Home
Systeembeheer
Consultancy
Connectivity
Training
Development

Klanten

Inloggen

Resources

Sans artikelen
Security artikelen

Software

Linux
Windows









[ terug ]
*************************************************************************
	    @RISK: The Consensus Security Vulnerability Alert
November 28, 2008                                         Vol. 7. Week 48
*************************************************************************

@RISK is the SANS community's consensus bulletin summarizing the most
important vulnerabilities and exploits identified during the past week
and providing guidance on appropriate actions to protect your systems
(PART I). It also includes a comprehensive list of all new
vulnerabilities discovered in the past week (PART II).

Summary of Updates and Vulnerabilities in this Consensus
Platform                        Number of Updates and Vulnerabilities
- ------------------------        -------------------------------------
Windows                                            2 
Third Party Windows Apps                           7 (#1, #5, #6)
Linux                                             14
BSD                                                1
Unix                                               5 
Cross Platform                                    17 (#2, #3)
Apple                                              1 (#4)
Web Application - Cross Site Scripting             9
Web Application - SQL Injection                   29
Web Application                                   30
Network Device                                     3

************************ Sponsored By SANS *********** ******************
Join Storage, Security and Database professionals at the Log Management
Summit April 6-7. Get help in selecting and implementing the right log
management tools to ensure you meet regulatory requirements and improve
security as well as improve operational efficiency.
http://www.sans.org/info/35969
*************************************************************************

Table Of Contents
Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)
Widely Deployed Software
(1) CRITICAL: EMC Control Center Multiple Vulnerabilities
(2) CRITICAL: Multiple Security Gateway/Antivirus Solutions PDF Handling
Vulnerabilities
(3) CRITICAL: Symantec Backup Exec Remote Agent Multiple Vulnerabilities
(4) HIGH: Apple iPhone Multiple Vulnerabilities
(5) HIGH: FlexCell ActiveX Control Arbitrary File Overwrite
(6) HIGH: BlackBerry Desktop Software ActiveX Control Multiple Vulnerabilities

*************************************************************************
TRAINING UPDATE
- - SANS CDI in Washington 30 courses; big security tools expo; lots of
evening sessions: http://www.sans.org/cdi08/
- - Las Vegas (1/24-2/01) http://sans.org/securitywest09/
- - London (12/1- 12/9) http://sans.org/london08/
- - Vancouver (11/17-11/22) http://www.sans.org/vancouver08/
and in 100 other cites and on line any time: www.sans.org
*************************************************************************

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from
Qualys (www.qualys.com)

 -- Windows
08.48.1  - Microsoft Windows Vista "iphlpapi.dll" Local Kernel Buffer Overflow
08.48.2  - EMC ControlCenter Manager for SAN "msragent.exe" Remote Information
Disclosure
 -- Third Party Windows Apps
08.48.3  - Symantec Backup Exec Data Management Protocol Buffer Overflow
08.48.4  - Symantec Backup Exec for Windows Server Remote Agent Authentication
Bypass
08.48.5  - EMC ControlCenter SAN Manager "msragent.exe" Remote Stack Buffer
Overflow
08.48.6  - BitDefender "pdf.xmd" Module PDF Parsing Remote Denial of Service
08.48.7  - Apple iPhone Configuration Web Utility for Windows Directory
Traversal
08.48.8  - FlexCell Grid Control (ActiveX) Arbitrary File Overwrite
08.48.9  - Nero ShowTime ".m3u" File Remote Buffer Overflow
 -- Linux
08.48.10 - SystemImager Insecure Temporary File Creation Vulnerabilities
08.48.11 - pam_mount Insecure Temporary File Creation
08.48.12 - MailScanner "trend-autoupdate" Insecure Temporary File Creation
08.48.13 - Debian freebsd-sendpr "sendbug" Insecure Temporary File Creation
08.48.14 - SystemImager Flamethrower Insecure Temporary File Creation
Vulnerabilities
08.48.15 - Debian mh-book Insecure Temporary File Creation
08.48.16 - libncbi6 Insecure Temporary File Creation
08.48.17 - TAU Tuning and Analysis Utilities Insecure Temporary File Creation
Vulnerabilities
08.48.18 - SMS Client "mail2sms.sh" Insecure Temporary File Creation
08.48.19 - TkMan Insecure Temporary File Creation
08.48.20 - TkUsr Insecure Temporary File Creation
08.48.21 - Debian ltp "ltpmenu" Insecure Temporary File Creation
08.48.22 - "tog-pegasus" Package for Red Hat Enterprise Linux Security Bypass
08.48.23 - SuSE YaST2 Backup File Name Local Arbitrary Shell Command Injection
 -- BSD
08.48.24 - FreeBSD "arc4random (9)" Pseudo-Random Number Generator Insufficient
Entropy Weakness
 -- Unix
08.48.25 - "imlib2" Library "load()" Function Buffer Overflow
08.48.26 - P3nfs Insecure Temporary File Creation
08.48.27 - Moodle "spell-check-logic.cgi" Insecure Temporary File Creation
08.48.28 - Multi Gnome Terminal Multiple Insecure Temporary File Creation
Vulnerabilities
08.48.29 - CUPS "cupsd" RSS Subscriptions NULL Pointer Dereference Local Denial
of Service
 -- Cross Platform
08.48.30 - Mozilla Thunderbird and SeaMonkey "mailnews" Information Disclosure
08.48.31 - Streamripper Multiple Buffer Overflow Vulnerabilities
08.48.32 - PHP "error_log" Safe Mode Restriction Bypass
08.48.33 - Oracle Database Vault Privilege Escalation
08.48.34 - Apple iPhone and iPod touch Prior to Version 2.2 Multiple
Vulnerabilities
08.48.35 - maildirsync Insecure Temporary File Creation
08.48.36 - KVIrc URI Handler Remote Command Execution
08.48.37 - jailer "updatejail" Insecure Temporary File Creation
08.48.38 - Docvert "test-pipe-to-pyodconverter" Insecure Temporary File Creation
08.48.39 - hf Local Privilege Escalation
08.48.40 - Wireshark 1.0.4 SMTP Denial of Service
08.48.41 - ffdshow Long URL Link Remote Buffer Overflow
08.48.42 - W3C Amaya "TtaWCToMBstring()" Multiple Stack-Based Buffer Overflow
Vulnerabilities
08.48.43 - VirtualBox "ipcdUnix.cpp" Insecure Temporary File Creation
08.48.44 - Total Video Player "TVP type" Tag Handling Remote Buffer Overflow
08.48.45 - IBM Tivoli Access Manager for e-business Remote Denial of Service
08.48.46 - RSA enVision Platform Web Console Password Hash Remote Information
Disclosure
 -- Web Application - Cross Site Scripting
08.48.47 - refbase "headerMsg" Parameter Cross-Site Scripting Vulnerabilities
08.48.48 - Softbiz Classifieds Script Cross-Site Scripting
08.48.49 - Chipmunk Topsites "start" Parameter Cross-Site Scripting
08.48.50 - IBM Lotus Web Content Management Unspecified Cross-Site Scripting
Vulnerabilities
08.48.51 - SemanticScuttle Multiple Cross-Site Scripting Vulnerabilities
08.48.52 - Bandwebsite "info.php" Cross-Site Scripting
08.48.53 - COMS "dynamic.php" Cross-Site Scripting
08.48.54 - WordPress "wp-includes/feed.php" Cross-Site Scripting
08.48.55 - HeXHub Buffer Overflow And Cross-Site Scripting Vulnerabilities
 -- Web Application - SQL Injection
08.48.56 - MyTopix "send" Parameter SQL Injection
08.48.57 - MauryCMS "Rss.php" SQL Injection
08.48.58 - RevSense "index.php" SQL Injection
08.48.59 - Pre ASP Job Board "emp_login.asp" SQL Injection
08.48.60 - W3matter AskPert "index.php" SQL Injection
08.48.61 - Easyedit Multiple SQL Injection Vulnerabilities
08.48.62 - boastMachine "mail.php" SQL Injection
08.48.63 - SocialEngine HTTP Response Splitting and SQL-injection
Vulnerabilities
08.48.64 - NatterChat "login.asp" Multiple SQL Injection Vulnerabilities
08.48.65 - PHP-Fusion "messages.php" SQL Injection
08.48.66 - MicroHellas ToursManager "tourview.php" SQL Injection
08.48.67 - xt:Commerce Unspecified SQL Injection
08.48.68 - Werner Hilversum FAQ Manager "catagorie.php" SQL Injection
08.48.69 - Chipmunk Topsites "authenticate.php" SQL Injection
08.48.70 - eXtrovert Software Thyme Joomla! Component SQL Injection
08.48.71 - ZoGo-Shop "product-details.php" SQL Injection
08.48.72 - Vlog System "blog.php" SQL Injection
08.48.73 - NetArt Media Car Portal "image.php" SQL Injection
08.48.74 - Prozilla Hosting Index "directory.php" SQL Injection
08.48.75 - Pilot Group PG Real Estate SQL Injection
08.48.76 - Pilot Group PG Roommate SQL Injection
08.48.77 - Pilot Group PG Job Site Pro "homepage.php" SQL Injection
08.48.78 - NetArt Media Blog System "image.php" SQL Injection
08.48.79 - NetArt Media Real Estate Portal "ad_id" Parameter SQL Injection
08.48.80 - WebStudio CMS "pageid" Parameter SQL Injection
08.48.81 - Bandwebsite "lyrics.php" SQL Injection
08.48.82 - NitroTech "members.php" SQL Injection
08.48.83 - VideoGirls "view_snaps.php" SQL Injection
08.48.84 - Jamit Job Board "index.php" SQL Injection
 -- Web Application
08.48.85 - Ruby on Rails "redirect_to()" HTTP Header Injection
08.48.86 - PunBB "pun_user[language]" Parameter Multiple Local File Include
Vulnerabilities
08.48.87 - PHPCow Unspecified Remote File Include
08.48.88 - wPortfolio "/admin/upload_form.php" Arbitrary File Upload
08.48.89 - GeSHi XML Parsing Remote Denial of Service
08.48.90 - PunPortal "login.php" Local File Include
08.48.91 - wPortfolio "/admin/userinfo.php" Authentication Bypass
08.48.92 - vBulletin Visitor Messages Addon Comment Notification HTML Injection
08.48.93 - NatterChat "admin/home.asp" Authentication Bypass Vulnerability
08.48.94 - Pie RSS Module "lib" Parameter Remote File Include
08.48.95 - VideoScript "admin/homeset.php" Remote PHP Code Injection
08.48.96 - MyBB "my_post_key" Remote Image Information Disclosure
08.48.97 - Discuz! Reset Lost Password Security Bypass
08.48.98 - Goople CMS "/win/content/upload.php" Arbitrary File Upload
08.48.99 - Ez Ringtone Manager Information Disclosure
08.48.100 - getaphpsite.com Auto Dealers Arbitrary File Upload
08.48.101 - getaphpsite.com Real Estate Arbitrary File Upload
08.48.102 - LoveCMS Simple Forum Password Reset Security Bypass
08.48.103 - MODx CMS Cross-Site Scripting and Remote File Include
Vulnerabilities
08.48.104 - Goople CMS Cookie Authentication Bypass
08.48.105 - MauryCMS Unspecified Arbitrary File Upload
08.48.106 - Gallery Unspecified Security Bypass
08.48.107 - Goople CMS "/win/notepad/index.php" Arbitrary Command Execution
08.48.108 - FTPzik "c" Parameter Local File Include and Cross-Site Scripting
Vulnerabilities
08.48.109 - Quicksilver Forums Local File Include and Arbitrary File Upload
Vulnerabilities
08.48.110 - Pie Multiple Remote File Include Vulnerabilities
08.48.111 - RaidSonic ICY BOX NAS FTP Log HTML Injection
08.48.112 - Werner Hilversum FAQ Manager "include/header.php" Remote File
Include
08.48.113 - Werner Hilversum Clean CMS "full_txt.php" SQL Injection and
Cross-Site Scripting Vulnerabilities
08.48.114 - fuzzylime (cms) "code/track.php" Local File Include
 -- Network Device
08.48.115 - 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Multiple Security
Vulnerabilities
08.48.116 - NVIDIA Cg Toolkit Installer Insecure Temporary File Creation
08.48.117 - Siemens Multiple Gigaset VoIP Phones SIP Remote Denial of Service

