Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
January 2,
2009                                           Vol. 8. Week 01
*************************************************************************
@RISK is the SANS community's consensus bulletin summarizing the
most important vulnerabilities and exploits identified during the
past week and providing guidance on appropriate actions to protect
your systems (PART I). It also includes a comprehensive list of all
new vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                          2
Linux                                             2
Cross Platform                                   11 (#1, #2, #3)
Web Application - Cross Site Scripting            3
Web Application - SQL Injection                  10
Web Application                                   8

******************** Sponsored By ArcSight, Inc. ************************
Webcast Update: ArcSight Logger 7100 v.3.0 Review, featuring SANS Analyst 
Jerry Shenk and ArcSight's Ansh Patnaik This Webcast will cover drivers 
and basic requirements when adding to, developing or acquiring log 
management systems, followed by an overview of the ArcSight Log Management 
system. 
http://www.sans.org/info/36754
*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security
training conference and expo in the world. lots of evening sessions:
http://www.sans.org/index.php
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: RealNetworks Helix Server Multiple Vulnerabilities
(2) HIGH: xterm Escape Sequence Vulnerability
(3) MODERATE: Forged Trusted Certification Authority Certificate

*******************  SCADA Security Summit  *****************************
Rediscover New Orleans and hear about Process Control
Security issues. - Process Control & SCADA Summit January
16-17. http://www.sans.org/info/36759
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys
(www.qualys.com)
- -- Third Party Windows Apps
08.1.1 - BulletProof FTP Client Bookmark File Heap Buffer Overflow
08.1.2 - SAWStudio ".prf" File Buffer Overflow
- -- Linux
08.1.3 - Linux Kernel "qdisc_run()" Local Denial of Service
08.1.4 - Linux Kernel "ib700wdt.c" Buffer Underflow
- -- Cross Platform
08.1.5 - PHP "imageRotate()" Uninitialized Memory Information Disclosure
08.1.6 - Qemu VNC "monitor.c" Insecure Password
08.1.7 - Psi Malformed Packet Remote Denial of Service
08.1.8 - Mozilla Firefox "location.hash" Remote Denial of Service
08.1.9 - PGP Desktop "PGPweded.sys" Local Denial of Service
08.1.10  - Getleft HTML Tags Multiple Buffer Overflow Vulnerabilities
08.1.11  - IntelliTamper "MAP" File Buffer Overflow
08.1.12  - Acoustica Mixcraft ".mx4" Project File Buffer Overflow
08.1.13  - Sun SNMP Management Agent Insecure Temporary File Creation
08.1.14  - SapporoWorks BlackJumboDog Web Server Unspecified Authentication
Bypass
08.1.15  - Personal Sticky Threads vBulletin Addon Unauthorized Access
- -- Web Application - Cross Site Scripting
08.1.16  - TYPO3 SB Universal Plugin Unspecified Cross-Site Scripting
Vulnerability
08.1.17  - W2B phpGreetCards "category" Parameter Cross Site Scripting
08.1.18  - Mayaa Default Error Page Cross-Site Scripting
- -- Web Application - SQL Injection
08.1.19  - SPIP "rubriques.php" SQL Injection
08.1.20  - TYPO3 TU-Clausthal ODIN Extension Unspecified SQL Injection
08.1.21  - PHP Link Directory "page.php" SQL Injection
08.1.22  - AIST NetCat "password_recovery.php" SQL Injection
08.1.23  - stormBoards "thread.php" SQL Injection
08.1.24  - ILIAS "repository.php" SQL Injection
08.1.25  - Joomla! Ice Gallery Component "catid" Parameter SQL Injection
08.1.26  - mDigg Component for Joomla! "category" Parameter SQL Injection
08.1.27  - Joomla! LiveTicker "tid" Parameter SQL Injection
08.1.28  - PHP-Fusion TI Blog System Module "blog.php" SQL Injection
- -- Web Application
08.1.29  - TYPO3 Simple File Browser Unspecified Information Disclosure
08.1.30  - W2B phpEmployment "auth.php" Arbitrary File Upload
08.1.31  - AIST Netcat 3.1.2 Multiple Input Validation Vulnerabilities
08.1.32  - W2B phpGreetCards "index.php" Arbitrary File Upload
08.1.33  - Google Chrome "chromeHTML://" Command Line Parameter Injection
08.1.34  - W2B phpAdBoard "index.php" Arbitrary File Upload
08.1.35  - doop Administration Page Arbitrary File Upload
08.1.36  - bloofoxCMS "dialog.php" Local File Include
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint,
a division of 3Com, as a by-product of that company's continuous
effort to ensure that its intrusion prevention products effectively
block exploits using known vulnerabilities. TippingPoint's
analysis is complemented by input from a council of security
managers from twelve large organizations who confidentially share
with SANS the specific actions they have taken to protect their
systems. A detailed description of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: RealNetworks Helix Server Multiple Vulnerabilities
Affected:
RealNetworks Helix Server versions 11.x

