Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
            @RISK: The Consensus Security Vulnerability Alert
December 18, 2008                                         Vol. 7. Week 51
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Other Microsoft Products                       2
Third Party Windows Apps                       2
Mac Os                                        11 (#1)
Linux                                          1 (#3)
Solaris                                        4
Cross Platform                                18 (#2, #4)
Web Application - Cross Site Scripting        11
Web Application - SQL Injection               36
Web Application                               34
Network Device                                 1

*************************************************************************
TRAINING UPDATE
- - SANS 2009 in Orlando in early march - the largest security training
conference and expo in the world. lots of evening sessions:
http://www.sans.org/
- - SANS Security West Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - Looking for training in your own Community?  http://sans.org/community/
For a list of all upcoming events, on-line and live: www.sans.org
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software

(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities
(2) CRITICAL: Mozilla Products Multiple Vulnerabilities
(3) HIGH: Adobe Flash Player for Linux Remote Code Execution
(4) HIGH: Opera Multiple Vulnerabilities

*********************  SPONSORED LINK  **********************************
Join professionals to learn about Log Management tools at the Log
Management Summit April 6-7.
http://www.sans.org/info/36644

2) Ensure that your VMware ESX hosts are secure and compliant using free
Compliance Checker from Configuresoft.
http://www.sans.org/info/36649
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

- - -- Other Microsoft Products
08.51.1  - Internet Explorer 8 CSS
08.51.2  - Microsoft Internet Explorer "Scripting.FileSystem" Security Bypass
 -- Third Party Windows Apps
08.51.3  - Evans FTP "EvansFTP.ocx" ActiveX Control Multiple Remote Buffer
Overflow Vulnerabilities
08.51.4  - Realtek Media Player Playlist Buffer Overflow
 -- Mac Os
08.51.5  - Apple Mac OS X 2008-008 Multiple Security Vulnerabilities
08.51.6  - Apple Podcast Producer Authentication Bypass
08.51.7  - Apple Mac OS X UDF ISO File Handling Denial of Service
08.51.8  - Apple Mac OS X NFS Mounted Executable Exception Remote Denial of
Service
08.51.9  - Apple Mac OS X "natd" Remote Denial of Service
08.51.10 - Apple Mac OS X Type Service PDF File Remote Denial of Service
08.51.11 - Apple Mac OS X BOM CPIO Header Stack Buffer Overflow
08.51.12 - Apple Mac OS X "inet_net_pton" API Integer Overflow
08.51.13 - Apple Mac OS X "i386_set_ldt" and "1386_get_ldt" Multiple Integer
Overflow Vulnerabilities
08.51.14 - Apple Mac OS X Managed Client Screen Saver Lock Bypass
08.51.15 - Apple Mac OS X "strptime" API Memory Corruption
 -- Linux
08.51.16 - Linux Kernel "ac_ioctl()" Local Buffer Overflow
 -- Solaris
08.51.17 - Sun Java Web Console Unspecified URI Redirection
08.51.18 - Sun Solaris Kerberos Remote Denial of Service
08.51.19 - Sun Solaris "libICE" Unspecified Denial of Service
08.51.20 - Sun Solaris IPv4 Forwarding Denial of Service
 -- Cross Platform
08.51.21 - Computer Associates ARCserve Backup "LDBServer" Remote Code Execution
08.51.22 - Sun Ray Server Administration Password Information Disclosure
08.51.23 - Sun Java System Portal Server Web Console Information Disclosure
08.51.24 - Sun Ray Server and Sun Ray Windows Connector Information Disclosure
08.51.25 - Asterisk IAX2 Unauthenticated Session Handling Remote Denial of
Service
08.51.26 - Check Point SecurePlatform Unspecified Remote Security
08.51.27 - IBM WebSphere Portal and Workplace Web Content Management Unspecified
Security Bypass
08.51.28 - Tmax Soft JEUS Alternate Data Stream Source Code Information
Disclosure
08.51.29 - Sun Fire Servers IP Spoofing Security Bypass
08.51.30 - MPlayer TwinVQ Handling Stack Buffer Overflow
08.51.31 - IBM Tivoli Provisioning Manager Security Bypass
08.51.32 - Avahi Multicast DNS Denial of Service
08.51.33 - W3C Amaya HTML Tag Parameter Multiple Buffer Overflow Vulnerabilities
08.51.34 - Sun Java Wireless Toolkit Unspecified Remote Stack Based Buffer
Overflow
08.51.35 - Opera Web Browser prior to 9.63 Multiple Security Vulnerabilities
08.51.36 - Multiple Barracuda Products Multiple Input Validation Vulnerabilities
08.51.37 - Mozilla Thunderbird Malformed MIME Message Denial of Service
08.51.38 - Mozilla Firefox MathML XHTML Denial of Service
 -- Web Application - Cross Site Scripting
08.51.39 - Pro Chat Rooms "gud" Parameter Cross-Site Scripting
08.51.40 - eZoneScripts Living Local
08.51.41 - Max's Guestbook Multiple Cross-Site Scripting Vulnerabilities
08.51.42 - PunBB "moderate.php" Cross-Site Scripting
08.51.43 - PHP Weather Local File Include and Cross-Site Scripting
Vulnerabilities
08.51.44 - Flatnux "photo.php" Multiple Cross-Site Scripting Vulnerabilities
08.51.45 - Groupmax Workflow Development Kit for Active Server Pages Cross-Site
Scripting
08.51.46 - Hitachi JP1/Integrated Management - Service Support Unspecified
Cross-Site Scripting
08.51.47 - World Recipe Multiple Cross-Site Scripting Vulnerabilities
08.51.48 - icash Click&Rank "user.asp" Cross-Site Scripting
08.51.49 - Kerio MailServer WebMail Multiple Cross-Site Scripting
Vulnerabilities
 -- Web Application - SQL Injection
08.51.50 - unscripts UN Webmaster Marketplace "member.php" SQL Injection
08.51.51 - CF Shopkart "index.cfm" SQL Injection
08.51.52 - CFMSource CF_Calendar "calendarevent.cfm" SQL Injection
08.51.53 - CF_Auction and CF_Forum "forummessages.cfm" SQL Injection
08.51.54 - CFMSource CFMBlog "categorynbr" Parameter SQL Injection
08.51.55 - Banner Exchange Software Java "logon_license.jsp" Multiple SQL
Injection Vulnerabilities
08.51.56 - Multiple Ad Server Solutions Products "logon_processing.jsp" SQL
Injection Vulnerabilities
08.51.57 - Octeth Oempro Multiple SQL Injection Vulnerabilities
08.51.58 - ASP-CMS "cha" Parameter SQL Injection
08.51.59 - Social Groupie "id" Parameter SQL Injection
08.51.60 - Ad Management Java "logon.jsp" SQL Injection
08.51.61 - Affiliate Software Java "logon.jsp" SQL Injection
08.51.62 - ASPired2Blog "blog_comments.asp" SQL Injection
08.51.63 - Umer Inc Songs Portal "id" Parameter SQL Injection
08.51.64 - Joomla Live Chat Multiple SQL Injection and Open Proxy
Vulnerabilities
08.51.65 - ASP-DEV Internal E-Mail System SQL Injection Vulnerabilities
08.51.66 - ASP-DEV XM Events Diary "cat" Parameter SQL Injection
08.51.67 - FlexPHPNews Username and Password SQL Injection Vulnerabilities
08.51.68 - Multiple ASP SiteWare Products SQL Injection Vulnerabilities
08.51.69 - FLDS Free Links Directory Script "redir.php" SQL Injection
08.51.70 - Intesync LLC Miniweb 2.0 "username" Parameter SQL Injection
08.51.71 - WebPhotoPro Multiple SQL Injection Vulnerabilities
08.51.72 - Citrix Broadcast Server Unspecified SQL Injection
08.51.73 - Free Links Directory Script "lpro.php" SQL Injection
08.51.74 - Mediatheka "connection.php" SQL Injection
08.51.75 - CadeNix "cid" Parameter SQL Injection
08.51.76 - AM Events Module For Xoops "print.php" SQL Injection
08.51.77 - CFAGCMS "print.php" SQL Injection
08.51.78 - Aperto Blog "categories.php" SQL Injection
08.51.79 - icash Click&Rank Multiple SQL Injection Vulnerabilities
08.51.80 - icash Click&BaneX Multiple SQL Injection Vulnerabilities
08.51.81 - Faupload "download.php" SQL Injection
08.51.82 - Free Links Directory Script "report.php" SQL Injection
08.51.83 - Gnews Publisher "authors.asp" SQL Injection
08.51.84 - Liberum Help Desk "forgotpass.asp" SQL Injection
08.51.85 - ASP Indir EvimGibi Pro Resim Galerisi "resim.asp" SQL Injection
 -- Web Application
08.51.86 - eZoneScripts Living Local Arbitrary File Upload
08.51.87 - eZ Publish "/user/register" Remote Privilege Escalation
08.51.88 - phpAddEdit "addedit-render.php" Local File Include
08.51.89 - MDaemon Server WorldClient "<IMG>" Tag Script Injection
08.51.90 - Drupal Deleted Input Format HTML Injection
08.51.91 - phpAddEdit "Addedit-login.php" Authentication Bypass
08.51.92 - InSun FeedCms "lang" Parameter Local File Include
08.51.93 - PHP Support Tickets New Ticket Arbitrary File Upload
08.51.94 - SUMON Multiple Remote Command Execution Vulnerabilities
08.51.95 - Analysis of High-Performance Access CGI Session Identifier Session
Hijacking
08.51.96 - Social Groupie "create_album.php" Arbitrary File Upload
08.51.97 - Roundcube Webmail "preg_replace" Remote Code Execution
08.51.98 - Moodle "texed.php" Remote Command Execution
08.51.99 - Simple Text-File Login script "slogin_lib.inc.php" Remote File
Include
08.51.100 - Mediatheka "index.php" Local File Include
08.51.101 - The Rat CMS Admin Security Bypass
08.51.102 - CFAGCMS "index.php" Multiple Remote File Include Vulnerabilities
08.51.103 - AutositePHP Multiple Local File Include and File Overwrite
Vulnerabilities
08.51.104 - Multiple AvailScript Products Arbitrary File Upload Vulnerabilities
08.51.105 - CMS ISWEB SQL Injection and Cross-Site Scripting Vulnerabilities
08.51.106 - Flatnux "index.php" HTML Injection
08.51.107 - GeekiGeeki Multiple File Disclosure Vulnerabilities
08.51.108 - BabbleBoard "username" HTML Injection
08.51.109 - phpList Unspecified Local File Include
08.51.110 - phpBB Account Re-Activation Authentication Bypass
08.51.111 - Injader SQL Injection and HTML Injection Vulnerabilities
08.51.112 - MediaWiki Cross Site Scripting And Multiple HTML Injection
Vulnerabilities
08.51.113 - The Rat CMS "login.php" Multiple SQL Injection Vulnerabilities
08.51.114 - WorkSimple Information Disclosure Vulnerability and  Remote File
Include
08.51.115 - Aperto Blog Multiple Local File Include Vulnerabilities
08.51.116 - eZ Publish Weak Activation Token Remote Privilege Escalation
08.51.117 - icash ClickAndEmail SQL Injection and Cross Site Scripting
Vulnerabilities
08.51.118 - sCssBoard "admin/forums.php" Authentication Bypass
08.51.119 - RSMScript Cookie Authentication Bypass and HTML Injection
Vulnerabilities
 -- Network Device
08.51.120 - Nokia N70 and N73 Malformed OBEX Name Header Remote Denial of
Service
______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Apple Mac OS X Multiple Vulnerabilities
Affected:
Apple Mac OS versions prior to 10.5.6