______________________________________________________________________

PART I Critical Vulnerabilities
Part I for this issue has been compiled by Rob King at TippingPoint, a
division of 3Com, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found at
http://www.sans.org/newsletters/cva/#process

*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: EMC Control Center Multiple Vulnerabilities
Affected:
EMC Control Center versions 6.0 and prior

Description: EMC Control Center is a collection of applications to
manage, discover, and monitor enterprise storage and other resources.
It contains multiple vulnerabilities in its handling of user requests.
A specially crafted "SENDFILE" request could allow an attacker to
download arbitrary files from the vulnerable system. A specially crafted
"CTGTRANS" object could result in a buffer overflow condition, allowing
an attacker to execute arbitrary code with the privileges of the
vulnerable process (SYSTEM). Some technical details are publicly
available for these vulnerabilities.

Status: Vendor confirmed, updates available. Users are advised to block
access to TCP port 10444 at the network perimeter, if possible.

References:
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-08-075/
http://zerodayinitiative.com/advisories/ZDI-08-076/
Product Home Page
http://www.emc.com/products/family/controlcenter-family.htm
SecurityFocus BIDs
http://www.securityfocus.com/bid/32389
http://www.securityfocus.com/bid/32392

**********************************************************************

(2) CRITICAL: Multiple Security Gateway/Antivirus Solutions PDF Handling
Vulnerabilities
Affected:
BitDefender Antivirus
BullGuard Internet Security
Groupware Server Antivirus Engine

Description: Several antivirus and security gateway solutions have been
found to be vulnerable to processing flaws when inspecting PDF
documents. It is unknown, but assumed, that at least some of these
vulnerabilities arise from the use of the same parsing library by these
applications. A specially crafted PDF document could trigger one of
these vulnerabilities when processed by a vulnerable application.
Successfully exploiting one of these vulnerabilities could have a
variety of effects, including arbitrary code execution with the
privileges of the vulnerable process. At lease one proof-of-concept is
publicly available.

Status: Please check with individual vendors for status.

References:
Secunia Security Advisories
http://secunia.com/advisories/32789/
http://secunia.com/advisories/32814/
http://secunia.com/advisories/27805/
Product Home Pages
http://www.bitdefender.com/
http://www.bullguard.com/why/bullguard-internet-security.aspx
SecurityFocus BID
http://www.securityfocus.com/bid/32396

**********************************************************************

(3) CRITICAL: Symantec Backup Exec Remote Agent Multiple Vulnerabilities
Affected:
Symantec Backup Exec for Windows version 12.6 and prior

Description: Symantec Backup Exec, a popular multiplatform backup
solution, contains multiple vulnerabilities in its handling of a variety
of inputs. Failure to properly validate login credentials can result in
an authentication bypass vulnerability. Additionally, a specially
crafted request could trigger a buffer overflow condition. Exploiting
either of these vulnerabilities would allow an attacker to execute
arbitrary code with the privileges of the vulnerable system. Versions
for Microsoft Windows, Linux, and other systems are affected.

Status: Vendor confirmed, updates available.

References:
Symantec Security Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html
Product Home Page
http://www.symantec.com/business/products/family.jsp?familyid=backupexec
SecurityFocus BIDs
http://www.securityfocus.com/bid/32346
http://www.securityfocus.com/bid/32347

**********************************************************************

(4) HIGH: Apple iPhone Multiple Vulnerabilities
Affected:
Apple iPhone running iPhone OS versions prior to 2.2
Apple iPod Touch running iPhone OS versions prior to 2.2

Description: The Apple iPhone and Apple iPod Touch contain multiple
vulnerabilities in their handling of a variety of web page contents,
image formats, document formats, and other inputs. A malicious web page
containing or referencing one of these file formats could result in a
variety of conditions, including remote code execution. Successful
remote code execution would allow an attacker to take complete control
of the affected device. Some technical details are publicly available
for these vulnerabilities.

Status: Vendor confirmed, updates available.

References:
Apple Security Advisory
http://support.apple.com/kb/HT3318
Product Home Page
http://www.apple.com/iphone/
SecurityFocus BID
http://www.securityfocus.com/bid/31092

**********************************************************************

(5) HIGH: FlexCell ActiveX Control Arbitrary File Overwrite
Affected:
FlexCell ActiveX Control versions 5.7.0.1 and prior

Description: FlexCell is a popular ActiveX control used to view
spreadsheet and other tabular data. It contains an arbitrary file
overwrite vulnerability in its "HttpDownloadFIle" method. A specially
crafted web page that instantiates this control could trigger this
vulnerability, allowing an attacker to overwrite any file with the
privileges of the current user. This vulnerability could be leveraged
to execute arbitrary code with the privileges of the current user.
Technical details are publicly available for this vulnerability.