Description: Helix Server is a popular streaming media server from
RealNetworks. It contains multiple vulnerabilities in its processing of
a variety of Real Time Streaming Protocol (RTSP) and other requests. A
specially crafted request could trigger one of these vulnerabilities,
allowing an attacker to execute arbitrary code with the privileges of
the vulnerable process. Technical details for these vulnerabilities
are publicly available.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Upcoming Advisories
http://zerodayinitiative.com/advisories/upcoming/
RealNetworks Advisory
http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf
Vendor Home Page
http://www.real.com
SecurityFocus BID
http://www.securityfocus.com/bid/33059

*********************************************************

(2) HIGH: xterm Escape Sequence Vulnerability
Affected:
X.org xterm versions prior to patch #237

Description: xterm is the terminal emulator of the X Window System,
the standard network-enabled windowing system for Unix and Unix-like
platforms. It contains a flaw in its handling of certain escape
sequences (sequences of characters that, when read by the terminal,
cause it to take action). A specially crafted "DECRQSS Device Control
Request Status" escape sequence could trigger this vulnerability,
allowing an attacker to execute arbitrary commands with the privileges
of the current user. An attacker could exploit this vulnerability by
tricking a user into displaying a malicious text file in an xterm
window, or sending such characters in a network terminal session
(for example, during an SSH or telnet session). Note that this affects
the reference implementation of xterm from X.org, and presumably also
affects versions of xterm that share that codebase (such as XFree86).

Status: Vendor confirmed, updates available.

References:
Wikipedia Article on the X Window System
http://en.wikipedia.org/wiki/X_Window_System
Wikipedia Article on Escape Sequences
http://en.wikipedia.org/wiki/Escape_sequence
X.org Home Page
http://www.x.org
SecurityFocus BID
http://www.securityfocus.com/bid/33060

*********************************************************

(3) MODERATE: Forged Trusted Certification Authority Certificate
Affected:
Most web browsers

Description: Most web browsers support HTTPS, the Secure Hypertext
Transfer Protocol. This protocol provides for various levels of
security, including verification that a website is who it claims
to be. This is made possible via public key cryptography. In such a
cryptographic system, certificates are used to verify identity. Such
certificates are "signed" using a cryptographic hash function, such
as MD5 or SHA. Web browsers keep track of a certain set of trusted
Certification Authority certificates; these certificates are used by
trusted third parties (certification authorities) to prove the identity
of a website or other user of a certificate. A flaw has been known in
the MD5 hash function (often used for digital signatures) for several
years, but until now no practical attack had been demonstrated. A
group of researchers has now exploited this flaw to create a forged
Certification Authority certificate that is accepted by most major
web browsers. Using such a certificate, an attacker could trick a
user into believing that a given web site has been verified as the
site it claims to be (for example, a web browser could be tricked
into believing that a malicious site is a banking site). Note that,
while much research on this flaw is publicly available, the exact
method of exploitation has not been published.

Status: As long as common certification authorities use the MD5
algorithm, this problem will persist. Users who create their own
digital certificates are recommended to use a more secure algorithm,
such as SHA.

