/33137/references
______________________________________________________________________

09.2.20 CVE: Not Available
Platform: Cross Platform
Title: Massimiliano Montoro Cain & Abel Malformed ".conf" File Buffer
Overflow
Description: Cain & Abel is an application for recovering passwords by
sniffing them from the connected network. Cain & Abel is exposed to a
buffer overflow issue because it fails to adequately bounds check
user-supplied data before copying it into an insufficiently sized
buffer. Cain & Abel version 4.9.25 is affected.
Ref: http://www.securityfocus.com/bid/33142
______________________________________________________________________

09.2.21 CVE: Not Available
Platform: Cross Platform
Title: Mylene Multiple Unspecified Security Vulnerabilities
Description: Mylene is a command line audio player. The application is
exposed to multiple remote issues caused by unspecified errors. Mylene
versions prior to 7.20081231 are affected.
Ref:
http://freshmeat.net/projects/mylene/?branch_id=72395&release_id=291577
______________________________________________________________________

09.2.22 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of
Service Vulnerabilities
Description: KDE Konqueror is a web browser included with the KDE
desktop manager. The application is exposed to multiple input
validation issues. KDE Konqueror version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/33085
______________________________________________________________________

09.2.23 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Apache Roller "q" Parameter Cross-Site Scripting
Description: Apache Roller is a group blog server application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "q" parameter
when performing a search. Apache Roller versions 2.3, 3.0, 3.1, and
4.0 are affected.
Ref: https://issues.apache.org/roller/browse/ROL-1766
______________________________________________________________________

09.2.24 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! and Mambo Simple Review Component "category" Parameter
SQL Injection
Description: Simple Review is a review module for the Mambo and
Joomla! content managers. It can be used to publish reviews of various
items. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "category"
parameter of the "com_simple_review" option before using it in an SQL
query. Simple Review version 1.3.5 is affected.
Ref: http://www.securityfocus.com/bid/33102
______________________________________________________________________

09.2.25 CVE: Not Available
Platform: Web Application - SQL Injection
Title: 2Capsule Sticker "sticker.php" SQL Injection
Description: 2Capsule Sticker is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"sticker/sticker.php" script.
Ref: http://www.securityfocus.com/bid/33075
______________________________________________________________________

09.2.26 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PowerNews "news.php" SQL Injection
Description: PowerNews is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "newsid" parameter of the
"news.php" script. PowerNews version 2.5.4 is affected.
Ref: http://www.securityfocus.com/bid/33081
______________________________________________________________________

09.2.27 CVE: Not Available
Platform: Web Application - SQL Injection
Title: w3blabor CMS "admin/index.php" SQL Injection
Description: w3blabor CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "benutzername"
parameter of the "admin/index.php" script. w3blabor CMS versions 3.3.0
and earlier are affected.
Ref: http://www.securityfocus.com/bid/33082
______________________________________________________________________

09.2.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PowerClan Admin Login SQL Injection
Description: PowerClan is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the username field in the admin login
page. PowerClan version 1.14a is affected.
Ref: http://www.securityfocus.com/bid/33083
______________________________________________________________________

09.2.29 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPThai.Net Webboard "bview.asp" SQL Injection
Description: ASPThai.Net Webboard is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "bview.asp" script. ASPThai.Net Webboard
version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/33084
______________________________________________________________________

09.2.30 CVE: CVE-2008-2381
Platform: Web Application - SQL Injection
Title: GForge "GroupJoinRequest.class" SQL Injection
Description: GForge is a web-based tool for collaborative development.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "create()" function
of the "common/include/GroupJoinRequest.class" script before using it
in an SQL query. GForge versions 4.5 and 4.6 are affected.
Ref: http://security-tracker.debian.net/tracker/CVE-2008-2381
______________________________________________________________________

09.2.31 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WSN Guest "search.php" SQL Injection
Description: WSN Guest is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "search" parameter of the
"search.php" script. WSN Guest version 1.23 is affected.
Ref: http://www.securityfocus.com/bid/33097
______________________________________________________________________

09.2.32 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Aydan Bilisim Ayemsis Emlak PRO Multiple SQL Injection
Vulnerabilities
Description: Ayemsis Emlak PRO is an ASP-based content management
application. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/33099
______________________________________________________________________

09.2.33 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PhpMesFilms "index.php" SQL Injection
Description: PhpMesFilms is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "index.php"
script. PhpMesFilms version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/33105
______________________________________________________________________

09.2.34 CVE: Not Available
Platform: Web Application - SQL Injection
Title: plxWebDev plx Autoreminder "members.php" SQL Injection
Description: plx Autoreminder is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"members.php" script. plx Autoreminder version 3.7 is affected.
Ref: http://www.securityfocus.com/bid/33106
______________________________________________________________________