Status: Vendor has not confirmed, no updates available. Users can
mitigate the impact of this vulnerability by disabling the affected
control via Microsoft's "kill bit" mechanism.

References:
Secunia Security Advisory
http://secunia.com/advisories/32829/
Product Home Page
http://www.grid2000.com/
Microsoft Knowledge Base Article (details the "kill bit" mechanism)
http://support.microsoft.com/kb/240797
SecurityFocus BID
http://www.securityfocus.com/bid/32443

**********************************************************************

(6) HIGH: BlackBerry Desktop Software ActiveX Control Multiple Vulnerabilities
Affected:
BlackBerry Desktop Software versions 4.2.2 through 4.7

Description: BlackBerry Desktop Software is the desktop software used
to manage a BlackBerry handheld device. Part of its functionality is
provided by an ActiveX control, the FlexNET Connect control. This
control was previously discovered to contain multiple vulnerabilities.
BlackBerry Desktop Software uses a vulnerable version of this control.
A specially crafted web page that instantiates this control could
trigger these vulnerabilities, allowing an attacker to execute arbitrary
code with the privileges of the current user. Technical details are
publicly available for this vulnerability.

Status: Vendor confirmed, updates available.

References:
BlackBerry Advisory
http://www.blackberry.com/btsc/articles/749/KB16469_f.SAL_Public.html
Secunia Security Advisory
http://secunia.com/advisories/32842/
Vendor Home Page
http://www.blackberry.com/
SecurityFocus BID
Not yet available.

*******************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 48, 2008
This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 5549 unique vulnerabilities. For this special
SANS community listing, Qualys also includes vulnerabilities that cannot
be scanned remotely.
______________________________________________________________________

08.48.1 CVE: Not Available
Platform: Windows
Title: Microsoft Windows Vista "iphlpapi.dll" Local Kernel Buffer
Overflow
Description: Microsoft Windows Vista is exposed to a local buffer
overflow issue because of insufficient boundary checks in a kernel
function. This issue affects the "Microsoft Device IO Control"
contained in the "iphlpapi.dll" file. Windows Vista SP1 is affected.
Ref: http://www.securityfocus.com/archive/1/498471
______________________________________________________________________

08.48.2 CVE: Not Available
Platform: Windows
Title: EMC ControlCenter Manager for SAN "msragent.exe" Remote
Information Disclosure
Description: EMC ControlCenter Manager for SAN is management software
for storage area network systems. ControlCenter Manager for SAN is
prone to a remote information disclosure issue due to an access
validation error. ControlCenter Manager for SAN versions 5.2 SP5 and 6.0 are
affected.
Ref: http://www.zerodayinitiative.com/advisories/ZDI-08-076/
______________________________________________________________________

08.48.3 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Backup Exec Data Management Protocol Buffer Overflow
Description: Symantec Backup Exec is a network-enabled backup solution
for Novell NetWare and Microsoft Windows platforms. The application is
exposed to a buffer overflow issue because it fails to perform
adequate boundary checks on user-supplied data.
Ref:
http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html
______________________________________________________________________

08.48.4 CVE: Not Available
Platform: Third Party Windows Apps
Title: Symantec Backup Exec for Windows Server Remote Agent
Authentication Bypass
Description: Symantec Backup Exec System Recovery Manager is an
application for system recovery available for Microsoft Windows.
Symantec Backup Exec for Windows Server is exposed to an issue that
allows an attacker to bypass authentication and gain unauthorized
access to the affected application.
Ref:
http://securityresponse.symantec.com/avcenter/security/Content/2008.11.19.html
______________________________________________________________________

08.48.5 CVE: Not Available
Platform: Third Party Windows Apps
Title: EMC ControlCenter SAN Manager "msragent.exe" Remote Stack
Buffer Overflow
Description: EMC ControlCenter SAN Manager provides a single interface
for managing a storage area network. The application is exposed to a
remote buffer overflow issue because it fails to perform adequate
boundary checks on user-supplied input.
Ref: http://www.securityfocus.com/archive/1/498555
______________________________________________________________________

08.48.6 CVE: Not Available
Platform: Third Party Windows Apps
Title: BitDefender "pdf.xmd" Module PDF Parsing Remote Denial of
Service
Description: BitDefender Antivirus is a security application available
for Microsoft Windows operating platforms. The application is exposed
to a denial of service issue in the PDF parsing module "pdf.xmd".
Attackers can exploit this issue to deny service to legitimate users.
Ref: http://www.securityfocus.com/bid/32396
______________________________________________________________________

08.48.7 CVE: Not Available
Platform: Third Party Windows Apps
Title: Apple iPhone Configuration Web Utility for Windows Directory
Traversal
Description: Apple iPhone Configuration Web Utility for Windows is an
iPhone configuration utility which includes an HTTP server. The
included webserver is exposed to a directory traversal issue because
it fails to sufficiently sanitize user-supplied input. iPhone
Configuration Web Utility version 1.0 for Windows is affected.
Ref: http://www.securityfocus.com/archive/1/498559
______________________________________________________________________

08.48.8 CVE: Not Available
Platform: Third Party Windows Apps
Title: FlexCell Grid Control (ActiveX) Arbitrary File Overwrite
Description: FlexCell Grid Control (ActiveX) is an application for
working with spreadsheet data. The application is exposed to an issue
that allows attackers to overwrite files with arbitrary,
attacker-supplied content. FlexCell Grid Control (ActiveX) version
5.7.0.1 is affected.
Ref: http://support.microsoft.com/kb/240797
______________________________________________________________________

08.48.9 CVE: Not Available
Platform: Third Party Windows Apps
Title: Nero ShowTime ".m3u" File Remote Buffer Overflow
Description: Nero ShowTime is a media player application for Microsoft
Windows. ShowTime is exposed to a remote buffer overflow issue because
it fails to perform adequate checks on user-supplied input. ShowTime
version 5.0.15.0 is affected.
Ref: http://www.securityfocus.com/bid/32446
______________________________________________________________________

08.48.10 CVE: CVE-2008-5156
Platform: Linux
Title: SystemImager Insecure Temporary File Creation Vulnerabilities
Description: SystemImager is an application that automates Linux
software installs. SystemImager creates temporary files in an insecure
manner. Specifically, the "si_mkbootserver" script in
"systemimager-server" creates files with predictable names such as
"/tmp/*.inetd.conf" or "/tmp/pxe.conf.*.tmp". SystemImager version
4.0.2 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________

08.48.11 CVE: CVE-2008-5138
Platform: Linux
Title: pam_mount Insecure Temporary File Creation
Description: pam_mount is a Pluggable Authentication Module that can
mount volumes for a user session. pam_mount creates temporary files in
an insecure manner. Specifically, the "passwdehd" script in
"libpam-mount" creates files with predictable names such as
"/tmp/passwdehd.*". pam_mount version 0.43 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________

08.48.12 CVE: CVE-2008-5140
Platform: Linux
Title: MailScanner "trend-autoupdate" Insecure Temporary File Creation
Description: MailScanner is an e-mail gateway virus scanner.
MailScanner creates temporary files in an insecure manner that occurs
in the "trend-autoupdate" script. Successfully mounting a symlink
attack may allow the attacker to delete or corrupt sensitive files,
which may result in a denial of service. Other attacks may also be
possible. MailScanner version 4.55.10 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.13 CVE: CVE-2008-5142
Platform: Linux
Title: Debian freebsd-sendpr "sendbug" Insecure Temporary File
Creation
Description: Debian sfreebsd-sendpr is a client application for
submitting reports to a remote GNATS database. freebsd-sendpr creates
temporary files in an insecure manner. Specifically, the "sendbug"
script creates files with predictable names. freebsd-sendpr version
3.113+5.3-10 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.14 CVE: CVE-2008-5141
Platform: Linux
Title: SystemImager Flamethrower Insecure Temporary File Creation
Vulnerabilities
Description: SystemImager Flamethrower is a multicast file
distribution system. Flamethrower creates temporary files in an
insecure manner. Successfully mounting a symlink attack may allow the
attacker to delete or corrupt sensitive files, which may result in a
denial of service. Flamethrower version 0.1.8 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506350
______________________________________________________________________