References:
MD5 Considered Harmful
http://www.win.tue.nl/hashclash/rogue-ca/
Creating a Rogue CA Certificate
http://www.phreedom.org/research/rogue-ca/
US-CERT Vulnerability Note
http://www.kb.cert.org/vuls/id/836068
Wikipedia Article on Public Key Cryptography
http://en.wikipedia.org/wiki/Public_Key_Cryptography
Wikipedia Article on Digital Certificates
http://en.wikipedia.org/wiki/Public_key_certificate
Wikipedia Article on Digital Signatures
http://en.wikipedia.org/wiki/Digital_signature
Wikipedia Article on MD5
http://en.wikipedia.org/wiki/MD5
Wikipedia Article on SHA
http://en.wikipedia.org/wiki/SHA_hash_functions
SecurityFocus BID
http://www.securityfocus.com/bid/33065

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 1, 2009
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As
of this week Qualys scans for 5549 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.

______________________________________________________________________

08.1.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: BulletProof FTP Client Bookmark File Heap Buffer Overflow
Description: BulletProof FTP Client is an FTP client application
available for Microsoft Windows. The application is exposed to a
heap-based buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. This issue occurs when handling
malicious bookmark files. BulletProof FTP Client version 2.63 is
affected.
Ref: http://www.securityfocus.com/bid/33007
______________________________________________________________________

08.1.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: SAWStudio ".prf" File Buffer Overflow
Description: SAWStudio is an audio mixer available for Microsoft
Windows. SAWStudio is exposed to a buffer overflow issue because the
application fails to perform adequate boundary checks on user-supplied
data. This issue occurs when handling preference files (".prf")
containing an excessively large string. SAWStudio version 3.9i is
affected.
Ref: http://www.securityfocus.com/bid/33011
______________________________________________________________________

08.1.3 CVE: Not Available
Platform: Linux
Title: Linux Kernel "qdisc_run()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue caused by an error in the "qdisc_run()" function in the
"net/sched/sch_generic.c" source file. Specifically, this loop is
unbounded, and may run indefinitely within a "softirq" when under
heavy network load. Linux kernel versions prior to 2.6.25 are
affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=477744
______________________________________________________________________

08.1.4 CVE: CVE-2008-5702
Platform: Linux
Title: Linux Kernel "ib700wdt.c" Buffer Underflow
Description: The Linux kernel is exposed to a buffer underflow issue
because it fails to perform adequate boundary checks on user-supplied
data. This issue occurs in the "ibwdt_ioctl()" function of the
"drivers/watchdog/ib700wdt.c" source file. Linux kernel versions prior
to 2.6.28-rc1 are affected.
Ref: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.g
it;a=commit;h=7c2500f17d65092d93345f3996cf82ebca17e9ff
______________________________________________________________________

08.1.5 CVE: CVE-2008-5498
Platform: Cross Platform
Title: PHP "imageRotate()" Uninitialized Memory Information Disclosure
Description: PHP is a programming language commonly used for web
applications. PHP is exposed to an information disclosure issue that
occurs in it's implementation of the "imageRotate()" function. PHP
versions 5.2.8 and earlier are affected.
Ref: http://www.securityfocus.com/bid/33002
______________________________________________________________________

08.1.6 CVE: CVE-2008-5714
Platform: Cross Platform
Title: Qemu VNC "monitor.c" Insecure Password
Description: Qemu is a processor emulator that is available for
various platforms. Qemu is exposed to an insecure password issue that
resides in the VNC server. Specifically, an off-by-one error in the
"do_change_vnc()" function in the "monitor.c" source code file may
result in only seven characters of a password being used, as opposed
to the expected eight. Qemu version 9.1 is affected.
Ref: http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.htm
l
______________________________________________________________________