Description: Apple Mac OS X contains multiple vulnerabilities.
Successfully exploiting one of these vulnerabilities would allow an
attacker to create a variety of exploit conditions. Most severely, a
specially crafted CPIO archive file or image file could result in remote
code execution with the privileges of the current user. Other
vulnerabilities in various operating system functions could render
applications using those functions vulnerable to arbitrary code
execution vulnerabilities in they pass remote user input directly into
a vulnerable function. Various other vulnerabilities are addressed in
this update, as well as updates to included third-party applications.

Status: Vendor confirmed, updates available.

References:
Apple Knowledge Base Article
http://support.apple.com/kb/HT3338
Product Home Page
http://www.apple.com/macosx
SecurityFocus BIDs
http://www.securityfocus.com/bid/32876
http://www.securityfocus.com/bid/32877
http://www.securityfocus.com/bid/32870
http://www.securityfocus.com/bid/32870
http://www.securityfocus.com/bid/32839
http://www.securityfocus.com/bid/30192

************************************************

(2) CRITICAL: Mozilla Products Multiple Vulnerabilities
Affected:
Mozilla Firefox versions prior to 3.0.5
Mozilla Thunderbird versions prior to 2.0.0.19
Mozilla SeaMonkey versions prior to 1.1.14

Description: Products based on the Mozilla codebase, including the
Mozilla Firefox web browser, contain multiple vulnerabilities in their
handing of a variety of inputs. A specially crafted web page or script
could trigger one of these vulnerabilities, leading to a variety of
exploit conditions. Most severely, a specially crafted web page could
result in arbitrary code execution with the privileges of the current
user, or execution of arbitrary JavaScript code with elevated
privileges. Technical details for these vulnerabilities is publicly
available via source code analysis.

Status: Vendor confirmed, updates available.

References:
Mozilla Security Bulletins
http://www.mozilla.org/security/announce/2008/mfsa2008-60.html
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
Vendor Home Page
http://www.mozilla.org
SecurityFocus BID
http://www.securityfocus.com/bid/32882

************************************************

(3) HIGH: Adobe Flash Player for Linux Remote Code Execution
Affected:
Adobe Flash Player for Linux versions prior to 10.0.12.36

Description: Adobe Flash Player, the most common rich media player on
the web, contains a flaw in its parsing of Flash files. A specially
crafted Flash file could exploit this vulnerability to execute arbitrary
code with the privileges of the current user. Flash content is generally
downloaded and played without first prompting the user. Few technical
details are publicly available for this vulnerability. The Adobe Flash
Player is installed by default on numerous Linux distributions.
Reportedly, only the Linux version of the Adobe Flash Player is
vulnerable.

Status: Vendor confirmed, updates available.

