Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
	    @RISK: The Consensus Security Vulnerability Alert
November 28, 2008                                         Vol. 7. Week 49
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Third Party Windows Apps                        1 (#2)
Mac Os                                          1
Linux                                           3
HP-UX                                           1
Aix                                             1
Unix                                            2 (#3)
Cross Platform                                 15 (#1, #4)
Web Application - Cross Site Scripting         12
Web Application - SQL Injection                38
Web Application                                25
Network Device                                  1

**************** Sponsored By SANS Log Management Summit ****************

Attend the Log Management Summit April 6-7 to learn how to select and
implement the right tools in ways o both ensure you meet the regulatory
requirements and improve your security. As a bonus you'll hear how
organizations have found they can use log management to improve
operational efficiency as well as security.
http://www.sans.org/info/36154
****************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities
(2) HIGH: Trillian Multiple Vulnerabilities
(3) MODERATE: CUPS PNG Parsing Integer Overflow
(4) LOW: ClamAV Remote Denial-of-Service

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

- - -- Third Party Windows Apps
08.49.1  - MemeCode Software i.Scribe Remote Format String
 -- Mac Os
08.49.2  - Rumpus FTP Server HTTP Command Remote Denial of Service
 -- Linux
08.49.3  - Linux Kernel "lbs_process_bss()" Remote Denial of Service
08.49.4  - Linux Kernel "sendmsg()" Local Denial of Service
08.49.5  - Debian "login" Local Privilege Escalation
 -- HP-UX
08.49.6  - HP-UX Unspecified Local Denial of Service
 -- Aix
08.49.7  - IBM AIX Multiple Local Privilege Escalation Vulnerabilities
- - -- Unix
08.49.8  - CUPS PNG Filter "_cupsImageReadPNG()" Integer Overflow
08.49.9  - Dovecot ManageSieve Service ".sieve" Files Directory Traversal
- - -- Cross Platform
08.49.10 - Samba Arbitrary Memory Contents Information Disclosure
08.49.11 - xine-lib MP3 Processing Remote Denial of Service
08.49.12 - jhead "DoCommand()" Arbitrary File Deletion
08.49.13 - MailScanner Infinite Loop Denial of Service
08.49.14 - Livio.net WEB Calendar Cross-Site Scripting and Multiple SQL
Injection Vulnerabilities
08.49.15 - National Instruments Electronics Workbench ".ewb" File Buffer
Overflow
08.49.16 - Massimiliano Montoro Cain & Abel Malformed ".rdp" File Buffer
Overflow
08.49.17 - VLC Media Player Real demuxer Heap Buffer Overflow
08.49.18 - ClamAV "cli_check_jpeg_exploit" Function Malformed JPEG File Remote
Denial of Service
08.49.19 - MailScanner Multiple Insecure Temporary File Creation Vulnerabilities
08.49.20 - Rumpus FTP Server Command Argument Remote Buffer Overflow
08.49.21 - FFmpeg Multiple Denial of Service Vulnerabilities
08.49.22 - xrdp Multiple Buffer Overflow Vulnerabilities
08.49.23 - IBM Rational ClearQuest Maintenance Tool Local Information Disclosure
08.49.24 - VMware Products Unspecified Host Memory Corruption
 -- Web Application - Cross Site Scripting
08.49.25 - Ocean12 FAQ Manager Pro "Keyword" Parameter Cross-Site Scripting
08.49.26 - ParsBlogger "blog.asp" Cross-Site Scripting Vulnerability
08.49.27 - Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
08.49.28 - Basic CMS "q" Parameter Cross-Site Scripting
08.49.29 - Linksys WRT160N "apply.cgi" Cross-Site Scripting
08.49.30 - AssoCIateD "menu" Parameter Cross-Site Scripting
08.49.31 - Ocean12 Contact Manager Pro "DisplayFormat" Parameter Cross-Site
Scripting
08.49.32 - Pre Classified Listings "signup.asp" Cross-Site Scripting
08.49.33 - CodeToad ASP Shopping Cart Script Cross-Site Scripting
08.49.34 - Softbiz Classifieds Script Multiple Cross-Site Scripting
Vulnerabilities
08.49.35 - Pre ASP Job Board "emp_login.asp" Cross-Site Scripting
08.49.36 - IBM Rational ClearCase Cross-Site Scripting
 -- Web Application - SQL Injection
08.49.37 - Bluo "index.php" SQL Injection
08.49.38 - CMS Little "term" Parameter SQL Injection
08.49.39 - Ocean12 FAQ Manager Pro "id" Parameter SQL Injection
08.49.40 - ReVou Login SQL Injection
08.49.41 - Multiple Ocean12 Products "Admin_ID" Parameter SQL Injection
08.49.42 - Ocean12 Mailing List Manager Gold "Email" Parameter SQL Injection
08.49.43 - BusinessVein PHP TV Portal "index.php" SQL Injection
08.49.44 - CMS Ortus Edit User Profile SQL Injection
08.49.45 - Post Affiliate Pro "umprof_status" Parameter SQL Injection
08.49.46 - ParsBlogger "blog.asp" SQL Injection
08.49.47 - Star Articles Multiple SQL Injection Vulnerabilities
08.49.48 - Family Project Login Page SQL Injection
08.49.49 - Ocean12 Contact Manager Pro "default.asp" SQL Injection
08.49.50 - Web Calendar Pro "admin.php" SQL Injection
08.49.51 - Ocean12 Membership Manager Pro SQL Injection
08.49.52 - Turnkey Arcade Script "id" Parameter SQL Injection
08.49.53 - Venalsur Booking Centre "hotel_habitaciones.php" SQL Injection
08.49.54 - Basic PHP CMS "id" Parameter SQL Injection
08.49.55 - SailPlanner Login SQL Injection
08.49.56 - Multiple ActiveWebSoftwares Products Login Parameters SQL Injection
Vulnerabilities
08.49.57 - ActiveWebSoftwares ASPReferral "Merchantsadd.asp" SQL Injection
08.49.58 - Minimal ABlog SQL Injection and Arbitrary File Upload Vulnerabilities
08.49.59 - Lito Lite "cate.php" SQL Injection
08.49.60 - KTP Computer Customer Database "tid" Parameter SQL Injection
08.49.61 - ActiveWebSoftwares ActiveVotes "VoteHistory.asp" SQL Injection
08.49.62 - ActiveWebSoftwares Active Bids "bidhistory.asp" SQL Injection
08.49.63 - ActiveWebSoftwares Active Web Mail Multiple SQL Injection
Vulnerabilities
08.49.64 - ActiveWebSoftwares Active Test Multiple SQL Injection Vulnerabilities
08.49.65 - ActiveWebSoftwares Active Web Helpdesk "default.asp" SQL Injection
08.49.66 - cpCommerce Security Bypass and SQL Injection Vulnerabilities
08.49.67 - ActiveWebSoftwares Active Price Comparison "links.asp" SQL Injection
08.49.68 - ActiveWebSoftwares Active Business Directory "default.asp" SQL
Injection
08.49.69 - Z1Exchange "edit.php" SQL Injection
08.49.70 - bcoos "viewcat.php" SQL Injection
08.49.71 - Egi Zaberl E.Z.Poll "login.asp" Multiple SQL Injection
Vulnerabilities
08.49.72 - Pre Classified Listings "detailad.asp" SQL Injection
08.49.73 - Sunbyte e-Flower "popupproduct.php" SQL Injection
08.49.74 - Jbook SQL Injection
 -- Web Application
08.49.75 - CGI RESCUE MiniBBS2000 Unspecified Directory Traversal
08.49.76 - WHMCS "status/index.php" Information Disclosure
08.49.77 - ImpressCMS "PHPSESSID" Session Fixation
08.49.78 - TxtBlog "m" Parameter Local File Include
08.49.79 - RaidSonic ICY BOX NAS "userHandler.cgi" Authentication Bypass
08.49.80 - Star Articles "user.modify.profile.php" Arbitrary File Upload
08.49.81 - PageTree CMS "main.php" Remote File Include
08.49.82 - Subtext Anchor Tags HTML Injection
08.49.83 - Web Calendar System SQL Injection and Cross Site Scripting
Vulnerabilities
08.49.84 - CMS Made Simple "cms_language" Cookie Parameter Directory Traversal
08.49.85 - OpenForum "profile.php" Authentication Bypass
08.49.86 - Broadcast Machine "baseDir" Parameter Multiple Remote File Include
Vulnerabilities
08.49.87 - Andy's PHP Knowledgebase "saa.php" Arbitrary File Upload
08.49.88 - RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
08.49.89 - PHP JOBWEBSITE PRO "forgot.php" SQL Injection and Cross Site
Scripting Vulnerabilities
08.49.90 - ASP Forum Script SQL Injection and Cross Site Scripting
Vulnerabilities
08.49.91 - Pre Shopping Mall SQL Injection and Cross Site Scripting
Vulnerabilities
08.49.92 - IBM Rational ClearQuest Web Multiple Unspecified Cross Site Scripting
Vulnerabilities
08.49.93 - Fantastico "index.php" Local File Include
08.49.94 - Ocean12 Mailing List Manager Gold SQL Injection and Cross Site
Scripting Vulnerabilities
08.49.95 - MAXSITE Guestbook Component "message" Parameter Remote Command
Execution
08.49.96 - Z1Exchange SQL Injection and Cross Site Scripting Vulnerabilities
08.49.97 - i-Net Solution Orkut Clone SQL Injection and Cross Site Scripting
Vulnerabilities
08.49.98 - WebGUI "lib/WebGUI/Storage.pm" Remote Script Code Execution
08.49.99 - SquirrelMail Malformed HTML Mail Message HTML Injection
 -- Network Device
08.49.100 - Diginum Zaptel Multiple Local Privilege Escalation and Denial of
Service Vulnerabilities