08.1.7 CVE: Not Available
Platform: Cross Platform
Title: Psi Malformed Packet Remote Denial of Service
Description: Psi is an instant messaging client for the XMPP (Jabber)
protocol, and is available for a number of platforms. Psi is exposed
to a denial of service issue due to a failure to handle malformed
packets. Psi version 0.12 is affected.
Ref: http://www.securityfocus.com/bid/32987
______________________________________________________________________

08.1.8 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox "location.hash" Remote Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue
because the application fails to perform adequate boundary checks on
user-supplied data. Specifically, the application crashes when passing
large amounts of data to the "location.hash" property. Firefox version
3.0.5 is affected.
Ref: http://www.securityfocus.com/bid/32988
______________________________________________________________________

08.1.9 CVE: Not Available
Platform: Cross Platform
Title: PGP Desktop "PGPweded.sys" Local Denial of Service
Description: PGP Desktop is an encryption application. PGP Desktop is
exposed to a local denial of service issue in the "PGPweded.sys"
driver. This issue occurs because the driver fails to handle malicious
calls to the IOCTL 0x80022038. PGP Desktop version 9.0.6 build 6060 is
affected.
Ref: http://evilcodecave.wordpress.com/2008/12/23/pgp-desktop-906-deni
al-of-service-vulnerability/
______________________________________________________________________

08.1.10 CVE: Not Available
Platform: Cross Platform
Title: Getleft HTML Tags Multiple Buffer Overflow Vulnerabilities
Description: Getleft is an application that allows users to download
HTML websites. The application is available for multiple operating
systems. Getleft is exposed to multiple buffer overflow issues because
it fails to perform adequate checks on user-supplied input. Getleft
version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32994
______________________________________________________________________

08.1.11 CVE: Not Available
Platform: Cross Platform
Title: IntelliTamper "MAP" File Buffer Overflow
Description: IntelliTamper is a spider application for scanning
websites. IntelliTamper is exposed to a buffer overflow issue because
it fails to properly validate the size of attacker-supplied data
before copying it into a finite-sized buffer. IntelliTamper versions
2.07 and 2.08 are affected.
Ref: http://www.securityfocus.com/bid/33022
______________________________________________________________________

08.1.12 CVE: Not Available
Platform: Cross Platform
Title: Acoustica Mixcraft ".mx4" Project File Buffer Overflow
Description: Acoustica Mixcraft is multitrack audio and MIDI recording
software. Acoustica Mixcraft is exposed to a buffer overflow issue
because it fails to bounds check user-supplied data before copying it
into an insufficiently sized buffer. Acoustica Mixcraft version 4.2 is
affected.
Ref: http://www.securityfocus.com/bid/33012
______________________________________________________________________

08.1.13 CVE: Not Available
Platform: Cross Platform
Title: Sun SNMP Management Agent Insecure Temporary File Creation
Description: SNMP Management Agent is an implementation of SNMP
protocol. The application creates temporary files in an insecure
manner. Successfully mounting a symlink attack may allow the attacker
to delete or corrupt sensitive files, which may result in privilege
escalation or cause a denial of service condition. Sun SNMP Management
Agent "SUNWmasf" versions 1.4u2 up to and including 1.5.4 are
affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-248646-1

______________________________________________________________________

08.1.14 CVE: CVE-2008-5721
Platform: Cross Platform
Title: SapporoWorks BlackJumboDog Web Server Unspecified
Authentication Bypass
Description: BlackJumboDog provides server functions (HTTP, FTP, etc)
for an intranet. BlackJumboDog Web server is exposed to an unspecified
authentication bypass vulnerability. BlackJumboDog versions 4.2.2 and
earlier are affected.
Ref: http://jvn.jp/en/jp/JVN98063934/index.html
______________________________________________________________________

08.1.15 CVE: Not Available
Platform: Cross Platform
Title: Personal Sticky Threads vBulletin Addon Unauthorized Access
Description: Personal Sticky Threads is an addon for vBulletin
bulletin board software. The application is exposed to an unauthorized
access issue because it fails to adequately limit access to certain
threads. Personal Sticky Threads version 1.0.3c is affected.
Ref: http://www.securityfocus.com/archive/1/499562
______________________________________________________________________