References:
Adobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb08-24.html
Vendor Home Page
http://www.adobe.com
SecurityFocus BID
http://www.securityfocus.com/bid/32896

************************************************

(4) HIGH: Opera Multiple Vulnerabilities
Affected:
Opera versions 9.62 and prior

Description: Opera is a popular cross platform web browser. It contains
multiple vulnerabilities in its handling of a variety of inputs. A
specially crafted web page or script viewed using Opera could trigger
one of these vulnerabilities. Exploiting one of these vulnerabilities
could result in a variety of exploit conditions, including remote code
execution with the privileges of the current user. Some technical
details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Opera Security Advisories
http://www.opera.com/support/kb/view/921/
http://www.opera.com/support/kb/view/924/
http://www.opera.com/support/kb/view/920/
http://www.opera.com/support/kb/view/923/
Post from n.runs
http://www.securityfocus.com/archive/1/499315
Vendor Home Page
http://www.opera.com
SecurityFocus BIDs
http://www.securityfocus.com/bid/32864
http://www.securityfocus.com/bid/32891

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 51, 2008

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.51.1 CVE: Not Available
Platform: Other Microsoft Products
Title: Internet Explorer 8 CSS
Description: Internet Explorer is a web browser for the Microsoft
Windows operating system. Internet Explorer 8 includes a
cross-site scripting filter, designed to prevent cross-site scripting
attacks against vulnerable web applications. If the injected code
contains a closing cascading style sheet (CSS) tag in addition to
malicious script code included as a CSS "expression" property, the
cross-site scripting filter will be bypassed. Internet Explorer
version 8 beta 2 is affected.
Ref: http://www.securityfocus.com/archive/1/499124
______________________________________________________________________

08.51.2 CVE: Not Available
Platform: Other Microsoft Products
Title: Microsoft Internet Explorer "Scripting.FileSystem" Security
Bypass
Description: Microsoft Internet Explorer is a web browser available
for Microsoft Windows. The browser is exposed to a security bypass
issue due to a failure to properly enforce restrictions on script
behavior.
Ref: http://support.microsoft.com/kb/182569
______________________________________________________________________

08.51.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Evans FTP "EvansFTP.ocx" ActiveX Control Multiple Remote Buffer
Overflow Vulnerabilities
Description: Evans FTP is an application that provides FTP
functionality for ActiveX applications. The control is exposed to
multiple remote buffer overflow issues because the application fails
to perform adequate boundary checks on user-supplied data.
Ref: http://www.evansprogramming.com/evansftp.asp
______________________________________________________________________

08.51.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Realtek Media Player Playlist Buffer Overflow
Description: Realtek Media Player (RtlRack) is a media player for
Windows platform. Realtek Media Player (RtlRack) is exposed to a buffer
overflow issue because it fails to perform adequate checks on
user-supplied input. Realtek Media Player version A4.06 is affected.
Ref:
http://www.shinnai.net/index.php?mod=02_Forum&group=Security&argument=
Local_performed_exploits&topic=1229414951.ff.php&page=last
______________________________________________________________________

08.51.5 CVE: Not Available
Platform: Mac Os
Title: Apple Mac OS X 2008-008 Multiple Security Vulnerabilities
Description: Apple Mac OS X is exposed to multiple security issues
that have been addressed in Security Update 2008-008.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.6 CVE: CVE-2008-4223
Platform: Mac Os
Title: Apple Podcast Producer Authentication Bypass
Description: Podcast Producer is an application for encoding,
publishing and producing podcasts. Podcast Producer is exposed to an
authentication bypass issue. An attacker can exploit this issue to
gain access to certain administrative functions. Podcast Producer for
Mac OS X Server versions 10.5 through 10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.7 CVE: CVE-2008-4224
Platform: Mac Os
Title: Apple Mac OS X UDF ISO File Handling Denial of Service
Description: Apple Mac OS X is exposed to a denial of service issue
when handling malformed UDF ISO volumes. Specifically, when a
specially crafted ISO file is opened, the computer may shut down. Mac
OS X version 10.4.11, Server 10.4.11, 10.5 through 10.5.5, and Server
10.5 through 10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.8 CVE: CVE-2008-4219
Platform: Mac Os
Title: Apple Mac OS X NFS Mounted Executable Exception Remote Denial
of Service
Description: Apple Mac OS X is exposed to a remote denial of service
issue because it fails to adequately handle exceptions from
NFS-mounted (Network File System) executables. Specifically, an
executable application located on an NFS share that encounters an
exception may trigger an infinite loop within the kernel, causing an
unexpected shutdown.
Ref: http://www.securityfocus.com/bid/32873
______________________________________________________________________

08.51.9 CVE: Not Available  	 CVE-2008-4222
Platform: Mac Os
Title: Apple Mac OS X "natd" Remote Denial of Service
Description: Apple Mac OS X is exposed to a remote denial of service
issue. This issue affects the "natd" Network Address Translation
daemon. Specifically, if Internet sharing is enabled, the "natd"
process may enter into an infinite loop when processing specially
constructed packets. Mac OS X versions 10.4.11, 10.5 through 10.5.5,
Server 10.4.11, and Server 10.5 through 10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.10 CVE: CVE-2008-4236
Platform: Mac Os
Title: Apple Mac OS X Type Service PDF File Remote Denial of Service
Description: Apple Mac OS X Type Service is exposed to a denial of
service issue. This issue occurs when handling a PDF file containing
malformed embedded fonts. Apple Mac OS X versions 10.5 through 10.5.5
and Mac OS X Server 10.5 through 10.5.5 are affecetd.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.11 CVE: CVE-2008-4217
Platform: Mac Os
Title: Apple Mac OS X BOM CPIO Header Stack Buffer Overflow
Description: Apple Mac OS X BOM is exposed to a remote stack-based
buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied data. The vulnerability is due
to a signedness error when handling malicious CPIO headers contained
in a CPIO archive.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.12 CVE: CVE-2008-4220
Platform: Mac Os
Title: Apple Mac OS X "inet_net_pton" API Integer Overflow
Description: The "inet_net_pton()" function is used to convert a
string representation of an IP address into a network-format binary
representation. The Apple Mac OS X "Libsystem" is exposed to an
integer overflow issue in the "inet_net_pton" API because it fails to
adequately bounds-check input data.
Ref: http://www.securityfocus.com/bid/32877
______________________________________________________________________

08.51.13 CVE: CVE-2008-4218
Platform: Mac Os
Title: Apple Mac OS X "i386_set_ldt" and "1386_get_ldt" Multiple
Integer Overflow Vulnerabilities
Description: Apple Mac OS X is exposed to multiple integer overflow
issues because the application fails to perform adequate boundary
checks on integer values. Specifically the vulnerabilities affect the
"i386_set_ldt" and "i386_get_ldt" system calls of the kernel. Apple
Mac OS X versions 10.5 through 10.5.5 and Mac OS X Server 10.5 through
10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.14 CVE: CVE-2008-4237
Platform: Mac Os
Title: Apple Mac OS X Managed Client Screen Saver Lock Bypass
Description: Apple Mac OS X is exposed to a security bypass issue
affecting managed client systems. Specifically, this issue results
from per-host configuration settings not being correctly applied to
some managed client systems. Mac OS X versions 10.5 through 10.5.5 and
Server 10.5 through 10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.15 CVE: CVE-2008-4221
Platform: Mac Os
Title: Apple Mac OS X "strptime" API Memory Corruption
Description: The "strptime" API is a reference library that provides
standardized time and date functions. The Mac OS X "Libsystem" is
exposed to a memory corruption issue that affects the "strptime" API.
Mac OS X versions 10.4.11, 10.5 through 10.5.5, Server 10.4.11, and
Server 10.5 through 10.5.5 are affected.
Ref: http://support.apple.com/kb/HT3338
______________________________________________________________________

08.51.16 CVE: Not Available
Platform: Linux
Title: Linux Kernel "ac_ioctl()" Local Buffer Overflow
Description: The Linux kernel is exposed to a local buffer overflow
issue because it fails to perform adequate boundary checks on
user-supplied data. This issue occurs in the "ac_ioctl()" function in
the "applicom.c" source file. Linux kernel versions prior to
2.6.28-rc1 are affected.
Ref: http://bugzilla.kernel.org/show_bug.cgi?id=11408
______________________________________________________________________

08.51.17 CVE: CVE-2008-5550
Platform: Solaris
Title: Sun Java Web Console Unspecified URI Redirection
Description: Sun Java Web Console is a web-based management tool for
the Solaris operating system. The application is exposed to an
unspecified remote URI-redirection issue. Java Web Console versions
3.0.2 through 3.0.5 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243786-1
______________________________________________________________________