08.48.15 CVE: CVE-2008-5152
Platform: Linux
Title: Debian mh-book Insecure Temporary File Creation
Description: Debian mh-book creates temporary files in an insecure
manner. The issue occurs in the "inmail-show" script. Insecure files
are created with a ".log" or ".stdin" extension in the "/tmp/inmail"
directory. Debian mh-book version 200605-1 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.16 CVE: CVE-2008-5149
Platform: Linux
Title: libncbi6 Insecure Temporary File Creation
Description: libncbi6 is part of the NCBI dvelopment kit. The library
creates temporary files in an insecure manner. Specifically, the
"fwd_check.sh" script creates files with predictable names, including
"/tmp/####". libncbi6 version 6.1.20080302 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.17 CVE: CVE-2008-5157
Platform: Linux
Title: TAU Tuning and Analysis Utilities Insecure Temporary File
Creation Vulnerabilities
Description: TAU (Tuning and Analysis Utilities) is a performance
analysis toolkit. TAU creates temporary files in an insecure manner.
Specifically, the issue affects the "tau_cxx", "tau_f90", and "tau_cc"
scripts. TAU version 2.16.4 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506348
______________________________________________________________________

08.48.18 CVE: CVE-2008-5155
Platform: Linux
Title: SMS Client "mail2sms.sh" Insecure Temporary File Creation
Description: SMS Client is a command line utility that allows users to
send SMS messages to mobile devices. It is freely available for UNIX
and variants. SMS Client creates temporary files in an insecure
manner. The issue occurs in the "mail2sms.sh" script. SMS Client
version 2.0.8z is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.19 CVE: CVE-2008-5137
Platform: Linux
Title: TkMan Insecure Temporary File Creation
Description: TkMan is a manual page and Texinfo browser. The
application creates temporary files in an insecure manner.
Specifically, the "tkman" script creates files with predictable names,
such as "/tmp/tkman#####" or "/tmp/ll". TkMan version 2.2 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.20 CVE: CVE-2008-5136
Platform: Linux
Title: TkUsr Insecure Temporary File Creation
Description: TkUsr is an application for managing the Self-mode of
USR/3Com Message modems. The application creates temporary files in an
insecure manner. Specifically, the "tkusr" script creates files with
predictable names, such as "/tmp/tkusr.pgm". TkUsr version 0.82 is
affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.21 CVE: CVE-2008-5145
Platform: Linux
Title: Debian ltp "ltpmenu" Insecure Temporary File Creation
Description: Debian ltp is a package for the Linux Test Project stress
testing suite. Debian ltp creates temporary files in an insecure
manner. The issue occurs in the "ltpmenu" script. Debian ltp version
20060918-2.1 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.22 CVE: CVE-2008-4313
Platform: Linux
Title: "tog-pegasus" Package for Red Hat Enterprise Linux Security
Bypass
Description: The "tog-pegasus" packages provide OpenPegasus Web-Based
Enterprise Management (WBEM) services. "tog-pegasus" is exposed to a
security bypass issue because previously built in security
enhancements for OpenGroup Pegasus WBEM services were no longer being
applied after the code was updated to version 2.7.0. "tog-pegasus"
package built with Red Hat Enterprise Linux 5 is affected.
Ref: https://rhn.redhat.com/errata/RHSA-2008-1001.html
______________________________________________________________________

08.48.23 CVE: CVE-2008-4636
Platform: Linux
Title: SuSE YaST2 Backup File Name Local Arbitrary Shell Command
Injection
Description: SuSE YaST2 Backup is a module for creating and restoring
backed-up data. The application is exposed to a local command
injection issue because it fails to adequately sanitize user-supplied
input data.
Ref:
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html
______________________________________________________________________

08.48.24 CVE: CVE-2008-5162
Platform: BSD
Title: FreeBSD "arc4random (9)" Pseudo-Random Number Generator
Insufficient Entropy Weakness
Description: The FreeBSD kernel is exposed to a weakness that may
result in weaker cryptographic security. This issue is due to a lack
of sufficient entropy in the "arc4random (9)" pseudo-random number
generator. FreeBSD versions 6.3 and 7.0 are affected.
Ref: http://www.securityfocus.com/bid/32447
______________________________________________________________________

08.48.25 CVE: CVE-2008-5187
Platform: Unix
Title: "imlib2" Library "load()" Function Buffer Overflow
Description: The "imlib2" library is used to view and render various
types of images. It is available for UNIX, Linux, and other UNIX-like
operating systems. The library is exposed to a buffer overflow issue
because the software fails to properly bounds check user-supplied
data. imlib2 version 1.4.2 is affected.
Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714
______________________________________________________________________

08.48.26 CVE: CVE-2008-5154
Platform: Unix
Title: P3nfs Insecure Temporary File Creation
Description: P3nfsd is an application that mounts phone/PDA
filesystems on Unix. P3nfs creates temporary files in an insecure
manner. Specifically, the "bluetooth.rc" script creates files with
predictable names such as "/tmp/blue.log". P3nfs version 5.19 is
vulnerable; other versions may also be affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00347.html
______________________________________________________________________

08.48.27 CVE: CVE-2008-5153
Platform: Unix
Title: Moodle "spell-check-logic.cgi" Insecure Temporary File Creation
Description: Moodle is an open-source application for managing online
courseware. It is freely available under the GNU Public license for
UNIX and variants and for Microsoft Windows. Moodle creates temporary
files in an insecure manner. The issue occurs in the
"spell-check-logic.cgi" script. Moodle version 1.8.2 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.28 CVE: CVE-2008-5143
Platform: Unix
Title: Multi Gnome Terminal Multiple Insecure Temporary File Creation
Vulnerabilities
Description: Multi Gnome Terminal is a terminal emulator derived from
"gnome-terminal". Multi Gnome Terminal creates the temporary files
"/tmp/$WHOAMI.debug" and "/tmp/$WHOAMI.env" in an insecure manner.
Multi Gnome Terminal version 1.6.2 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.29 CVE: CVE-2008-5183
Platform: Unix
Title: CUPS "cupsd" RSS Subscriptions NULL Pointer Dereference Local
Denial of Service
Description: CUPS (Common UNIX Printing System) is a widely used set
of printing utilities for UNIX-based systems. The application is
exposed to a local denial of service issue due to a NULL-pointer
dereference in the "cupsd" daemon. This issue can be triggered by
adding an overly large number of RSS subscriptions.
Ref: http://lab.gnucitizen.org/projects/cups-0day
______________________________________________________________________

08.48.30 CVE: Not Available
Platform: Cross Platform
Title: Mozilla Thunderbird and SeaMonkey "mailnews" Information
Disclosure
Description: Mozilla Thunderbird and SeaMonkey are email clients. The
applications are exposed to an information disclosure issue because
they allow JavaScript included in an email message to access certain
DOM properties. Mozilla Thunderbird versions prior to 2.0.0.18 and
SeaMonkey versions prior to 1.1.13 are affected.
Ref: http://www.mozilla.org/security/announce/2008/mfsa2008-59.html
______________________________________________________________________

08.48.31 CVE: CVE-2008-4829
Platform: Cross Platform
Title: Streamripper Multiple Buffer Overflow Vulnerabilities
Description: Streamripper is an application that records
shoutcast-style streams. It is available for multiple operating
systems. Streamripper is exposed to multiple buffer overflow issues
because it fails to perform adequate boundary checks on user-supplied
data. Streamripper version 1.63.5 is affected.
Ref: http://secunia.com/secunia_research/2008-50/
______________________________________________________________________

08.48.32 CVE: Not Available
Platform: Cross Platform
Title: PHP "error_log" Safe Mode Restriction Bypass
Description: PHP is a general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
PHP is exposed to a "safe_mode" restriction bypass issue. PHP version
5.2.6 is affected.
Ref: http://www.securityfocus.com/archive/1/498527
______________________________________________________________________

08.48.33 CVE: Not Available
Platform: Cross Platform
Title: Oracle Database Vault Privilege Escalation
Description: Oracle Database Vault is a feature of Oracle Databases to
limit access to potentially sensitive information. Oracle Database
Vault is exposed to a privilege escalation issue because it fails to
properly restrict access. Oracle Database version 10.2.0.3 is
affected.
Ref: http://www.securityfocus.com/bid/32393
______________________________________________________________________