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process


*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Sun Java Runtime Environment Multiple Vulnerabilities
Affected:
Sun Java Runtime Environment versions prior to 6 Update 11
Sun Java Development Kit versions prior to 6 Update 11

Description: The Sun Java Runtime Environment is the de facto standard
implementation of the Java Runtime Environment (JRE). The Sun JRE
contains multiple vulnerabilities in its handling of a variety of
inputs, including image files, authentication mechanisms, web sites, and
others. Successfully exploiting these vulnerabilities could allow an
attacker to perform a variety of actions, including executing arbitrary
code with the privileges of the current user. Java applets and
applications are often opened upon receipt, without first prompting the
user. Sun's JRE is installed by default on all Sun Solaris, Apple Mac
OS X, and other Unix and Linux-based operating systems, and is often
installed on Microsoft Windows systems. Some technical details are
publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-080
http://zerodayinitiative.com/advisories/ZDI-08-081
iDefense Security Advisories
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757
Sun Security Advisories
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1
Virtual Security Research Advisory
http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt
Secunia Security Adivsory
http://secunia.com/advisories/32991/
Sun's Java Home Page
http://java.sun.com
SecurityFocus BID
http://www.securityfocus.com/bid/32620

**************************************************

(2) HIGH: Trillian Multiple Vulnerabilities
Affected:
Trillian versions prior to 3.1.12.0

Description: Trillian is a popular multi-protocol instant messaging
application from Cerulean Studios. It contains multiple vulnerabilities
in its handling of messages. A specially crafted message sent to a user
cold trigger one of these vulnerabilities, allowing an attacker to
execute arbitrary code with the privileges of the current user. In some
cases, the user is prompted before entering into a vulnerable situation.
Some technical details are publicly available for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-077
http://zerodayinitiative.com/advisories/ZDI-08-078
http://zerodayinitiative.com/advisories/ZDI-08-079
Cerulean Studios Blog Post
http://blog.ceruleanstudios.com/?p=404
Vendor Home Page
http://www.ceruleanstudios.com/
SecurityFocus BID
Not yet available.

**************************************************

(3) MODERATE: CUPS PNG Parsing Integer Overflow
Affected:
CUPS versions 1.3.9 and prior

Description: CUPS is the Common Unix Printing System. It is used to
provide printing services on a variety of Unix and Linux-based operating
systems. It was recently acquired by Apple, but is an open source
product that is widely deployed on non-Apple operating systems. It
contains a flaw in its handling of Portable Network Graphics (PNG)
images. A specially crafted network print request containing a specially
crafted PNG image could trigger this vulnerability, leading to an
integer overflow vulnerability. Successfully exploiting this
vulnerability may allow an attacker to execute arbitrary code with the
privileges of the vulnerable process, though this has not been
confirmed. Full technical details for this vulnerability are publicly
available.

Status: Vendor confirmed, updates available.

References:
CUPS Bug Entry
http://www.cups.org/str.php?L2974
Wikipedia Article on PNG
http://en.wikipedia.org/wiki/Portable_Network_Graphics
Vendor Home Page
http://www.cups.org
SecurityFocus BID
Not yet available.