08.51.18 CVE: Not Available
Platform: Solaris
Title: Sun Solaris Kerberos Remote Denial of Service
Description: Sun Solaris Kerberos is a network authentication
protocol. The application is exposed to a denial of service issue
because it fails to properly validate user-supplied data.
Specifically, local attackers can deny service to legitimate users by
taking advantage of a flaw in the credential-renewal system.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244866-1
______________________________________________________________________

08.51.19 CVE: Not Available
Platform: Solaris
Title: Sun Solaris "libICE" Unspecified Denial of Service
Description: Sun Solaris is an enterprise-grade UNIX distribution. Sun
Solaris is exposed to a denial of service issue that is caused by an
unspecified error in the X Inter Client Exchange Library (libICE).
Remote attackers may exploit this issue to deny service to legitimate
users.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243566-1
______________________________________________________________________

08.51.20 CVE: Not Available
Platform: Solaris
Title: Sun Solaris IPv4 Forwarding Denial of Service
Description: Sun Solaris is prone to a denial of service
vulnerability. A remote attacker can exploit this issue to panic the
system denying service to legitimate users. Specifically, the issue
occurs in IPv4 forwarding. Solaris 10 with patch 120011-14 (SPARC) or
120012-14 (x86) is affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-241126-1
______________________________________________________________________

08.51.21 CVE: CVE-2008-5415
Platform: Cross Platform
Title: Computer Associates ARCserve Backup "LDBServer" Remote Code
Execution
Description: Computer Associates ARCserve Backup provides backup and
restore protection for Windows. The application is exposed to a remote
code execution issue that exists in the "LDBserver" service. This
issue occurs because the application fails to perform sufficient
validation on user-supplied data.
Ref: http://www.securityfocus.com/archive/1/499128
______________________________________________________________________

08.51.22 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Server Administration Password Information Disclosure
Description: Sun Ray server is a proxy server developed by Sun
Microsystems. Sun Ray server is exposed to an information disclosure
issue that may allow attackers to gain access to the Sun Ray
administration password.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240365-1
______________________________________________________________________

08.51.23 CVE: CVE-2008-5549
Platform: Cross Platform
Title: Sun Java System Portal Server Web Console Information
Disclosure
Description: Sun Java System Portal Server is a Java-based framework
for developing web applications. The server is exposed to an
information disclosure issue because the Web Console component fails
to restrict access to potentially sensitive information. Java System
Portal Server versions 7.1 and 7.2 are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-243886-1
______________________________________________________________________

08.51.24 CVE: Not Available
Platform: Cross Platform
Title: Sun Ray Server and Sun Ray Windows Connector Information
Disclosure
Description: Sun Ray server is a proxy server developed by Sun
Microsystems. Sun Ray Server and Sun Ray Windows Connector are exposed
to an information disclosure issue that may allow attackers to gain
access to the Sun Ray administration password, while the application
is being configured.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-240506-1
______________________________________________________________________

08.51.25 CVE: Not Available
Platform: Cross Platform
Title: Asterisk IAX2 Unauthenticated Session Handling Remote Denial of
Service
Description: Asterisk is a PBX and telephony application for multiple
operating platforms. Asterisk supports the IAX2 VoIP protocol.
Asterisk is exposed to a remote denial of service issue because it
fails to handle remote unauthenticated sessions in a proper manner.
Ref: http://downloads.digium.com/pub/security/AST-2008-012.html
______________________________________________________________________

08.51.26 CVE: Not Available
Platform: Cross Platform
Title: Check Point SecurePlatform Unspecified Remote Security
Description: Check Point SecurePlatform is a server operating system.
SecurePlatform is exposed to an unspecified remote security issue.
Attackers may exploit this vulnerability to create accounts with
administrative privileges. Other attacks may also be possible.
SecurePlatform version R65 HFA02 is affected.
Ref:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-December/066422.html
______________________________________________________________________

08.51.27 CVE: Not Available
Platform: Cross Platform
Title: IBM WebSphere Portal and Workplace Web Content Management
Unspecified Security Bypass
Description: IBM WebSphere Portal and Workplace Web Content Management
are enterprise Web content management applications. IBM WebSphere
Portal and Workplace Web Content Management are exposed to an
unspecified security bypass issue that affects "BasicAuthTAI". IBM
WebSphere Portal and Workplace Web Content Management version 6.0.1.5
is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg27007603
______________________________________________________________________

08.51.28 CVE: Not Available
Platform: Cross Platform
Title: Tmax Soft JEUS Alternate Data Stream Source Code Information
Disclosure
Description: Tmax Soft JEUS is a web application server. The
application is exposed to an issue that allows attackers to access
source code because it fails to properly sanitize user-supplied input.
JEUS versions prior to 6 are affected.
Ref: http://www.securityfocus.com/bid/32804
______________________________________________________________________

08.51.29 CVE: Not Available
Platform: Cross Platform
Title: Sun Fire Servers IP Spoofing Security Bypass
Description: The Sun Fire server brand is a series of server computers
produced by Sun Microsystems. Sun Fire Servers are exposed to a
security bypass issue. Attackers can leverage this issue by spoofing
their IP in a manner sufficient to trigger this vulnerability.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-246746-1
______________________________________________________________________

08.51.30 CVE: Not Available
Platform: Cross Platform
Title: MPlayer TwinVQ Handling Stack Buffer Overflow
Description: MPlayer is a cross-platform media player. MPlayer is
exposed to a stack-based buffer overflow issue because it fails to
perform adequate checks on user-supplied input. This issue occurs in the
"demux_open_vqf()" function of the "libmpdemux/demux_vqf.c" source file
when parsing malformed TwinVQ media files. MPlayer version 1.0rc2 is
affected.
Ref: http://trapkit.de/advisories/TKADV2008-014.txt
______________________________________________________________________

08.51.31 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Provisioning Manager Security Bypass
Description: IBM Tivoli Provisioning Manager is used to deploy and
manage operating systems from a single remote console. The application
is exposed to an unspecified security bypass issue. Tivoli
Provisioning Manager versions prior to 5.1.1.1 with Interim Fix IF0006
applied are vulnerable.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg21330228
______________________________________________________________________

08.51.32 CVE: CVE-2008-5081
Platform: Cross Platform
Title: Avahi Multicast DNS Denial of Service
Description: Avahi is an application to discover services available on
the local network. Avahi is exposed to a denial of service issue.
Specifically, the vulnerability occurs when the application processes
multicast DNS data. Avahi versions prior to 0.6.24 are affected.
Ref:
http://git.0pointer.de/?p=avahi.git;a=commitdiff;h=
3093047f1aa36bed8a37fa79004bf0ee287929f4
______________________________________________________________________

08.51.33 CVE: Not Available
Platform: Cross Platform
Title: W3C Amaya HTML Tag Parameter Multiple Buffer Overflow
Vulnerabilities
Description: W3C Amaya is a freely available web browser and editor
that runs on multiple platforms. Amaya is exposed to multiple buffer
overflow issues because it fails to perform adequate checks on
user-supplied input. Amaya version 10.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32847
______________________________________________________________________

08.51.34 CVE: Not Available
Platform: Cross Platform
Title: Sun Java Wireless Toolkit Unspecified Remote Stack-Based Buffer
Overflow
Description: Sun Java Wireless Toolkit for CDLC is a toolbox for
developing wireless applications that are based on J2ME's Connected
Limited Device Configuration (CLDC). The toolkit is exposed to a
remote stack-based buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied input. Sun Java Wireless
Toolkit versions 2.5.2 and earlier are affected.
Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1
______________________________________________________________________