08.48.34 CVE: CVE-2008-1586, CVE-2008-4227, CVE-2008-4228,
CVE-2008-4229, CVE-2008-4230, CVE-2008-4231, CVE-2008-4232,
CVE-2008-4233
Platform: Cross Platform
Title: Apple iPhone and iPod touch Prior to Version 2.2 Multiple
Vulnerabilities
Description: Apple iPhone is a mobile phone that runs on the ARM
architecture. Apple iPod touch is a portable music player that also
contains the Safari browser. Apple iPhone and iPod touch are exposed
to multiple issues. iPhone OS versions 1.0 through 2.1 and iPhone OS
for iPod touch 1.1 through 2.1 are affected.
Ref: http://support.apple.com/kb/HT3318
______________________________________________________________________

08.48.35 CVE: CVE-2008-5150
Platform: Cross Platform
Title: maildirsync Insecure Temporary File Creation
Description: maildirsync is a "Maildir" synchronization utility. The
application creates temporary files in an insecure manner.
Specifically, the "sample.sh" script creates files with predictable
names, including "/tmp/maildirsync-*.#####.log". maildirsync version
1.1 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.36 CVE: Not Available
Platform: Cross Platform
Title: KVIrc URI Handler Remote Command Execution
Description: KVIrc is an IRC client available for various operating
systems. KVIrc is exposed to a remote command execution issue because
it fails to sufficiently sanitize user-supplied input when handling
"irc://" and "irc6://" URIs. KVIrc version 3.4.2 is affected.
Ref: http://www.securityfocus.com/archive/1/498557
______________________________________________________________________

08.48.37 CVE: CVE-2008-5139
Platform: Cross Platform
Title: jailer "updatejail" Insecure Temporary File Creation
Description: jailer is a tool for creating and maintaining chrooted
environments. The "updatejail" script creates the temporary file
"/tmp/$$.updatejail" in an insecure manner. jailer version 0.4 is
affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.38 CVE: CVE-2008-5147
Platform: Cross Platform
Title: Docvert "test-pipe-to-pyodconverter" Insecure Temporary File
Creation
Description: Docvert is a tool for converting office document files
between different formats. The "test-pipe-to-pyodconverter" script
included with Docvert creates the temporary file "/tmp/outer.odt" in
an insecure manner. Docvert version 3.4 is affected.
Ref: http://uvw.ru/report.lenny.txt
______________________________________________________________________

08.48.39 CVE: CVE-2008-2378
Platform: Cross Platform
Title: hf Local Privilege Escalation
Description: hf is an amateur-radio protocol suite. The problem occurs
because hf improperly tries to execute an external command. A local
attacker can exploit this issue to elevate their privileges. hf
versions 0.7.3 and 0.8 are affected.
Ref: http://www.securityfocus.com/bid/32421
______________________________________________________________________

08.48.40 CVE: Not Available
Platform: Cross Platform
Title: Wireshark 1.0.4 SMTP Denial of Service
Description: Wireshark (formerly Ethereal) is an application for
analyzing network traffic; it is available for Microsoft Windows and
UNIX-like operating systems. Wireshark is exposed to a denial of
service issue during the processing of large SMTP requests. Wireshark
version 1.0.4 is affected.
Ref: http://www.securityfocus.com/archive/1/498562
______________________________________________________________________

08.48.41 CVE: Not Available
Platform: Cross Platform
Title: ffdshow Long URL Link Remote Buffer Overflow
Description: The "ffdshow" codec is an open source audio and video
codec. The codec is exposed to a remote heap buffer overflow issue
because it fails to perform adequate boundary checks on user-supplied
input before copying it to an insufficiently sized buffer. ffdshow
versions prior to rev2347_20081123 are affected.
Ref: http://www.securityfocus.com/archive/1/498585
______________________________________________________________________

08.48.42 CVE: Not Available
Platform: Cross Platform
Title: W3C Amaya "TtaWCToMBstring()" Multiple Stack-Based Buffer
Overflow Vulnerabilities
Description: W3C Amaya is a freely available web browser and editor
application that runs on multiple platforms. W3C Amaya is exposed to
multiple stack-based buffer overflow issues because it fails to
perform adequate checks on user-supplied input. W3C Amaya version 10.1
is affected.
Ref: http://www.securityfocus.com/archive/1/498578
______________________________________________________________________

08.48.43 CVE: Not Available
Platform: Cross Platform
Title: VirtualBox "ipcdUnix.cpp" Insecure Temporary File Creation
Description: VirtualBox is virtualization software available for
multiple operating systems on the x86 architecture. The application
creates temporary files in an insecure manner. VirtualBox versions
prior to 2.0.6 are affected.
Ref:
http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%
2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810&old=trunk%2Fsrc%2Flibs%2Fxpcom18a4%
2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%
______________________________________________________________________

08.48.44 CVE: Not Available
Platform: Cross Platform
Title: Total Video Player "TVP type" Tag Handling Remote Buffer
Overflow
Description: Total Video Player is a media player. The application is
exposed to a remote buffer overflow issue because it fails to properly
bounds check user-supplied data before copying it to an insufficiently
sized memory buffer. Total Video Player version 1.31 provided by
"vcen.dll" is affected.
Ref: http://www.securityfocus.com/bid/32456
______________________________________________________________________

08.48.45 CVE: Not Available
Platform: Cross Platform
Title: IBM Tivoli Access Manager for e-business Remote Denial of
Service
Description: IBM Tivoli Access Manager for e-business provides central
access control for multiple services and applications in an enterprise
environment. The application is exposed to a remote denial of service
issue because it fails to handle specially crafted data. IBM Tivoli
Access Manager for e-business version 6.0.0.17 is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37270
______________________________________________________________________

08.48.46 CVE: Not Available
Platform: Cross Platform
Title: RSA enVision Platform Web Console Password Hash Remote
Information Disclosure
Description: RSA enVision Platform is a system for log collection and
analysis, and includes a web console interface. The web console is
exposed to a remote information disclosure issue caused by a lack of
access restrictions on user profiles. RSA enVision versions 3.5.0
through 3.7.0 are affected.
Ref: http://www.securityfocus.com/archive/1/498649
______________________________________________________________________

08.48.47 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: refbase "headerMsg" Parameter Cross-Site Scripting
Vulnerabilities
Description: refbase is a PHP-based bibliographic manager. The
application is exposed to multiple cross-site scripting issues because
it fails to properly sanitize user-supplied input. refbase versions
prior to 0.9.5 are affected.
Ref:
http://sourceforge.net/project/shownotes.php?group_id=64647&release_id=641612
______________________________________________________________________

08.48.48 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Softbiz Classifieds Script Cross-Site Scripting
Description: Softbiz Classifieds Script is a web-based application.
Softbiz Classifieds Script is exposed to a cross-site scripting issue
because it fails to sufficiently sanitize user-supplied input passed
to the "msg" parameter of the "signinform.php" script.
Ref: http://www.securityfocus.com/bid/32375
______________________________________________________________________

08.48.49 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Chipmunk Topsites "start" Parameter Cross-Site Scripting
Description: Chipmunk Topsites is a PHP-based web application. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "start"
parameter of the "index.php" script.
Ref: http://www.securityfocus.com/bid/32470
______________________________________________________________________

08.48.50 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: IBM Lotus Web Content Management Unspecified Cross-Site
Scripting Vulnerabilities
Description: IBM Lotus Web Content Management is a suite of web-based
applications for Windows, UNIX, and Sun platforms. The application is
exposed to multiple unspecified cross-site scripting issues because it
fails to properly sanitize user-supplied input. IBM Lotus Web Content
Management version 60G is affected.
Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PK73108
______________________________________________________________________

08.48.51 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: SemanticScuttle Multiple Cross-Site Scripting Vulnerabilities
Description: SemanticScuttle is a social bookmarking application. The
application is exposed to multiple cross-site scripting issues because
it fails to sanitize user-supplied input to unspecified parameters.
SemanticScuttle versions prior to 0.90 are affected.
Ref: http://sourceforge.net/
______________________________________________________________________

08.48.52 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: Bandwebsite "info.php" Cross-Site Scripting
Description: Bandwebsite is a PHP-based content manager. The
application is exposed to a cross-site scripting issue because it
fails to sufficiently sanitize user-supplied data to the "section"
parameter of the "info.php" script. Bandwebsite version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/32454
______________________________________________________________________

08.48.53 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: COMS "dynamic.php" Cross-Site Scripting
Description: COMS is a web-based application. The application is
exposed to a cross-site scripting issue because it fails to
sufficiently sanitize user-supplied data to the "q" parameter of the
"dynamic.php" script when the "sys" parameter is set to "search".
Ref: http://www.securityfocus.com/bid/32459
______________________________________________________________________