*******************************************************

(4) LOW: ClamAV Remote Denial-of-Service
Affected:
ClamAV versions prior to 0.94.2

Description: ClamAV is a popular open source antivirus engine. It
contains a flaw in its parsing of JPEG images, which can result in a
denial-of-service condition. Successfully exploiting this
denial-of-service condition could allow attackers to bypass malware
detection and lead to further exploits. In common configurations, all
that is necessary for exploitation is to send a malicious JPEG as an
email attachment to a vulnerable service. Full technical details are
publicly available for this vulnerability.

Status: Vendor confirmed, updates available.

References:
ClamAV Bug Report
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266
ClamAV Home Page
http://www.clamav.net
SecurityFocus BID
Not yet available.

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 49, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.49.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: MemeCode Software i.Scribe Remote Format String
Description: MemeCode Software i.Scribe is an email client that is
available for Microsoft Windows operating systems. i.Scribe is exposed
to a format string issue because it fails to properly sanitize
user-supplied input before passing it as the format specifier to a
formatted-printing function. i.Scribe versions 1.88 and 2.00 beta are
affected.
Ref: http://www.securityfocus.com/bid/32497
______________________________________________________________________

08.49.2 CVE: Not Available
Platform: Mac Os
Title: Rumpus FTP Server HTTP Command Remote Denial of Service
Description: Maxum Rumpus is an FTP server for Macintosh OS X. Rumpus
supports remote HTTP access. Rumpus is exposed to a remote denial of
service issue that occurs in the handling of maliciously constructed
HTTP requests. Rumpus versions prior to 6.0.1 are affected.
Ref: http://www.securityfocus.com/archive/1/498786
______________________________________________________________________

08.49.3 CVE: CVE-2008-5134
Platform: Linux
Title: Linux Kernel "lbs_process_bss()" Remote Denial of Service
Description: The Linux Kernel is exposed to a remote denial of service
issue because of a buffer overflow error in the "libertas" subsystem.
The vulnerability occurs in the "lbs_process_bss()" function of the
"drivers/net/wireless/libertas/scan.c" source file. Linux Kernel
versions prior to 2.6.27.5 are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=470761
______________________________________________________________________

08.49.4 CVE: CVE-2008-5300
Platform: Linux
Title: Linux Kernel "sendmsg()" Local Denial of Service
Description: The Linux kernel is exposed to a local denial of service
issue because it fails to properly garbage collect file descriptors
under specific circumstances. The issue is triggered when a child
process allocates new file descriptors to its parent process over an
"AF_UNIX" socket while the parent process is in its exit path and
performing garbage collection on the file descriptors. The Linux
kernel versions 2.6.27 and earlier are affected.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=473259
______________________________________________________________________

08.49.5 CVE: Not Available
Platform: Linux
Title: Debian "login" Local Privilege Escalation
Description: Debian is a Linux operating system. Debian is exposed to
a local privilege escalation issue because of an error in the "login"
program. Local attackers may be able to perform symbolic-link attacks
to change the ownership of arbitrary files. All versions of Debian are
affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
______________________________________________________________________

08.49.6 CVE: CVE-2008-4416
Platform: HP-UX
Title: HP-UX Unspecified Local Denial of Service
Description: HP-UX is exposed to a local denial of service issue.
Exploiting this issue allows local attackers to deny service to
legitimate users.This issue affects HP-UX B.11.31.
Ref: http://www.securityfocus.com/bid/32601
______________________________________________________________________

08.49.7 CVE: Not Available
Platform: Aix
Title: IBM AIX Multiple Local Privilege Escalation Vulnerabilities
Description: AIX is a UNIX operating system from IBM. AIX is exposed
to multiple issues because it fails to perform adequate boundary
checks on user-supplied data. IBM AIX version 6.1 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ30248
______________________________________________________________________

08.49.8 CVE: CVE-2008-5286
Platform: Unix
Title: CUPS PNG Filter "_cupsImageReadPNG()" Integer Overflow
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for  UNIX-based systems. CUPS is exposed to an
integer overflow issue because it fails to perform adequate boundary
checks on user-supplied PNG image sizes before using them to allocate
memory buffers. CUPS versions prior to 1.3.10 are affected.
Ref: http://www.cups.org/str.php?L2974
______________________________________________________________________

08.49.9 CVE: CVE-2008-5301
Platform: Unix
Title: Dovecot ManageSieve Service ".sieve" Files Directory Traversal
Description: Dovecot is a mail-server application for Linux and
UNIX-like operating systems. ManageSieve is a protocol designed to
manage sieve scripts; the Dovecot ManageSieve service is an
implementation of the protocol. The Dovecot ManageSieve service is
exposed to a directory traversal issue because the application fails
to adequately sanitize user-supplied input.
Ref: http://dovecot.org/list/dovecot/2008-November/035259.html
______________________________________________________________________

08.49.10 CVE: CVE-2008-4314
Platform: Cross Platform
Title: Samba Arbitrary Memory Contents Information Disclosure
Description: Samba is a freely available file and printer sharing
application maintained and developed by the Samba Development Team.
Samba allows users to share files and printers between operating
systems on UNIX and Windows platforms. Samba is exposed to an
information disclosure issue that can allow attackers to gain
arbitrary memory contents. Samba versions 3.0.29 up to and including
3.2.4 are affected.
Ref: http://us1.samba.org/samba/security/CVE-2008-4314.html
______________________________________________________________________

08.49.11 CVE: CVE-2008-5248
Platform: Cross Platform
Title: xine-lib MP3 Processing Remote Denial of Service
Description: The "xine" application is a media player; "xine-lib" is
the core library for applications that use xine. The "xine-lib"
library is exposed to a remote denial of service issue that occurs
when processing specially crafted MP3 media files with metadata
consisting only of separators. "xine-lib" versions prior to 1.1.15
are affected.
Ref: http://www.securityfocus.com/bid/32505
______________________________________________________________________

08.49.12 CVE: CVE-2008-4640
Platform: Cross Platform
Title: jhead "DoCommand()" Arbitrary File Deletion
Description: The "jhead" tool is used for manipulating Exif JPEG
headers. The "jhead" tool is exposed to an issue that lets attackers
delete arbitrary files in the context of the vulnerable application.
jhead versions 2.84 and earlier are affected.
Ref: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020
______________________________________________________________________

08.49.13 CVE: Not Available
Platform: Cross Platform
Title: MailScanner Infinite Loop Denial of Service
Description: MailScanner is an email monitoring and transaction
logging application. MailScanner is exposed to a remote denial of
service issue because it fails to properly handle user-supplied input.
The issue occurs in the "Clean()" function in the "Message.pm" module.
MailScanner versions prior to 4.73.3-1 are affected.
Ref: http://www.mailscanner.info/ChangeLog
______________________________________________________________________