08.51.35 CVE: Not Available
Platform: Cross Platform
Title: Opera Web Browser prior to 9.63 Multiple Security
Vulnerabilities
Description: Opera Web Browser is a browser that runs on multiple
operating systems. Opera is exposed to multiple security issues. Opera
versions prior to 9.63 are affected.
Ref: http://www.opera.com/support/kb/view/921/
______________________________________________________________________

08.51.36 CVE: CVE-2008-0971, CVE-2008-1094
Platform: Cross Platform
Title: Multiple Barracuda Products Multiple Input Validation
Vulnerabilities
Description: Multiple Barracuda products are exposed to multiple
input-validation issues. Exploiting these issues could allow an
attacker to steal cookie-based authentication credentials, compromise
the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
Ref: http://www.barracudanetworks.com/ns/support/tech_alert.php
______________________________________________________________________

08.51.37 CVE: CVE-2008-5430
Platform: Cross Platform
Title: Mozilla Thunderbird Malformed MIME Message Denial of Service
Description: Mozilla Thunderbird is a cross-platform mail client for
Windows, Linux, and Apple Mac OS X. The application is exposed to a
denial of service issue because it fails to properly handle malformed
multipart MIME messages.
Ref: http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro
______________________________________________________________________

08.51.38 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Firefox MathML XHTML Denial of Service
Description: Mozilla Firefox is a browser available for multiple
platforms. The browser is exposed to a remote denial of service issue.
Viewing a malicious XHTML web page containing an empty "frameset" tag
within a "mathml:mroot" tag may cause the browser to crash. Firefox
version 3.0.4 is affected.
Ref: http://www.securityfocus.com/bid/32878
______________________________________________________________________

08.51.39 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pro Chat Rooms "gud" Parameter Cross-Site Scripting
Description: Pro Chat Rooms is a web-based chat room application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "gud"
parameter of the "profiles/index.php" script. Pro Chat Rooms version
3.0.2 is affected.
Ref: http://www.securityfocus.com/bid/32758
______________________________________________________________________

08.51.40 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: eZoneScripts Living Local Cross-Site Scripting
Description: eZoneScripts Living Local is a web-based application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied input to the "r"
parameter of the "listtest.php" script. Living Local version 1.1 is
affected.
Ref: http://www.securityfocus.com/bid/32761
______________________________________________________________________

08.51.41 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Max's Guestbook Multiple Cross-Site Scripting Vulnerabilities
Description: Max's Guestbook is a guestbook application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input.
Ref: http://www.securityfocus.com/archive/1/499099
______________________________________________________________________

08.51.42 CVE: CVE-2008-5435
Platform: Web Application - Cross Site Scripting
Title: PunBB "moderate.php" Cross-Site Scripting
Description: PunBB is a PHP-based forum application. The application
is exposed to a cross-site scripting issue because it fails to
sanitize user-supplied input to topic subjects in the "moderate.php"
script. PunBB versions prior to 1.3.1 are affected.
Ref: http://punbb.informer.com/forums/topic/20392/punbb-131/
______________________________________________________________________

08.51.43 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: PHP Weather Local File Include and Cross-Site Scripting
Vulnerabilities
Description: PHP Weather is a PHP-based application used to show
current weather. The application is exposed to multiple issues because
it fails to properly sanitize user-supplied input. PHP Weather version
2.2.2 is affected.
Ref: http://www.securityfocus.com/bid/32820
______________________________________________________________________

08.51.44 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Flatnux "photo.php" Multiple Cross-Site Scripting
Vulnerabilities
Description: Flatnux is a web-based content manager. Flatnux is
exposed to multiple cross-site scripting issues because it fails to
sufficiently sanitize user-supplied data to the "mod" and "foto"
parameters of the "photo.php" script.
Ref: http://www.securityfocus.com/bid/32828
______________________________________________________________________

08.51.45 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Groupmax Workflow Development Kit for Active Server Pages
Cross-Site Scripting
Description: Hitachi Groupmax Workflow is a workflow management
system. Groupmax Workflow Development Kit for Active Server Pages is
exposed to a cross-site scripting vulnerability because it fails to
sufficiently sanitize user-supplied data.
Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vul
s/HS08-026/index.html
______________________________________________________________________

08.51.46 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Hitachi JP1/Integrated Management - Service Support Unspecified
Cross-Site Scripting
Description: Hitachi JP1/Integrated Management - Service Support is an
application server available for multiple operating platforms. The
application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input.
Ref:
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-023/
index.html
______________________________________________________________________

08.51.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: World Recipe Multiple Cross-Site Scripting Vulnerabilities
Description: World Recipe is an ASP-based recipe management
application. The application is exposed to multiple cross-site
scripting issues because it fails to sanitize user-supplied input.
World Recipe version 2.11 is affected.
Ref: http://www.securityfocus.com/archive/1/499217
______________________________________________________________________

08.51.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: icash Click&Rank "user.asp" Cross-Site Scripting
Description: icash Click&Rank is an ASP-based web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "action"
parameter of the "user.asp" script.
Ref: http://www.securityfocus.com/bid/32855
______________________________________________________________________

08.51.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Kerio MailServer WebMail Multiple Cross-Site Scripting
Vulnerabilities
Description: Kerio MailServer is a mail management application used as
an alternative to Microsoft Exchange. WebMail is a mail client for the
Kerio MailServer. Kerio MailServer WebMail is exposed to multiple
cross-site scripting issues because it fails to sufficiently sanitize
user-supplied data. Kerio MailServer version 6.6.1 build 7069 for
Windows is affected.
Ref: http://www.kerio.com/security_advisory.html#0812
______________________________________________________________________

08.51.50 CVE: CVE-2008-5574
Platform: Web Application - SQL Injection
Title: unscripts UN Webmaster Marketplace "member.php" SQL Injection
Description: unscripts UN Webmaster Marketplace is a web application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "u" parameter of
the "MPS/member.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32756
______________________________________________________________________

08.51.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CF Shopkart "index.cfm" SQL Injection
Description: CF Shopkart is a web-based e-commerce application
implemented in ColdFusion. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "Category" parameter of the "index.cfm"
script before using it in an SQL query. CF Shopkart version 5.2.2 is
affected.
Ref: http://www.securityfocus.com/bid/32765
______________________________________________________________________

08.51.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CFMSource CF_Calendar "calendarevent.cfm" SQL Injection
Description: CFMSource CF_Calendar is a web-based calendar application
implemented in ColdFusion. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "calid" parameter of the "calendarevent.cfm"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32766
______________________________________________________________________

08.51.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CF_Auction and CF_Forum "forummessages.cfm" SQL Injection
Description: CF_Auction is an auction script implemented in
ColdFusion. CF_Forum is a web-based forum application implemented in
ColdFusion. The applications are exposed to an SQL injection issue
because they fail to sufficiently sanitize user-supplied data to the
"categorynbr" parameter of the "forummessages.cfm" script before using
it in an SQL query.
Ref: http://www.securityfocus.com/bid/32767
______________________________________________________________________

08.51.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CFMSource CFMBlog "categorynbr" Parameter SQL Injection
Description: CFMSource CFMBlog is a web-based content management
application implemented in ColdFusion. The application is exposed to
an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "categorynbr" parameter of the "index.cfm"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32768
______________________________________________________________________

08.51.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Banner Exchange Software Java "logon_license.jsp" Multiple SQL
Injection Vulnerabilities
Description: Banner Exchange Software Java is an advertisement
management application implemented in Java. The application is exposed
to multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data to "User Name" and "Password" textboxes
when logging in to the affected application through the
"logon_license.jsp" script.
Ref: http://www.securityfocus.com/bid/32781
______________________________________________________________________