08.48.54 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: WordPress "wp-includes/feed.php" Cross-Site Scripting
Description: WordPress allows users to generate news pages and
web-logs dynamically; it is implemented in PHP with a MySQL database.
The application is exposed to a cross-site scripting issue because it
fails to properly sanitize user-supplied input. WordPress versions
prior to 2.6.5 are affected.
Ref: http://www.securityfocus.com/archive/1/498652
______________________________________________________________________

08.48.55 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Title: HeXHub Buffer Overflow And Cross-Site Scripting Vulnerabilities
Description: HeXHub is an IOCP-based file-sharing hub and firewall.
The application is exposed to a buffer overflow issue because it fails
to perform adequate boundary checks on user-supplied data. This issue
occurs when updating cache buffers. The application is also exposed to
a cross-site scripting issue because it fails to properly sanitize
user-supplied input to the "/report" macro. HeXHub versions prior to
5.02cFirewall1.09 are affected.
Ref: http://sourceforge.net/project/shownotes.php?release_id=642276
______________________________________________________________________

08.48.56 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MyTopix "send" Parameter SQL Injection
Description: MyTopix is a PHP-based forum application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "send" parameter of the "index.php"
script before using it in an SQL query. MyTopix version 1.3.0 is
affected.
Ref: http://www.securityfocus.com/bid/32362
______________________________________________________________________

08.48.57 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MauryCMS "Rss.php" SQL Injection
Description: MauryCMS is a PHP-based content management system. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "c" parameter of the
"Rss.php" script before using it in an SQL query. MauryCMS version
0.53.2 is affected.
Ref: http://www.securityfocus.com/bid/32364
______________________________________________________________________

08.48.58 CVE: Not Available
Platform: Web Application - SQL Injection
Title: RevSense "index.php" SQL Injection
Description: RevSense is a web-based advertisement management
application. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"password" parameter of the "index.php" script when the "action"
parameter is set to "login" before using it in an SQL query. RevSense
version 1.0 is affected.
Ref: http://www.securityfocus.com/bid/32365
______________________________________________________________________

08.48.59 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pre ASP Job Board "emp_login.asp" SQL Injection
Description: Pre ASP Job Board is an ASP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" and
"password" fields of the login form presented by "emp_login.asp"
script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32366
______________________________________________________________________

08.48.60 CVE: Not Available
Platform: Web Application - SQL Injection
Title: W3matter AskPert "index.php" SQL Injection
Description: AskPert is a web-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the password form field in the
"index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32368
______________________________________________________________________

08.48.61 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Easyedit Multiple SQL Injection Vulnerabilities
Description: Easyedit is a PHP-based content management system. The
application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "intPageID"
parameter of the "page.php" and "news.php" scripts. The
"intSubCategoryID" parameter of the "subcategory.php" is also
affected.
Ref: http://www.securityfocus.com/bid/32369
______________________________________________________________________

08.48.62 CVE: Not Available
Platform: Web Application - SQL Injection
Title: boastMachine "mail.php" SQL Injection
Description: boastMachine is a content management system implemented
in PHP. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "id"
parameter of the "mail.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32379
______________________________________________________________________

08.48.63 CVE: Not Available
Platform: Web Application - SQL Injection
Title: SocialEngine HTTP Response Splitting and SQL Injection
Vulnerabilities
Description: SocialEngine is a PHP-based social network application.
SocialEngine is exposed to multiple input validation issues. Attackers
can leverage these issues to influence or misrepresent how web content
is served, cached or interpreted, compromise the application, access
or modify data or exploit latent vulnerabilities in the underlying
database. SocialEngine version 2.7 is affected.
Ref: http://www.securityfocus.com/archive/1/498525
______________________________________________________________________

08.48.64 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NatterChat "login.asp" Multiple SQL Injection Vulnerabilities
Description: NatterChat is a web-based chat system implemented in ASP.
The application is exposed to multiple SQL injection issues because it
fails to sufficiently sanitize user-supplied data to the "txtUsername"
and "txtPassword" parameters of the "login.asp" script. NatterChat
version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32385
______________________________________________________________________

08.48.65 CVE: Not Available
Platform: Web Application - SQL Injection
Title: PHP-Fusion "messages.php" SQL Injection
Description: PHP-Fusion is a PHP-based content manager. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "subject" parameter of
the "messages.php" script before using it in an SQL query. PHP-Fusion
version 7.00.1 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/32388
______________________________________________________________________

08.48.66 CVE: Not Available
Platform: Web Application - SQL Injection
Title: MicroHellas ToursManager "tourview.php" SQL Injection
Description: MicroHellas ToursManager is a PHP-based application for
travel agents. The application is exposed to an SQL injection issue
because it fails to sufficiently sanitize user-supplied data to the
"tourid" parameter of the "tourview.php" script before using it in an
SQL query.
Ref: http://www.securityfocus.com/bid/32397
______________________________________________________________________

08.48.67 CVE: Not Available
Platform: Web Application - SQL Injection
Title: xt:Commerce Unspecified SQL Injection
Description: xt:Commerce is an ecommerce application. The application
is exposed to an unspecified SQL injection issue because it fails to
properly sanitize user-supplied input to before using it in an SQL
query. xt:Commerce versions prior to 3.0.4 Sp2.1 are affected.
Ref: http://www.securityfocus.com/bid/32398
______________________________________________________________________

08.48.68 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Werner Hilversum FAQ Manager "catagorie.php" SQL Injection
Description: Werner Hilversum FAQ Manager is a PHP-based content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "cat_id"
parameter of the "catagorie.php" script before using it in an SQL
query. FAQ Manager version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32466
______________________________________________________________________

08.48.69 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Chipmunk Topsites "authenticate.php" SQL Injection
Description: Chipmunk Topsites is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "user" parameter of
the "authenticate.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32469
______________________________________________________________________

08.48.70 CVE: Not Available
Platform: Web Application - SQL Injection
Title: eXtrovert Software Thyme Joomla! Component SQL Injection
Description: eXtrovert software Thyme is a web-based calendar
application implemented in PHP. "com_thyme" is a component for the
Joomla! content manager. The application is exposed to an
SQL injection issue because it fails to sufficiently sanitize
user-supplied data to the "event" parameter of the "com_thyme"
component before using it in an SQL query. Thyme version 1.0 is
affected.
Ref: http://www.securityfocus.com/bid/32417
______________________________________________________________________

08.48.71 CVE: Not Available
Platform: Web Application - SQL Injection
Title: ZoGo-Shop "product-details.php" SQL Injection
Description: ZoGo-Shop is an ecommerce plugin for the e107 content
manager. The application is exposed to an SQL injection issue because
it fails to sufficiently sanitize user-supplied data to the "product"
parameter of the "product-details.php" script. ZoGo-Shop version
1.15.4 is affected.
Ref: http://www.securityfocus.com/bid/32423
______________________________________________________________________

08.48.72 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Vlog System "blog.php" SQL Injection
Description: Vlog System is a video blog application. The application
is exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "user" parameter of the "blog.php"
script. Vlog System version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32425
______________________________________________________________________

08.48.73 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Car Portal "image.php" SQL Injection
Description: Car Portal is a web-based auto classifieds portal. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"image.php" script. Car Portal version 2.0 is affected.
Ref: http://www.securityfocus.com/bid/32426
______________________________________________________________________

08.48.74 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Prozilla Hosting Index "directory.php" SQL Injection
Description: Prozilla Hosting Index is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"directory.php" script.
Ref: http://www.securityfocus.com/bid/32427
______________________________________________________________________

08.48.75 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pilot Group PG Real Estate SQL Injection
Description: Pilot Group PG Real Estate is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "username" field of
the login page.
Ref: http://www.securityfocus.com/bid/32429
______________________________________________________________________

08.48.76 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pilot Group PG Roommate SQL Injection
Description: Pilot Group PG Roommate is a web-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "username" field of
the login page.
Ref: http://www.securityfocus.com/bid/32430
______________________________________________________________________

08.48.77 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Pilot Group PG Job Site Pro "homepage.php" SQL Injection
Description: Pilot Group PG Job Site Pro is a web-based application.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "poll_view_id"
parameter of the "homepage.php" script.
Ref: http://www.securityfocus.com/bid/32434
______________________________________________________________________

08.48.78 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Blog System "image.php" SQL Injection
Description: Blog System is a web-based blogging portal. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "id" parameter of the
"image.php" script.
Ref: http://www.securityfocus.com/bid/32441
______________________________________________________________________