08.49.14 CVE: Not Available
Platform: Cross Platform
Title: Livio.net WEB Calendar Cross-Site Scripting and Multiple SQL
Injection Vulnerabilities
Description: Livio.net WEB Calendar is a web-based application
implemented in ASP. The application is exposed to multiple issues,
since it fails to adequately sanitize user-supplied input. Livio.net
WEB Calendar versions 3.12 and 3.30 are affected.
Ref: http://www.securityfocus.com/bid/32515
______________________________________________________________________

08.49.15 CVE: Not Available
Platform: Cross Platform
Title: National Instruments Electronics Workbench ".ewb" File Buffer
Overflow
Description: Electronics Workbench is used to design and simulate
electronics circuit boards. Electronics Workbench is exposed to a
remote buffer overflow issue because it fails to perform adequate
checks on user-supplied input. All versions are affected.
Ref: http://www.securityfocus.com/bid/32542
______________________________________________________________________

08.49.16 CVE: Not Available
Platform: Cross Platform
Title: Massimiliano Montoro Cain & Abel Malformed ".rdp" File Buffer
Overflow
Description: Cain & Abel is an application that is designed to provide
functionality to recover various types of passwords by sniffing them
from the connected network. Cain & Abel is exposed to a buffer
overflow issue because it fails to adequately bounds check
user-supplied data before copying it into an insufficiently sized
buffer. Cain & Abel versions 4.9.24 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32543
______________________________________________________________________

08.49.17 CVE: CVE-2008-5276
Platform: Cross Platform
Title: VLC Media Player Real demuxer Heap Buffer Overflow
Description: VLC is a cross-platform media player. VLC is exposed to a
heap buffer overflow issue because it fails to perform adequate checks
on user-supplied input. This issue occurs in the "ReadRealIndex()"
function of the "modulesdemuxreal.c" source file when parsing
malformed ".rm" files. VLC media player versions 0.9.0 up to and
including 0.9.6 are affected.
Ref: http://www.trapkit.de/advisories/TKADV2008-013.txt
______________________________________________________________________

08.49.18 CVE: Not Available
Platform: Cross Platform
Title: ClamAV "cli_check_jpeg_exploit" Function Malformed JPEG File
Remote Denial of Service
Description: ClamAV is a multiplatform toolkit used for scanning email
messages for viruses. ClamAV is exposed to a denial of service issue
when handling malformed JPEG files that contain a thumbnail image.
This issue occurs in the "cli_check_jpeg_exploit()" function of the
"libclamavspecial.c" source file. ClamAV versions prior to 0.94.2 are
affected.
Ref: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266
______________________________________________________________________

08.49.19 CVE: Not Available
Platform: Cross Platform
Title: MailScanner Multiple Insecure Temporary File Creation
Vulnerabilities
Description: MailScanner scans for viruses at email gateways. Multiple
MailScanner scripts create temporary files in an insecure manner.
MailScanner versions 4.55.10 and 4.68.8 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506353
______________________________________________________________________

08.49.20 CVE: Not Available
Platform: Cross Platform
Title: Rumpus FTP Server Command Argument Remote Buffer Overflow
Description: Maxum Rumpus is an FTP server for the Macintosh OS X
operating system. The application is exposed to a remote buffer
overflow issue because it fails to perform adequate boundary checks on
user-supplied data. Rumpus versions prior to 6.0.1 are affected.
Ref: http://www.securityfocus.com/archive/1/498786
______________________________________________________________________

08.49.21 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg Multiple Denial of Service Vulnerabilities
Description: FFmpeg is a media player. FFmpeg is exposed to multiple
remote issues. An attacker can exploit these issues to cause the
affected application to crash or enter an endless loop, denying
service to legitimate users. FFmpeg versions 0.4.9_20080909 and
earlier are affected.
Ref: http://www.securityfocus.com/bid/32564
______________________________________________________________________

08.49.22 CVE: Not Available
Platform: Cross Platform
Title: xrdp Multiple Buffer Overflow Vulnerabilities
Description: xrdp is a remote desktop protocol (RDP) server. The
application is exposed to multiple buffer overflow issues because it
fails to perform adequate boundary checks on user-supplied data. xrdp
versions 0.4.1 and earlier are affected.
Ref: http://www.securityfocus.com/bid/32565
______________________________________________________________________

08.49.23 CVE: Not Available
Platform: Cross Platform
Title: IBM Rational ClearQuest Maintenance Tool Local Information
Disclosure
Description: IBM Rational ClearQuest is a software development
management application. The ClearQuest Maintenance Tool is a
management application included with ClearQuest. The application is
exposed to a local information disclosure issue because it displays
user and database authentication credentials in password edit boxes.
ClearQuest versions prior to 7.0.0.4 and 7.0.1.3 are vulnerable.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK30938
______________________________________________________________________

08.49.24 CVE: CVE-2008-4917
Platform: Cross Platform
Title: VMware Products Unspecified Host Memory Corruption
Description: VMware products are virtualization solutions that support
multiple operating platforms. Multiple VMware products are exposed to
an unspecified memory-corruption issue in the virtual machine
hardware. The issue can be triggered by a malicious request sent from
the guest operating system to the virtual hardware.
Ref: http://www.securityfocus.com/bid/32597
______________________________________________________________________

08.49.25 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ocean12 FAQ Manager Pro "Keyword" Parameter Cross-Site
Scripting
Description: Ocean12 FAQ Manager Pro is a web-based application
implemented in ASP. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "Keyword" parameter of the "default.asp"
script.
Ref: http://www.securityfocus.com/bid/32526
______________________________________________________________________

08.49.26 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: ParsBlogger "blog.asp" Cross-Site Scripting Vulnerability
Description: ParsBlogger is a web-based application implemented in
ASP. The application is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied data to the
"blog.asp" script.
Ref: http://www.securityfocus.com/bid/32529
______________________________________________________________________

08.49.27 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Venalsur Booking Centre Multiple Cross-Site Scripting
Vulnerabilities
Description: Venalsur Booking Centre is a PHP-based web application.
The application is exposed to multiple cross-site scripting issues
because it fails to sanitize user-supplied input. An attacker may
leverage these issues to execute arbitrary script code in the browser
of an unsuspecting user in the context of the affected site.
Ref: http://www.securityfocus.com/bid/32530
______________________________________________________________________

08.49.28 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Basic CMS "q" Parameter Cross-Site Scripting
Description: Basic CMS is a PHP-based web application. The application
is exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "q" parameter of the
"index.php" script.
Ref: http://www.securityfocus.com/bid/32531
______________________________________________________________________