08.51.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Ad Server Solutions Products "logon_processing.jsp"
SQL Injection Vulnerabilities
Description: Ad Server Solutions creates multiple JSP-based products
related to online advertising. Multiple applications are exposed to
SQL injection issues because they fail to sufficiently sanitize
user-supplied data to the "uname" and "pass" parameters of the
"logon_processing.jsp" script.
Ref: http://www.securityfocus.com/bid/32782
______________________________________________________________________

08.51.57 CVE: CVE-2008-3058
Platform: Web Application - SQL Injection
Title: Octeth Oempro Multiple SQL Injection Vulnerabilities
Description: Octeth Oempro is a PHP-based email marketing application.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data. Octeth Oempro
version 3.5.5.1 is affected.
Ref: http://osvdb.org/ref/50/oempro.txt
______________________________________________________________________

08.51.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP-CMS "cha" Parameter SQL Injection
Description: ASP-CMS is an ASP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "cha" parameter of the
"index.php" script before using it in an SQL query. ASP-CMS version
1.0 is affected.
Ref: http://www.securityfocus.com/archive/1/499153
______________________________________________________________________

08.51.59 CVE: Not Available

Platform: Web Application - SQL Injection
Title: Social Groupie "id" Parameter SQL Injection
Description: Social Groupie is a PHP-based social networking
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "group_index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32787
______________________________________________________________________

08.51.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ad Management Java "logon.jsp" SQL Injection
Description: Ad Management Java is an advertisement management
application implemented in Java. The application is exposed to
multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data to "User Name" and "Password" textboxes of
the "logon.jsp" script when logging in to the affected application.
Ref: http://www.securityfocus.com/bid/32790
______________________________________________________________________

08.51.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Affiliate Software Java "logon.jsp" SQL Injection
Description: Affiliate Software Java is an advertisement management
application implemented in Java. The application is exposed to
multiple SQL injection issues because it fails to sufficiently
sanitize user-supplied data to "User Name" and "Password" textboxes of
the "logon.jsp" script when logging in to the affected application.
Affiliate Software Java version 4.0 is affected.
Ref: http://www.securityfocus.com/bid/32791
______________________________________________________________________

08.51.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASPired2Blog "blog_comments.asp" SQL Injection
Description: ASPired2Blog is an ASP-based weblog application. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "BlogID" parameter of
the "admin/blog_comments.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32797
______________________________________________________________________

08.51.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Umer Inc Songs Portal "id" Parameter SQL Injection
Description: Umer Inc Songs Portal is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32802
______________________________________________________________________

08.51.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Joomla Live Chat Multiple SQL Injection and Open Proxy
Vulnerabilities
Description: Joomla Live Chat is a chat application for the Joomla!
content manager. The application is exposed to multiple input
validation issues. Exploiting these issues could allow attackers to
perform certain proxy actions, compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/32803
______________________________________________________________________

08.51.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP-DEV Internal E-Mail System SQL Injection Vulnerabilities
Description: ASP-DEV Internal E-Mail System is a web-based email-like
messaging system. The application is exposed to multiple SQL injection
issues because it fails to sufficiently sanitize user-supplied data to
the "user" and "pass" fields.
Ref: http://www.securityfocus.com/bid/32808
______________________________________________________________________

08.51.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP-DEV XM Events Diary "cat" Parameter SQL Injection
Description: ASP-DEV XM Events Diary is an ASP-based content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "cat" parameter of
the "default.asp" script before using it in an SQL query.
Ref: http://www.asp-dev.com/main.asp?page=42
______________________________________________________________________

08.51.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FlexPHPNews Username and Password SQL Injection Vulnerabilities
Description: FlexPHPNews is a news manager for web sites. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the username and
password fields in the "admin/usercheck.php" script. FlexPHPNews
version 0.0.6 and FlexPHPNews Pro 0.0.6 are affected.
Ref: http://www.securityfocus.com/bid/32810
______________________________________________________________________

08.51.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple ASP SiteWare Products SQL Injection Vulnerabilities
Description: ASP SiteWare produces a number of ASP-based web
applications. The applications are exposed to multiple SQL injection
issues because they fail to sufficiently sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32812
______________________________________________________________________

08.51.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: FLDS Free Links Directory Script "redir.php" SQL Injection
Description: FLDS (Free Links Directory Script) is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"id" parameter of the "redir.php" script before using it in an SQL
query. FLDS version 1.2a is affected.
Ref: http://www.securityfocus.com/bid/32813
______________________________________________________________________

08.51.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Intesync LLC Miniweb 2.0 "username" Parameter SQL Injection
Description: Intesync LLC Miniweb 2.0 is a PHP-based content manager.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "username" field of
the admin area login form before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32819
______________________________________________________________________

08.51.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebPhotoPro Multiple SQL Injection Vulnerabilities
Description: WebPhotoPro is a web-based application. The application
is exposed to multiple SQL injection issues because it fails to
sufficiently sanitize user-supplied data before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32829
______________________________________________________________________

08.51.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Citrix Broadcast Server Unspecified SQL Injection
Description: Citrix Application Gateway is used to distribute
applications to IP phones. It includes a Broadcast Server component.
The Broadcast Server is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. Broadcast Server version 6.1 for Citrix Application
Gateway and Broadcast Server 2.0 for Avaya AG250 are affected.
Ref: http://support.citrix.com/article/CTX119315
______________________________________________________________________

08.51.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Free Links Directory Script "lpro.php" SQL Injection
Description: Free Links Directory Script is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "id" parameter of
the "lpro.php" script before using it in an SQL query. Free Links
Directory Script version 1.2a is affected.
Ref: http://www.securityfocus.com/bid/32835
______________________________________________________________________

08.51.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Mediatheka "connection.php" SQL Injection
Description: Mediatheka is a web application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user" parameter of the
"connection.php" script before using it in an SQL query. Mediatheka
version 4.2 is affected.
Ref: http://www.securityfocus.com/bid/32836
______________________________________________________________________

08.51.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CadeNix "cid" Parameter SQL Injection
Description: CadeNix  is a PHP-based application that allows users to
develop online games. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "cid" parameter of the "index.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32846
______________________________________________________________________

08.51.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: AM Events Module For Xoops "print.php" SQL Injection
Description: The AM Events module is a PHP-based component for the
XOOPS content manager. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "id" parameter of the "modules/amevents/print.php" script before
using it in an SQL query. The AM Events module version 0.22 is
affected.
Ref: http://www.securityfocus.com/bid/32848
______________________________________________________________________

08.51.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CFAGCMS "print.php" SQL Injection
Description: CFAGCMS is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "title" parameter of the
"right.php" script before using it in an SQL query. CFAGCMS version 1
is affected.
Ref: http://www.securityfocus.com/bid/32851
______________________________________________________________________

08.51.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Aperto Blog "categories.php" SQL Injection
Description: Aperto Blog is a web application. The application is
prone to an SQL injection vulnerability because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"categories.php" script before using it in an SQL query. Aperto Blog
version 0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/32853
______________________________________________________________________

08.51.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: icash Click&Rank Multiple SQL Injection Vulnerabilities
Description: icash Click&Rank is a web-based application implemented
in ASP. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data before
using it in an SQL query. A successful exploit may allow an attacker
to compromise the application, access or modify data, or exploit
latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/32854
______________________________________________________________________

08.51.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: icash Click&BaneX Multiple SQL Injection Vulnerabilities
Description: icash Click&BaneX is a web-based application. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32856
______________________________________________________________________

08.51.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Faupload "download.php" SQL Injection
Description: Faupload is a PHP-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the
"download.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32858
______________________________________________________________________

08.51.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Free Links Directory Script "report.php" SQL Injection
Description: Free Links Directory Script is a PHP-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "linkid" parameter
of the "report.php" script before using it in an SQL query. Free Links
Directory Script version 1.2a is affected.
Ref: http://www.securityfocus.com/bid/32859
______________________________________________________________________