09.2.35 CVE: Not Available
Platform: Web Application - SQL Injection
Title: webSPELL Multiple SQL Injection Vulnerabilities
Description: webSPELL is a clan and gaming CMS. The application is
exposed to multiple SQL injection issues because it fails to properly
sanitize user-supplied input. The issues affect webSPELL 4.
Ref: http://www.securityfocus.com/bid/33107
______________________________________________________________________

09.2.36 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SolucionXpressPro "main.php" SQL Injection
Description: SolucionXpressPro is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id_area" parameter of
the "main.php" script.
Ref: http://www.securityfocus.com/archive/1/499742
______________________________________________________________________

09.2.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Phoca Documentation Component "id" Parameter SQL
Injection
Description: Phoca Documentation is a component for the Joomla!
content manager. The component is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter to the "com_phocadocumentation" component.
Ref: http://www.securityfocus.com/bid/33114
______________________________________________________________________

09.2.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! "com_na_newsdescription" Component "newsid" Parameter
SQL Injection
Description: The "com_na_newsdescription" component is a news
application for the Joomla! content manager. The component is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "newsid" parameter before using it an SQL
query.
Ref: http://www.securityfocus.com/bid/33116
______________________________________________________________________

09.2.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RiotPix "read.php" SQL Injection
Description: RiotPix is a PHP-based discussion forum. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "forumid" parameter of the
"read.php" script before using it in an SQL query. RiotPix version
0.61 is affected.
Ref: http://www.securityfocus.com/bid/33129
______________________________________________________________________

09.2.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RiotPix "username" Parameter SQL Injection
Description: RiotPix is a PHP-based discussion forum. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "username" parameter when logging
into the affected application. RiotPix version 0.61 is affected.
Ref: http://www.securityfocus.com/bid/33132
______________________________________________________________________

09.2.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Goople CMS "frontpage.php" SQL Injection
Description: Goople CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" parameter
of the "frontpage.php" script before using it in an SQL query. Goople
CMS version 1.8.2 is affected.
Ref: http://www.securityfocus.com/bid/33135
______________________________________________________________________

09.2.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: IT!CMS "login.php" SQL Injection
Description: IT!CMS is a content manager application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Username" and "Password" textboxes of
the "login.php" script when logging in to the affected application.
Ref: http://www.securityfocus.com/bid/33139
______________________________________________________________________

09.2.43 CVE: Not Available
Platform: Web Application
Title: Cybershade CMS "index.php" Multiple Remote File Include
Vulnerabilities
Description: Cybershade CMS is a PHP-based content manager. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"THEME_header" and "THEME_footer" parameters in the "index.php"
script. Cybershade CMS version 0.2b is affected.
Ref: http://www.securityfocus.com/bid/33101
______________________________________________________________________

09.2.44 CVE: Not Available
Platform: Web Application
Title: PNphpBB2 "ModName" Parameter Local File Include Vulnerabilities
Description: PNphpBB2 is a PHPBB forum for the PostNuke content
manager. The application is exposed to multiple local file include
issues because it fails to sufficiently sanitize user-supplied input.
PNphpBB2 versions 1.2i and earlier are affected.
Ref: http://www.securityfocus.com/bid/33103
______________________________________________________________________

09.2.45 CVE: Not Available
Platform: Web Application
Title: Lito Lite SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Lito Lite is a web-based content manager. The application
is exposed to multiple input validation issues. Exploiting these
issues could allow an attacker to steal cookie-based authentication
credentials, compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/33104
______________________________________________________________________

09.2.46 CVE: Not Available
Platform: Web Application
Title: DDL-Speed Script Multiple Remote File Include Vulnerabilities
Description: DDL-Speed Script is a PHP-based content manager. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/33078
______________________________________________________________________

09.2.47 CVE: Not Available
Platform: Web Application
Title: PHPFootball "filter.php" Password Hash Information Disclosure
Description: PHPFootball is a web-based management application for
football leagues. The application is exposed to an information
disclosure issue because it fails to properly restrict access to the
"filter.php" script. PHPFootball version 1.6 is affected.
Ref: http://www.securityfocus.com/bid/33087
______________________________________________________________________

09.2.48 CVE: Not Available
Platform: Web Application
Title: phpSkelSite Multiple Input Validation Vulnerabilities
Description: phpSkelSite is web site skeleton application. The
application is exposed to the multiple issues because it fails to
properly sanitize user-supplied input. phpSkelSite version 1.4 is
affected.
Ref: http://www.securityfocus.com/bid/33092
______________________________________________________________________

09.2.49 CVE: Not Available
Platform: Web Application
Title: Built2Go PHP Rate My Photo "member.php" Arbitrary File Upload
Description: Built2Go PHP Rate My Photo is a photo rating application.
The application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize file extensions before uploading photos via the
"member.php" script. Built2Go PHP Rate My Photo version 1.46.4 is
affected.
Ref: http://www.securityfocus.com/bid/33093
______________________________________________________________________