08.49.29 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Linksys WRT160N "apply.cgi" Cross-Site Scripting
Description: Linksys WRT160N is a wireless router device. Linksys
WRT160N is exposed to a cross-site scripting issue due to a failure of
the application to properly sanitize user-supplied input.
Ref: http://www.securityfocus.com/bid/32496
______________________________________________________________________

08.49.30 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: AssoCIateD "menu" Parameter Cross-Site Scripting
Description: AssoCIateD (ACID) is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "menu"
parameter of the "index.php" script when the "p" parameter is set to
"search". AssoCIateD version 1.4.4 is affected.
Ref: http://www.securityfocus.com/archive/1/498737
______________________________________________________________________

08.49.31 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Ocean12 Contact Manager Pro "DisplayFormat" Parameter Cross-Site
Scripting
Description: Ocean12 Contact Manager Pro is a web-based application
implemented in ASP. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "DisplayFormat" parameter of the "index.asp"
script. Contact Manager Pro version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/32503
______________________________________________________________________

08.49.32 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pre Classified Listings "signup.asp" Cross-Site Scripting
Description: Pre Classified Listings is an ASP-based application for
managing classifieds. The application is exposed to a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "address" parameter of the "signup.asp"
script. All versions are considered vulnerable.
Ref: http://www.securityfocus.com/bid/32564
______________________________________________________________________

08.49.33 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: CodeToad ASP Shopping Cart Script Cross-Site Scripting
Description: CodeToad ASP Shopping Cart Script is a web-based
application. The application is exposed to a cross-site scripting
issue because it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32568
______________________________________________________________________

08.49.34 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Softbiz Classifieds Script Multiple Cross-Site Scripting
Vulnerabilities
Description: Softbiz Classifieds Script is a web-based application.
The application is exposed to multiple cross-site scripting issues
because it fails to sufficiently sanitize user-supplied data.
Ref: http://www.securityfocus.com/bid/32569
______________________________________________________________________

08.49.35 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Pre ASP Job Board "emp_login.asp" Cross-Site Scripting
Description: Pre ASP Job Board is an ASP-based application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "msg"
parameter of the "emp_login.asp" script. All versions are considered
to be vulnerable.
Ref: http://www.securityfocus.com/bid/32572
______________________________________________________________________

08.49.36 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Rational ClearCase Cross-Site Scripting
Description: IBM Rational ClearCase is a software configuration
management solution. It ships with a web interface. IBM Rational
ClearCase is exposed to a cross-site scripting issue because the
applications fail to properly sanitize user-supplied input.
Specifically, the issue affects the web interface. IBM Rational
ClearCase versions prior to 7.0.0.4 and 7.0.1.3 are affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK70972
______________________________________________________________________

08.49.37 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bluo "index.php" SQL Injection
Description: Bluo is a PHP-based content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "index.php"
script before using it in an SQL query. Bluo version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32522
______________________________________________________________________

08.49.38 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Little "term" Parameter SQL Injection
Description: CMS Little is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "term" parameter of
the "index.php" script before using it in an SQL query. CMS Little
version 0.0.1 is affected.
Ref: http://www.securityfocus.com/bid/32523
______________________________________________________________________

08.49.39 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ocean12 FAQ Manager Pro "id" Parameter SQL Injection
Description: Ocean12 FAQ Manager Pro is an ASP-based application for
managing knowledge bases. The application is exposed to an SQL
injection issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "index.asp" script
when the "Action" parameter is set to "Cat".
Ref: http://www.securityfocus.com/bid/32524
______________________________________________________________________

08.49.40 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ReVou Login SQL Injection
Description: ReVou is a microblogging application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Username" and "Password" textboxes
when logging in to the affected application.
Ref: http://www.securityfocus.com/bid/32525
______________________________________________________________________

08.49.41 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple Ocean12 Products "Admin_ID" Parameter SQL Injection
Description: Ocean12 Technologies provide a number of ASP-based web
applications. Multiple Ocean12 applications are exposed to an SQL
injection issue because they fail to sufficiently sanitize
user-supplied data to the "Admin_ID" parameter of the "login.asp'
script". Ocean12 FAQ Manager Pro and Ocean12 Poll Manager Pro are
affected.
Ref: http://www.securityfocus.com/bid/32526
______________________________________________________________________

08.49.42 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ocean12 Mailing List Manager Gold "Email" Parameter SQL
Injection
Description: Ocean12 Mailing List Manager Gold is an ASP-based mailing
list application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"Email" parameter of the "default.asp" script. Ocean12 Mailing List
Manager Gold version 2.04 is affected.
Ref: http://www.securityfocus.com/bid/32526
______________________________________________________________________

08.49.43 CVE: Not Available
Platform: Web Application - SQL Injection
Title: BusinessVein PHP TV Portal "index.php" SQL Injection
Description: BusinessVein PHP TV Portal is a PHP-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "mid" parameter of
the "index.php" script before using it in an SQL query. PHP TV Portal
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32532
______________________________________________________________________

08.49.44 CVE: Not Available
Platform: Web Application - SQL Injection
Title: CMS Ortus Edit User Profile SQL Injection
Description: CMS Ortus is a PHP-based content manager. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "City" text box field when editing
a user profile. CMS Ortus versions 1.12 and 1.13 are affected.
Ref: http://www.securityfocus.com/bid/32486
______________________________________________________________________

08.49.45 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Post Affiliate Pro "umprof_status" Parameter SQL Injection
Description: Post Affiliate Pro is a PHP-based affiliate application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "umprof_status"
parameter of the "index.php" script before using it in an SQL query.
Post Affiliate Pro version 3 is affected.
Ref: http://www.securityfocus.com/bid/32487
______________________________________________________________________

08.49.46 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ParsBlogger "blog.asp" SQL Injection
Description: ParsBlogger is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "wr" parameter of the "blog.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32488
______________________________________________________________________

08.49.47 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Star Articles Multiple SQL Injection Vulnerabilities
Description: Kalptaru Infotech Star Articles is a PHP-based content
manager. The application is exposed to multiple SQL injection issues
because it fails to sufficiently sanitize user-supplied data. Star
Articles version 6.0 is affected.
Ref: http://www.securityfocus.com/bid/32489
______________________________________________________________________

08.49.48 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Family Project Login Page SQL Injection
Description: Family Project is a web-based application. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "Username" and
"Password" fields when logging into the application. Family Project
version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32501
______________________________________________________________________