08.51.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Gnews Publisher "authors.asp" SQL Injection
Description: Gnews Publisher is a web-based publishing application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "authorID"
parameter of the "authors.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32883
______________________________________________________________________

08.51.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Liberum Help Desk "forgotpass.asp" SQL Injection
Description: Liberum Help Desk is a web interface for managing and
tracking technical support problems. It is implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "uid" field in the
"forgotpass.asp" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32884
______________________________________________________________________

08.51.85 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ASP Indir EvimGibi Pro Resim Galerisi "resim.asp" SQL Injection
Description: ASP Indir EvimGibi Pro Resim Galerisi is a web-based
application implemented in ASP. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "kat_id" parameter of the "resim.asp" script
before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32885
______________________________________________________________________

08.51.86 CVE: Not Available
Platform: Web Application
Title: eZoneScripts Living Local Arbitrary File Upload
Description: eZoneScripts Living Local is a web-based application. The
application is exposed to an arbitrary file upload issue because it
fails to properly verify the file extensions of uploaded files. Living
Local version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32760
______________________________________________________________________

08.51.87 CVE: Not Available
Platform: Web Application
Title: eZ Publish "/user/register" Remote Privilege Escalation
Description: eZ Publish in a content management system. eZ Publish is
exposed to a remote privilege escalation issue that occurs in the
registration view ("/user/register") page. eZ Publish versions prior
to 3.9.5, 3.10.1, and 4.0.1 are affected.
Ref:
http://ez.no/developer/security/security_advisories/ez_publish_3_9/
ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible
______________________________________________________________________

08.51.88 CVE: Not Available
Platform: Web Application
Title: phpAddEdit "addedit-render.php" Local File Include
Description: phpAddEdit is a web application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "editform" parameter of the
"addedit-render.php" script. phpAddEdit version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32774
______________________________________________________________________

08.51.89 CVE: Not Available
Platform: Web Application
Title: MDaemon Server WorldClient "<IMG>" Tag Script Injection
Description: WorldClient is a web-based email client shipped with
MDaemon Email Server. The application is exposed to a script injection
issue because it fails to properly sanitize user-supplied input.
WorldClient version 10.0.2 with Internet Explorer 7 is affected.
Ref: http://www.securityfocus.com/bid/32776
______________________________________________________________________

08.51.90 CVE: Not Available
Platform: Web Application
Title: Drupal Deleted Input Format HTML Injection
Description: Drupal is an open-source content manager that is
available for several platforms. 
Drupal is exposed to an HTML injection issue because it fails to
sufficiently sanitize user-supplied input before using it in
dynamically generated content. This issue can be triggered when an
input format is deleted. Drupal versions prior to 5.13 and 6.7 are
affected.
Ref: http://drupal.org/node/345441
______________________________________________________________________

08.51.91 CVE: Not Available
Platform: Web Application
Title: phpAddEdit "Addedit-login.php" Authentication Bypass
Description: phpAddEdit is a web-application. The application is
exposed to an authentication bypass issue that occurs in the
"Addedit-login.php" script because it fails to adequately verify
user-supplied input used for cookie-based authentication. phpAddEdit
version 1.3 is affected.
Ref: http://www.securityfocus.com/bid/32779
______________________________________________________________________

08.51.92 CVE: Not Available
Platform: Web Application
Title: InSun FeedCms "lang" Parameter Local File Include
Description: InSun FeedCms is a web-based content management system.
The application is exposed to a local file include issue because it
fails to properly sanitize user-supplied input to the "lang" parameter
of the "index.php" script. FeedCms version 1.07.03.19Beta is affected.
Ref: http://www.securityfocus.com/bid/32783
______________________________________________________________________

08.51.93 CVE: Not Available
Platform: Web Application
Title: PHP Support Tickets New Ticket Arbitrary File Upload
Description: PHP Support Tickets is a help desk application. The
application is exposed to an unspecified issue that lets attackers
upload arbitrary files. The issue occurs because the application fails
to adequately sanitize user-supplied input. Specifically, the
application fails to sufficiently sanitize file extensions before
uploading the files when creating a new ticket. PHP Support Tickets
version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/32785
______________________________________________________________________

08.51.94 CVE: Not Available
Platform: Web Application
Title: SUMON Multiple Remote Command Execution Vulnerabilities
Description: SUMON is a web-based application. SUMON is exposed to
multiple issues that attackers can leverage to execute arbitrary
commands. These issues occur because the application fails to
adequately sanitize user-supplied input. SUMON versions up to and
including 0.7.0 are affected.
Ref: http://www.securityfocus.com/bid/32788
______________________________________________________________________

08.51.95 CVE: Not Available
Platform: Web Application
Title: Analysis of High-Performance Access CGI Session Identifier
Session Hijacking
Description: Analysis of High-Performance Access CGI is a web-based
application implemented in Perl. The application is exposed to a
session hijacking issue because the application fails to generate
secure random session identifiers. Analysis of High-Performance Access
CGI versions 4.01 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32794
______________________________________________________________________

08.51.96 CVE: Not Available
Platform: Web Application
Title: Social Groupie "create_album.php" Arbitrary File Upload
Description: Social Groupie is a social networking application. The
application is exposed to an issue that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32795
______________________________________________________________________

08.51.97 CVE: Not Available
Platform: Web Application
Title: Roundcube Webmail "preg_replace" Remote Code Execution
Description: RoundCube Webmail is a web-based IMAP client. Roundcube
Webmail is exposed to a remote code execution issue because the
application fails to sufficiently sanitize user-supplied input to the
"preg_replace()" function of an unspecified script. Round Cube Webmail
versions 0.2-1 alpha and 0.2-2 beta are affected.
Ref: http://chuggnutt.com/html2text.php
______________________________________________________________________

08.51.98 CVE: Not Available
Platform: Web Application
Title: Moodle "texed.php" Remote Command Execution
Description: Moodle is a content manager for online courseware. Moodle
is exposed to an issue that attackers can leverage to execute
arbitrary commands. This issue occurs because the application fails to
adequately sanitize user-supplied input to the "pathname" parameter of
the "texed.php" script. Moodle version 1.9.3 is affected.
Ref: http://www.securityfocus.com/archive/1/499215
______________________________________________________________________

08.51.99 CVE: Not Available
Platform: Web Application
Title: Simple Text-File Login script "slogin_lib.inc.php" Remote File
Include
Description: Simple Text-File Login script (SiTeFiLo) is a PHP-based
application used to authenticate users. The application is exposed to
a remote file include issue because it fails to sufficiently sanitize
user-supplied input to the "slogin_path" parameter of the
"slogin_lib.inc.php" script. Simple Text-File Login script version
1.0.6 is affected.
Ref: http://www.securityfocus.com/bid/32811
______________________________________________________________________

08.51.100 CVE: Not Available
Platform: Web Application
Title: Mediatheka "index.php" Local File Include
Description: Mediatheka is a web application. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "lang" parameter of the
"index.php" script. Mediatheka version 4.2 is affected.
Ref: http://www.securityfocus.com/bid/32815
______________________________________________________________________

08.51.101 CVE: Not Available
Platform: Web Application
Title: The Rat CMS Admin Security Bypass
Description: The Rat CMS is a web-based content manager. The
application is exposed to a security bypass issue. Specifically, an
attacker can exploit the issue by accessing ".php" files in the
"admin" directory. The Rat CMS Pre-Alpha version 2 is affected.
Ref: http://www.securityfocus.com/bid/32816
______________________________________________________________________