08.48.79 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NetArt Media Real Estate Portal "ad_id" Parameter SQL Injection
Description: Real Estate Portal is a web-based application implemented
in PHP. It is used to publish real estate listings. The application is
exposed to an SQL injection issue because it fails to properly
sanitize user-supplied input to the "ad_id" parameter of the
"index.php" script when the "mod" parameter is set to "re_send_email"
before using it in an SQL query. Real Estate Portal version 1.2 is
affected.
Ref: http://www.securityfocus.com/bid/32445
______________________________________________________________________

08.48.80 CVE: Not Available
Platform: Web Application - SQL Injection
Title: WebStudio CMS "pageid" Parameter SQL Injection
Description: WebStudio CMS is a content manager implemented in PHP.
The application is exposed to an SQL injection issue because it fails
to sufficiently sanitize user-supplied data to the "pageid" parameter
of the "index.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/archive/1/498597
______________________________________________________________________

08.48.81 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Bandwebsite "lyrics.php" SQL Injection
Description: Bandwebsite is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "lyrics.php"
script before using it in an SQL query. Bandwebsite version 1.5 is
affected.
Ref: http://www.securityfocus.com/bid/32453
______________________________________________________________________

08.48.82 CVE: Not Available
Platform: Web Application - SQL Injection
Title: NitroTech "members.php" SQL Injection
Description: NitroTech is a content manager. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "id" parameter of the "members.php"
script before using it in an SQL query. NitroTech version 0.0.3a is
affected.
Ref: http://www.securityfocus.com/bid/32458
______________________________________________________________________

08.48.83 CVE: Not Available
Platform: Web Application - SQL Injection
Title: VideoGirls "view_snaps.php" SQL Injection
Description: VideoGirls is a PHP-based application. The application is
exposed to an SQL injection issue because it fails to sufficiently
sanitize user-supplied data to the "type" parameter of the
"view_snaps.php" script before using it in an SQL query.
Ref: http://www.securityfocus.com/bid/32477
______________________________________________________________________

08.48.84 CVE: Not Available
Platform: Web Application - SQL Injection
Title: Jamit Job Board "index.php" SQL Injection
Description: Jamit Job Board is a PHP-based application. The
application is exposed to an SQL injection issue because it fails to
sufficiently sanitize user-supplied data to the "show_emp" parameter
of the "index.php" script before using it in an SQL query. Jamit Job
Board versions up to and including 3.4.10 are affected.
Ref: http://www.securityfocus.com/bid/32478
______________________________________________________________________

08.48.85 CVE: Not Available
Platform: Web Application
Title: Ruby on Rails "redirect_to()" HTTP Header Injection
Description: Ruby on Rails is a web application framework for multiple
platforms. Ruby on Rails is exposed to an issue that allows attackers
to inject arbitrary HTTP headers because it fails to sanitize input.
Ruby on Rails versions prior to 2.0.5 are affected.
Ref:
http://www.rorsecurity.info/journal/2008/10/20/header-injection-and-response-
splitting.html
______________________________________________________________________

08.48.86 CVE: Not Available
Platform: Web Application
Title: PunBB "pun_user[language]" Parameter Multiple Local File
Include Vulnerabilities
Description: PunBB is a PHP-based forum application. The application
is exposed to multiple local file include issues because it fails to
properly sanitize user-supplied input. PunBB version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32360
______________________________________________________________________

08.48.87 CVE: Not Available
Platform: Web Application
Title: PHPCow Unspecified Remote File Include
Description: PHPCow is a web-based application for publishing news.
The application is exposed to a remote file include issue because it
fails to sufficiently sanitize user-supplied input to unspecified
scripts and parameters.
Ref: http://www.kb.cert.org/vuls/id/515417
______________________________________________________________________

08.48.88 CVE: Not Available
Platform: Web Application
Title: wPortfolio "/admin/upload_form.php" Arbitrary File Upload
Description: wPortfolio is a PHP-based content manager. The
application is exposed to an issue that lets attackers upload
arbitrary files because it fails to adequately secure access to the
"/admin/upload_form.php"  script. wPortfolio versions up to and
including 0.3 are affected.
Ref: http://www.securityfocus.com/bid/32367
______________________________________________________________________

08.48.89 CVE: CVE-2008-5185
Platform: Web Application
Title: GeSHi XML Parsing Remote Denial of Service
Description: GeSHi is a generic syntax highlighter application. GeSHi
is exposed to a remote denial of service issue due to an error in its
parsing of malformed XML input. GeSHi versions prior to 1.0.8 are
affected.
Ref: http://permalink.gmane.org/gmane.comp.security.oss.general/1197
______________________________________________________________________

08.48.90 CVE: Not Available
Platform: Web Application
Title: PunPortal "login.php" Local File Include
Description: PunPortal is a plugin module for PunBB. The application
is exposed to a local file include issue because it fails to properly
sanitize user-supplied input to the "pun_user[language]" parameter of
the "includes/login.php" script.
Ref: http://www.securityfocus.com/bid/32380
______________________________________________________________________

08.48.91 CVE: Not Available
Platform: Web Application
Title: wPortfolio "/admin/userinfo.php" Authentication Bypass
Description: wPortfolio is a PHP-based content manager. The
application is exposed to an issue that lets attackers modify user
passwords because it fails to adequately secure access to the
"/admin/userinfo.php" script when called with the "action" parameter
set to "account_save". wPortfolio Versions  up to and including 0.3
are affected.
Ref: http://www.securityfocus.com/bid/32384
______________________________________________________________________

08.48.92 CVE: Not Available
Platform: Web Application
Title: vBulletin Visitor Messages Addon Comment Notification HTML
Injection
Description: vBulletin is a web-based content manager written in PHP.
The Visitor Message addon is included with vBulletin and provides
social networking functionality. vBulletin is exposed to an
HTML injection issue because it fails to sufficiently sanitize
user-supplied input. vBulletin version 3.7.3 is affected.
Ref: http://www.securityfocus.com/bid/32387
______________________________________________________________________

08.48.93 CVE: Not Available
Platform: Web Application
Title: NatterChat "admin/home.asp" Authentication Bypass Vulnerability
Description: NatterChat is a web-based chat system implemented in ASP.
The application is exposed to an issue that lets attackers gain access
to the administrative scripts. This issue arises because NatterChat
fails to adequately secure access to the "admin/home.asp" script when
an attacker directly issues an HTTP GET request for the script.
NatterChat version 1.1 is affected.
Ref: http://www.securityfocus.com/bid/32395
______________________________________________________________________

08.48.94 CVE: Not Available
Platform: Web Application
Title: Pie RSS Module "lib" Parameter Remote File Include
Description: Pie RSS module is a feed module available for the Pie web
content management system. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "lib" parameter of the "lib/action/rss.php" script. Pie
RSS module version 0.1 is affected.
Ref: http://www.securityfocus.com/bid/32465
______________________________________________________________________

08.48.95 CVE: Not Available
Platform: Web Application
Title: VideoScript "admin/homeset.php" Remote PHP Code Injection
Description: VideoScript is a PHP-based content management system. The
application is exposed to an issue that attackers can leverage to
execute arbitrary PHP code in the context of the application. This
issue occurs because the application fails to adequately validate
user-supplied input to the "ndbhost" parameter of the
"admin/homeset.php" script. VideoScript versions 4.0.1.50 and 4.1.5.55
are affected.
Ref: http://www.securityfocus.com/bid/32468
______________________________________________________________________

08.48.96 CVE: Not Available
Platform: Web Application
Title: MyBB "my_post_key" Remote Image Information Disclosure
Description: MyBB is a PHP-based bulletin board. The application is
exposed to an information disclosure issue affecting the "my_post_key"
POST key parameter of the "moderation.php" script. MyBB version 1.4.3
is affected.
Ref: http://www.securityfocus.com/archive/1/498630
______________________________________________________________________

08.48.97 CVE: Not Available
Platform: Web Application
Title: Discuz! Reset Lost Password Security Bypass
Description: Discuz! is a web-based forum application. Discuz! is
exposed to a security bypass issue due to a design error when
resetting lost passwords through the actions "lostpasswd" and
"getpasswd" of "members.php".
Ref: http://www.securityfocus.com/bid/32424
______________________________________________________________________

08.48.98 CVE: Not Available
Platform: Web Application
Title: Goople CMS "/win/content/upload.php" Arbitrary File Upload
Description: Goople CMS is a PHP-based content manager. The
application is exposed to an arbitrary file upload issue because the
"/win/content/upload.php"  script fails to properly verify the file
extensions of uploaded files. Goople CMS version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/32428
______________________________________________________________________