08.49.49 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ocean12 Contact Manager Pro "default.asp" SQL Injection
Description: Ocean12 Contact Manager Pro is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "Sort" parameter of
the "default.asp" script before using it in an SQL query. Contact
Manager Pro version 1.02 is affected.
Ref: http://www.securityfocus.com/bid/32502
______________________________________________________________________

08.49.50 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Web Calendar Pro "admin.php" SQL Injection
Description: Web Calendar Pro is a web-based calendar system. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "Username" field in the
"admin.php" script. Web Calendar Pro version 4.1 is affected.
Ref: http://www.securityfocus.com/bid/32507
______________________________________________________________________

08.49.51 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Ocean12 Membership Manager Pro SQL Injection
Description: Ocean12 Membership Manager Pro is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"username" field of the login script before using it in an SQL query.
Ref: http://ocean12tech.com/products/membership/
______________________________________________________________________

08.49.52 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Turnkey Arcade Script "id" Parameter SQL Injection
Description: Turnkey Arcade Script is a PHP-based web application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32511
______________________________________________________________________

08.49.53 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Venalsur Booking Centre "hotel_habitaciones.php" SQL Injection
Description: Venalsur Booking Centre is a PHP-based web application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "HotelID" parameter
of the "hotel_habitaciones.php" script before using it in an SQL
query. Venalsur Booking Centre version 2.01 is affected.
Ref: http://www.securityfocus.com/bid/32512
______________________________________________________________________

08.49.54 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Basic PHP CMS "id" Parameter SQL Injection
Description: Basic PHP CMS is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32519
______________________________________________________________________

08.49.55 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SailPlanner Login SQL Injection
Description: SailPlanner is a web-based application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to "Username" and "Password" textboxes
when logging in to the affected application. SailPlanner version 0.3a
is affected.
Ref: http://www.securityfocus.com/bid/32521
______________________________________________________________________

08.49.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Multiple ActiveWebSoftwares Products Login Parameters SQL
Injection Vulnerabilities
Description: ActiveWebSoftwares produces a number of ASP-based web
applications. The applications are exposed to multiple SQL injection
issues because they fail to sufficiently sanitize user-supplied data
provided to the "username", "password", and "email" textboxes when
logging in.
Ref: http://www.securityfocus.com/bid/32533
______________________________________________________________________

08.49.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares ASPReferral "Merchantsadd.asp" SQL Injection
Description: ActiveWebSoftwares ASPReferral is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "AccountID" parameter of the "Merchantsadd.asp" script before
using it in an SQL query. ASPReferral version 5.3 is affected.
Ref: http://www.securityfocus.com/bid/32534
______________________________________________________________________

08.49.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Minimal ABlog SQL Injection and Arbitrary File Upload
Vulnerabilities
Description: Minimal ABlog is a web-based blogging application. Since
it fails to sufficiently sanitize user-supplied data, the application
is exposed to multiple input validation issues. Minimal ABlog 0.4 is
affected.
Ref: http://www.securityfocus.com/bid/32537
______________________________________________________________________

08.49.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Lito Lite "cate.php" SQL Injection
Description: Lito Lite is a web-based content management system. The
application is exposed to an SQL injection issue because it fails to
adequately sanitize user-supplied input to the "cid" field in the
"cate.php" script.
Ref: http://www.securityfocus.com/bid/32538
______________________________________________________________________

08.49.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: KTP Computer Customer Database "tid" Parameter SQL Injection
Description: KTP Computer Customer Database is a web-based
application. The application is exposed to an SQL injection issue
because it fails to adequately sanitize user-supplied input to the
"tid" parameter.
Ref: http://www.securityfocus.com/bid/32539
______________________________________________________________________

08.49.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares ActiveVotes "VoteHistory.asp" SQL Injection
Description: ActiveWebSoftwares ActiveVotes is a web-based application
implemented in ASP. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "AccountID" parameter of the "VoteHistory.asp" script before using
it in an SQL query. ActiveVotes version 2.2 is affected.
Ref: http://www.securityfocus.com/bid/32541
______________________________________________________________________

08.49.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Bids "bidhistory.asp" SQL Injection
Description: ActiveWebSoftwares Active Bids is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"ItemID" parameter of the "bidhistory.asp" script before using it in
an SQL query. Active Bids version 3.5 is affected.
Ref: http://www.securityfocus.com/bid/32544
______________________________________________________________________

08.49.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Web Mail Multiple SQL Injection
Vulnerabilities
Description: ActiveWebSoftwares Active Web Mail is a web-based
application implemented in ASP. The application is exposed to multiple
SQL injection issues because it fails to sufficiently sanitize
user-supplied data to the "QuizID" parameter of the "questions.asp",
"importquestions.asp" and "quiztakers.asp" scripts before using it in
an SQL query. Active Web Mail version 4 is affected.
Ref: http://www.securityfocus.com/bid/32546
______________________________________________________________________

08.49.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Test Multiple SQL Injection
Vulnerabilities
Description: ActiveWebSoftwares Active Test is a web-based application
implemented in ASP. The application is exposed to multiple SQL
injection issues because it fails to sufficiently sanitize
user-supplied data to the "QuizID" parameter of the "questions.asp",
"importquestions.asp" and "quiztakers.asp" scripts before using it in
an SQL query. Active Test version 2.1 is affected.
Ref: http://www.securityfocus.com/bid/32547
______________________________________________________________________

08.49.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Web Helpdesk "default.asp" SQL
Injection
Description: ActiveWebSoftwares Active Web Helpdesk is a web-based
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"CategoryID" parameter of the "default.asp" script before using it in
an SQL query. Active Web Helpdesk 2 is affected.
Ref: http://www.securityfocus.com/bid/32548
______________________________________________________________________

08.49.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: cpCommerce Security Bypass and SQL Injection Vulnerabilities
Description: cpCommerce is a PHP-based e-commerce application. The
application is exposed to multiple security issues. cpCommerce version
1.2.6 is affected.
Ref: http://www.securityfocus.com/bid/32549
______________________________________________________________________

08.49.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Price Comparison "links.asp" SQL
Injection
Description: ActiveWebSoftwares Active Price Comparison is a
web-based application implemented in ASP. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "linkid" parameter of the "links.asp" script
before using it in an SQL query. Active Price Comparison 4 is
affected.
Ref: http://www.securityfocus.com/bid/32550
______________________________________________________________________

08.49.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ActiveWebSoftwares Active Business Directory "default.asp" SQL
Injection
Description: ActiveWebSoftwares Active Business Directory is a
web-based application implemented in ASP. The application is exposed
to an SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "catid" parameter of the "default.asp"
script before using it in an SQL query. Active Business Directory 2 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/32551
______________________________________________________________________