08.1.16 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: TYPO3 SB Universal Plugin Unspecified Cross-Site Scripting Vulnerability
Description: SB Universal Plugin is an extension for TYPO3. The
application is exposed to an unspecified cross-site scripting issue
because it fails to properly sanitize user-supplied input. SB
Universal Plugin version 2.0.1 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222
- -4/
______________________________________________________________________

08.1.17 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: W2B phpGreetCards "category" Parameter Cross-Site Scripting
Description: W2B phpGreetCards is a web application. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied input to the "category" parameter
of the "index.php" script. phpGreetCards version 3.7 is affected.
Ref: http://www.securityfocus.com/bid/33001
______________________________________________________________________

08.1.18 CVE: CVE-2008-5720
Platform: Web Application - Cross Site Scripting
Title: Mayaa Default Error Page Cross-Site Scripting
Description: Mayaa is a JavaServer template system. The application is
exposed to a cross-site scripting issue because it fails to properly
sanitize user-supplied input to the default error page. Mayaa versions
1.1.22 and earlier are vulnerable.
Ref: http://jvn.jp/en/jp/JVN17298485/index.html
______________________________________________________________________

08.1.19 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SPIP "rubriques.php" SQL Injection
Description: SPIP is a website-publishing application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"/inc/rubriques.php" script.
Ref: http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2
______________________________________________________________________

08.1.20 CVE: Not Available
Platform: Web Application - SQL Injection
Title: TYPO3 TU-Clausthal ODIN Extension Unspecified SQL Injection
Description: TYPO3 TU-Clausthal ("tuc_odin") is an extension for
the TYPO3 content manager. The extension is exposed to an SQL
injection issue because it fails to sufficiently sanitize input before
using it in an SQL query.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222
- -4/
______________________________________________________________________

08.1.21 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP Link Directory "page.php" SQL Injection
Description: PHP Link Directory (also known as phpLD) is a web-based
directory application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data
before using it in an SQL query. This issue affects the "name"
parameter of the "page.php" script. PHP Link Directory version 3.3 is
affected.
Ref: http://www.securityfocus.com/bid/32989
______________________________________________________________________

08.1.22 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AIST NetCat "password_recovery.php" SQL Injection
Description: AIST NetCat is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the
"password_recovery.php" script. NetCat version 3.12 is affected.
Ref: http://www.securityfocus.com/bid/32990
______________________________________________________________________

08.1.23 CVE: Not Available
Platform: Web Application - SQL Injection
Title: stormBoards "thread.php" SQL Injection
Description: stormBoards is a web-based forum application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. This issue affects the "id" parameter of the "thread.php"
script. stormBoards version 1.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32993
______________________________________________________________________

08.1.24 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ILIAS "repository.php" SQL Injection
Description: ILIAS is a web-based learning management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query. This issue affects the "ref_id" parameter of the
"repository.php" script. ILIAS version 3.7.4 is affected.
Ref: http://www.securityfocus.com/bid/33006
______________________________________________________________________

08.1.25 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! Ice Gallery Component "catid" Parameter SQL Injection
Description: Ice Gallery is a PHP-based component for the Joomla!
content manager. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"catid" parameter to the "com_ice" component. Ice Gallery version 0.5
beta 2 is affected.
Ref: http://www.securityfocus.com/bid/33008
______________________________________________________________________

08.1.26 CVE: Not Available
Platform: Web Application - SQL Injection
Title: mDigg Component for Joomla! "category" Parameter SQL Injection
Description: Joomla Apps mDigg Component is a PHP-based component for
the Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "category" parameter to the "com_mdigg"
component. mDigg Component version 2.2.8 is affected.
Ref: http://www.securityfocus.com/archive/1/499618
______________________________________________________________________

08.1.27 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla! LiveTicker "tid" Parameter SQL Injection
Description: LiveTicker is a live sports feed component for the
Joomla! content manager. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "tid" parameter of the "com_liveticker"
component. LiveTicker version 1.0.0 is affected.
Ref: http://www.securityfocus.com/bid/33010
______________________________________________________________________