08.51.102 CVE: Not Available
Platform: Web Application
Title: CFAGCMS "index.php" Multiple Remote File Include
Vulnerabilities
Description: CFAGCMS is a content manager. The application is exposed
to multiple remote file include issues because it fails to
sufficiently sanitize user-supplied input to the "main" and "right"
parameters of the "index.php" script. CFAGCMS version 1 is affected.
Ref: http://www.securityfocus.com/bid/32817
______________________________________________________________________

08.51.103 CVE: Not Available
Platform: Web Application
Title: AutositePHP Multiple Local File Include and File Overwrite
Vulnerabilities
Description: AutositePHP is a PHP-based content manager. The
application is exposed to local file include issues and a
file overwrite issue because it fails to properly sanitize
user-supplied input. AutositePHP version 2.0.3 is affected.
Ref: http://www.securityfocus.com/bid/32818
______________________________________________________________________

08.51.104 CVE: Not Available
Platform: Web Application
Title: Multiple AvailScript Products Arbitrary File Upload
Vulnerabilities
Description: AvailScript create scripts for web-based applications.
AvailScript Article and AvailScript Classmate scripts are exposed to
multiple issues that let remote attackers upload and execute arbitrary
script code on an affected computer with the privileges of the
web server process.
Ref: http://www.securityfocus.com/bid/32821
______________________________________________________________________

08.51.105 CVE: Not Available
Platform: Web Application
Title: CMS ISWEB SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: CMS ISWEB is a web-based content manager. CMS ISWEB is
exposed to an SQL injection issue and a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data. CMS
ISWEB version 3.0 is affected.
Ref: http://www.securityfocus.com/bid/32823
______________________________________________________________________

08.51.106 CVE: Not Available
Platform: Web Application
Title: Flatnux "index.php" HTML Injection
Description: Flatnux is a web-based content manager. Flatnux is
exposed to an HTML injection issue because it fails to sufficiently
sanitize user-supplied input. Specifically, this issue affects the
"index.php" script.
Ref: http://www.securityfocus.com/bid/32826
______________________________________________________________________

08.51.107 CVE: Not Available
Platform: Web Application
Title: GeekiGeeki Multiple File Disclosure Vulnerabilities
Description: GeekiGeeki is a wiki application. The application is
exposed to multiple file disclosure issues because it fails to
properly sanitize user-supplied input passed to the "handle_edit()"
and "handle_raw()" functions in the "geekigeeki.py" script. GeekiGeeki
versions prior to 3.0 are affected.
Ref: http://www.securityfocus.com/bid/32831
______________________________________________________________________

08.51.108 CVE: Not Available
Platform: Web Application
Title: BabbleBoard "username" HTML Injection
Description: BabbleBoard is a bulletin board application. BabbleBoard
is exposed to an HTML injection issue because it fails to sufficiently
sanitize user-supplied input. Specifically, this issue affects the
"username" text box when registering a new user. BabbleBoard version
1.1.6 is affected.
Ref: http://www.securityfocus.com/bid/32840
______________________________________________________________________

08.51.109 CVE: Not Available
Platform: Web Application
Title: phpList Unspecified Local File Include
Description: phpList is a newsletter manager. The application is
exposed to an unspecified local file include issue because it fails to
properly sanitize user-supplied input. phpList versions prior to
2.10.8 are affected.
Ref: http://www.phplist.com/?lid=273
______________________________________________________________________

08.51.110 CVE: Not Available
Platform: Web Application
Title: phpBB Account Re-Activation Authentication Bypass
Description: phpBB is a web application. phpBB is exposed to an
authentication bypass issue because it fails to properly enforce
privilege requirements when re-activating disabled accounts. phpBB
versions prior to 3.0.4 are affected.
Ref: http://www.phpbb.com/support/documents.php?mode=changelog&version=3
______________________________________________________________________

08.51.111 CVE: Not Available
Platform: Web Application
Title: Injader SQL Injection and HTML Injection Vulnerabilities
Description: Injader is a content manager. The application is exposed
to multiple input-validation issues. Injader versions prior to 2.1.2
are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=229782&release_id=646897
______________________________________________________________________

08.51.112 CVE: CVE-2008-5249, CVE-2008-5250
Platform: Web Application
Title: MediaWiki Cross-Site Scripting and Multiple HTML Injection
Vulnerabilities
Description: MediaWiki is a wiki application. The application is
exposed to multiple cross-site scripting and HTML injection issues
because it fails to sufficiently sanitize user-supplied data.
MediaWiki versions prior to 1.13.3, 1.12.1 and 1.6.11 are affected.
Ref:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-December/000080.
html
______________________________________________________________________

08.51.113 CVE: Not Available
Platform: Web Application
Title: The Rat CMS "login.php" Multiple SQL Injection Vulnerabilities
Description: The Rat CMS is a PHP-based content manager. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data before using it in
an SQL query. The Rat CMS Alpha version 2 is affected.
Ref: http://www.securityfocus.com/bid/32845
______________________________________________________________________

08.51.114 CVE: Not Available
Platform: Web Application
Title: WorkSimple Information Disclosure Vulnerability and Remote
File Include
Description: WorkSimple is a weblog application. The application is
exposed to multiple remote security issues. WorkSimple version 1.2.1
is affected.
Ref: http://www.securityfocus.com/bid/32849
______________________________________________________________________

08.51.115 CVE: Not Available
Platform: Web Application
Title: Aperto Blog Multiple Local File Include Vulnerabilities
Description: Aperto Blog is a PHP-based blog application. The
application is exposed to multiple local file include issues because
it fails to properly sanitize user-supplied input. Aperto Blog version
0.1.1 is affected.
Ref: http://www.securityfocus.com/bid/32850
______________________________________________________________________

08.51.116 CVE: Not Available
Platform: Web Application
Title: eZ Publish Weak Activation Token Remote Privilege Escalation
Description: eZ Publish is a content manager. eZ Publish is exposed to
a remote privilege escalation issue that occurs in the registration
view ("/user/register") page. eZ Publish versions 3.9.2 and 4.0.1 are
affected.
Ref: http://www.securityfocus.com/bid/32852
______________________________________________________________________

08.51.117 CVE: Not Available
Platform: Web Application
Title: icash ClickAndEmail SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: icash ClickAndEmail is a web application. The application
is exposed to multiple input validation issues. Exploiting these
issues could allow an attacker to steal cookie-based authentication
credentials, compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Ref: http://www.securityfocus.com/bid/32857
______________________________________________________________________

08.51.118 CVE: CVE-2008-5576
Platform: Web Application
Title: sCssBoard "admin/forums.php" Authentication Bypass
Description: sCssBoard is a web application. The application is
exposed to an authentication bypass isssue that occurs in the
"admin/forums.php" script because it fails to adequately verify
user-supplied input passed as the "current_users[users_level]"
parameter. sCssBoard version 1.12 is affected.
Ref: http://www.securityfocus.com/bid/32871
______________________________________________________________________

08.51.119 CVE: Not Available
Platform: Web Application
Title: RSMScript Cookie Authentication Bypass and HTML Injection
Vulnerabilities
Description: RSMScript is a web-based application. The application is
exposed to multiple issues because it fails to properly sanitize
user-supplied input. RSMScript version 1.21 is affected.
Ref: http://www.securityfocus.com/bid/32886
______________________________________________________________________

08.51.120 CVE: Not Available
Platform: Network Device
Title: Nokia N70 and N73 Malformed OBEX Name Header Remote Denial of
Service
Description: Nokia N70 and N73 phones are capable of Bluetooth
wireless communication, including support for the Object Exchange
(OBEX) protocol. These phones are exposed to a remote denial of
service issue. Specifically, they fail to handle OBEX requests where
the "Name" header contains specific malformed characters. N70 and N73
phones are affected.
Ref: http://www.securityfocus.com/archive/1/499157
______________________________________________________________________
[ terug ]