08.48.99 CVE: Not Available
Platform: Web Application
Title: Ez Ringtone Manager Information Disclosure
Description: Ez Ringtone Manager is web-based ringtone manager. The
application is exposed to an information disclosure issue because it
fails to properly sanitize user-supplied input to the "id" parameter
of the "main.php" script. Successful exploitation may allow an
attacker to gain sensitive information in the context of the web server
process.
Ref: http://www.securityfocus.com/bid/32431
______________________________________________________________________

08.48.100 CVE: Not Available
Platform: Web Application
Title: getaphpsite.com Auto Dealers Arbitrary File Upload
Description: getaphpsite.com Auto Dealers is a web-based application.
The application is exposed to an arbitrary file upload issue because
it fails to properly verify the file extensions of uploaded files.
Ref: http://www.securityfocus.com/bid/32432
______________________________________________________________________

08.48.101 CVE: Not Available
Platform: Web Application
Title: getaphpsite.com Real Estate Arbitrary File Upload
Description: getaphpsite.com Real Estate is a web-based application.
The application is exposed to an arbitrary file upload issue because
it fails to properly verify the file extensions of uploaded files.
Ref: http://www.securityfocus.com/bid/32433
______________________________________________________________________

08.48.102 CVE: Not Available
Platform: Web Application
Title: LoveCMS Simple Forum Password Reset Security Bypass
Description: Simple Forum is a PHP-based module for LoveCMS content
manager. The module is exposed to an issue that lets attackers gain
administrative access by resetting the admin password. Simple Forum
version 3.1d is affected.
Ref: http://www.securityfocus.com/bid/32435
______________________________________________________________________

08.48.103 CVE: Not Available
Platform: Web Application
Title: MODx CMS Cross-Site Scripting and Remote File Include
Vulnerabilities
Description: MODx CMS is a PHP-based content manger. Since it fails to
sufficiently sanitize user-supplied input, the application is exposed
to a cross-site scripting issue and a remote file-include
vulnerability. These issues affect MODx CMS version 0.9.6.2.
Ref:
http://modxcms.com/forums/index.php/topic,30875.msg187178.html#msg187178
______________________________________________________________________

08.48.104 CVE: Not Available
Platform: Web Application
Title: Goople CMS Cookie Authentication Bypass
Description: Goople CMS is a PHP-based content manager. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Goople CMS version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/32437
______________________________________________________________________

08.48.105 CVE: Not Available
Platform: Web Application
Title: MauryCMS Unspecified Arbitrary File Upload
Description: MauryCMS is a content-management system. The application
is exposed to an unspecified arbitrary file upload issue because it
fails to adequately sanitize user-supplied input. MauryCMS versions up
to and including 0.53.2 are affected.
Ref: http://www.securityfocus.com/bid/32439
______________________________________________________________________

08.48.106 CVE: Not Available
Platform: Web Application
Title: Gallery Unspecified Security Bypass
Description: Gallery is a web-based photo album. The application is
exposed to a security bypass issue which occurs when handling certain
cookies. Gallery versions 1.5.8-svn-b34 up to and including 1.5.10 are
affected.
Ref: http://gallery.menalto.com/last_official_G1_releases
______________________________________________________________________

08.48.107 CVE: Not Available
Platform: Web Application
Title: Goople CMS "/win/notepad/index.php" Arbitrary Command Execution
Description: Goople CMS is a PHP-based content manager. The
application is exposed to an issue that lets attackers execute
arbitrary commands because it fails to properly verify its notepad
contents. Goople CMS version 1.7 is affected.
Ref: http://www.securityfocus.com/bid/32448
______________________________________________________________________

08.48.108 CVE: Not Available
Platform: Web Application
Title: FTPzik "c" Parameter Local File Include and Cross-Site
Scripting Vulnerabilities
Description: FTPzik is a web-based application. FTPzik is exposed to
multiple input validation issues. Exploits of the cross-site scripting
issues may allow the attacker to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site.
Ref: http://www.milw0rm.com/exploits/7214
______________________________________________________________________

08.48.109 CVE: Not Available
Platform: Web Application
Title: Quicksilver Forums Local File Include and Arbitrary File Upload
Vulnerabilities
Description: Quicksilver Forums is a web-based forum application. The
application is exposed to multiple input validation issues. An
attacker can exploit these issues to upload arbitrary files onto the
web server, execute arbitrary local files within the context of the
web server process, and obtain sensitive information. Quicksilver
Forums version 1.4.2 is affected.
Ref: http://www.securityfocus.com/bid/32452
______________________________________________________________________

08.48.110 CVE: Not Available
Platform: Web Application
Title: Pie Multiple Remote File Include Vulnerabilities
Description: Pie is a web-based content management system. The
application is exposed to multiple remote file include issues because
it fails to sufficiently sanitize user-supplied input. Pie version
0.5.3 is affected.
Ref: http://www.securityfocus.com/bid/32455
______________________________________________________________________

08.48.111 CVE: Not Available
Platform: Web Application
Title: RaidSonic ICY BOX NAS FTP Log HTML Injection
Description: RaidSonic ICY BOX NAS is a Network Attached Storage
device. The device is managed with a web-based interface application.
The application is exposed to an HTML injection issue because it fails
to properly sanitize user-supplied input before using it in
dynamically generated content. RaidSonic ICY BOX NAS firmware version 
2.3.2.IB.2.RS.1 is affected.
Ref: http://www.securityfocus.com/bid/32471
______________________________________________________________________

08.48.112 CVE: Not Available
Platform: Web Application
Title: Werner Hilversum FAQ Manager "include/header.php" Remote File
Include
Description: Werner Hilversum FAQ Manager is a PHP-based content
management application. The application is exposed to a remote file
include issue because it fails to sufficiently sanitize user-supplied
input to the "config_path" parameter of the "include/header.php"
script. FAQ Manager version 1.2 is affected.
Ref: http://www.securityfocus.com/bid/32472
______________________________________________________________________

08.48.113 CVE: Not Available
Platform: Web Application
Title: Werner Hilversum Clean CMS "full_txt.php" SQL Injection and
Cross-Site Scripting Vulnerabilities
Description: Werner Hilversum Clean CMS is a web-based application.
The application is exposed to an SQL injection issue and a cross-site
scripting issue because it fails to sufficiently sanitize
user-supplied data to the "id" parameter of the "full_txt.php" script.
Clean CMS version 1.5 is affected.
Ref: http://www.securityfocus.com/bid/32474
______________________________________________________________________

08.48.114 CVE: Not Available
Platform: Web Application
Title: fuzzylime (cms) "code/track.php" Local File Include
Description: "fuzzylime (cms)" is a web-based content manager. The
application is exposed to a local file include issue because it fails
to properly sanitize user-supplied input to the "p" parameter of the
"code/track.php" script. fuzzylime (cms) version 3.03 is affected.
Ref: http://www.securityfocus.com/bid/32475
______________________________________________________________________

08.48.115 CVE: Not Available
Platform: Network Device
Title: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Multiple Security
Vulnerabilities
Description: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is
a wireless solution for enterprises. The device is exposed to multiple
security issues. Successfully exploiting these issues will allow an
attacker to obtain administrative credentials, bypass security
mechanisms, or run attacker-supplied HTML and script code in the
context of the web administration interface.
Ref: http://www.securityfocus.com/archive/1/498489
______________________________________________________________________

08.48.116 CVE: CVE-2008-5144
Platform: Network Device
Title: NVIDIA Cg Toolkit Installer Insecure Temporary File Creation
Description: NVIDIA Cg Toolkit Installer installs the NVIDIA Cg
Toolkit, a compiler for Cg. The problem occurs because during
installation the application creates the temporary file
"/tmp/nvidia-cg-toolkit-manifest" in an insecure manner. NVIDIA Cg
Toolkit Installer version 2.0.0015 is affected.
Ref: http://lists.debian.org/debian-devel/2008/08/msg00285.html
______________________________________________________________________

08.48.117 CVE: Not Available
Platform: Network Device
Title: Siemens Multiple Gigaset VoIP Phones SIP Remote Denial of
Service
Description: Siemens Gigaset C450 IP and C475 IP devices are SIP based
Voice-over-IP (VoIP) devices. These devices are exposed to a denial of
service issue because they fail to handle specially crafted SIP
messages.
Ref: http://www.securityfocus.com/archive/1/498599
______________________________________________________________________
[ terug ]