08.49.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Z1Exchange "edit.php" SQL Injection
Description: Z1Exchange is a link exchange application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "site" parameter of
the "edit.php" script before using it in an SQL query. Z1Exchange
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32556
______________________________________________________________________

08.49.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: bcoos "viewcat.php" SQL Injection
Description: The "bcoos" program is a content manager based on the
E-Xoops CMS. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"cid" parameter of the "modules/adresses/viewcat.php" script before
using it in an SQL query. bcoos version 1.0.13 is affected.
Ref: http://www.securityfocus.com/bid/32561
______________________________________________________________________

08.49.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Egi Zaberl E.Z.Poll "login.asp" Multiple SQL Injection
Vulnerabilities
Description: Egi Zaberl E.Z.Poll is a web-based polling application.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "Username"
and "Password" parameters of the "login.asp" script. E.Z.Poll version
2 is affected.
Ref: http://www.securityfocus.com/bid/32562
______________________________________________________________________

08.49.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre Classified Listings "detailad.asp" SQL Injection
Description: Pre Classified Listings is an ASP-based classifieds
management application. The application is exposed to an SQL injection
issue because it fails to sufficiently sanitize user-supplied data to
the "siteid" parameter of the "detailad.asp" script before using it in
an SQL query. All versions of Pre Classified Listings are affected.
Ref: http://www.securityfocus.com/bid/32566
______________________________________________________________________

08.49.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Sunbyte e-Flower "popupproduct.php" SQL Injection
Description: Sunbyte e-Flower is an e-commerce application for flower
shops. The application is exposed to an SQL injection issue because it
fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "popupproduct.php" script before using it in an SQL
query.
Ref: http://www.securityfocus.com/bid/32589
______________________________________________________________________

08.49.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jbook SQL Injection
Description: Jbook is a web-application implemented in ASP. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "password" field of
the login script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32599
______________________________________________________________________

08.49.75 CVE: Not Available
Platform: Web Application
Title: CGI RESCUE MiniBBS2000 Unspecified Directory Traversal
Description: CGI RESCUE MiniBBS2000 is a web-based application
implemented in Perl. iniBBS2000 is exposed to an unspecified directory
traversal issue because it fails to sufficiently sanitize
user-supplied input data. MiniBBS2000 versions prior to 1.0.3 are
affected.
Ref: http://jvn.jp/en/jp/JVN86833991/index.html
______________________________________________________________________

08.49.76 CVE: Not Available
Platform: Web Application
Title: WHMCS "status/index.php" Information Disclosure
Description: WHMCS (WHM Complete Solution) is a PHP-based application
for billing and managing clients. WHMCS is exposed to an information
disclosure issue because it fails to restrict access to certain pages.
WHMCS version 3.7.1 is affected.
Ref: http://www.securityfocus.com/archive/1/498715
______________________________________________________________________

08.49.77 CVE: Not Available
Platform: Web Application
Title: ImpressCMS "PHPSESSID" Session Fixation
Description: ImpressCMS is a PHP-based content manager. Impress CMS is
exposed to a session fixation issue caused by a design error when
handling sessions. Specifically, an attacker can predefine a victim
user's session ID by setting the "PHPSESSID" parameter of the
"index.php" script. ImpressCMS version 1.1 is affected.
Ref: http://www.securityfocus.com/archive/1/498734
______________________________________________________________________

08.49.78 CVE: Not Available
Platform: Web Application
Title: TxtBlog "m" Parameter Local File Include
Description: TxtBlog is PHP-based content manager. The application is
exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "m" parameter of the "index.php"
script. TxtBlog version 1.0 Alpha is affected.
Ref: http://www.securityfocus.com/bid/32498
______________________________________________________________________

08.49.79 CVE: Not Available
Platform: Web Application
Title: RaidSonic ICY BOX NAS "userHandler.cgi" Authentication Bypass
Description: RaidSonic ICY BOX NAS is a Network Attached Storage
device. The device is managed with a web-based interface application.
The device is exposed to an authentication bypass issue that can allow
attackers to gain access to the device's administration interface and
unauthorized access to certain services. RaidSonic ICY BOX NAS
firmware version 2.3.2.IB.2.RS.1 is affected.
Ref: http://www.securityfocus.com/bid/32500
______________________________________________________________________

08.49.80 CVE: Not Available
Platform: Web Application
Title: Star Articles "user.modify.profile.php" Arbitrary File Upload
Description: Star Articles is a PHP-based content manager. The
application is exposed to an unspecified issue that lets attackers
upload arbitrary files. The issue occurs because the application fails
to adequately sanitize user-supplied input. The vulnerability occurs
in the "user.modify.profile.php" script. This issue affects Star
Articles versions 6.0 and earlier.
Ref: http://www.securityfocus.com/bid/32509
______________________________________________________________________

08.49.81 CVE: Not Available
Platform: Web Application
Title: PageTree CMS "main.php" Remote File Include
Description: PageTree CMS is a PHP-based content-manager application.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to the
"GLOBALS['PT_Config']['dir']['data']" parameter of the
"admin/plugins/Online_Users/main.php" script. PageTree CMS version
0.0.2 Beta is affected.
Ref: http://www.securityfocus.com/bid/32509
______________________________________________________________________

08.49.82 CVE: Not Available
Platform: Web Application
Title: Subtext Anchor Tags HTML Injection
Description: Subtext is a web-based application. The application is
exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input before using it in dynamically generated
content. Subtext version 2.0 is affected.
Ref:
http://haacked.com/archive/2008/11/27/subtext-2.1-security-update.aspx
______________________________________________________________________

08.49.83 CVE: Not Available
Platform: Web Application
Title: Web Calendar System SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Web Calendar System is a web-based calendar application.
The application is exposed to multiple input validation issues. Web
Calendar System versions 3.22, 3.40, 3.05, and 3.23 are affected.
Ref: http://www.securityfocus.com/bid/32520
______________________________________________________________________

08.49.84 CVE: Not Available
Platform: Web Application
Title: CMS Made Simple "cms_language" Cookie Parameter Directory
Traversal
Description: CMS Made Simple is a web-based application. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input to the "cms_language"
cookie parameter of the "admin/login.php" script. CMS Made Simple
version 1.4.1 is affected.
Ref: http://www.securityfocus.com/bid/32535
______________________________________________________________________