08.1.28 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion TI Blog System Module "blog.php" SQL Injection
Description: TI Blog System is a blog module for PHP-Fusion. The
application is expsoed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"blog.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/499583
______________________________________________________________________

08.1.29 CVE: Not Available
Platform: Web Application
Title: TYPO3 Simple File Browser Unspecified Information Disclosure
Description: Simple File Browser ("simplefilebrowser") is an extension
for the TYPO3 content manager. Simple File Browser is exposed to an
unspecified information disclosure issue. Simple File Browser version
1.0.2 is affected.
Ref: http://typo3.org/teams/security/security-bulletins/typo3-20081222
- -4/
______________________________________________________________________

08.1.30 CVE: Not Available
Platform: Web Application
Title: W2B phpEmployment "auth.php" Arbitrary File Upload
Description: W2B phpEmployment is a web application. The application
is exposed to an issue that lets attackers upload arbitrary files. The
issue occurs because the application fails to adequately sanitize
user-supplied input. phpEmployment version 1.8 is affected.
Ref: http://www.securityfocus.com/bid/33000
______________________________________________________________________

08.1.31 CVE: Not Available
Platform: Web Application
Title: AIST Netcat 3.1.2 Multiple Input Validation Vulnerabilities
Description: AIST Netcat is a PHP-based content manager. AIST Netcat
is exposed to multiple input validation issues. Attackers can exploit
these issues to compromise the affected application, misrepresent how
web content is served, cached, or interpreted, execute arbitrary
script code and PHP code within the context of the webserver process,
and gain access to sensitive information. Other attacks are also
possible. AIST Netcat version 3.1.2 is affected.
Ref: http://www.securityfocus.com/bid/32992
______________________________________________________________________

08.1.32 CVE: Not Available
Platform: Web Application
Title: W2B phpGreetCards "index.php" Arbitrary File Upload
Description: W2B phpGreetCards is a web application. The application
is exposed to an issue that lets attackers upload arbitrary files. The
issue occurs because the application fails to adequately sanitize
user-supplied input. phpGreetCards version 3.7 is affected.
Ref: http://www.securityfocus.com/bid/32995
______________________________________________________________________

08.1.33 CVE: Not Available
Platform: Web Application
Title: Google Chrome "chromeHTML://" Command Line Parameter Injection
Description: Google Chrome is a web browser available for various
operating systems. Google Chrome is exposed to an issue that lets
attackers inject command-line parameters through protocol handlers.
This issue occurs because the application fails to adequately sanitize
user-supplied input. Google Chrome version 1.0.154.36 is affected.
Ref: http://www.securityfocus.com/archive/1/499570
______________________________________________________________________

08.1.34 CVE: Not Available
Platform: Web Application
Title: W2B phpAdBoard "index.php" Arbitrary File Upload
Description: W2B phpAdBoard is a web application. The application is
exposed to an issue that lets attackers upload arbitrary files. The
issue occurs because the application fails to adequately sanitize
user-supplied input. phpAdBoard version 1.8 is affected.
Ref: http://www.securityfocus.com/bid/32998
______________________________________________________________________

08.1.35 CVE: Not Available
Platform: Web Application
Title: doop Administration Page Arbitrary File Upload
Description: doop is a PHP-based content manager. The application is
exposed to an issue that lets attackers upload arbitrary files because
it fails to sufficiently sanitize user-supplied input. Specifically
the application fails to sanitize file extensions before uploading
files through the administration page. doop version 1.4.0b is
affected.
Ref: http://www.securityfocus.com/bid/33005
______________________________________________________________________

08.1.36 CVE: Not Available
Platform: Web Application
Title: bloofoxCMS "dialog.php" Local File Include
Description: bloofoxCMS is a web-based content management system. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "lang" parameter of
the "dialog.php" script. bloofoxCMS version 0.3.4 is affected.
Ref: http://www.securityfocus.com/bid/33013
______________________________________________________________________
[ terug ]