09.2.50 CVE: Not Available
Platform: Web Application
Title: Built2Go PHP Link Portal "member.php" Arbitrary File Upload
Description: Built2Go PHP Link Portal is a web-based application. The
application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize file extensions before uploading files via the
"member.php" script. Built2Go PHP Link Portal version 1.95.1 is
affected.
Ref: http://www.securityfocus.com/bid/33094
______________________________________________________________________

09.2.51 CVE: Not Available
Platform: Web Application
Title: PHPAuctions "profile.php" SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: PHPAuctions is a web-based auction script implemented in
PHP. The application is exposed to multiple input validation issues.
Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/33115
______________________________________________________________________

09.2.52 CVE: Not Available
Platform: Web Application
Title: PHPAuctions Cookie Authentication Bypass
Description: PHPAuctions is a web-based auction script implemented in
PHP. The application is exposed to an authentication bypass issue
because it fails to adequately verify user-supplied input used for
cookie-based authentication.
Ref: http://www.securityfocus.com/bid/33120
______________________________________________________________________

09.2.53 CVE: Not Available
Platform: Web Application
Title: SimpleIrcBot Authentication Unspecified Security Bypass
Description: SimpleIrcBot is PHP-based bot application for IRC
networks. The application is exposed to a security bypass issue due to
an unspecified error in the authentication process. SimpleIrcBot
versions prior to 1.0 Stable are affected.
Ref:
http://sourceforge.net/project/shownotes.php?release_id=650796&group_id=249202
______________________________________________________________________

09.2.54 CVE: Not Available
Platform: Web Application
Title: PHPAuctions Multiple Remote File Include Vulnerabilities
Description: PHPAuctions is a web-based auction script. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input to the
"include_path" parameter.
Ref: http://www.securityfocus.com/bid/33130
______________________________________________________________________

09.2.55 CVE: Not Available
Platform: Web Application
Title: ezPack "index.php" SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: ezPack is a web-based application. The application is
exposed to multiple input validation issues. Exploiting these issues
could allow an attacker to steal cookie-based authentication
credentials, compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database. ezPack
version 4.2b2 is affected.
Ref: http://www.securityfocus.com/bid/33131
______________________________________________________________________

09.2.56 CVE: CVE-2008-5846
Platform: Web Application
Title: Movable Type "publish post" Security Bypass
Description: Movable Type is a web-log application implemented in Perl
and PHP. The application is exposed to a security bypass issue because
it fails to adequately validate user permissions. Movable Type
versions prior to 4.23 are affected.
Ref: http://www.movabletype.org/mt_423_change_log.html
______________________________________________________________________

09.2.57 CVE: Not Available
Platform: Web Application
Title: playSMS Multiple Remote and Local File Include Vulnerabilities
Description: playSMS is a PHP-based mobile portal application. The
application is exposed to multiple input validation issues. Exploiting
these issues may allow an attacker to execute arbitrary local and
remote scripts in the context of the web server process or obtain
potentially sensitive information. playSMS version 0.9.3 is affected.
Ref: http://www.securityfocus.com/bid/33138
______________________________________________________________________

09.2.58 CVE: Not Available
Platform: Web Application
Title: Joomla! XStandard Component Directory Traversal
Description: XStandard is a WYSIWYG editor plugin for browser-based
content managers. The XStandard component for Joomla! is exposed to a
directory traversal issue because it fails to sufficiently sanitize
user-supplied input to the "X_CMS_LIBRARY_PATH" header field of the
"plugins/editors/xstandard/attachmentlibrary.php" script.
Ref: http://www.securityfocus.com/bid/33143
______________________________________________________________________

09.2.59 CVE: Not Available
Platform: Network Device
Title: Nokia Series 60 SMS/MMS Remote Denial of Service
Description: The Series 60 Operating System (OS) is an embedded
operating system that is based on the Symbian OS. Nokia Series 60
devices are exposed to a remote denial of service issue that occurs
when Nokia Series 60 devices try to display an overly large email
address present in the "from-address" field of an SMS or MSS message.
Nokia Series 60 versions 2.6, 2.8, 3.0 and 3.1 are affected.
Ref: https://berlin.ccc.de/~tobias/cos/s60-curse-of-silence-advisory.txt
______________________________________________________________________

09.2.60 CVE: Not Available
Platform: Network Device
Title: Intel Trusted Execution Technology Multiple Unspecified
Security Bypass Vulnerabilities
Description: Intel Trusted Execution Technology (TXT) is a set of
hardware extensions that provide support for verifying data, including
executable code. Trusted Boot (tboot) is a TXT-based system loader.
Multiple issues have been reported in TXT which may allow attackers to
compromise the integrity of boot, system or kernel code loaded using
TXT.
Ref:
http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution
.html
______________________________________________________________________
[ terug ]