08.49.85 CVE: Not Available
Platform: Web Application
Title: OpenForum "profile.php" Authentication Bypass
Description: OpenForum is web forum software implemented in PHP. The
application is exposed to an issue that lets attackers modify user
passwords because it fails to adequately secure access to
administrative functions of the "profile.php" script. OpenForum
version 0.66 is affected.
Ref: http://www.securityfocus.com/bid/32536
______________________________________________________________________

08.49.86 CVE: Not Available
Platform: Web Application
Title: Broadcast Machine "baseDir" Parameter Multiple Remote File
Include Vulnerabilities
Description: Broadcast Machine is a video content manager. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. Broadcast
Machine version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/32554
______________________________________________________________________

08.49.87 CVE: Not Available
Platform: Web Application
Title: Andy's PHP Knowledgebase "saa.php" Arbitrary File Upload
Description: Andy's PHP Knowledgebase (aphpkb) is a web-based
knowledgebase application. The application is exposed to an issue that
lets attackers upload arbitrary files. The issue occurs because the
application fails to adequately sanitize user-supplied input. Andy's
PHP Knowledgebase version 0.92.9 is affected.
Ref: http://www.securityfocus.com/bid/32559
______________________________________________________________________

08.49.88 CVE: Not Available
Platform: Web Application
Title: RakhiSoftware Shopping Cart Multiple Remote Vulnerabilities
Description: RakhiSoftware Shopping Cart is a web-based application.
The application is exposed to multiple issues. These issues can allow
attackers to access sensitive information, steal cookie data, access
or modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/32563
______________________________________________________________________

08.49.89 CVE: Not Available
Platform: Web Application
Title: PHP JOBWEBSITE PRO "forgot.php" SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: PHP JOBWEBSITE PRO is a web-based application. The
application is exposed to multiple input validation issues. Exploiting
these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/32570
______________________________________________________________________

08.49.90 CVE: Not Available
Platform: Web Application
Title: ASP Forum Script SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: ASP Forum Script is a web-based application. The
application is exposed to multiple input validation issues. Exploiting
these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/32571
______________________________________________________________________

08.49.91 CVE: Not Available
Platform: Web Application
Title: Pre Shopping Mall SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Pre Shopping Mall is a web-based e-commerce application.
The application is exposed to multiple input validation issues.
Exploiting these issues could allow an attacker to steal cookie-based
authentication credentials, compromise the application, access or
modify data, or exploit latent vulnerabilities in the underlying
database.
Ref: http://www.securityfocus.com/bid/32573
______________________________________________________________________

08.49.92 CVE: Not Available
Platform: Web Application
Title: IBM Rational ClearQuest Web Multiple Unspecified Cross-Site
Scripting Vulnerabilities
Description: IBM Rational ClearQuest is a software development
management application. ClearQuest Web is a web-based interface to the
ClearQuest repository. ClearQuest Web is exposed to multiple
unspecified cross-site scripting issues because it fails to properly
sanitize user-supplied input. ClearQuest versions prior to 7.0.0.4 and
7.0.1.3 are affected.
Ref: http://www-01.ibm.com/software/awdtools/clearquest/index.html
______________________________________________________________________

08.49.93 CVE: Not Available
Platform: Web Application
Title: Fantastico "index.php" Local File Include
Description: Fantastico is a module for cPanel servers. The
application is exposed to a local file-include issue because it fails
to properly sanitize user-supplied input to the "sup3r" parameter of
the "index.php" script.
Ref: http://www.securityfocus.com/bid/32578
______________________________________________________________________

08.49.94 CVE: Not Available
Platform: Web Application
Title: Ocean12 Mailing List Manager Gold SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Ocean12 Mailing List Manager Gold is an ASP-based
application for managing mailing lists. The application is exposed to
multiple input-validation issues.
Ref: http://www.securityfocus.com/bid/32587
______________________________________________________________________

08.49.95 CVE: Not Available
Platform: Web Application
Title: MAXSITE Guestbook Component "message" Parameter Remote Command
Execution
Description: MAXSITE is a PHP-based content management system. The
Guestbook component to MAXSITE is exposed to an issue that attackers
can leverage to execute arbitrary PHP commands in the context of the
application. This issue occurs because the application fails to
adequately validate user-supplied input to the "message" parameter of
the "index.php" script when called with the "name" parameter set to
"guestbook".
Ref: http://www.securityfocus.com/bid/32588
______________________________________________________________________

08.49.96 CVE: Not Available
Platform: Web Application
Title: Z1Exchange SQL Injection and Cross-Site Scripting
Vulnerabilities
Description: Z1Exchange is a PHP-based script used for exchanging
links. Z1Exchange is exposed to an SQL injection issue and a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data. Z1Exchange version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32598
______________________________________________________________________

08.49.97 CVE: Not Available
Platform: Web Application
Title: i-Net Solution Orkut Clone SQL Injection and Cross-Site
Scripting Vulnerabilities
Description: Orkut Clone is a web-based social networking application
like Orkut. The application is exposed to an SQL injection issue and a
cross-site scripting issue because it fails to sufficiently sanitize
user-supplied data. Specifically, the issues affect the "id" parameter
of the "profile_social.php" script.
Ref: http://www.securityfocus.com/bid/32600
______________________________________________________________________

08.49.98 CVE: Not Available
Platform: Web Application
Title: WebGUI "lib/WebGUI/Storage.pm" Remote Script Code Execution
Description: WebGUI is a web-based content manager. The application is
exposed to an issue that may allow a remote attacker to upload and run
arbitrary script code in the context of the hosting web server process.
WebGUI 7.x versions prior to 7.6.5 (beta) and 7.5.35 are affected.
Ref: http://www.webgui.org/getwebgui/advisories/security-executable-up
load-problem
______________________________________________________________________

08.49.99 CVE: CVE-2008-2379
Platform: Web Application
Title: SquirrelMail Malformed HTML Mail Message HTML Injection
Description: SquirrelMail is a web-based email client. The application
is exposed to an HTML injection issue because it fails to properly
sanitize user-supplied input to malformed HTML email messages before
viewing them in a user's browser. SquirrelMail version 1.4.16 is
affected.
Ref: http://www.securityfocus.com/bid/32603
______________________________________________________________________

08.49.100 CVE: Not Available
Platform: Network Device
Title: Diginum Zaptel Multiple Local Privilege Escalation and Denial
of Service Vulnerabilities
Description: Diginum Zaptel is a hardware device interface. The
application is exposed to denial of service and privilege escalation
issues because it fails to sufficiently sanitize user-supplied input.
Diginum Zaptel versions 1.2 and 1.4 are affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507459
______________________________________________________________________
[ terug ]